Software

Apple tells GitHub to fork off: iGiant steps outside DMCA law in quest to halt iBoot leaks

Demands blanket rather than specific repo shutdowns

By Thomas Claburn in San Francisco

37 SHARE

Apple's fruitless attempts to remove its leaked iBoot source code from the internet have escalated into requests to have community code site GitHub disable all downstream forks made from identified infringing repositories.

In a DMCA takedown notice sent to GitHub on Sunday and published on Monday – its sixth since the proprietary iBoot code surfaced on February 7 – Apple has directed GitHub to remove two more repos with copies of its confidential source, along with 10 more repos forked from the first two that disseminated it.

A forked repo is simply a clone of a repo with a pointer that refers to the original repository, stored within the Git version control system. Code can also be manually copied by downloading it and re-uploading it to a new GitHub repo, one that doesn't include a reference to its birth.

Since its initial takedown notice, Apple has been asking for forks of flagged iBoot repos to be shut down, and GitHub has been complying, at least for those repos and forks specifically cited, because not doing so could open the code-sharing site to legal liability. When GitHub is alerted to copyright-infringing repos on its platform, it has to take them down swiftly to avoid heavy penalties in court under America's DMCA system.

This amounts to a game of Whac-A-Mole: despite demanding the removal of over two hundred infringing copies of its iBoot code, duplications of the leaked code – both forks and uploaded copies – continue to be available on the website, to say nothing of elsewhere on the internet.

Apple's top-secret iBoot firmware source code spills onto GitHub for some insane reason

READ MORE

Because GitHub's fork mechanism makes copies that point back to the parent repo, Apple wants GitHub to proactively disable any fork of an infringing repo, not just the ones it specifies.

"[B]ased on the representative number of forks we have reviewed... we believe that all or most of the forks in these networks are infringing to the same extent as the parent repositories," Apple's DMCA notice says. "Accordingly, and because there are a growing number of forks that contain the infringing content at issue, we respectfully request that GitHub disable the entire fork network(s)."

Now, it's fair to say all or most copies of the copyright-infringing material will also be infringing. We can't imagine someone forking the stolen iBoot blueprints, and then taking out all the Apple-eyes-only code – there wouldn't be much left, except maybe the source comments.

However, pedantically, Apple's approach doesn't quite follow the letter of the law, which states that a DMCA takedown notification must specifically identify the supposedly infringing work. Saying that you believe "all or most" of the forks are infringing falls short of certainty in every case.

"The DMCA requires people to identify specific infringing material," said Mitch Stoltz, senior staff attorney at the Electronic Frontier Foundation, a cyber liberties advocacy group, in an email to The Register. "There's no provision in the law for saying 'we see lots of infringement, so we want you to delete everything just in case.' Apple can ask, of course, but GitHub doesn't have to comply."

It's not clear whether GitHub is complying by removing forked repos not specifically called out by Apple. But the ones Apple has named have been removed.

Neither Apple nor GitHub responded to requests for comment.

For its next move, Apple may want to ask GitHub to disable its search functionality – simply searching for "iBoot" on GitHub turned up viewable copies of the unauthorized code at the time this story was filed.

Meanwhile, the closed-source bootloader software was leaked online after it was stolen from Apple by a rogue low-level employee, as opposed to hackers or similar miscreants, it was claimed last week. ®

Sign up to our NewsletterGet IT in your inbox daily

37 Comments

More from The Register

Do I hear two million dollars? Apple-1 fossil goes on the block, cassettes included

1970s tech 'Picasso', two previous owners

Talk about left Field: Apple lures back Tesla engineering guru

And revs up those daft Apple Car rumors

Apple pulls iOS 12 beta 7 after less than 24 hrs

Devs reported performance issues then...

Apple cops to iPhone 8 production oops, offers to fix borked phones

But if you got yours in Europe, no worries

Oh, and another thing, Qualcomm tells court: Apple handed Intel our chipping source code

Cupertino: If you've got any evidence, bring it

Apple tipped to revive forgotten Macbook Air and Mac mini – report

Old-school cool with new guts

Apple opens Dialog box of cash: $600m deal for a chunk of chip biz's power-management-fu

Staff snapped up and IP licensed by iPhone giant

Working Apple-1 retro fossil auctioned off to mystery bidder for $375,000

No soldering required – the Steves did it all for you

Apple leak: If you leak from Apple, we'll have you arrested, says Apple

Doing China's bidding seems to have rubbed off on Cupertino

Apple hands €14.3bn in back taxes to reluctant Ireland

Funds to be held in escrow as govt appeals EU 'state aid' ruling