Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Lawyers consider possible legal action against Apple over 'Error 53'

Lawyers consider possible legal action against Apple over 'Error 53'
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Feb 8, 2016, 07:15 PM
 
Apple may face some legal trouble in the future, if lawyers decide to proceed with plans to launch a class action suit against the company. Law firms are apparently considering taking action against Apple over the "Error 53" controversy, where third-party repairs of the Touch ID button on iPhones would trigger an Apple-produced security measure that effectively makes the smartphone completely inoperative.

The error gained major publicity last week, with an Apple spokesperson responding to complaints by advising it occurs in order to protect fingerprint data. "When an iPhone is serviced by an authorized Apple service provider or Apple retail store for changes that affect the Touch ID sensor," a pairing between a Secure Enclave holding the fingerprint data and the Touch ID sensor is re-validated, something that is not performed by an unauthorized technician.

"Without this unique pairing, a malicious Touch ID sensor could be substituted, thereby gaining access to the secure enclave." When a failed pairing is detected, Touch ID and Apple Pay are disabled to keep the data safe.

The Guardian reports legal professionals on both sides of the Atlantic believe Apple is in some form of legal trouble. In the UK, barrister Richard Colbey advised Apple's security measure may have breached basic consumer laws in the United Kingdom, and may even be breaking the Criminal Damage Act of 1971. "It is hard to see how something which ceases to work in this way could be said to be of reasonable quality, one of the determinants of which is durability," claims Colbey over the consumer law issue.



In the United States, the Seattle-based PCVA believes it has a case against Apple over Error 53. The law firm believes "Apple may be intentionally forcing users to use their repair services, which cost much more than most third-party repair shops." Comparing the cost of screen repair from a third-party firm for between $50 and $80 and Apple's $129 fee, PCVA writes "There is incentive for Apple to keep end users from finding alternative methods to fix their products."

"Think of it this way; Let's say you bought a car, and had your alternator replaced by a local mechanic. Under Apple's strategy, your car would no longer start because you didn't bring it to an official dealership. They intentionally disable your car because you tried to fix it yourself. That is wrong, and we hope to prove that it violates various consumer protection laws in the United States." PCVA is actively seeking clients with the issue, claiming it will only get paid if the case is successful.

While it is possible PCVA has a point, there is a likelihood Apple is in fact covered by the law. According to the Magnuson-Moss Act, warranties for a device "can disclaim warranty coverage only for defects or damage caused by the use of parts or service" not provided or authorized by the warranty issuer, in this case, Apple, but it does allow for necessary maintenance or repairs to be performed by any company.

There is more to the act to protect Apple in this case. According to the FTC, one exception to the general ban on tie-in provisions is that a "warrantor may include a tie-in provision if it has received a waiver from the FTC," namely by proving to the regulator's satisfaction that the product "won't work properly without a specified item or service." Almost all manufacturers of computers and mobile devices have FTC waivers for repair parts which aren't covered by standards-essential patents, which would almost certainly include replacement Touch ID sensors and the motherboard.
( Last edited by NewsPoster; Feb 8, 2016 at 08:00 PM. )
     
jameshays
Fresh-Faced Recruit
Join Date: Mar 2003
Status: Offline
Reply With Quote
Feb 8, 2016, 07:51 PM
 
Legal options over unauthorized repairs? I'm glad that it isn't easy to swap out my most heavily used security feature on my device. Otherwise, anybody could steal your device, replace your touchId sensor with malicious hardware and gain access to your device. No?
     
Mike Wuerthele
Managing Editor
Join Date: Jul 2012
Status: Offline
Reply With Quote
Feb 8, 2016, 08:00 PM
 
You got it in one, James. This is a ridiculous suit, and has nothing to do with repairability rights (which we are in favor of).
     
panjandrum
Dedicated MacNNer
Join Date: Dec 2004
Location: West Michigan
Status: Offline
Reply With Quote
Feb 8, 2016, 09:25 PM
 
There is a broader-issue in play here; your ability to get "things" of any nature fixed where you wish them to get fixed, instead of where the original manufacturer of the device wants you to get something fixed. (Which, ultimately, comes down to "do you even own the device you purchased?" James mentions these are "unauthorized" repairs. Exactly who is allowed to authorize repairs to a product I own? Exactly what should I have to call Apple to do? Should I need Apple to "authorize" me cleaning my screen with a non-Apple-authorized tissue? This is a slippery slope NOBODY who has ever purchased *anything* should want to go down. Look at what MS has been doing with Win10. That's an ownership-rights nightmare! If people bend-over and take it, it will become the norm...) You can read up on similar issues regarding farming equipment, for example. Auto manufacturers would also love for you to be unable to get your car repaired anywhere except at their own facilities. I believe this site even had an article recently about iFixit's Repair Initiative. (Here is there article on Error 53: http://ifixit.org/blog/7889/whats-up-with-error-53/ ). Now, do we, at this point, know what the motivation behind this on the part of Apple employees? I guess not, and that's really at the heart of this issue I would think: What's the actual motivation... (And, it seems a bit ridiculous that, from what I'm seeing at iFixit, that Apple is refusing to repair these.) If it's really a case of Apple being extremely security-conscious, then great - although in that case I'm pretty sure that the "right thing" for Apple to have done would be to include a prominent warning not to have the home-button repaired anywhere except Apple. That would have a) alerted consumers appropriately and b) been in Apple's best interest to avoid exactly the issues we are now seeing.
     
WalterC
Fresh-Faced Recruit
Join Date: Jul 2008
Status: Offline
Reply With Quote
Feb 8, 2016, 09:50 PM
 
Not surprised in the interest from certain kinds of lawyers. iPhone's etc are not just pieces of tech. They've become a portable vault that most users expect to be secure, unlike most of the competition. I appreciate the thought that Apple put in to security, and I'm willing to use only Apple approved repair service to maintain the security.
     
Bittyson
Fresh-Faced Recruit
Join Date: Sep 2011
Status: Offline
Reply With Quote
Feb 8, 2016, 10:40 PM
 
It's not a problem, it's a security feature, one that I pay more to have. The other phone manufacturers that don't have similar security features ought to be the ones worried about legal exposure. This case will go nowhere and is not one Apple would settle.
     
Jemster
Fresh-Faced Recruit
Join Date: Oct 2009
Status: Offline
Reply With Quote
Feb 9, 2016, 06:35 AM
 
I totally agree that TouchID, and thus Apple Pay and every other application secured in this manner should be disabled. Is anybody disputing that?

Isn't the dispute that the ENTIRE iPhone can be bricked? And furthermore that the bricking can now occur on a device that previously only had the Touch ID portion rendered useless by the repair?

Seems slightly extreme, when all that's needed is the disabling of TouchID, no?
     
Bittyson
Fresh-Faced Recruit
Join Date: Sep 2011
Status: Offline
Reply With Quote
Feb 9, 2016, 06:43 AM
 
@Jemster

If all one cares about on one's phone is ApplePay and TouchID secured apps, then you may be right. But since most people want their entire phone, with emails, messages, notes, and all the rest secured, then no, it is not extreme.
     
DiabloConQueso
Grizzled Veteran
Join Date: Jun 2008
Status: Offline
Reply With Quote
Feb 9, 2016, 12:33 PM
 
"Think of it this way; Let's say you bought a car, and had your alternator replaced by a local mechanic. Under Apple's strategy, your car would no longer start because you didn't bring it to an official dealership. They intentionally disable your car because you tried to fix it yourself."

Not a great analogy.

This ONLY applies to the TouchID sensor. You can still have your headphone jack, battery, lightning port, volume switches, power button, or any number of other components apart from the TouchID sensor repaired by a non-authorized Apple repair facility and your phone will work just fine.

This applies to one and only one part of the phone (or maybe two, since the screen and TouchID sensor go semi-hand-in-hand).
     
Flying Meat
Senior User
Join Date: Jan 2007
Location: SF
Status: Offline
Reply With Quote
Feb 9, 2016, 06:59 PM
 
Depending on the car, and the component you have replaced, you may indeed have to have the dealership do the repair.
     
Mike Wuerthele
Managing Editor
Join Date: Jul 2012
Status: Offline
Reply With Quote
Feb 9, 2016, 08:08 PM
 
Originally Posted by Flying Meat View Post
Depending on the car, and the component you have replaced, you may indeed have to have the dealership do the repair.
Yeah, because they're covered by Magnuson Moss for that part.

Standards Essential: Oil filters, tires, fluids.
Not-standards essential, and ca be covered under MM: Catalytic converters, car computers, and the like.
     
Steve Wilkinson
Senior User
Join Date: Dec 2001
Location: Prince George, BC, Canada
Status: Offline
Reply With Quote
Feb 10, 2016, 12:42 AM
 
Originally Posted by Jemster View Post
Isn't the dispute that the ENTIRE iPhone can be bricked? And furthermore that the bricking can now occur on a device that previously only had the Touch ID portion rendered useless by the repair?
I think the entire phone is encrypted and that's the lock, so if it is replaced, then your phone is literally an encrypted brick. And, yes, that's a good thing.
------
Steve Wilkinson
Web designer | Christian apologist
cgWerks | TilledSoil.org
     
panjandrum
Dedicated MacNNer
Join Date: Dec 2004
Location: West Michigan
Status: Offline
Reply With Quote
Feb 16, 2016, 01:26 PM
 
I noticed a good relatively balanced writeup here:

Why Can't You Repair an iPhone? - Bloomberg View
     
Steve Wilkinson
Senior User
Join Date: Dec 2001
Location: Prince George, BC, Canada
Status: Offline
Reply With Quote
Feb 16, 2016, 02:40 PM
 
Originally Posted by panjandrum View Post
I noticed a good relatively balanced writeup here:

Why Can't You Repair an iPhone? - Bloomberg View
Actually, I don't think that article gets to the core of the issue (and, the car analogy isn't necessarily a good parallel).

When we're talking about proprietary screws and such, yes, that's probably a good parallel, and Apple's attempts to keep the repairs in-house. But, at the core of this particular issue, IMO, is security. I'm not sure I want the corner shop to be able to access my data, as then that means just about anyone else can as well. It's kind of like the 'backdoor' the gov't wants Apple to put in. If the FBI got one, they'd just have to replace the fingerprint ID chip, and viola! backdoor, they're in.

That said, this does bring up a very interesting question to me: How can Apple replace this chip without losing the data? If they can do it, then it seems like it's a backdoor, unless the user has to somehow be involved to 'move' the lock between chips (not sure how that would work, but seems possible).

Also, I'm generally on the side of consumer protection here. I too am worried about where the auto industry is going (and used to work on cars a good bit). I've even heard they want to use DCMA type protection to make it illegal for anyone else to work on it. Yes, that's going too far. And, if Apple were flat-out not permitting and 3rd party to do any kind of work, that would be another thing. But, the security of the data, IMO, trumps repairability concerns.
------
Steve Wilkinson
Web designer | Christian apologist
cgWerks | TilledSoil.org
     
Mike Wuerthele
Managing Editor
Join Date: Jul 2012
Status: Offline
Reply With Quote
Feb 16, 2016, 02:51 PM
 
The car analogy continues to be terrible, no matter who is using it. There is no parallel to other industries with this, really. It needs to be discussed as-is, meaning having a discussion about the technology of user identification, and implementation of security on the device which more and more is being used to hold every piece of personal information, including financial, that we possess.

Data security IS consumer protection. If you break your phone because you drop it, you should have to pay for it, and like we said in the podcast, $300 to replace a broken $800 device THAT THE USER BROKE is reasonable. If your phone somehow breaks by some other method, Apple pays for it.
     
Steve Wilkinson
Senior User
Join Date: Dec 2001
Location: Prince George, BC, Canada
Status: Offline
Reply With Quote
Feb 16, 2016, 03:02 PM
 
Mike, (or anyone out there)...

Do you know the process Apple uses to do the replacement? Does the user somehow to be involved to 'unlock' the data or get their fingerprint back into the new sensor and somehow be compatible? If not, then there's that back door everyone has been worried about.
------
Steve Wilkinson
Web designer | Christian apologist
cgWerks | TilledSoil.org
     
Mike Wuerthele
Managing Editor
Join Date: Jul 2012
Status: Offline
Reply With Quote
Feb 16, 2016, 03:29 PM
 
We're trying to get some insight, but we've got nothing at the moment. The fingerprint is stored on the motherboard of the device, and not the TouchID sensor, this we know. I think the Apple-insistence for parts is to try and prevent some sort of man-in-the-middle attack with that cable assembly between the sensor and the motherboard.

So, in essence, the "back door" is prevented with Error 53 when the iPhone POST, for lack of a better word, finds a bogus checksum between the TouchID sensor and the motherboard.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 10:52 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,