Apple c. Corellium demonstrates a clear example of fair use
Public Knowledge has been following Apple’s lawsuit against Corellium for some time. Corellium is a company that offers various services to software developers and security researchers. Some of them involve creating virtual iPhones for testing and research purposes, which involves making copies of Apple’s iOS software. Apple sued, arguing both that Corellium violated the “anti-circumvention” provisions of the Digital Millennium Copyright Act (DMCA) by simply accessing iOS, and substantive copyright law, by making new ones. copies.
The judge ruled both that Corellium did not violate copyright law by making new copies of iOS, believing that given the circumstances, even making a complete copy of Apple’s operating system could be a fair use. He also found that, nonetheless, accessing iOS could still violate the DMCA. This was a clear example of how the DMCA can interfere with valid lawful uses. Apple appealed the fair use ruling.
Today, Public Knowledge, joined by the Electronic Frontier Foundation and expert security researchers, filed an amicus brief with the Eleventh Circuit Court of Appeals. The brief argues that Corellium’s copying of iOS was, in fact, fair use.
One of the arguments is worth taking out because it’s a bit counterintuitive. One of the factors judges look at when determining if something is “[t]the effect of the use on the potential market or value of the copyrighted work. But that’s largely to ensure judges consider whether an alleged fair use doesn’t simply substitute for the original. Especially when the uses are critical by its nature, this does not mean that uses of a copyrighted work that are commercially harmful to the market for the original are less likely to be considered fair.
This has been made very clear with parodies and critical commentary. You do not need an author’s permission to revise their book, including appropriate citations for use. The review could be devastating, totally killing any demand for the job. But it remains paradigmatic fair use. (The only relevant “market” to consider from a fair dealing perspective is any market for licensing quotes from books in order to overwrite them. This market does not exist for obvious reasons, it does not exist. so there’s not even a relevant market effect to consider at all.)
A similar logic explains why parodies of songs that poke fun at the original songwriter are more likely to be considered fair uses. Fair use balances freedom of expression with copyright and allows uses of copyrighted material that the rights holder does not like and would not allow.
Our brief shows how security research should be considered in the same way. Security researchers discover flaws in software that may endanger user privacy or security. While software vendors have an incentive to provide secure software, their relationship with external security researchers is often adversarial – a security researcher may want to make a certain flaw widely known, for example, to induce the company to fix it , to educate users and companies about vulnerabilities, or to share knowledge that could help other researchers detect similar flaws. A company may want all vulnerabilities to be kept secret until a fix is already widely deployed – but while that may be good for a company’s image or bottom line, it may not be good for the company. user safety.
It’s not just the companies, either – in what appears to be a vendetta against one newspaper in particular, Missouri Governor Mike Parsons has threatened to criminally prosecute a journalist who pointed out how a website of State was disclosing private information about state employees. (Before the governor decided to make his statements, state government employees were more appropriate intention to thank the reporter.) These kinds of bizarre and unfounded legal threats against IT security professionals are nothing new, and copyright law shouldn’t be one of them.
It is this dynamic that makes it important that rights holders cannot obstruct security research with copyright claims. Copyright law does not allow rights holders to silence or control critical uses. Fair use, among other things, protects the First Amendment rights of researchers (and critics) while protecting the legitimate interests of rights holders. In this case, it’s not just that fair use balances copyright and freedom of expression – it also promotes the constitutional purpose of copyright itself, “to promote the advancement of science and useful arts”. Ensuring software security and reliability is much more than a system where you must first obtain authorization from a company before reporting that its products are defective.
There’s a bit more in our brief, and of course the DMCA issue is still floating there. But since so much of our lives depend on or are mediated by computers and software, we hope the court will recognize that copyright law does not allow rights holders to control or prevent criticism.