Apple accused of abusing DMCA in removal of online posts detailing iPhone hacks

AppleInsider · December 11, 2019 11:53PM

Security researchers are crying foul after Apple applied the Digital Millennium Copyright Act (DMCA) to strike a tweet and potentially Reddit posts detailing iPhone hacks and device jailbreaking.

Apple on Tuesday filed a successful DMCA takedown request targeting a tweet from security researcher "Siguza" that appears to reveal an encryption key for iPhone's Secure Enclave Processor, reports Motherboard.

Twitter observed the copyright claim and removed Siguza's tweet, though the post was ultimately reinstated today. Apple explained to Motherboard that it reconsidered the original request, but the decision to retract the DMCA claim arrived after Twitter had complied with the takedown notice. The tech giant subsequently asked Twitter to restore the tweet, which is live as of this writing.

Reddit this week also received DMCA claims requesting the takedown of certain posts in the r/jailbreak subreddit, a popular stomping ground for security researchers, the report said. Like Twitter, the forum discussion site acted in accordance with the demand and removed multiple posts, including those from a thread regarding the "checkra1n" iOS 13 jailbreak.

Apple did not confirm it was behind the Reddit takedown and moderators of the site were unable to identify the origin of the DMCA request. Still, some in the jailbreaking community view Apple's moves as overtly aggressive and question whether encryption keys and jailbreak code are protected under copyright law.

"They just completely lost control of the battle (Jailbreaking) on iPhone X and older," iPhone researcher Pwn20wnd told Motherboard. "So they are trying to pick up a legal fight and waste our time, thus money / resources."

Though no publicly available jailbreak impacts current iPhone hardware, Apple has recently stepped up its defense against would-be device crackers. In August, the company sued Correlium, an iOS software virtualization firm, saying its products infringe on copyrights covering iOS, iTunes and other Apple assets.

ArloTimetraveler · December 11, 2019 11:58PM

ROTFLMAO, is whining a new hack?

HeliBum · December 12, 2019 12:22AM

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

MplsP · December 12, 2019 1:01AM

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

Exactly - if someone is revealing encryption keys I can't see what's wrong with Apple's request.

CloudTalkin · December 12, 2019 2:54AM

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

A DMCA takedown is a protective measure covering copyrighted material. Encryption algorithms aren't copyrighted material and arent' subject to DMCA restrictions. Apple probably knew that but figured some wonk at Twitter in control of takedowns wouldn't know that, so they gave it a shot. It worked. Unfortunately for Apple, it also came with the Streisand Effect. It made Apple look as if they were abusing the DMCA. That Streisand Effect probably made Apple reverse that decision PDQ.

magman1979 · December 12, 2019 3:12AM

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

Not sure if DMCA can be used in this fashion, but I TOTALLY expect Apple to take whatever steps needed to protect the integrity of the Secure Enclave, especially against f'ing hackers who, despite claims to the contrary, will eventually either use it for nefarious purposes, or sell to the highest bidder, aka governments and law enforcement agencies the world over who will abuse this power, and eventually let it fall into the wrong hands with their piss-poor security.

flydog · December 12, 2019 3:28AM

CloudTalkin said:

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

A DMCA takedown is a protective measure covering copyrighted material. Encryption algorithms aren't copyrighted material and arent' subject to DMCA restrictions. Apple probably knew that but figured some wonk at Twitter in control of takedowns wouldn't know that, so they gave it a shot. It worked. Unfortunately for Apple, it also came with the Streisand Effect. It made Apple look as if they were abusing the DMCA. That Streisand Effect probably made Apple reverse that decision PDQ.

Wrong

CloudTalkin · December 12, 2019 3:33AM

flydog said:

CloudTalkin said:

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

A DMCA takedown is a protective measure covering copyrighted material. Encryption algorithms aren't copyrighted material and arent' subject to DMCA restrictions. Apple probably knew that but figured some wonk at Twitter in control of takedowns wouldn't know that, so they gave it a shot. It worked. Unfortunately for Apple, it also came with the Streisand Effect. It made Apple look as if they were abusing the DMCA. That Streisand Effect probably made Apple reverse that decision PDQ.

Wrong

Wrong how exactly? Do you have contradicting information?

EsquireCats · December 12, 2019 9:29AM

Ignoring law and just talking about this from a morality perspective: If you don't want Apple to respond aggressively, then practice responsible disclosure.

If you kick someone in the shins, don't be a baby if they growl at you.

Rayz2016 · December 12, 2019 10:33AM

CloudTalkin said:

flydog said:

CloudTalkin said:

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

A DMCA takedown is a protective measure covering copyrighted material. Encryption algorithms aren't copyrighted material and arent' subject to DMCA restrictions. Apple probably knew that but figured some wonk at Twitter in control of takedowns wouldn't know that, so they gave it a shot. It worked. Unfortunately for Apple, it also came with the Streisand Effect. It made Apple look as if they were abusing the DMCA. That Streisand Effect probably made Apple reverse that decision PDQ.

Wrong

Wrong how exactly? Do you have contradicting information?

Have a look at Oracle vs Google. Algorithms are indeed subject to copyright, though the formula that the algorithm is implementing is not. For example, Apple can copyright an implementation of the Luhn algorithm (which they might do if they find a faster way to validate credit card numbers) but they cannot copyright the Luhn encoding process itself (and they shouldn't be able to). Since the encryption string is part of the code then copyright does seem to apply, which is probably what Apple was thinking.

gatorguy · December 12, 2019 11:33AM

Rayz2016 said:

CloudTalkin said:

flydog said:

CloudTalkin said:

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

A DMCA takedown is a protective measure covering copyrighted material. Encryption algorithms aren't copyrighted material and arent' subject to DMCA restrictions. Apple probably knew that but figured some wonk at Twitter in control of takedowns wouldn't know that, so they gave it a shot. It worked. Unfortunately for Apple, it also came with the Streisand Effect. It made Apple look as if they were abusing the DMCA. That Streisand Effect probably made Apple reverse that decision PDQ.

Wrong

Wrong how exactly? Do you have contradicting information?

Have a look at Oracle vs Google. Algorithms are indeed subject to copyright, though the formula that the algorithm is implementing is not. For example, Apple can copyright an implementation of the Luhn algorithm (which they might do if they find a faster way to validate credit card numbers) but they cannot copyright the Luhn encoding process itself (and they shouldn't be able to). Since the encryption string is part of the code then copyright does seem to apply, which is probably what Apple was thinking.

Why wouldn't you guys do a search for "encryption algorithms can be copyrighted" or "cannot be copyrighted". Would stop the guesswork, right?

CloudTalkin · December 12, 2019 11:48AM

Rayz2016 said:

CloudTalkin said:

flydog said:

CloudTalkin said:

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

A DMCA takedown is a protective measure covering copyrighted material. Encryption algorithms aren't copyrighted material and arent' subject to DMCA restrictions. Apple probably knew that but figured some wonk at Twitter in control of takedowns wouldn't know that, so they gave it a shot. It worked. Unfortunately for Apple, it also came with the Streisand Effect. It made Apple look as if they were abusing the DMCA. That Streisand Effect probably made Apple reverse that decision PDQ.

Wrong

Wrong how exactly? Do you have contradicting information?

Have a look at Oracle vs Google. Algorithms are indeed subject to copyright, though the formula that the algorithm is implementing is not. For example, Apple can copyright an implementation of the Luhn algorithm (which they might do if they find a faster way to validate credit card numbers) but they cannot copyright the Luhn encoding process itself (and they shouldn't be able to). Since the encryption string is part of the code then copyright does seem to apply, which is probably what Apple was thinking.

You are right. Implementations can be copyrighted, not the actual algorithm. With that being the case, wouldn't a logical presumption be Apple isn't using a copyrighted implementation? If they were, they might have been within their rights under DMCA (anti-circumvention exemption notwithstanding). They did a full 180 and asked that the tweet be reinstated in full. To their credit, they seemed to have realized pretty quickly the DMCA was the wrong path to take.

CloudTalkin · December 12, 2019 12:06PM

gatorguy said:

Rayz2016 said:

CloudTalkin said:

flydog said:

CloudTalkin said:

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

A DMCA takedown is a protective measure covering copyrighted material. Encryption algorithms aren't copyrighted material and arent' subject to DMCA restrictions. Apple probably knew that but figured some wonk at Twitter in control of takedowns wouldn't know that, so they gave it a shot. It worked. Unfortunately for Apple, it also came with the Streisand Effect. It made Apple look as if they were abusing the DMCA. That Streisand Effect probably made Apple reverse that decision PDQ.

Wrong

Wrong how exactly? Do you have contradicting information?

Have a look at Oracle vs Google. Algorithms are indeed subject to copyright, though the formula that the algorithm is implementing is not. For example, Apple can copyright an implementation of the Luhn algorithm (which they might do if they find a faster way to validate credit card numbers) but they cannot copyright the Luhn encoding process itself (and they shouldn't be able to). Since the encryption string is part of the code then copyright does seem to apply, which is probably what Apple was thinking.

Why wouldn't you guys do a search for "encryption algorithms can be copyrighted" or "cannot be copyrighted". Would stop the guesswork, right?

It should be pretty clear we both researched the topic. It's not a simple binary. As I said, encryption algorithms cannot be copyrighted. That is true. As @Rayz2016 pointed out, an implementation of an encryption algorithm can be copyrighted. Also true. Couple that with the fact that 1201 Exemptions are a nebulous web of circular and contradictory rules... no, it wouldn't stop the guesswork. We know Apple used DMCA to take down a tweet. We know they quickly reversed that decision. Everything else, all of our opinions regarding who, what, when, where, why... all guesswork.

gatorguy · December 12, 2019 1:07PM

CloudTalkin said:

gatorguy said:

Rayz2016 said:

CloudTalkin said:

flydog said:

CloudTalkin said:

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

A DMCA takedown is a protective measure covering copyrighted material. Encryption algorithms aren't copyrighted material and arent' subject to DMCA restrictions. Apple probably knew that but figured some wonk at Twitter in control of takedowns wouldn't know that, so they gave it a shot. It worked. Unfortunately for Apple, it also came with the Streisand Effect. It made Apple look as if they were abusing the DMCA. That Streisand Effect probably made Apple reverse that decision PDQ.

Wrong

Wrong how exactly? Do you have contradicting information?

Have a look at Oracle vs Google. Algorithms are indeed subject to copyright, though the formula that the algorithm is implementing is not. For example, Apple can copyright an implementation of the Luhn algorithm (which they might do if they find a faster way to validate credit card numbers) but they cannot copyright the Luhn encoding process itself (and they shouldn't be able to). Since the encryption string is part of the code then copyright does seem to apply, which is probably what Apple was thinking.

Why wouldn't you guys do a search for "encryption algorithms can be copyrighted" or "cannot be copyrighted". Would stop the guesswork, right?

It should be pretty clear we both researched the topic. It's not a simple binary.

FWIW I wasn't specifically referring to you as I already know you do your research before posting, as does Rayz in general. This was just good general advice to the commenters at large. Searching for either term would have shown there are some intricacies involved tho the strict answer would be that the algorithms themselves cannot be copyrighted.

Then there's the question of encryption algorithm patents, where again the short answer is no but the longer answer might include a yes if...

But readers should note that the government is allowed to practice/use a patent without the explicit permission of the patent holder. Permission is automatically granted when a patent is issued, something many here are probably unaware of, so no use in patenting to in part prevent governments agencies from intruding on your tech. Trade secrets are always a consideration if a company doesn't want to reveal anything substantive about how they are implementing a service or feature.

DAalseth · December 12, 2019 1:32PM

CloudTalkin said:

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

A DMCA takedown is a protective measure covering copyrighted material. Encryption algorithms aren't copyrighted material and arent' subject to DMCA restrictions. Apple probably knew that but figured some wonk at Twitter in control of takedowns wouldn't know that, so they gave it a shot. It worked. Unfortunately for Apple, it also came with the Streisand Effect. It made Apple look as if they were abusing the DMCA. That Streisand Effect probably made Apple reverse that decision PDQ.

An encryption cypher may or may not be covered. But the algorithms, the computer code used to enforce the encryption on a computer system, is absolutely covered.

CloudTalkin · December 12, 2019 2:00PM

gatorguy said:

CloudTalkin said:

gatorguy said:

Rayz2016 said:

CloudTalkin said:

flydog said:

CloudTalkin said:

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

A DMCA takedown is a protective measure covering copyrighted material. Encryption algorithms aren't copyrighted material and arent' subject to DMCA restrictions. Apple probably knew that but figured some wonk at Twitter in control of takedowns wouldn't know that, so they gave it a shot. It worked. Unfortunately for Apple, it also came with the Streisand Effect. It made Apple look as if they were abusing the DMCA. That Streisand Effect probably made Apple reverse that decision PDQ.

Wrong

Wrong how exactly? Do you have contradicting information?

Have a look at Oracle vs Google. Algorithms are indeed subject to copyright, though the formula that the algorithm is implementing is not. For example, Apple can copyright an implementation of the Luhn algorithm (which they might do if they find a faster way to validate credit card numbers) but they cannot copyright the Luhn encoding process itself (and they shouldn't be able to). Since the encryption string is part of the code then copyright does seem to apply, which is probably what Apple was thinking.

Why wouldn't you guys do a search for "encryption algorithms can be copyrighted" or "cannot be copyrighted". Would stop the guesswork, right?

It should be pretty clear we both researched the topic. It's not a simple binary.
FWIW I wasn't specifically referring to you as I already know you do your research before posting, as does Rayz in general. This was just good general advice to the commenters at large. Searching for either term would have shown there are some intricacies involved tho the strict answer would be that the algorithms themselves cannot be copyrighted.

Then there's the question of encryption algorithm patents, where again the short answer is no but the longer answer might include a yes if...

But readers should note that the government is allowed to practice/use a patent without the explicit permission of the patent holder. Permission is automatically granted when a patent is issued, something many here are probably unaware of, so no use in patenting to in part prevent governments agencies from intruding on your tech. Trade secrets are always a consideration.

Respectfully, can we not bring patents into the conversation? It detracts from the topic of the use of the DMCA to take down the tweet. Patents are typically covered under different jurisdiction. Regarding this case, it seems Twitter incorrectly granted a DMCA takedown. Fortunately, Apple seems to have caught it and reacted accordingly. Operative word here is seem, since we still don't know any more detail.

gatorguy · December 12, 2019 2:03PM

CloudTalkin said:

gatorguy said:

CloudTalkin said:

gatorguy said:

Rayz2016 said:

CloudTalkin said:

flydog said:

CloudTalkin said:

HeliBum said:

Breaking encryption is against the law as a result of the DMCA, so I see Apple as having legal justification for this action if encryption is being broken to accomplish the hacks, which it likely is.

A DMCA takedown is a protective measure covering copyrighted material. Encryption algorithms aren't copyrighted material and arent' subject to DMCA restrictions. Apple probably knew that but figured some wonk at Twitter in control of takedowns wouldn't know that, so they gave it a shot. It worked. Unfortunately for Apple, it also came with the Streisand Effect. It made Apple look as if they were abusing the DMCA. That Streisand Effect probably made Apple reverse that decision PDQ.

Wrong

Wrong how exactly? Do you have contradicting information?

Have a look at Oracle vs Google. Algorithms are indeed subject to copyright, though the formula that the algorithm is implementing is not. For example, Apple can copyright an implementation of the Luhn algorithm (which they might do if they find a faster way to validate credit card numbers) but they cannot copyright the Luhn encoding process itself (and they shouldn't be able to). Since the encryption string is part of the code then copyright does seem to apply, which is probably what Apple was thinking.

Why wouldn't you guys do a search for "encryption algorithms can be copyrighted" or "cannot be copyrighted". Would stop the guesswork, right?

It should be pretty clear we both researched the topic. It's not a simple binary.
FWIW I wasn't specifically referring to you as I already know you do your research before posting, as does Rayz in general. This was just good general advice to the commenters at large. Searching for either term would have shown there are some intricacies involved tho the strict answer would be that the algorithms themselves cannot be copyrighted.

Then there's the question of encryption algorithm patents, where again the short answer is no but the longer answer might include a yes if...

But readers should note that the government is allowed to practice/use a patent without the explicit permission of the patent holder. Permission is automatically granted when a patent is issued, something many here are probably unaware of, so no use in patenting to in part prevent governments agencies from intruding on your tech. Trade secrets are always a consideration.

Respectfully, can we not bring patents into the conversation? It detracts from the topic of the use of the DMCA to take down the tweet. Patents are typically covered under different jurisdiction. Regarding this case, it seems Twitter incorrectly granted a DMCA takedown. Fortunately, Apple seems to have caught it and reacted accordingly. Operative word here is seem, since we still don't know any more detail.

Some poster was eventually going to say "isn't it patented?" and if not outright ask at least wonder. Same with trade secrets, where CUTSA might have been used for a takedown request if I'm correct. But as you say those might be topics for a different thread. Respectfully of course...

dysamoria · December 12, 2019 3:15PM

Part of the problem here is the DMCA itself. It’s easy to abuse and rarely do the abusers get handled appropriately when they’re big corporations (many YouTubers know all about this). I am just guessing, but I suspect a lawyer at Apple went ahead without consultation of management and then management said “woah!”

onepotato · December 12, 2019 4:22PM

This guy did not post an encryption algorithm or a cypher, he posted an encryption key.

gatorguy · December 12, 2019 4:27PM

dysamoria said:

Part of the problem here is the DMCA itself. It’s easy to abuse and rarely do the abusers get handled appropriately when they’re big corporations (many YouTubers know all about this). I am just guessing, but I suspect a lawyer at Apple went ahead without consultation of management and then management said “woah!”

I noticed the EFF indicates their legal staff would like to get involved in how the take down notice from Apple was done. No idea what their reason would be.

markbyrn · December 12, 2019 7:37PM

Did the 'professional' tech media actually verify that Apple had actually sent the DMCA?

Quoting from this jailbreaker on Twitter:

@axi0mX Reddit finally sent the full DMCA takedown notice to @qwertyoruiopz

We reviewed it and confirmed that it was someone impersonating Apple. It was not sent from their law firm, which is Kilpatrick Townsend. There are issues with grammar and spelling.

@qwertyoruiopz

Update: The DMCA takedown that took the checka1n post down is fake.

Apple accused of abusing DMCA in removal of online posts detailing iPhone hacks

Comments