A game of cat and mouse: The iPhone, Steve Jobs and an army of blind hackers

Jobs says he intends to fight off the independent iPhone developers. The question is: How will Apple try to defeat the hackers: software updates or lawsuits?

Chris Soghoian
Christopher Soghoian delves into the areas of security, privacy, technology policy and cyber-law. He is a student fellow at Harvard University's Berkman Center for Internet and Society , and is a PhD candidate at Indiana University's School of Informatics. His academic work and contact information can be found by visiting www.dubfire.net/chris/.
Chris Soghoian
6 min read

With Steve Jobs' recent announcement of his intention to fight off the independent iPhone developers, the question that must be asked is how will Apple try to defeat the hackers: Frequent and disruptive software updates, or lawsuits? Will Apple risk losing its most frequently (ab)used legal tool, the Digital Millennium Copyright Act, to try to punish the developers of the iPhone unlocking tools?

The wait is over. After being teased over the past few weeks with rumors that Apple would turn a blind eye to iPhone hacking or *gasp* even encourage it, the news is in and it ain't good for the hackers.

At the official U.K. launch of the iPhone Tuesday, CEO Steve Jobs made it clear that Apple will fight attempts to use the popular device on unauthorized networks. "It's a cat-and-mouse game," said Jobs. "We try to stay ahead. People will try to break in, and it's our job to stop them breaking in."

anySIM iPhone unlocker iPhone Dev Team/Hackintosh

For the loose-knit community of iPhone developers, the last few months have been an around-the-clock hacking session. As a result, programmers have released a plethora of applications. Some, including an instant-messaging tool, a general purpose application installer and even a Nintendo game emulator, can be seen simply as developers releasing applications that Apple just didn't get around to writing itself. Other hacks, such as the much hyped iPhone Dev Team's anySIM unlocking tool, or the numerous free-ringtone tutorials that have been floating around the Net, can be more accurately described as a developer-lead attack upon Apple's revenue streams.

Apple has sunk a significant amount of developer time and marketing dollars into creating a product so drool-worthy that fans spent days queuing outside stores around the nation. Because of the significant hype surrounding the device, and the millions of customers who would flock to whichever wireless carrier with whom Apple signed an exclusive distribution deal, Jobs and his negotiation team were able to extract highly favorable, if not downright obscene amounts of money from the wireless carriers. While AT&T agreed to give Apple up to $11 per month for new customers who came to the carrier due to an iPhone purchase, some media reports are suggesting that Jobs was able to extract 40 percent of the monthly subscription fees that U.K. network O2 is charging its customers.

O2 is charging customers between $70 and $110 for its different monthly iPhone plans. With an 18-month contract, Apple is looking at between $500 to $800 in revenue share per customer. While the approximately $250 that AT&T will give Apple for a new customer over the lifetime of a 2-year contract is rather paltry in comparison, it still provides enough of a financial incentive for Apple to do all that it possibly can to lock the devices down, and keep hackers from unlocking the platform. Furthermore, if keeping open-source tinkerers away from the guts of the iPhone can also protect Apple's new, but potentially hugely profitable venture into the mobile phone ringtone market (99 cents per ringtone for each song already purchased), even better for Mr. Jobs and his stockholders.

Now that Jobs has declared war on the iPhone hackers, the only question that remains is the approach that Apple will take: software updates that'll break the iPhone hacks, or lawsuits against the trouble-making developers. To answer this question, we to look to the law and, most importantly, the Digital Millennium Copyright Act.

The most powerful weapon in Apple's legal arsenal is the Digital Millennium Copyright Act (DMCA). This law, much hated by open-source developers and much loved by copyright holders and mega corporations, was passed by a unanimous vote in the U.S. Senate before being signed into law by President Bill Clinton in 1998.

DRM protest outside Apple store Quinn Norton

The DMCA is fairly complicated, but there are two main parts that seriously threaten researchers, hackers and hobbyists. First, the law makes it a crime to circumvent the technological locks that control access to copyrighted works. Second, the law makes it a crime for anyone to "traffic" or share such circumvention tools. That is, it's a crime to break the encryption protecting a copyrighted work, and it's an additional crime to share the software that breaks the encryption with anyone else.

While the law was originally intended to protect music and movie owners who were scared of infringement in the Digital Age, it has been used to try to block the sale of third-party printer cartridges, universal garage door openers, and even Web sites that publish leaked copies of scanned fliers for post-Thanksgiving "black Friday" sales. A few years ago, a number of prepaid mobile phone companies started using the DMCA to go after people who were buying their subsidized phones, stripping off the software and re-selling them to others.

When it passed the DMCA, Congress empowered the Librarian of Congress to issue exemptions to the anti-circumvention provision of the law. This power is intended to protect the public from access-control technologies that substantially interfere with their right to make non-infringing uses of copyrighted works. Current exemptions include the right for users to hack restrictive e-book digital rights management technology to allow for inter-operation with screen-readers and other helpful technologies used by blind and disabled people.

In 2006, Stanford professor (and now EFF cyber-lawyer) Jennifer Granick petitioned the Librarian of Congress to permit mobile phone customers to hack their own phones. Citing a need to reduce environmental waste due to prematurely disposed locked phones, and the needs of business travelers to be able to communicate around the world without carrying a phone for each country, the Copyright Office agreed with Granick, and granted mobile phone customers an exemption to the anti-circumvention rule.

That should be the end of it, right? An exception to the anti-circumvention rule exists for mobile-phone inter-network interoperability, and thus Apple should have no DMCA-related leg to stand on. The problem lies in the fact that the DMCA has two nasty provisions: the anti-circumvention rule and the anti-trafficking rule. As crazy as it may sound, while it's perfectly legal for a blind programmer to reverse engineer Adobe's e-book technology, it's illegal for her to share it with another, perhaps less technically savvy blind friend. As far as the law is currently concerned, if you don't have the technical skills to reverse engineer, you're not permitted to free your e-books or your mobile phone.

Unless this legal snafu is some kind of incentive-via-necessity based plan to turn every blind American into a reverse-engineering uber-hacker, the law is clearly broken. It is most likely an unfortunate oversight on the part of the 100 senators who unanimously voted for the DMCA, perhaps without fully understanding how it would be used in the future. Thus, we now find ourselves in a situation where it is perfectly legal to hack your own iPhone, but most probably illegal to share software with others that will automate the process.

With the DMCA most likely on Apple's side, Steve Jobs and his band of merry lawyers should have already filed a number of lawsuits against the iPhone Dev Team for its anySIM unlocking tool. Given the noticeable absence of lawsuits, one has to ask: Why hasn't Apple sued?

Apple likes the DMCA, a lot. Were there some sort of DMCA frequent-flier mile scheme, Steve Jobs would have earned himself at least a few free flights to Tahiti. While Apple is on solid legal ground when it goes after programmers for reverse engineering the Mac OS to run on cheap Dell PCs, any sort of DMCA action against the iPhone Dev Team would be far more problematic. Despite the fact that the Librarian of Congress does not have the power to create exemptions to the anti-trafficking provision of the DMCA, Congress clearly did not intend to create this artificial barrier between those with programming skills and those without. Quite simply, the law is broken. If Apple begins filing DMCA iPhone lawsuits, it could soon find itself in the unpleasant position where the courts--or worse, Congress--end up re-evaluating the merit and legality of the DMCA.

My suspicion is that Apple will not want to risk losing the golden egg-laying DMCA goose, and thus, will stick to frequent software updates for the iPhone that break community written applications. Why sue when you can patch?