[MBCook]

> The CFAA prohibits intentionally accessing a computer without authorization or in excess of authorization, but fails to define what “without authorization” means.

- From the National Association of Criminal Defense Lawyers

Other way around. If anything, it sounds to me like Beeper Mini was acting illegally by accessing Apple’s servers in a way they didn’t give permission for.

The CFAA is ripe for abuse. I’m not saying applying it here would be just or not, only that Apple likely wasn’t the one acting illegally.

[goodluckchuck]

I think that’s certainly an argument that Apple would make. However, it seems that this app was simply sending requests and receiving responses that there was no code injection or compromise of Apple servers, or of credentials, or anything of that sort.

[chmod775]

Yes, they didn't violate the law as you think it ought to be written.

They may very well have violated the law as it is actually written.

[simondotau]

It's also entirely possible that no law has been violated by anyone at all. What Beeper Mini did is probably not illegal. What Apple did in response is probably not illegal.

[ntqvm]

Not particularly relevant due to lawsuits involving game cheating, where the circumstances are very similar.

Beeper is lucky they weren't sued under the DMCA anti-circumvention clause, as they clearly were bypassing the technological measures Apple uses to prevent genuine devices from connecting to iMessage & Apple services.

[tadfisher]

The DMCA protects copyright, not APIs. If iMessage was a DVD then this would be a point.

[MBCook]

I wonder if any of the encryption stuff Apple uses would give them an argument, like convincing their system to generate keys.

I think you’re likely right though. If they had such a claim I think their lawyers would have been on it instantly.

That’s why I mentioned the CFAA. Accessing servers without someone’s permission is the exact kind of thing people have gotten very stiff punishments for under the CFAA in the past. It’s basically the main reason I know the law exists, stories about peoples ridiculous punishments for relatively benign things.

Sure it’s useful for real things. I bet you can prosecute ransom under it. Or hacking to break into a rival company.

But it’s also great for when someone embarrasses a politician with stuff that they published on their own website and “something has to be done”.

[bee_rider]

Wouldn’t it be the users, rather than Beeper Mini, that are doing the accessing?

[dwaite]

Beeper mini includes a hosted service to receive APNS notifications (meant for Apple software)

So I would summarize it as the corporate entity connecting to an Apple API and using it in undocumented ways that they reverse engineered, intercepting messages meant only for Apple software, doing so without prior permission, for purpose to selling access to services which would normally be covered by an Apple EULA.

It is not quite like a smaller word processor wanting to be able to import Word documents - without tying into Apple's service, Beeper Mini has zero value.