Apple Amends their Lawsuit against Corellium by adding a Claim of 'Unlawful Trafficking' of their Copyrighted Works
In mid-August Patently Apple posted a report titled "Apple Files a Copyright Infringement Lawsuit against Virtualization Software Company Corellium." Apple stated in their initial lawsuit that "Corellium’s business is based entirely on commercializing the illegal replication of the copyrighted operating system and applications that run on Apple’s iPhone, iPad, and other Apple devices. The product Corellium offers is a "virtual" version of Apple mobile hardware products, accessible to anyone with a web browser."
In the original complaint Apple in-part stated that "Although Corellium paints itself as providing a research tool for those trying to discover security vulnerabilities and other flaws in Apple’s software, Corellium’s true goal is profiting off its blatant infringement. Far from assisting in fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the open market to the highest bidder.
Apple strongly supports good-faith security research on its platforms, and has never pursued legal action against a security researcher. Not only does Apple publicly credit researchers for reporting vulnerabilities, it has created several programs to facilitate such research activity so that potential security flaws can be identified and corrected.
Apple’s programs include providing as much as $1 million per report through “bug bounty” programs.Apple has also announced that it will provide custom versions of the iPhone to legitimate security researchers to allow them to conduct research on Apple devices and software.
These efforts recognize the critical role that members of the security research community play in Apple’s efforts to ensure its devices contain the most secure software and systems available.
The purpose of this lawsuit is not to encumber good-faith security research, but to bring an end to Corellium’s unlawful commercialization of Apple’s valuable copyrighted works. Accordingly, Apple respectfully seeks an injunction, along with the other remedies described below, to stop Corellium’s acts of naked copyright infringement.
Apple's Amendment: A Fourth Claim
Last Friday Apple filed a "First Amended Complaint" in respect to their original Corellium lawsuit. The amendment is simply the addition of a fourth Claim for Relief: Unlawful Trafficking.
In the Fourth Claim Apple states in-part that "Apple owns, and at all times has owned, valid and enforceable copyrights in all of its computer programs, including each individual version of iOS and iTunes, and the works of visual art embodied in the GUI Elements, including the graphic icons, preinstalled background wallpaper images, and all other aspects of the graphical user interface of iOS and iTunes.
Apple has implemented technological protection measures that (a) effectively control access to those works, each of which is protected by Title 17, United States Code, and (b) effectively limit the exercise of one or more of Apple's exclusive rights under Title 17, United States Code.
Through the acts alleged above, Corellium has violated, and is continuing to violate, the prohibition on manufacturing, importing, offering to the public, providing, or otherwise trafficking in a technology, product, service, device, component, or part thereof, that is primarily designed or produced for the purpose of circumventing one or more of these Apple-implemented technological measures.
Corellium did not have, and does not have, authorization from Apple, and has no authorization under any law, to engage in any of those acts of trafficking, each of which has injured Apple by, among other things, facilitating the copyright infringement of Apple’s software."
Corellium's Response to Apple's Amended Lawsuit
Correlium's response to Apple's amended lawsuit was posted yesterday, Sunday December 29 as follows:
"Apple’s latest filing against Corellium should give all security researchers, app developers, and jailbreakers reason to be concerned. The filing asserts that because Corellium "allows users to jailbreak" and "gave one or more Persons access… to develop software that can be used to jailbreak," Corellium is "engaging in trafficking" in violation of the DMCA.
In other words, Apple is asserting that anyone who provides a tool that allows other people to jailbreak, and anyone who assists in creating such a tool, is violating the DMCA. Apple underscores this position by calling the unc0ver jailbreak tool "unlawful" and stating that it is "designed to circumvent [the] same technological measures" as Corellium.
Apple is using this case as a trial balloon in a new angle to crack down on jailbreaking. Apple has made it clear that it does not intend to limit this attack to Corellium: it is seeking to set a precedent to eliminate public jailbreaks.
We are deeply disappointed by Apple’s persistent demonization of jailbreaking. Across the industry, developers and researchers rely on jailbreaks to test the security of both their own apps and third-party apps – testing which cannot be done without a jailbroken device. For example, a recent analysis of the ToTok app revealed that an Apple-approved chat app was being used as a spying tool by the government of the United Arab Emirates, and according to the researchers behind this analysis, this work would not have been possible without a jailbreak.
Not only do researchers and developers rely on jailbreaking to protect end users, but Apple itself has directly benefited from the jailbreak community in a number of ways. Many of the features of iOS originally appeared as jailbreak tweaks and were copied by Apple, including dark mode, control center, and context menus. In addition, jailbreak creators regularly contribute to the security of iOS. The developer behind the unc0ver jailbreak was acknowledged and credited by Apple for assisting with a security vulnerability in the iOS kernel – a vulnerability he discovered while using Corellium.
We are prepared to strongly defend against this attack, and we look forward to sharing our formal response to this claim when we file it in court. Until then, we appreciate the outpouring of support from the mobile community that is as concerned as we are by the far-reaching implications of this new filing."
In the end, Apple made it clear that they strongly support good-faith security research on its platforms, and has never pursued legal action against a security researcher. Not only does Apple publicly credit researchers for reporting vulnerabilities, it has created several programs to facilitate such research activity so that potential security flaws can be identified and corrected.
Apple reiterated that the purpose of their lawsuit is not to encumber good-faith security research, but to bring an end to Corellium’s unlawful commercialization and trafficking of Apple’s valuable copyrighted works.
On the surface Apple's case appears to be clear and air tight. But in legal cases it's not always black and white and there could be a few twists and turns along the way. If there's a second amendment in the works, we'll cover it when it's made public.