As Apple and Corellium head towards mediation talks, the iPhone maker has been criticized for “dangerous” claims that the cybersecurity startup has broken copyright laws. Critics say the lawsuit could lead to an expansion of U.S. copyright law and legally endanger software creators and security researchers tinkering with Apple tech.
Corellium “virtualizes” Apple iPhones. In other words, it creates software-only versions of the devices, helping researchers and developers better test hacks or the functionality of apps. For instance, if a developer wanted to see whether their app crashes iOS or breaks a phone entirely, they won’t have to restart or buy a new iPhone if they can just spawn a new software version at speed.
But Apple believes this amounts to illegal replication of its famous phone. It first launched a suit in August 2019 but has ratcheted up the claims against Corellium, in particular around what the Cupertino giant says are breaches of its rights as protected by the Digital Millennium Copyright Act (DMCA).
It’s caught the attention of the Electronic Frontier Foundation (EFF) and other digital rights activists, with the organization telling Forbes this weekend it amounted to a “dangerous” attempt to expand the “anti-circumvention” rules of the DMCA.
Kurt Opsahl, deputy executive director and general counsel at the EFF, pointed to the Apple claim that Corellium’s tools circumvented its “technological measures” that controlled access to its copyrighted products.
The DMCA’s rules on anti-circumvention “already turn important security research, repair and independent software development into a legal minefield, and they reinforce the dominance of tech giants like Apple.”
“This lawsuit is a departure from Apple’s peaceful coexistence with independent developers who use iOS ‘jailbreaks’ to develop new features and apps for Apple devices, and to find security flaws in those devices. Apple’s claims in this lawsuit would make it illegal simply to create general-purpose tools that others might use to create jailbreaks.” Jailbreaking sees researchers and hobbyists remove Apple’s control over the device so they can install whatever app they like, rather than have to go through the App Store.
“Apple is threatening the vitality of an important sector of iOS software development and security research. This lawsuit underscores the need for Congress to reform the DMCA’s anti-circumvention rules,” Opsahl added.
Apple hadn’t responded to a request for comment at the time of publication.
Meanwhile, Corellium filed another response to Apple’s suit on Friday. It claimed Apple was driven not by a genuine belief Corellium was breaching copyright law but out of frustration “at not being able to make Corellium’s technology its own and exclusively control iOS-related security research.”
The startup, co-founded by husband and wife Amanda Gorton and Chris Wade, last year claimed Apple had tried to acquire Corellium and their previous startup Virtual. Apple hasn’t denied the claims.
It has, however, denied it’s trying to endanger security research in its lawsuit. “Apple strongly supports good-faith security research on its platforms, and has never pursued legal action against a security researcher,” its lawyers wrote in its most-recent court filing.
Apple says it simply didn’t authorize Corellium to create copyrighted replicas. “Enough is enough,” it added, asking for an injunction on Corellium’s iOS-related activities.