Apple Used the DMCA to Take Down a Tweet Containing an iPhone Encryption Key

Security researchers are accusing Apple of abusing the Digital Millennium Copyright Act (DMCA) to take down a viral tweet and several Reddit posts that discuss techniques and tools to hack iPhones. Lorenzo Franceschi-Bicchierai, reporting for Vice: On Sunday, a security researcher who focuses on iOS and goes by the name Siguza posted a tweet containing what appears to be an encryption key that could be used to reverse engineer the Secure Enclave Processor, the part of the iPhone that handles data encryption and stores other sensitive data. Two days later, a law firm that has worked for Apple in the past sent a DMCA Takedown Notice to Twitter, asking for the tweet to be removed. The company complied, and the tweet became unavailable until today, when it reappeared. In a tweet, Siguza said that the DMCA claim was "retracted." Apple confirmed that it sent the original DMCA takedown request, and later asked Twitter to put the Tweet back online.

At the same time, Reddit received several DMCA takedown requests for posts on r/jailbreak, a popular subreddit where iPhone security researchers and hackers discuss techniques to jailbreak Apple devices, according to the subreddit's moderators. "Admins have not reached out to us in regards to these removals. We have no idea who is submitting these copyright claims," one moderator wrote.

How is that a misuse?

[SuperKendall]

Seems like that's a pretty good use of a takedown request actually, to take something down that is truly proprietary and by rights belongs to Apple exclusively.

Re:How is that a misuse?

[Mashiki]

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 - also something proprietary, but nobody gave a shit a decade ago.

Re:

[suso]

This one too: 62 69 74 2e 6c 79 2f 32 48 48 43 5a 67 55

Re:

[DarkRookie2]

I SO want to click on that now.

Re:

[DontBeAMoran]

+Liked on YouTube, must see.

Re:

[ElectronicSpider]

But... they did file a DMCA for that one too.

Re:How is that a misuse?

[Rockoon]

Because calling the sharing of the key "copyright abuse" is fraud.

Re:

[The New Guy 2.0]

DMCA isn't pure copyright... there's a "Thou shall not break encryption!" complex too there...

Re:

[DarkVader]

There's a Library of Congress exemption for jailbreaking.

https://www.copyright.gov/1201... [copyright.gov]

Re:

[magusxxx]

Sure is, if Apple can prove it. Which so far they haven't. Especially when it comes to Reddit posts which discuss tweaks and not the jailbreak itself.

Re:How is that a misuse?

[ewhac]

The DMCA is actually several pieces of legislation. The part that allows take-downs may only be used to take down infringements of copyrighted works. The encryption key in question is not copyrighted by Apple, nor can it be copyrighted, as it contains no creative expression (it's purely functional). So use of DMCA takedown is inappropriate here.

The other part of the DMCA is the anti-circumvention provisions. To exercise those privileges, you need to get a restraining order from a court.

Re:

[0xdeadbeef]

Yet more evidence that there is nothing on this planet more servile than an Apple fanboy (except perhaps Lindsey Graham).

You're as old as I am, surely you remember how well it went last time someone tried to own a number [cmu.edu].

Re:

[Anonymous Coward]

to take something down that is truly proprietary and by rights belongs to Apple exclusively.

Except isn't that the opposite of what they did?

The key is for iPhones. The data it protects belongs to users (the people who bought the phone), not Apple. It's only as proprietary as the users decide it should be. It's their data, not Apple's. Not only did Apple not have exclusive rights, they have none. It's like if I locked your house.

Re:

[freeze128]

A court has ruled specifically on this: Intel vs. AMD. Intel Sued AMD because AMD was making cheaper CPU's that were compatible with the Intel ones. This is why cpu's were called 286, 386, 486, but the next was called Pentium. The court ruled that you cannot copyright a number.

Re: How is that a misuse?

[RabidTimmy]

I thought that was trademark and the USPTO rolled that you couldn't trademark a number.

Re:

[NoMoreACs]

Seems like that's a pretty good use of a takedown request actually, to take something down that is truly proprietary and by rights belongs to Apple exclusively.

Exactly.

Paging Streisand...

[thomn8r]

please pick up the white courtesy phone

Bad Apple. Bad.

[Chromal]

You can't copyright or trademark a number or math. A crypto key is both those things.

Re:Bad Apple. Bad.

[Chromal]

But Apple is more than free to file copyrights on their crypto keys. We expect the full keys to become a matter of accessible public information if they're submitted for such registration, which of course circumvents the whole point of a private key. But I assume all this flies far above the heads of most legal professionals.

Re:Bad Apple. Bad.

[iCEBaLM]

You can't copyright crypto keys, as there's no creative component and they are purely functional.

Re:

[DontBeAMoran]

Complete audio silence shouldn't be copyrighted, yet AFAIK there's a few silent audio tracks out there. The authors have successfully copyrighted particular lengths of zeroes.

Re:

[iCEBaLM]

Neither of those are random and would require some thought to produce and therefore I can see a possible argument for them being creative works.

Re:

[DontBeAMoran]

A sealed room would also produce the same audio tracks, I fail to see how any thought is required to produce them.

Re:

[Impy the Impiuos Imp]

People have tried to copyright all possible touch tone phone numbers, as music, just to make a mockery of this.

All 0s audio file is even stupider.

Re:

[NoMoreACs]

Neither of those are random and would require some thought to produce and therefore I can see a possible argument for them being creative works.

Encryption keys aren't random, either.

So, you write a music composition program. Once launched, with no human intervention, it can "compose" human-sounding music.

You wrote the code that created the output. Do you own the output, too? Wasn't it ultimately an expression of your creative process?

That's different than, say, Photoshop; where the fruits of the developers' "creative process" still ultimately doesn't produce any "art", no matter how long it sits there, running.

But since the program that produces th

Re:

[ACForever]

No you are wrong.

Re:

[chuckugly]

Makes the question of sampling a little more interesting.

Re:

[Chaset]

Not defending the silliness of copyrighting silence, but I read that the original "composition" was intended to be the "silence" as recorded in front of a live audience. That means it included the occasional muffled coughs, whispers, shuffling in seats, musicians turning pages, etc, so it's not quite all zeros.

It's sort of like a photograph of a typical street scene. The "creativity" is not in the creation of the scene, but in the "artist" choosing to capture that particular segment of reality. (quotes b

Re:

[rahvin112]

Crypto keys aren't just functional. They are just a number. You can't copyright or even trademark a pure numbers, they are specifically forbidden.

Re:

[drinkypoo]

But Apple is more than free to file copyrights on their crypto keys. We expect the full keys to become a matter of accessible public information if they're submitted for such registration,

Copyright is not a trademark. You have to file for trademark protection. You don't have to file for copyright, though it does make it easier to win copyright cases as you don't have to provide evidence that you created the work.

Re:

[WorBlux]

And you have to register to actually bring a copyright suit in federal court.

Not true, but that's not why

[Myria]

You can copyright a number. Super Mario Bros. 1 is a 81920-digit hex number.

What you can't do is copyright a number that has no creative value behind it - you can't copyright randomly generated data.

Re:

[DontBeAMoran]

Wait a minute... according to the usual American logic which is used in politics, it can't be both a number and math. Pick only one!

Changing Keys

[The New Guy 2.0]

Apple likely deactivated the code that was leaked while it was down, so now it's a dead issue and the post could go back up.

For posterity

[LenKagetsu]

iPhone11,8 17C5053a sepi 9f974f1788e615700fec73006cc2e6b 533b0c6c2b8cf653bdbd347bc18 97bdd66b11815f036e94c 951250c4dda916c00

Spaces added to avoid /.'s filters.

Re:

[alvinrod]

Even if they did come after this and every other post like it, someone would just upload an image to imgur or other sites of this really cool flag for an imaginary country that they came up with. What an awfully strange set of colored stripes.

Hell, there's even a particular cipher that you could feed this very post into that would magically spit out that same key. The horse is already out of the barn Apple. Trying to lock the doors now isn't going to do any good.

Re:For posterity

[93 Escort Wagon]

Also

EmergencyServices2,0 01189998819991197253

T-shirt time

[Malays Boweman]

Print the key out on T-shirts, coffee mugs, and on stickers for computer loving taggers. Lets see Apple try to redact that!

Those who don't remember the AACS incident

[xack]

Are doomed to repeat it. Back when Digg was relevent.

Im working on a book

[Malays Boweman]

It just happens to be titled 17C5053a sepi 9f974f1788e615700fec73006cc2e6b533 b0c6c2b8cf653bdbd347bc1897bdd66b 11815f036e94c951250c4dda916c00. One two, Apple don't sue!

Re:

[91degrees]

The question is, is that still illegal? Clearly you're not working on a book. You claim you are just as a means to get the number out there. On the other hand, your claim is a creative work in itself (albeit a brief one).

I wonder if something implicit is illegal though. For example, if I mention that :
17C5053a sepi 9f974f1788e615700fec73006cc2e6b533 b0c6c2b8cf653bdbd347bc1897bdd66b 11815f036e94c951250c4dda916bfe is not an encryption key, and;
17C5053a sepi 9f974f1788e615700fec73006cc2e6b533 b0c6c2b8cf6

Re:

[Malays Bowman]

I dunno, but I think we are drifting into thoughtcrime territory here. :\

more proof

[SirAstral]

that security is fundamentally not taken seriously by anyone.

Real security would not even have this feature available to it.

If there is a recovery key, then you have weak security! Once the actual key is lost, it needs to be effectively erased.

DVDCSS

[Neddies]

They used this same tactic and lost in federal court. What's the difference here?

Company IP

[Baconsmoke]

Companies have a legal obligation to protect their corporate IP. Which this key definitely falls under. They are also legally obligated to protect the privacy of their customers. Which this key being published is specifically counter to keeping their customer's information private. This is true in Europe and the state of California as well. So, they are acting on a legal obligation that would cause them to be heavily fined and even have charges brought against them. What I have learned is that anti-fanbois

Re:

[amxcoder]

Go and google somebody xeroxing a kleenex today, and then stick a bandaid on a hoover.

I'm not sure I can find that exact image, but I'm sure I can *photoshop* that for you out of some stock photos. I'm not sure what you're looking for though, maybe we should *facetime* to discuss the final image you need? We can *ping-pong* some ideas around until have a good idea, as I sure wouldn't want the final product to end up in the *dumpster*. When I'm done I'll print it and send it to you in a *bubble wrap* env

What is the significance of this?

[WaxParadigm]

Summary says "an encryption key that could be used to reverse engineer the Secure Enclave Processor."

That does not tell me a whole lot. Some context is missing. What does it mean to reverse engineer the processor? I suspect it doesn't mean that this key somehow will help me to eventually end up with a set of photomasks that I could have a foundry use to produce more of these. What does this key do for those who possess it (and whatever other tools/knowledge necessary to make use of it)?

Re:

[rahvin112]

So google it.

The relevant bit here is there is a number (crypto key) that apple doesn't want released. It's got released, and apple created a Streisand effect trying to protect it, where in trying to take it down they actually caused it to become widely spread and talked about.

Re:

[AHuxley]

The bad old days of encryption a "munition" but now the private says what will fall under a DMCA takedown request.

hey wait

[v1]

that's the combination on my luggage!

Damage Control

[Pikoro]

Sounds to me like it was a flawed attempt at damage control. By issuing the DMCA takedown, Apple basically confirmed that the key is valid. After someone else noticed the DMCA takedown being filed, there was most likely a "You fool! you've just told them it's a good key! Retract the takedown before anyone _else_ notices", but alas, it was too late.