WEST PALM BEACH, Fla. (CN) — A lawsuit filed by Apple against the producer of a virtual iPhone security tool hung on by a thread Tuesday, as a federal judge ruled against the smartphone giant on all but one count.
U.S. District Judge Rodney Smith in southern Florida granted summary judgment in favor of cybersecurity software company Corellium on a slew of copyright infringement claims brought against it by Apple. But he allowed Apple’s lawsuit to proceed on a count for alleged violations of the anti-piracy provisions of the Digital Millennium Copyright Act.
Apple filed the case against Corellium in federal court in August 2019 over the virtual iPhone product.
Corellium markets the product as a tool that helps researchers find security vulnerabilities and bugs in iOS, the operating system on which iPhones and other Apple devices run. As explained in the court documents, the Corellium product does not function as a consumer device: it does not make phone calls, send text messages or take pictures.
Smith found that Corellium’s utilization of Apple software code to create the virtual iPhone amounted to fair use. Under the fair-use doctrine, copyrighted work can be reproduced for the purposes of criticism, news reporting, teaching and research.
According to the judge, Corellium created a distinct “transformative” product, not just a copied version of the iPhone operating system.
“The product creates a new, virtual platform for iOS and adds capabilities not available on Apple’s iOS devices,” wrote Smith, a Donald Trump appointee.
The judge added, “As for Apple’s contention that Corellium sells its product indiscriminately, that statement is belied by the evidence in the record that the company has a vetting process in place (even if not perfect) and, in the past, has exercised its discretion to withhold the Corellium product from those it suspects may use the product for nefarious purposes.” (Parentheses in original.)
Weighing the factors for fair use of copyrighted materials, Smith noted that Corellium’s product does not compete with Apple products and does not eat into the tech giant’s revenue.
The judge said he will allow Apple’s anti-piracy claim under the Digital Millennium Copyright Act to move forward, as factual disputes tied to the claim require further evaluation by the court.
The DMCA section at issue prohibits circumventing security locks meant to protect copyrighted material. The section was designed in part to prevent pirating of DVDs and CDs in the 1990s.
Smith found that even though the Corellium product made fair use of Apple’s software code, the startup could be in violation of the DMCA anti-piracy provisions.
“Corellium may make fair use of iOS, but it is not absolved of potential liability for allegedly employing circumvention tools to unlawfully access iOS or elements of iOS,” Smith wrote.
In the still-pending claim, Apple argues that Corellium’s product circumvents Apple’s authentication server and secure boot chain, in violation of the DMCA.
Corellium has countered that Apple itself leaves elements of its iOS code open to the public through what’s known as IPSW files. The files are “left unencrypted, unprotected, unlocked, and out in the open for the public to access, copy, edit, distribute, perform, and display,” Corellium argues.
Roughly a year before filing the lawsuit, Apple was in talks to acquire Corellium’s assets. The deal never came to fruition.
The tech giant recently kicked off its Security Research Device Program, which, like Corellium’s product, will allow researchers to inspect the iPhone operating system for potential exploits. Apple tried to argue that Corellium’s product competes directly with the Security Research Device Program.
But Smith rejected that line of logic.
“[Apple’s] argument misses the mark. The relevant question … is whether the Corellium product has impacted the market for the copyrighted work itself––that is, for iOS,” the judge wrote.
He added, “The court does not find any significant market impact on iOS.”