Japan's Supreme Court rules cryptojacking scripts are not malware
Coinhive-slinger wins on appeal
A man found guilty of using the Coinhive cryptojacking script to mine Monero on users' PCs while they browsed the web has been cleared by Japan's Supreme Court on the grounds that crypto mining software is not malware.
Tokyo High Court ruled against the defendant, 34-year-old Seiya Moroi, on charges of keeping electromagnetic records of an unjust program. That unjust program was Coinhive, a "cryptojacking" script that mines for Monero by pinching some CPU cycles when users visit a web page that includes the code. Moroi ran the code on his website.
Moroi posted to a site promoting his UX and UI design business to offer his side of the story, including reference to Chapter XIX-2 of the Japanese Penal Code:
Article 168-2 (1) A person who, without legitimate grounds, creates or provides any of the following records including electronic or magnetic records for the purpose of using them for executing commands on another person's computer is punished by imprisonment for not more than 3 years or a fine of not more than 500,000 yen:
(i) electronic or magnetic records that give unauthorized commands to prevent a computer from performing functions in line with the user's intention or have it perform functions against the user's intention;
(ii) beyond what is set forth in the preceding item, records including electronic or magnetic records in which unauthorized commands referred to in the same item are described.
(2) The same applies to a person who, without legitimate grounds, uses electronic or magnetic records set forth in item (i) of the preceding paragraph for the execution of commands on another person's computer.
He also argued that he revealed the presence of Coinhive, so was not acting deceptively. Nor did Moroi intend to profit from his efforts – he just wanted to keep up with tech trends.
He also argued that his efforts didn't really make any money; the script yielded less than ¥1,000 ($8.79) – a sum so paltry it was hard to cash out of Monero.
That experience was typical. In 2018, researchers found that cryptojacking paid on average just $5.80 a day.
Moroi's post, which is quite a screed, reveals that he could have paid a fine of ¥100,000 ($880) in February 2020, but instead chose to fight on this hill, as a matter of principle.
- COVID-19 was a generational opportunity for change at work – and corporate blew it
- I own that $4.5bn of digi-dosh so rewrite your blockchain and give it to me, Craig Wright tells Bitcoin SV devs
- Privacy is for paedophiles, UK government seems to be saying while spending £500k demonising online chat encryption
- APNIC: Big Tech's use of carrier-grade NAT is holding back internet innovation
- Google sours on legacy G Suite freeloaders, demands fee or flee
In their ruling, the justices deliberating defined [PDF] malicious software as a program that "behaves differently from what an ordinary user recognizes, and is unacceptable from the perspective of maintaining the social functions of a personal computer."
"Mining itself, which is the content of the behavior of this program code, is a work to ensure the reliability of temporary currency, and it is difficult to say that it is not socially unacceptable," wrote the judges.
The fact that no user PCs were inconvenienced also swayed the judges.
Thanks to your late report, we have been acquitted by the supreme court today. I feel that it is the result of the power of Mr. Hirano, the teachers of the defense team, Mr. Takagi who took on witnesses in the first instance, the hacker association, the people who submitted the written opinion, and the many people who supported me. thank you very much!
Japanese authorities did not like the decision.
"It is regrettable that the prosecutor's allegation was not accepted, but since it is the judgment of the Supreme Court, I will take it seriously," said the chief of the Supreme Public Prosecutor's Office, Seiji Yoshida.
The case seems to have outlasted Coinhive itself – the tool was discontinued in March 2019 due to it being, according to the company, no longer economically viable.
By the way, crypto mining is something The Reg would never do … more than once a year. ®