Security company Corellium, which develops software that researchers can use to analyze Apple products, won a partial victory in Apple’s lawsuit against it, as a judge ruled that creating iOS virtual environments does not infringe Apple’s copyright. Apple.
Corellium has been creating iOS environments since 2017 that can run on desktop computers, for use as a research and development tool. Apple sued Corellium in 2019, claiming: “The real purpose of Corellium is to profit from its blatant breach” of iOS, and claiming that the company “encourages its users to sell any discovered information [about system vulnerabilities] on the open market for the highest bid. “
Earlier this year, Apple changed the process to include allegations that Corellium’s work violated the Digital Millennium Copyright Act (DMCA) ban on circumventing or breaking DRM.
District Judge Rodney Smith of the United States District Court for South Florida yesterday issued his decision (PDF) in the case, denying Apple’s motion for summary judgment and granting part, but not all, of Corellium’s motion to the same, concluding that Corellium’s actions were fair use, but there are still “matters of material fact”.
Granted in part
Smith found Corellium on the copyright claim issue, determining that Corellium was not simply cloning iOS as a means of competing with Apple, but instead was genuinely using Apple’s work as the basis for creating something new.
“Corellium makes several changes to iOS and incorporates its own code to create a product that serves a transformative purpose,” wrote Smith. “Therefore, Corellium’s profit motive does not undermine its defense of fair use, especially considering the public benefit of the product.”
Apple also claimed that Corellium’s behavior “was totally inappropriate” and that the company did not act in good faith. Smith, however, wrote that “Apple’s position is cryptic, if not concealed,” since Corellium has a customer verification process and “exercised discretion to retain the Corellium product from those it suspects may use the product for nefarious purposes. .
In short, the court “does not consider Corellium’s lack of good faith and fair treatment”, Smith decided, and “furthermore, weighing all the necessary factors, the court considers that Corellium has fulfilled its burden of fair use”.
Partly denied
Apple’s second claim, that Corellium illegally circumvented its DRM under section 1201 of the DMCA, is more complicated to deal with.
According to Section 1201, the creation of any kind of final execution around “a technological measure that effectively controls access to a work” is in itself illegal – even if you have a good reason, like research or repair, to do it. Apple, as you might guess, of several technological measures by which it protects iOS.
There are, however, some exemptions listed in Section 1201. Every three years, the United States Copyright Office reviews the list and may choose to add new exemptions. In 2015, for example, it became legal for researchers to hack electronic ballot boxes and medical devices in controlled environments for the purposes of bona fide security research.
Exemptions exist in Section 1201 for smartphones, but they are specifically limited to unlocking, for software interoperability reasons and to unlock devices to move between carrier networks.
Even though Smith discovered that Corellium was committed to fair use, as much as copyright claims, he rejected the fair use argument with respect to claim 1201. “Here, if the court adopted Corellium’s position that fair use is a defense to Apple’s DMCA claim, that would make Section 1201 meaningless,” wrote Smith . “Therefore, Corellium can make fair use of iOS, but it is not exempt from potential liability for allegedly employing circumvention tools to illegally access iOS or iOS elements.”
The legal proceedings related to the Section 1201 claim, therefore, will continue into the new year.