The David vs Goliath
The “Goliath” Apple had taken on the “David” Corellium in August last year when the former filed a lawsuit against the cybersecurity startup regarding a copyright infringement of its iPhone software. The tech giant claimed that Corellium had made a virtual copy of its iPhone on the computer, which Corellium was offering to ethical hackers for finding vulnerabilities in the iOS. However, a federal judge on Tuesday has finally dismissed this copyright infringement lawsuit against cybersecurity startup Corellium.
In its initial filing, Apple had said that the “virtualization” of their iPhone was a copyright infringement of their iOS software. Although it did not require a SIM card to be placed physically in this virtual version, it still constituted replica of the software involved.
The Federal Judge, Rodney Smith, however, had a different perspective on this lawsuit. He said Apple failed to show a legal basis for protecting its entire iOS from security researchers. He added, Corellium’s service is designed to find security holes in the software, and thus, seemed like a “fair use” of the copyrighted material.
The Grounds of Dismissing
Smith, in his ruling, provided clarity by saying,
From the infancy of copyright protection, courts have recognized that some opportunity for fair use of copyrighted materials is necessary to fulfill copyright’s purpose of promoting ‘the progress of science and useful arts.’ There is evidence in the record to support Corellium’s position that its product is intended for security research and, as Apple concedes, can be used for security research. Further, Apple itself would have used the product for internal testing had it successfully acquired the company.
Additionally, Corellium makes several changes to iOS and incorporates its code to create a product that serves a transformative purpose. Hence, Corellium’s profit motivation does not undermine its fair use defense, particularly considering the public benefit of the product.
The Other Allegation
This, however, is only a part of the overall allegations that Apple has placed on Corellium and the court has not dismissed all of them. Apple also alleged that Corellium circumvented its authentication server and secure boot chain, among other measures, which violates the DMCA’s ban on circumventing copy protection measures. Corellium gave a fair use defense against the DMCA charges, but the judge found it insufficient to dismiss the DMCA allegations before a full trial.
The ruling, if upheld, will give a boost to security researchers who face civil or criminal penalties for reproducing copyrighted software as part of their research efforts of finding vulnerabilities.