SunstarTV Bureau: Apple’s copyright infringement case against Florida-based cybersecurity startup Corellium has been dismissed due to lack of legal basis.
Apple had sued Florida-based cybersecurity startup Corellium in 2019 claiming its virtualisation of iOS software constituted copyright infringement. The case was dismissed as iPhone maker failed to show a legal basis for protecting its entire iOS operating system from security researchers.
Apple Inc. lost its copyright claims against a Florida-based cybersecurity startup Corellium in a case that could have implications for researchers who find software bugs and vulnerabilities.
The sue contended Corellium LLC’s copied the operating system, graphical user interface and other aspects of the devices without permission. The company also accused Corellium of acting under the guise of helping discover bugs in the iPhone’s operating system but then selling the information ‘on the open market to the highest bidder.’
However, dismissing the case on Tuesday, federal judge Rodney Smith said Apple failed to show a legal basis for protecting its entire iOS operating system from security researchers.
Corellium’s actions fell under an exception to copyright law because it “creates a new, virtual platform for iOS and adds capabilities not available on Apple’s iOS devices,” Smith said adding, “does not undermine its fair use defense, particularly considering the public benefit of the product.”
“From the infancy of copyright protection, courts have recognized that some opportunity for fair use of copyrighted materials is necessary to fulfill copyright’s purpose of promoting ‘the progress of science and useful arts,” Smith wrote.
“There is evidence in the record to support Corellium’s position that its product is intended for security research and, as Apple concedes, can be used for security research. Further, Apple itself would have used the product for internal testing had it successfully acquired the company.” Apple had been in talks to buy the company but the two sides couldn’t agree on a price, Smith said. Apple sued a year later.
Apple has a ‘bounty program’ where it rewards so-called white hat hackers who discover flaws in its system. The Cupertino, California-based company argued that the Corellium product went far beyond that, though Corellium said it evaluates potential customers and rejects some.
Corellium, meanwhile, has said its customers are government agencies, financial institutions and security researchers and accused Apple of trying to control security research to limit what the public learns about vulnerabilities.
Apple argued that the case is similar to the billion-dollar dispute between Oracle Corp. and Alphabet Inc.’s Google unit, in which an appeals court rejected Google’s arguments that it had the right to copy Oracle code for inclusion into the Android operating system. The Supreme Court is considering the issue.
Smith said they aren’t comparable — Corellium transforms iOS and adds new content, and it isn’t a direct competitor. He said it was instead more like the case in which an appeals court ruled that Google’s creation of digital copies of books and showing snippets in search results was a fair use of copyrighted works.
The ruling, if upheld, represents a victory for security researchers who could face civil or criminal penalties for reproducing copyrighted software as part of efforts to find vulnerabilities.
It also limits Apple’s efforts to exercise full control of its iPhone software and its ability to force third parties to use its proprietary security research tools.