Wednesday, February 16, 2022

Amicus in Apple v. Corellium

 I filed this brief on behalf of IP Law Professors today in the Apple v. Corellium security research dispute. Summary of argument:

The constitutional goal of copyright protection is to “promote the progress of science and useful arts,” Art. I, sec. 1, cl. 8, and the first copyright law was “an act for the encouragement of learning,” Cambridge University Press v. Patton, 769 F.3d 1232, 1256 (11th Cir. 2014). This case provides an opportunity for this Court to affirm that vision. 

Apple begins its brief by claiming that “Corellium sells Apple’s copyrighted software to its customers for money.” Apple Br. at 1. This characterization is puzzling, because Apple invites the public to download its software, including the graphical interface, for free. Id. at 7. Corellium and its customers get iOS from Apple’s servers. So, what are Corellium’s customers buying? Corellium makes specialized software, CORSEC, that enables new and useful interactions with iOS that allow researchers to learn more about how the system behaves, including potential vulnerabilities. It is that functionality, and not the copying, to which Apple truly objects. 

But fair use protects precisely this kind of analysis. Opening software to information gathering and vulnerability testing is transformative, just as gathering information about and criticizing other types of works are classic transformative fair uses. To this point, Apple responds that it would rather control the market for security research on its products. But copyright law has correctly refused copyright owners the right to control markets for transformative uses, especially uses that expose them to criticism and thus to potential losses not related to substitution of the demand for the expressive qualities of their works. The risks of security research are not copyright risks. The public benefits when copyright owners do not have a monopoly on information about the potential flaws in their works. The Supreme Court made clear in Google LLC v. Oracle America, Inc., 141 S.Ct. 1183 (2021), that software copyrights should not be used to control subsequent independent creative work by software developers writing independent programs that operate on software platforms, and Apple’s argument that it should control the market for developer analysis directly conflicts with that holding. 

Separately, Apple’s free dissemination of iOS strongly favors fair use here. Importantly, there is no Apple code in CORSEC itself, and there is also no infringement when someone downloads a copy of iOS from Apple’s site. Although Apple lists things one can do with CORSEC as if they were infringing acts under §106, it does not take into account the implications of its own free dissemination, which produced the legally relevant copies here. For example, Apple did not attempt to explain how slowing down the execution of its code using CORSEC created an infringing derivative work or unauthorized copy, any more than slowing down video playback would. Likewise, although Apple refers to CORSEC’s ability to allow users to alter the kernel, Apple does not own the kernel, which is open source. Uploading a “custom kernel” to use with a copy of iOS downloaded from Apple does not create a derivative work of iOS any more than adding a spellchecker to a word processing program creates a derivative work. Lewis Galoob Toys, Inc. v. Nintendo of America, Inc., 964 F.2d 965, 969 (9th Cir. 1992). Similarly, Apple refers to CORSEC’s ability to change entries in the trust cache in a copy of iOS, but the trust cache is a record of binary codes that are deemed “trusted,” represented by a hash value—a number mechanically calculated from the initial input.   Changing hashes in the trust cache of a copy downloaded from Apple for the functional purpose of changing what binary code is “trusted” does not create a derivative work, which requires the addition of copyrightable creativity. See 17 U.S.C. § 101 (derivative works “represent an original work of authorship”); L. Batlin & Son, Inc. v. Snyder, 536 F.2d 486, 492 (2d Cir. 1976). Apple freely disseminates copies to Corellium, its customers, and the world, and Corellium’s subsequent acts do not change the relevance of this fact to the fair use analysis. 

Summary judgment for Corellium was appropriate, as in many other cases in which fair use has been found on summary judgment, since the issues here are primarily legal: the overriding transformative nature of the use; Apple’s lack of entitlement to control transformative markets; and the relevance of Apple’s invitation to the world to download iOS freely. See Oracle, 141 S.Ct. at 1199-1200.


No comments: