Apple Targets Jailbreaking In Lawsuit Against iOS Virtualization Company (arstechnica.com) 46
An anonymous reader quotes a report from Ars Technica: Apple has expanded a lawsuit against an iOS virtualization company, claiming that its actions facilitate jailbreaking and violate the Digital Millennium Copyright Act (DMCA) prohibition on circumvention of copyright-protection systems. Apple sued Corellium, a company that sells access to virtual machines that run copies of the operating system used in iPhones and iPads, in August 2019. Apple said that Corellium sells "perfect replicas" of iOS without a license from Apple and markets its software as "a research tool for those trying to discover security vulnerabilities and other flaws in Apple's software." But instead of aiding good-faith security research, Corellium "encourages its users to sell any discovered information on the open market to the highest bidder," Apple alleged.
The first version of Apple's lawsuit accused Corellium of copyright infringement. A new version filed on December 27 alleges both copyright infringement and "unlawful trafficking of a product used to circumvent security measures in violation of 17 U.S.C. 1201," a statute that's part of the DMCA. Apple argued that Corellium gives users the ability to jailbreak iOS for either benign or malicious purposes. In response to the new allegations, Corellium CEO Amanda Gorton said "Apple's latest filing against Corellium should give all security researchers, app developers, and jailbreakers reason to be concerned."
Corellium is "deeply disappointed by Apple's persistent demonization of jailbreaking," with Gorton writing that "developers and researchers rely on jailbreaks to test the security of both their own apps and third-party apps." Apple's filing, according to Corellium, essentially "assert[s] that anyone who provides a tool that allows other people to jailbreak, and anyone who assists in creating such a tool, is violating the DMCA." Apple, Gorton wrote, "is using this case as a trial balloon in a new angle to crack down on jailbreaking" and "is seeking to set a precedent to eliminate public jailbreaks."
The first version of Apple's lawsuit accused Corellium of copyright infringement. A new version filed on December 27 alleges both copyright infringement and "unlawful trafficking of a product used to circumvent security measures in violation of 17 U.S.C. 1201," a statute that's part of the DMCA. Apple argued that Corellium gives users the ability to jailbreak iOS for either benign or malicious purposes. In response to the new allegations, Corellium CEO Amanda Gorton said "Apple's latest filing against Corellium should give all security researchers, app developers, and jailbreakers reason to be concerned."
Corellium is "deeply disappointed by Apple's persistent demonization of jailbreaking," with Gorton writing that "developers and researchers rely on jailbreaks to test the security of both their own apps and third-party apps." Apple's filing, according to Corellium, essentially "assert[s] that anyone who provides a tool that allows other people to jailbreak, and anyone who assists in creating such a tool, is violating the DMCA." Apple, Gorton wrote, "is using this case as a trial balloon in a new angle to crack down on jailbreaking" and "is seeking to set a precedent to eliminate public jailbreaks."
Lots of popcorn needed! (Score:2)
Re:Lots of popcorn needed! (Score:4, Informative)
Copies are most certainly allowed by anyone who has a legal copy of iOS (ie, they purchased a phone), under most countries' laws. This is called fair use. You are allowed to underline words in books for instance, or white out and put in a different word. Similarly, you are allowed under *copyright* law to modify code as long as you're not making more copies to share with other people. It's only under the DMCA in the US that you're not allowed to modify code for weird and illogical reasons unrelated to copyright, or even "reverse engineer" which is essentially means you can't even look at the code if you're smart enough to understand it.
Re: Lots of popcorn needed! (Score:3)
Re: (Score:1)
Re: Lots of popcorn needed! (Score:2)
Re: (Score:2)
Copies are most certainly allowed by anyone who has a legal copy of iOS (ie, they purchased a phone), under most countries' laws. This is called fair use. You are allowed to underline words in books for instance, or white out and put in a different word. Similarly, you are allowed under *copyright* law to modify code as long as you're not making more copies to share with other people. It's only under the DMCA in the US that you're not allowed to modify code for weird and illogical reasons unrelated to copyright, or even "reverse engineer" which is essentially means you can't even look at the code if you're smart enough to understand it.
You're totally leaving out reselling that code, modified and unmodified. That's the crux of the lawsuit.
Re: (Score:2)
leaving out reselling that code, modified and unmodified. That's the crux of the lawsuit.
How can it be the crux if there is nothing resold???
You have an EULA with iOS (Score:4, Informative)
I also don't fully understand why you would need a jail brake to test for vulnerabilities. Apple helps you do that exact thing anyways in the App Review process.
Re:You have an EULA with iOS (Score:5, Interesting)
In the majority of uncorrupted countries. Those terms and conditions must be on full display at the point of sale, so in most countries end user licence agreements are utter bullshit, in the Amerikstan and post purchase agreements are of course quite corruptly allowed enmasse. So jailbreak https://en.wikipedia.org/wiki/... [wikipedia.org]. To give the customer full access to the device they bought, paid for and own, it should be illegal to deny customers full access to the device, they bought, paid for and own. Why should the seller be able to retain ownership of what they sold, how criminally corrupt that is, wow, only really corrupt governments would allow that.
I have to go with the, "you sold it to me, it's mine now, go fuck yourself" crowd. What to keep it secret, then don't fucking sell it.
Re: (Score:2)
Alternately, Apple could provide a real contract process, rather than a shrink-wrapped license. As in, both sides agree to the contract and sign it, then the product gets sold. In the early days, a lot of software licensing was done this way. It all changed once it became possible to buy software off the shelf.
Re: You have an EULA with iOS (Score:2)
Re: (Score:2)
Apple can make any license it wants, with any terms. However this does NOT have the full force of law behind it. Anything legal happening here is purely a civil tort issue, a battle between lawyers. It is still up in the air as to whether shrink-wrap licensing is legally enforceable in the US (it's generally enforced by threat of lawsuits, DRM, etc).
Re: (Score:3)
They're free to write any terms they please, but the terms may or may not be enforceable if they run counter to statutory rights. For example many jurisdictions protect the right to make copies for research purposes.
Re: (Score:2)
They are completely unenforceable. Conditional Sales Contracts are required to (a) be in writing and (b) signed by both parties PRIOR to the sale. As such, anything not written on the Bill of Sale is not binding on the purchaser. Just because some slimy car company writes "this transmission is the property of Ford Motor Company and must be returned on demand" does not make that binding on the purchaser of the car containing that transmission unless the Condition was disclosed BEFORE SALE and was agreed t
Re: You have an EULA with iOS (Score:2)
Re: (Score:3)
Nope, when a contract contains unenforceable clauses typically only the unenforceable clauses are declared void and the rest of the contract stands. If I buy an iPhone I have definitely the right to use iOS, but Apple doesn't have the right to enforce many of the limitations written in the EULA according to the laws here.
The last bit is very important since depending on the jurisdiction EULA clauses can easily range from "enforceable" to "ridiculously unenforceable".
Re: (Score:1)
For example many jurisdictions protect the right to make copies for research purposes. ... and provide a ling to the law, please.
Name one please
Re: (Score:3)
You agree to use Apple's software by agreeing to a license, for which they are free to write any terms they please.
Indeed, they are. Whether or not the courts will enforce it depends on which circuit you're in. Some have ruled that copyrights are governed by copyright law, not contract law, and that if you buy something for a fixed price, for an indefinite term of use, it's a sale of goods, ergo, the right of first sale applies.
In other words, they can write whatever they want, but if they choose the wrong circuit court to file in, they'll still lose. (And California isn't the best place for them to file that, either.)
It's a facade. (Score:3)
If you are deadset against jailbraking then you don't really care about security. Instead, you want to the present a facade of having security as a marketing ploy. People that care about security merely incorporate fixes into their software and move on. No need to dwell unless you are trying to hide something.
Define "tool" (Score:2)
Re: "anyone who provides a tool that allows other people to jailbreak, and anyone who assists in creating such a tool, is violating the DMCA."
If one were to tell someone else about the vulnerabilities of iOS which might be used to jailbreak, but don't actually give them any software nor assist them in developing software which might be used to jailbreak, beyond simply educating them on what they would need to do, without actually telling them exactly how to do it, would the former person be violating the
Re: (Score:2)
Or to a free country like North Korea ...
Not just information (but don't be a smart ass) (Score:3)
The law says:
--
manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, thatâ"
(A)is primarily designed or produced for the purpose of circumventing
--
It doesn't clearly define "device". We would then look at the ordinary usage of the word "device", and perhaps refer to Merriam Webster. In ordinary usage, "device" doesn't mean "general information about a topic".
However, your phrase "without actually telling them ex
Re: (Score:2)
Actually, I specifically stated in my scenario that one would *NOT* be giving them any software, instead only describing *what* needed to happen, at a higher abstraction level than specifically describing how it would be accomplished, and allowing them to use legally available tools to develop the jailbreak for themselves.
The verbage is explicit, it is only considered a violation if you distribute the tools that will perform the jailbreak. This is why I was asking for a definition of "tool". While yo
Re: (Score:3)
> Actually, I specifically stated
Yes, I quoted you because the specifics matter.
I'm not arguing with you, I'm answering your question, and pointing out that the specifics of your question make a difference.
> This is why I was asking for a definition of "tool".
The word used in the law is "device", rather than "tool".
The statute doesn't define "device", that I see, so we end up with common usage and dictionary definitions.
The first definition in Merriam Webster is interesting:
1: something devised or con
Re: (Score:2)
According to the EFF [eff.org], it has an explicit exception to security research, which is the argument posited by Apple's opponent in this matter.
Specifically DMCA 1201(j).
That's a fact Apple alleges (Score:2)
I'm a career security professional myself, so I *want* to be able to do research. I also want to follow the law, the actual law, as opposed to what I wish the law was.
Requoting part of what you quoted:
--
the information derived from the security testing was used solely to promote the security of the owner or operator of such computer, computer system or computer network, or shared directly with the developer of such computer, computer system, or computer network
--
Apple alleges that Corelium openly "
Re: (Score:2)
Assuming for a moment that the claim about producing rootkits (to gain root access) is the thing apple finds objectionable, arguments can still be made.
Specifically, the verbiage about who is allowed, and under what circumstances. Is Apple the owner of the device, or is the person who bout the device its owner? We are not discussing the software, apple owns IOS, straight up, but that is not what the law states here. It is the owner of the device.
Should Corelium buy Apple handsets, then image them to do t
Re: (Score:2)
I think here you're confusing the copyright fair use issue with the circumvention issue.
On circumvention, it doesn't matter who owns the device, if it's not used *solely* for making the device more secure. Selling a vulnerabilities to brokers or bad guys wipes out that whole section, leaving "circumvention is illegal".
Re: (Score:2)
The lawsuit is not against security research, it is against a:
a) a company
b) that is running virtual machines
c) that host iOS
d) as a paid service
To make this remotely legal that company would need to have a unique copy of an iOS image for eery VM, and make sure each VM is only used by one customer at the time.
If they simply bought one iPhone, took the OS out, and made hundreds of VMs it is "not legal".
If they made a smart iPhone emulator and upgrade the OS from the Apple Appstore, it is most certainly compl
Re: (Score:2)
What a waste (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Ccorellium should move offshore? (Score:2)
DMCA doesn't apply in Israel or India or Sweden.
Re: (Score:2)
Or in any free country, such as China or North Korea. The DMCA only applies in the United States of Amerika.
Re: (Score:2)
The USA forced many countries, e.g. the EU, to introduce DMCA like laws ... hence it is applied here as well.
Re: (Score:2)
Re: (Score:2)
It is not. At least not here. Perhaps you just live in a Fascist Dictatorship. Though as I understand it, such activities are not unlawful in either China or North Korea either.
Tough case (Score:1)