> They do have proper authorization because the keys in question are valid iMessage keys and they are being used by the same individuals those iMessage keys are allocated to. They're not trying to commit any further crime post-access.
Authorization in the legal sense of the CFAA is permission, plain and simple.
The ToS and EULA explicitly only allow using the iMessage service on Apple hardware, so any other form without explicit permission by Apple is unauthorized.
Spoofing device credentials to fool the server and gain an authentication blob definitely doesn’t fall under authorized access.
But even with legitimately attained credentials you can still be in violation. Ex employees of a corporation, finding a device with credentials on it, etc.
Whether they commit any further crime or not is irrelevant for criminal liability.
> Does it? This seems like a pretty textbook case of reverse engineering for interoperability.
The DMCA exception only applies to interoperability for legally acquired (e.g., licensed) software.
But it doesn’t really matter but because ToS and license clauses that explicitly prohibit it overrule it, see Bowers v. Baystate Technologies, 320 F.3d 1317 (Fed. Cir. 2003)[0]
> Probably the case they're hoping for a lawsuit on - the degree to which Apple has legitimate claim to control use of the iMessage protocol given their market presence. In the process of the lawsuit, if Apple is found to be leveraging this protocol anti-competitively, they're in trouble.
And beyond that, Apple is a highly litigious company with great lawyers and extremely deep pockets and large incentives to defend their ownership of the messaging market.
That they've been this slow to sue Beeper probably signals enough on its own that there's probably no field day to be had.
This reads like a Gish gallop with a bunch of weak arguments that border fantasy.
There is no “Apple in trouble” when it comes to iMessage and there are no signals.
I don’t know where you get this from but I suggest seeking better sources on understanding legal standards and ramifications.
In that case, breaking the ToS superceded the fact they were merely accessing public information.
The other question is whether Beeper is violating terms of service or their users are. I'm guessing Beeper is not and they instead need to be implicated for some kind of tortious interference. I would love if Apple individually started suing their own customers though.
Not sure why you think HiQ Labs v. LinkedIn is relevant here?
The facts of that case are not analogous to the matter at hand.
hiQ Labs v. LinkedIn primarily deals with scraping publicly available data and the definition of "exceeds authorized access" in the CFAA. And to a lesser degree selectively banning competitors. ToS violation was a generic argument and not the contentious part.
Meanwhile Bowers v. Baystate Technologies, Inc. is current standing law on reverse engineering clauses in ToS and EULAs, while the matter at hand has nothing to do with publicly accessible data, no exceeding of authorized access and no data scraping.
> The other question is whether Beeper is violating terms of service or their users are.
That would be Beeper, no question about it. They had to agree to the OS license agreement that prohibits reverse engineering and the ToS for Apple Media Services that also prohibit reverse engineering, before they could get to the parts that needed the reverse engineering they did.
The users didn’t do any reverse engineering, although they would be in violation of the terms that state iMessage (and other Apple services and software) is only licensed to be used on Apple devices.
But that’s small fry in comparison to reverse engineering, repackaging and reselling Apple’s service without a license to do so.
> I'm guessing Beeper is not and they instead need to be implicated for some kind of tortious interference.
Tortious interference has more to do with affecting a relationship you’re not a party to.
This is more of an intentional tort, like conversion, although in this instance that would be more of a “side-dish” claim.
After all why go through that trouble and prove damages when you’ve got more suitable options with statutory damages.
That's the thing. None of this is remotely settled, the legal system is still figuring out what the book says. Various courts at various levels have affirmed and vacated all sorts of decisions. The amount of people overconfidently declaring this is an open book shut book case are living in cloud cuckoo land.
I sure as hell don't know how this will play out, and neither can anyone with any massive degree of certainty. Hacker News opinion-passive-aggressively-stated-as-fact syndrome strikes again.
Authorization in the legal sense of the CFAA is permission, plain and simple.
The ToS and EULA explicitly only allow using the iMessage service on Apple hardware, so any other form without explicit permission by Apple is unauthorized.
Spoofing device credentials to fool the server and gain an authentication blob definitely doesn’t fall under authorized access.
But even with legitimately attained credentials you can still be in violation. Ex employees of a corporation, finding a device with credentials on it, etc.
Whether they commit any further crime or not is irrelevant for criminal liability.
> Does it? This seems like a pretty textbook case of reverse engineering for interoperability.
The DMCA exception only applies to interoperability for legally acquired (e.g., licensed) software.
But it doesn’t really matter but because ToS and license clauses that explicitly prohibit it overrule it, see Bowers v. Baystate Technologies, 320 F.3d 1317 (Fed. Cir. 2003)[0]
> Probably the case they're hoping for a lawsuit on - the degree to which Apple has legitimate claim to control use of the iMessage protocol given their market presence. In the process of the lawsuit, if Apple is found to be leveraging this protocol anti-competitively, they're in trouble. And beyond that, Apple is a highly litigious company with great lawyers and extremely deep pockets and large incentives to defend their ownership of the messaging market. That they've been this slow to sue Beeper probably signals enough on its own that there's probably no field day to be had.
This reads like a Gish gallop with a bunch of weak arguments that border fantasy.
There is no “Apple in trouble” when it comes to iMessage and there are no signals.
I don’t know where you get this from but I suggest seeking better sources on understanding legal standards and ramifications.
0: https://law.resource.org/pub/us/case/reporter/F3/320/320.F3d...