Even the most cursory scan of this website would reveal that I am a tech gadget junkie. Given this, one could correctly deduce that I followed the launch of the Apple iPhone closely. At first, I deemed it too dollar rich, and feature poor to buy. But then 2 things changed almost simultaneously: 3rd party developers added much of the functionality I required, and Apple significantly dropped the price. I purchased a 4Gig iPhone, and immediately installed several 3rd party applications. I want clearly re-iterate that the availability of the 3rd party applications was very much a factor in my purchasing decision. Within days, Apple released an update that would, if I installed it, delete the 3rd party applications, personal data saved in and with those applications, as well as other personal data I put on the phone. Further more, the update does not support the re-installation of the 3rd party apps and/or some of my personal data – backup or not.
Many iPhone owners,
including myself, are
angry about the manner in which Apple is handling the situation,
including
some
of the combative, comments made by Apple representatives. On the
other
hand, many folks see the situation from Apple's point of view. They
hold that Apple is under no obligation to support a device that
has been “hacked” by third parties, except perhaps
to close the holes that permitted the hacks. Apple has stated
that the installation of native 3rd party
applications
is not
supported on the iPhone.
Given
the above, along with
years of
experience with mobile devices, I will attempt here to provide some
insight into the situation, and then delve into a "case study" of a
hypothetical lawsuit against Apple.
Establishment of Fact of the (hypothetical) Case:
What is presented below is what I think may be established as fact in a hypothetical lawsuit or other legal action.
The Apple iPhone is a computer.
It contains a microprocessor, RAM, Storage, I/O components, etc. In short, all of the components that have for many years defined “computer”.
It is much more than just a phone, or an iPod, or even the combination of them both. It is also certainly a fact that “lesser” phones, and iPod's have microprocessors, RAM, storage, etc., but are not computers in the same sense. The sophistication of these components in the iPhone, and the uses to which they are put (i.e. Running a full web browser) distinguish the iPhone from previous iPod's, and lesser mobile phones.
Firmware 1.0.2 has been proven to have features of full computer OS's that other, lesser mobile devices lack. These include a full UNIX filesystem, as well as concepts such as user accounts, specifically an administrative user account known as “root”. While due to Apple's actions, it cannot be proven at this time, firmware 1.1.1 likely has all these features too.
Apple Technical Specifications state that the iPhone operating system is OS X. OS X is also the operating system used on Desktop and Laptop Macintosh Computers. Note the language: Apple Technical Specifications do not say it runs a reduced version of OS X, or a OS based on OS X. They simply state it runs OS X.
Other mobile phones with similar functionality, and in a similar price range (“SmartPhones”) are commonly thought of as mobile computing devices. A recent advertising campaign by a popular mobile phone vendor includes the slogan “It's What Computers Have Become”. The product in question is a direct competitor of the iPhone (Note that the referenced advertising campaign pre-dates the iPhone release.)
The iPhone is not fundamentally different than other “Feature Phones” or “SmartPhones”
Other mobile phones that are similar in both functionality, and price, allow the installation of native applications, and allow developers access to system resources, including, in some cases, a command line interface. AT&T allows these phones on it's network, and even markets some of them. Examples include phones made by HTC, Motorola, and Nokia. OS's Include Linux, Symbian, and Windows Mobile.
The Firmware 1.1.1 update behaves fundamentally differently than similiar updates have in the past.
If an update for Apple's Desktop or Laptop computers did the same thing as the iPhone FW 1.1.1 update did, there would be wide spread outrage, and legal action would be a certainty.
In the mobile phone/handheld device world, the “rules” do seem to be different. Firmware updates typically DO erase all applications, and often also erase all personal data. This is true for most mobile phones (that support firmware updates), as well as mobile devices such as the Nokia Internet Tablets.
Additionally, in some cases, Compatibility with some or all existing applications is broken by such an update. Again this happened on at least 1 occurrence with the Nokia Internet Tablets. However, in these cases, information that developers needed to be able to make appropriate changes to applications was provided. Most applications were quickly updated by the developers to work with the new firmwares.
Programmers on nearly every computing platform known have, at least to some extent, written programs that do not strictly follow the OS vendor's programming guidelines.
Use of “hacks”, such as but not limited to, un-documented API's, or using API's in a way other than the OS vendor initially intended is fairly common.
Other techniques such as replacing or circumventing a OS vendor's driver, or “Talking directly to the hardware” or “Accessing the raw device” are also common methods 3rd party developers use when a OS lacks a convenient method of doing what the developer is trying to achieve.
In many cases, the OS vendor provides a “recommended”, or “official” development suite. Abandoning this completely is also quite common. Developers may choose a completely different development environment, or even choose a completely different programming language.
Applications written using such programming techniques are often broken by updates to the underlying OS, thus rendering existing programs that use the particular “trick” or “hack” unusable. Programmers must then update their software.
In no prior case that I can recall has such an effect been done purposely, or has the underling software vendor been so combative to the 3rd party developers.
System updates do not typically change the root password.
Root access typically is associated with ownership. When the computer is not owned by an individual, the root user of a computing resource acts as an agent of the owner of that computing resource. If a person or persons other that the owner of a computing resource surreptitiously gains access to the root account, the computer is termed (in the hacker slang) as “owned” indicating possession of the computing resources by the perpetrator.
In the case of a full system re-loading, the root password is, obviously, destroyed. The system or updater typically prompts the user for the root password before the installation completes.
It is currently unknown if the 1.1.1 Firmware has changed the iPhone's root password. The user is not prompted for a root password, and they are not informed of any change to the root password.
The iPhone is sold over the counter at Apple Stores.
While in many cases, an contract with a Wireless service provider serves as some of the payment for the mobile phone, and thus it could be held that full transfer of ownership of the mobile device does not occur until the completion of the contract, the iPhone is not sold in this manner.
No contract is signed or agreed to at the time of the iPhone sale. It is implied, as typical in any such sale, that full ownership of the device is transfered to the buyer at the time of sale.
The box clearly states "Minimum new two-year wireless service plan with AT&T required to activate all iPhone features, including iPod features." While the meaning of this sentence may be interpreted more than one way (particularly the context of the word "all".), no interpretation of this sentence or any other writing on the box states or implies that some or any part of ownership of the hardware device is retained until the termination of the 2 year contract.
Buyers who purchase an iPhone in the above manner, but do not choose to enter into an agreement with AT&T have no obligation to AT&T what so ever.
Individual iPhone purchasers have no obligation to assist Apple or AT&T in upholding those 2 companies' mutual agreements what ever those agreements may be.
Federal law specifically states that unlocking a phone to allow legal use on other carriers is allowed.
Even if a mobile device user is bound by a contract with AT&T, that contract does not prevent him from entering into an additional with another wireless service provider for example when traveling abroad.
State laws require product manufactures to warrant their products against defects in materials or workmanship.
While full ownership of the product does transfer to the purchaser at the time of sale, obligation on the part of the manufacture to provide warranty against defects does continue for some time after the sale (although this time, and the manufactures obligations may vary from state to state.)
In the case of software, some leeway has typically been given to manufactures. A implied promise that software bugs (defects) will be fixed with updates has typically been allowed in lew of of the legal obligations with respect to software defects.
The exact requirements of the manufactures to provide such updates has never been tested in court.
The concept of installing software, or performing a change to system software amounting to “misuse” of the device has never been tested in court.
There have been several cases where a PC that was sold with Windows on it, and then had an alternative OS (such as Linux) installed was refused warranty service for a hardware defect. In each case that I am aware of, when pressed, the manufacture or vendor has quickly reversed their decision, and agreed to provide the warranty service.
OK, so how do these hypothetical "facts" play out in the case of the iPhone 1.1.1 firmware update.
Defining the iPhone as a computer is significant in the light of both consumer expectations, and of various laws. It is very unlikely that I am going to substantiate a claim that I am significantly effected if someone deletes user data on my Nokia 3300 – a cool, but very limited second generation (2G) mobile phone. The iPhone, on the other hand, is capable of storing up to 8Gig of data. The potential damage from the loss of 8Gig's of data, (or loss of access to that data) as well as the more sophisticated applications available on such a device may be much easier to substantiate. Clearly such action would not be tolerated (legally or otherwise) on a full desktop PC. If we apply the same standards to the iPhone, Apple's behavior clearly would subject it to significant legal action.
Apple has justified their closed platform argument, and their awkward and unconventional activation scheme by claiming that the iPhone is “revolutionary”, and/or fundamentally different than other devices. While the iPhone is very cool, and its “eye candy” graphics are a step beyond what other manufactures have done, I feel that the claims that the iPhone is somehow fundamentally different are false. Additionally Apple has stated that an errant 3rd party application running on the iPhone could cause problems on AT&T's network. This leads to the obvious question of why such apps are allowed on other phones and why they do not seem to cause problems. Also, from a technical point of view, it is fairly unlikely that a 3rd party application would fail in such a manner as to cause problems on the network. What is more likely to cause problems on the network is errant alteration of the Baseband (BB) processor code. By locking the phone, Apple (and AT&T) are driving the need for3 rd parties to make alterations to the Baseband code in an attempt to unlock the phone. If the phone were shipped unlocked, most of the incentive to go messing around in the Baseband code would be removed.Apple is using these false claims to justify their unconventional actions. Apple has also used the “AT&T is making us do this” line. Given that AT&T allows other, relatively open, SmartPhones on their network indicates that this is also false. (Although we cannot be sure if the false statements originate from withing Apple, or AT&T.)
The fact that there seem to be 2 standards for the expected behavior of updates - one for “PC's”, and a different one for small mobile devices - certainly helps Apple's side of the argument. However, as the mobile device gets more sophisticated, and acts more like a PC, the customer is justified in expecting that the updates act more like those on a PC – i.e. Not destroying data or significantly altering functionality, even if some of that functionality comes from 3rd party developers
Apple's side goes something like this – All 3rd party apps on the iPhone were installed by a hack, and thus we can close this security hole, and not allow native app installation. While I see this side of the argument, and I certainly want Apple to fix security holes when they are discovered, simply deleting the Apps, and not providing assistance in making them work through a legitimate method is a huge diversion from the way manufactures typically handle this situation. If Microsoft simply deleted any app that used an undocumented API, or some similar “trick” they would make have a lot of unhappy customers and developers (just like Apple has done). Both Microsoft and Apple would likely break not only a lot of their own applications, but would likely break their respective OS's too. I would very much like to see the courts look at exactly what OS vendors' obligations are in this respect. I believe however that Apple, Microsoft and others would not. I think in this case, and others as we will see later, Apple is opening a can of worms here that the entire industry does not want to have opened.
This ties directly back into (1.), and whether or not the update behaves in line with customer expectation, and whether or not the update is behaving nefariously. The default root password Apple set for the Version 1.0.2 firmware is commonly known, and easily found on the 'net. iPhone power users that have obtained access to the iPhone's filesystem can easily change the default root password using standard UNIX commands. This is much the same as is the case with other products such as Internet routers, and of course, PC's. On the desktop, anything that behaved in such a manner (changing the root password, and not allowing the user to know or change it to something that is known) would unquestionably be considered hostile software. In every sense of the computer slang, people that install the 1.1.1 update have been "rooted", "owned", or "pwned" (Google for the explanation of the hacker slang). To what legal extent is Apple taking control of someone else's property? The counter argument is that if Apple never intended the root password to be known, why are they obligated to not change it, or inform the consumer of it if they do change it? Individuals, through their own work, learned of the password, and proceeded to use it to allow them to store their personal data and applications on their personal device. By changing it Apple has denided them access to their personal data on their personal device. What law says that any method of putting data on a device not envisioned by the manufacture at the time of manufacture may be arbitrarily destroyed? I would reason that many large computer systems in use today, including mission critical systems around the world, use some sort of method or technique of data input, storage, or retrieval that was not known to the manufacture at the time of manufacture of the physical hardware, or known to the author of the original Operating System. The consequences of now destroying or preventing access to that data would likely be catastrophic. Once the cat is out of the bag, you cannot try to stuff it back in.
I have
read many posts with statements like “It's Apple's product
– they can do what ever they want”. From a Legal
point of view, the physical device is no longer Apple's in any way
shape
or form post purchase. Additionally, license to use the
software on it is granted to me at the time of sale. There owner
is also free to add additional software and data, as well as delete
some or all data on the particular device he/she purchased. The
only thing the user cannot do, is re-distribute some
of the programs and data on the device. (Some of the code on the
iPhone is open source, and anyone, iPhone user or not, actuall could legally redistribute it, but that is only a note of trivia.) Further
more, there is no contract agreed to or any agreement to enter into a
contract in the future with AT&T at the time of sale. The
sentence "Minimum new
two-year wireless service plan with AT&T required to activate
all iPhone features, including iPod features." does appear
on the box, but this could not possibly legally bind the buyer to do
anything. Let's look at this sentence for just a moment
longer. First, what exactly is meant by
"all"?
Does it mean that some, but not all
features will work
without activation? Or does it mean that no features
will
work without activation. While I could be convinced, in fact
now am convinced, that the latter is what is intended, but I
originally interpreted it
the 1st way. Also, it is very important to note that as a
technical statement, and given the facts as they stand today, the
sentence is true taken the 1st way,
but false
taken the second way. 3rd party "unofficial"
activation
schemes do allow most, but not all features to work.
(Example: no
unofficial activation/unlocking method I know of allows
the Visual Voice Mail feature to work.) Additionally, some
features do
work without any sort of activation, such as using the device solely as
a way to make an emergency call. Even if we interpret that
sentence more legally, and less technically, it still does not
constitute any sort of agreement with AT&T upon purchase of the
device, or the withholding of any portion of ownership.
Additionally, the consumer is under no obligation what so ever to
assist either party in upholding their contractual commitments to one
another, what ever those secret agreements are.
On
this note, I further put forth that those agreements are already null
and void. Apple has even stated that these secret agreements
obligate Apple to keep the iPhone a closed and locked
system. I am going to further put forth that the contract,
at least this portion of it, must basically state 1 of 2 things.
Either it describes some level of effort that Apple must put forth in order to combat attempts to open/unlock the iPhone, or It states that Apple must constantly ensure
that the iPhone is not hacked. Any actual legal wording must
basically boil down to one of the those 2. I'll discuss the
second first, since it is the easiest to prove null and void.
Since it is impossible (as has been proven by the existing hacks), it is not legally
binding. It's like if the school bully tells you that you must
pay him $5 or fly to the moon. The fact that you fail to fly to
the moon does not legally obligate you to pay the school bully even if
you were daft enough to agree to the contract because the contract
requires you to do something impossible. The other (first)
possibility is more likely. The early firmwares have been
100% full cracked in only a few weeks. Both the Baseband and
Application Processor firmwares have been fully examined, and modified.
Encryption keys, the root password, and other details too
numerous to mention can be found all over the 'net. A more
thorough violation of the devices security features is unfathomable.
Apple then attempted to re-lock and re-close the device via
firmware 1.1.1. As this article suggest they have done everything
they possibly can right up to the line of legality, and possibly past
it. However, even as I am writing this, an exploitable bug in the 1.1.1
firmware has been discovered. What is significant about this is
that the vulnerability is not only old, but from what I have read,
is the very same bug that was
used to crack one of the early Play Station Portable (PSP) firmwares.
Given both the age of the hack, and the fact that it was already
used to open a somewhat similar portable device, Apple's failure to
close this hole must bring up some questions about their level of
effort. Given the 2 breaches, it could be argued that Apple has
failed to live up to the relevant portion of the agreement. Apple
should admit breach of contract, settle with AT&T, and
release a new firmware with support and development tools for 3rd
party applications. Given the history of the successful attacks
on the PSP firmware, it is not worth Apple's time, money, personnel,
and public image to continue the fight. The iPhone should
be sold unlocked world wide at Apple Stores and Retailers. Apple
can then concentrate on "Insanely Great" products instead of an insane
cat and mouse game.
Same sort of reasoning here. I have never heard of a system update locking a phone. In many cases installing the “factory fresh” firmware can unlock/unbrand your phone. I have also never heard of an unlocked phone being sent in for service, and coming back locked. In fact, the opposite is sometimes true. If under any circumstances Apple prevents me from exercising my legal rights are they not acting illegally? (Perhaps a legal professional could supply an appropriate reference here.) I feel pretty sure I know what the outcome of this would be if it ever did go to court, we (consumers, and legal professionals) just need to find exactly the right words to get it there.
This is exactly the opposite of the “It's Apples device" argument. Critics of this part say that Apple is under no obligation to provide any updates at all. After all, even if the consumer chooses not to install any updates, the device still works as it did at the time the consumer agreed to purchase it. Sorry, wrong again. Apple is obligated to warrant the device to be free of defects for some period of time after the purchase. Such warranties are not only a legal agreement entered into at the time of sale, but are also backed (and sometimes expanded upon) by various laws. Companies are typically very good about providing software updates, often even after the warranty period has long since passed. You may want to ask yourself why? Just because they are good natured profit-shunning angels? No! I put forth that it is solely to stave off the application of such laws and warranties to software. If Apple (or anyone else) starts "Playing" with these leniencies, there may be some fallout that no software company wants. I hereby call on other major players in this industry to have a little sit-down with our mutual friend, Mr. Jobs. You'll be doing all us iPhone buys a service, but don't look at it that way. Look at it from the point of view of those legal terms like "free from defects" applying to the software you put out.
Unquestionably changing, deleting, replacing, etc. the software on the physical device I legally own is also my right. If Apple is implying that by changing the software on the device, I waive my rights to the presence and integrity of personal data, again, Apple is taking the entire industry someplace it probably does not want to go. In the cases of refusal of service based on changing the OS (in whole or in part), most companies seem to have been smart enough not to peruse this. Being a Linux user, this is something I would very much like to see a court look at, but Apple and the rest of the industry probably would not.