Japan’s Supreme Court rules cryptojacking scripts are not malware

A man found guilty of using the Coinhive cryptojacking script to mine Monero on users’ PCs while they browsed the web has been cleared by Japan’s Supreme Court on the grounds that crypto mining software is not malware.

Tokyo High Court ruled against the defendant, 34-year-old Seiya Moroi, on charges of keeping electromagnetic records of an unjust program. That unjust program was Coinhive, a “cryptojacking” script that mines for Monero by pinching some CPU cycles when users visit a web page that includes the code. Moroi ran the code on his website.

Coinhive has been blocked by malware and antivirus vendors as it slows down other processes, increases utility bills, and creates wear and tear on your device. But in many ways Coinhive’s Javascript code acts no differently to advertisements.

Moroi posted to a site promoting his UX and UI design business to offer his side of the story, including reference to Chapter XIX-2 of the Japanese Penal Code:

His interpretation of the Chapter disputes that he ran Coinhive on other people’s equipment “against the user’s intention” (which he takes to be equivalent to “without their permission”), because if running JavaScript is an unwelcome intrusion then myriad services such as Google Analytics must also be illegal. He’s kind of side-stepping the “legitimate grounds” part there.

He also argued that he revealed the presence of Coinhive, so was not acting deceptively. Nor did Moroi intend to profit from his efforts – he just wanted to keep up with tech trends.

He also argued that his efforts didn’t really make any money; the script yielded less than ¥1,000 ($8.79) – a sum so paltry it was hard to cash out of Monero.

That experience was typical. In 2018, researchers found that cryptojacking paid on average just $5.80 a day.

Moroi’s post, which is quite a screed, reveals that he could have paid a fine of ¥100,000 ($880) in February 2020, but instead chose to fight on this hill, as a matter of principle.

• COVID-19 was a generational opportunity for change at work – and corporate blew it
• I own that $4.5bn of digi-dosh so rewrite your blockchain and give it to me, Craig Wright tells Bitcoin SV devs
• Privacy is for paedophiles, UK government seems to be saying while spending £500k demonising online chat encryption
• APNIC: Big Tech’s use of carrier-grade NAT is holding back internet innovation
• Google sours on legacy G Suite freeloaders, demands fee or flee

In their ruling, the justices deliberating defined malicious software as a program that “behaves differently from what an ordinary user recognizes, and is unacceptable from the perspective of maintaining the social functions of a personal computer.”

“Mining itself, which is the content of the behavior of this program code, is a work to ensure the reliability of temporary currency, and it is difficult to say that it is not socially unacceptable,” wrote the judges.

The fact that no user PCs were inconvenienced also swayed the judges.

Moroi tweeted:

Japanese authorities did not like the decision.

“It is regrettable that the prosecutor’s allegation was not accepted, but since it is the judgment of the Supreme Court, I will take it seriously,” said the chief of the Supreme Public Prosecutor’s Office, Seiji Yoshida.

The case seems to have outlasted Coinhive itself – the tool was discontinued in March 2019 due to it being, according to the company, no longer economically viable.

By the way, crypto mining is something The Reg would never do … more than once a year. ®