[stuartjohnson12]

> unless we’re talking about Beeper being the defendant

Yes that's the point, Beeper are probably hoping Apple sues them for the reasons you describe.

> criminal liability by violating the CFAA and committing computer trespass

This is pretty tenuous. They do have proper authorization because the keys in question are valid iMessage keys and they are being used by the same individuals those iMessage keys are allocated to. They're not trying to commit any further crime post-access.

> violating the the OS license agreement and ToS [...] (yes that supersedes DMCA exception)

Does it? This seems like a pretty textbook case of reverse engineering for interoperability.

> reselling Apple’s IP for $2/mo

Probably the case they're hoping for a lawsuit on - the degree to which Apple has legitimate claim to control use of the iMessage protocol given their market presence. In the process of the lawsuit, if Apple is found to be leveraging this protocol anti-competitively, they're in trouble.

And beyond that, Apple is a highly litigious company with great lawyers and extremely deep pockets and large incentives to defend their ownership of the messaging market.

That they've been this slow to sue Beeper probably signals enough on its own that there's probably no field day to be had.

[nicce]

> Does it? This seems like a pretty textbook case of reverse engineering for interoperability.

The problem is that everything works through Apples private services, even if there is no DMCA things in the app. On top of that they are making business with that. Quite unfair use.

What if I use Amazon’s private APIs for running my cloud. Even share it to others and charge even money from it?

[stuartjohnson12]

Seems legitimate to me.

There's no reasonable case for trespass under the CCFA as proper credentials are being used and there's no intent to use that access to commit further crime.

You can't infringe on intellectual property of a server by making requests to it, that doesn't make sense. Any case there would be access violations under the CCFA which are already covered above.

The only real claim would be the intellectual property of the client app in the way that it forms requests and accepts responses which this system is undoubtedly based on the reverse engineering of. The only problem with that argument is that the DMCA includes a specific exemption for interoperability as fair use.

Note that simply building a new client app doesn't necessarily constitute fair use, but in this case the client app extends to a platform that is otherwise not supported. Seems a pretty obvious case for interoperability in my eyes.

"Fair" or "unfair", what is the crime? Your intuition pump doesn't include enough details to be useful, I don't understand it.

[nicce]

> "Fair" or "unfair", what is the crime? Your intuition pump doesn't include enough details to be useful, I don't understand it.

Beeper does not talk only to Apple devices but also to other Beeper clients. There is no authorization by Apple to use their backends, and they are not sharing any revenue from their business, while Apple funds all the million messages.

CCFA covers the value gain, should be less than 5000 in one year, what I doubt is happening here.

I am not even sure if they are authorized in any point, because they violate ToS. Technically they fake authorization by preventing to be something other than they are, and not authorized by the terms and conditions.

[AnthonyMouse]

> while Apple funds all the million messages.

A text message is, on the high side, 1000 bytes, so a million messages is <1GB. For reference paying $0.09/GB for bandwidth is considered a high price.

This is not a number which is literally zero, but it's a number which rounds to zero.

[turquoisevar]

> They do have proper authorization because the keys in question are valid iMessage keys and they are being used by the same individuals those iMessage keys are allocated to. They're not trying to commit any further crime post-access.

Authorization in the legal sense of the CFAA is permission, plain and simple.

The ToS and EULA explicitly only allow using the iMessage service on Apple hardware, so any other form without explicit permission by Apple is unauthorized.

Spoofing device credentials to fool the server and gain an authentication blob definitely doesn’t fall under authorized access.

But even with legitimately attained credentials you can still be in violation. Ex employees of a corporation, finding a device with credentials on it, etc.

Whether they commit any further crime or not is irrelevant for criminal liability.

> Does it? This seems like a pretty textbook case of reverse engineering for interoperability.

The DMCA exception only applies to interoperability for legally acquired (e.g., licensed) software.

But it doesn’t really matter but because ToS and license clauses that explicitly prohibit it overrule it, see Bowers v. Baystate Technologies, 320 F.3d 1317 (Fed. Cir. 2003)[0]

> Probably the case they're hoping for a lawsuit on - the degree to which Apple has legitimate claim to control use of the iMessage protocol given their market presence. In the process of the lawsuit, if Apple is found to be leveraging this protocol anti-competitively, they're in trouble. And beyond that, Apple is a highly litigious company with great lawyers and extremely deep pockets and large incentives to defend their ownership of the messaging market. That they've been this slow to sue Beeper probably signals enough on its own that there's probably no field day to be had.

This reads like a Gish gallop with a bunch of weak arguments that border fantasy.

There is no “Apple in trouble” when it comes to iMessage and there are no signals.

I don’t know where you get this from but I suggest seeking better sources on understanding legal standards and ramifications.

0: https://law.resource.org/pub/us/case/reporter/F3/320/320.F3d...

[singron]

This case is probably relevant: https://en.m.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn

In that case, breaking the ToS superceded the fact they were merely accessing public information.

The other question is whether Beeper is violating terms of service or their users are. I'm guessing Beeper is not and they instead need to be implicated for some kind of tortious interference. I would love if Apple individually started suing their own customers though.

[turquoisevar]

Not sure why you think HiQ Labs v. LinkedIn is relevant here?

The facts of that case are not analogous to the matter at hand.

hiQ Labs v. LinkedIn primarily deals with scraping publicly available data and the definition of "exceeds authorized access" in the CFAA. And to a lesser degree selectively banning competitors. ToS violation was a generic argument and not the contentious part.

Meanwhile Bowers v. Baystate Technologies, Inc. is current standing law on reverse engineering clauses in ToS and EULAs, while the matter at hand has nothing to do with publicly accessible data, no exceeding of authorized access and no data scraping.

> The other question is whether Beeper is violating terms of service or their users are.

That would be Beeper, no question about it. They had to agree to the OS license agreement that prohibits reverse engineering and the ToS for Apple Media Services that also prohibit reverse engineering, before they could get to the parts that needed the reverse engineering they did.

The users didn’t do any reverse engineering, although they would be in violation of the terms that state iMessage (and other Apple services and software) is only licensed to be used on Apple devices. But that’s small fry in comparison to reverse engineering, repackaging and reselling Apple’s service without a license to do so.

> I'm guessing Beeper is not and they instead need to be implicated for some kind of tortious interference.

Tortious interference has more to do with affecting a relationship you’re not a party to. This is more of an intentional tort, like conversion, although in this instance that would be more of a “side-dish” claim.

After all why go through that trouble and prove damages when you’ve got more suitable options with statutory damages.

[alright2565]

> Bowers v. Baystate Technologies, Inc

This case involves a company reverse-engineering another company's software in order to make a clone product.

Do you think a case about reverse-engineering for the purpose of interoperability might have a different outcome?

[stuartjohnson12]

That's the thing. None of this is remotely settled, the legal system is still figuring out what the book says. Various courts at various levels have affirmed and vacated all sorts of decisions. The amount of people overconfidently declaring this is an open book shut book case are living in cloud cuckoo land.

I sure as hell don't know how this will play out, and neither can anyone with any massive degree of certainty. Hacker News opinion-passive-aggressively-stated-as-fact syndrome strikes again.

[Frivolous9421]

>CFAA violation for logging into your own iMessage account and using the service

Not fucking likely

[mikeryan]

Your premise seems to be that they want Apple to sue them?

That point is moot now.