General security

Legality of Jailbreaking Mobile Phones

Daniel Dimov
December 16, 2014 by
Daniel Dimov

1. Introduction

The term "jailbreaking" refers to circumventing security measures of a mobile operating system with the aim to install unauthorized software. The term originates from the very first hacks on iPhones. The purpose of these hacks was to break the jailed environment of iPhones, which imposed restrictions on what resources were accessible.

The tools used for jailbreaking include, but are not limited to, Spirit Jailbreak, Redsn0w iDemocracy, iActivator, iNdependence, and iFunstastic. With some of these tools, jailbreaking requires only clicking a few buttons and setting the iPhone into DFU (Device Firmware Upgrade) mode. Nevertheless, the jailbreaking tools perform multiple complex operations that are known only by certain information security experts.

The term "jailbreaking" should not be confused with "unlocking". The latter refers to freeing a mobile phone to work with a mobile operator different than the mobile operator chosen by the manufacturer of the mobile phone. However, both jailbreaking and unlocking constitute unauthorized modification of a mobile operating system. Fig.1 illustrates the relationships between these three concepts.

Fig. 1: Relationships between unauthorized modification of a mobile operating system, jailbreaking, and unlocking

People jailbreak their mobile phones in order to install various software, e.g. apps excluded by manufacturers and solutions to security vulnerabilities. Although jailbreaking can provide the user with the freedom to install whatever software he/she wants, jailbreaking may have legal implications. The purpose of this article is to examine the legality of jailbreaking in the United States (Section 2) as well as the legal risks associated with jailbreaking (Section 3). Next, this article discusses the future of the regulation of jailbreaking (Section 4). Finally, a conclusion is drawn (Section 5).

2. Legality of jailbreaking in the United States

The US Digital Millennium Copyright Act (DMCA) prohibits the circumvention of digital rights management schemes. While this prohibition was adopted with the aim to stop piracy, it can also be used to stop competitors who would like to create software for locked mobile operating systems. The term "locked mobile operating systems" refers to mobile operating systems that do not allow execution of software which is not approved by certain companies.

Probably because of the negative effect of digital rights management schemes on consumer choice and competition, the Librarian of Congress decided to grant exemptions from the requirements of DMCA. The latest exemption related to jailbreaking became effective on October 28th, 2012. The exemption, which will be in force for a period of three years, legalizes jailbreaking.

In November 2014, the Electronic Frontier Foundation (EFF) submitted a petition to the Librarian requesting the Librarian to "renew and expand the exemption for jailbreaking." In the petition, the EFF argued that jailbreaking is used for lawful and useful activities. For example, the EFF stated that jailbreaking could
be used to circumvent the restrictions built into Android which block software programs aiming to prevent leakage of personal information by other applications.

If the Librarian does not renew the exemption for jailbreaking, jailbreaking will become a crime. It is worth mentioning that, in 2013, the Librarian did not renew the exemption for unlocking and, as a result, unlocking became punishable with a fine of up to USD 500,000 and/or up to 5 years imprisonment. However, in 2014, President Obama signed the Unlocking Consumer Choice and Wireless Competition Act, which made it illegal for people to unlock their cellphones. The Act will expire in 2015.

It should be noted that, while jailbreaking is currently legal in the United States, it may violate the End-User License Agreement (EULA) concluded between the seller and the buyer of a mobile phone. In this regard, Apple Support Document HT201954 states:

"Apple strongly cautions against installing any software that hacks iOS. It is also important to note that unauthorized modification of iOS is a violation of the iOS end-user software license agreement and because of this, Apple may deny service for an iPhone, iPad, or iPod touch that has installed any unauthorized software."

In the document, Apple also states that jailbreaking can lead to numerous issues to the hacked phone touch, including security vulnerabilities, disruption of services, shortened battery life, unreliable voice and data, and instability.

Despite such warnings, pursuant to the Federal Trade Commission's Magnuson-Moss Warranty Act of 1975, a seller of mobile phones cannot void the warranty, unless it can prove that the technical problem is linked to the installation of an after-market item (e.g. unauthorized software applications).

3. Legal risks associated with jailbreaking

According to the latest exemption published by the Librarian, the following computer programs shall be exempt from the prohibition against circumvention of technological measures:

"Computer programs that enable wireless telephone handsets to execute lawfully obtained software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications with computer programs on the telephone handset."

This exemption does not apply to tablets. In relation to tablets, the Librarian stated that, because of the lack of a sufficient basis to develop an appropriate definition for tablet, the terms fall outside of the scope of the exemption.

Also, the exemption does not apply to cases when jailbreaking is performed with the aim to install pirated software applications. In such cases, the violators would be liable not only for unlawful use of copyrighted material, but also for circumvention of digital rights management schemes. Thus, jailbreaking alone may not be illegal, but in a combination with a copyright violation, it may become a crime.

It should be noted that some jailbreaking software is provided without EULA. Such jailbreaking software has to be installed by the user on a personal computer. Afterwards, the installed jailbreaking software will connect to the mobile phone and install an app on it. Pursuant to the Berne Convention, an international intellectual property agreement applicable in 168 countries, software is automatically copyrighted at the time of creation. By using, without permission, copyrighted jailbreaking software in order to execute copyrighted jailbreaking mobile phone applications, the users of the software will infringe the copyright law and unlawfully circumvent digital rights management schemes. While the developers of jailbreaking software may never assert their copyrights in their software, such a possibility theoretically exists.

The developers of jailbreaking software can even program their software in such a way as to provide them with location information about the users of the software. There are cases when unlawful users of copyrighted software receive letters from the copyright holders stating that the copyrighted software automatically provided the copyright holders with the location data of the infringers.

In order to avoid legal problems, users of jailbreaking software need to ensure that they are entitled to use those applications. This can be done by looking at the EULA of the jailbreaking software. The EULA needs to state the ways in which a copy of the software can be used. If the jailbreaking software does not contain EULA, it is advisable that the users do not use the software. This is because the lack of EULA will lead to a lack of clarity as to the copyright status of the software.

4. The future of the regulation of jailbreaking

The acts of the Librarian of Congress and laws, such as Unlocking Consumer Choice and Wireless Competition Act, clearly indicate the willingness of the government to legalize unauthorized modification of mobile phone operation systems (including jailbreaking). This willingness is a reflection of the opinion of a large number of American people. In this regard, it is worth noting that the Unlocking Consumer Choice and Wireless Competition Act was a response to an official online petition, which collected more than 100,000 signatures in favor of the legalization of unlocking. The White House advisor Jeff Zients called the Act an "example of democracy at its best: bipartisan congressional action in direct response to a call to action from the American people."

Jaibreaking is currently temporary legalized. In 2015, the Librarian of Congress will have to decide whether it should continue to renew the exemption. Irrespective of whether this happens, a larger reform of the copyright law will be needed in order to ensure that the users of mobile phones will not be surprised one day by the news that the exemption provided by the Librarian expired. Such a surprise appeared in 2012, when the Librarian did not renew the exemption for unlocking.

5. Conclusions

This article has shown that jailbreaking is currently legal in the United States. However, it may be a risky activity because some of the jailbreaking software is provided without EULA. Users installing jailbreaking software without EULA may not only be prosecuted for unauthorized use of copyrighted materials, but also for unlawfully circumventing digital rights management schemes. It is risky to assume that because software is available for download, one has certain rights in relation to the software. A solution to this problem is to oblige the creators of jailbreaking software to add EULA to their software. The solution can be implemented in a future law related to jailbreaking.

In order to provide American people with certainty in relation to the legality of jailbreaking, such a law should not only permit jailbreaking, but also ensure that
it will be legal for a period longer than three years. Otherwise, as the EFF pointed out, the "shadow of legal liability from § 1201 [of DMCA] will discourage users from engaging in legitimate, non-infringing modification of their devices, and thus hinder the numerous innovators who might otherwise find a market for their applications."

References

1. Baggili, I., 'Digital Forensics and Cyber Crime: Second International ICST Conference, ICDF2C 2010', Abu Dhabi, United Arab Emirates, October 4-6, 2010.

2. Bode, K., 'EFF Fights to Keep Phone Jailbreaking Legal', DSLReports.com, 11 November, 2014.

3. De Looper, C., 'Unlocking Consumer Choice and Wireless Competition Act: Top 5 things you should know', Tech Times, 4 August, 2014. Available on http://www.techtimes.com/articles/11964/20140804/unlocking-consumer-choice-wireless-competition-act-top-5-things-know.htm .

4. EC-Council, 'Ethical Hacking and Countermeasures: Linux, Macintosh and Mobile Systems', Cengage Learning, 2009.

5. 'Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies', Library of Congress, 37 CFR Part 201. Available on https://www.eff.org/files/filenode/ruling2012.pdf .

6. Gall, D., 'IPad 3 Secrets: How to Get the Most from Your IPad: IPad Mastery Made Easy Guide to Mastering Your IPad', James Mahoney, 2013.

7. Heath, A., 'Unlocking A New iPhone Is Now Illegal, But Jailbreaking Is Still Safe — What It All Means For You', Cult of Mac, 29 January 2013. Available on http://www.cultofmac.com/213144/unlocking-a-new-iphone-is-now-illegal-but-jailbreaking-is-still-safe-what-it-all-means-for-you/#WuBsG5w8PkxZiKzG.99 .

8. Hoog, A., Strzempka, K., 'iPhone and iOS Forensics: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices', Elsevier, 2011.

9. Landau, T., 'Take Control of Your iPhone', TidBITS, 2009.

10. Miller, C., Blazakis, D., DaiZovi, D., Esser, S., Iozzo, V., Weinmann, R., 'iOS Hacker's Handbook', John Wiley & Sons, 2012.

11. Petition of Electronic Frontier Foundation to the U.S. Copyright Office in the matter of exemption to prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies. Available on https://www.eff.org/document/eff-jailbreaking-exemption-request .

12. Robertson, A., 'As of today, Americans can legally unlock their phones again', The Verge, 1 August 2014. Available on http://www.theverge.com/2014/8/1/5959915/president-barack-obama-signing-phone-unlocking-bill .

13. 'Unauthorized modification of iOS can cause security vulnerabilities, instability, shortened battery life, and other issues', article published by apple.com (last modified on 8 November 2014). Available on http://support.apple.com/en-us/HT201954 .

14. Warner, T., 'The Unauthorized Guide to iPhone, iPad, and iPod Repair: A DIY Guide to Extending the Life of Your iDevices!', Que Publishing, 2013.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

15. Zdziarski, J., 'Hacking and Securing IOS Applications: Stealing Data, Hijacking Software, and How to Prevent It', 2012.

Daniel Dimov
Daniel Dimov

Dr. Daniel Dimov is the founder of Dimov Internet Law Consulting (www.dimov.pro), a legal consultancy based in Belgium. Daniel is a fellow of the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Society (ISOC). He did traineeships with the European Commission (Brussels), European Digital Rights (Brussels), and the Institute for EU and International law “T.M.C. Asser Institute” (The Hague). Daniel received a Ph.D. in law from the Center for Law in the Information Society at Leiden University, the Netherlands. He has a Master's Degree in European law (The Netherlands), a Master's Degree in Bulgarian Law (Bulgaria), and a certificate in Public International Law from The Hague Academy of International law.