Ran across this piece in my feed this morning: ‘FBI will not share iPhone unlocking mechanism, cites lack of ownership’
So a private firm has apparently developed and is, effectively, selling access to a method for unlocking and optionally decrypting an iPhone. Those lock functions are intended to protect the data belonging to any given individual, making it not only a security measure, but a content protection method, vis a vis copyright protection of original content.
However, given that the contents of a phone, such as private photos (See: The Fappening), are not protected solely by the 4th Amendment, but also by copyright, does this undisclosed method not constitute a violation of US Title 17, Sec 1201?
To wit: http://www.copyright.gov/title17/92chap12.html
“1) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.”
2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that —
(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
(C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.”
Now, there is an exception for law enforcement:
“This section does not prohibit any lawfully authorized investigative, protective, information security, or intelligence activity of an officer, agent, or employee of the United States, a State, or a political subdivision of a State, or a person acting pursuant to a contract with the United States, a State, or a political subdivision of a State. For purposes of this subsection, the term “information security” means activities carried out in order to identify and address the vulnerabilities of a government computer, computer system, or computer network.”
However, if the private security firm that developed this method was a contractor to the US Govt, acting as an agent of the government, would the method not be open to FOIA requests or other disclosure methods? If they weren’t an agent at the time the method was developed, *and they marketed it to the government* prior to engaging in a contract to apply the method, would that not be a violation of this section, since that is clearly not a ‘fair use’ or exempted ‘good faith’ activity that would qualify for research exceptions?
Someone tell me where I’m wrong, here.
Standard rules for comments, which require approval: Civil discourse at all times. Disagree with an idea, no personal attacks, you’re only entitled to the opinion you can defend.