Does iPhone Slowdown Breach the Computer Misuse Act 1990?

Originally published at ipharbour.com on January 21, 2018.

Apple have admitted to reducing the speed of the iPhone 6 and later models of the iPhone, causing widespread anger and many legal challenges. There may be a cause for action in the United Kingdom, if Apple’s actions have breached the Computer Misuse Act 1990.

What’s Happened?

The issue came to light when iPhone users took to Reddit in early December 2017 to raise suspicions that Apple “throttled” the phone’s performance. The benchmarking firm Primate Labs then tested these claims and on 18thDecember published their results which clearly showed the artificial inhibition of the iPhone’s performance.

In the US, two class action law suits were filed in as many days after Primate Labs published the results. One suit, filed in Illinois, argues that Apple withheld information material to the phone’s performance forcing users to buy new phones with faster processing speeds. The other, filed in California, raises the issue that users were never given the opportunity to consent to the “interference.” At least another 43 suits have been filed worldwide and the French consumer watchdog DGCCRF have launched an investigation into the matter.

On 28thDecember, Apple issued a statement admitting that a past iOS 10.2.1 software update issued for the iPhone 6 and 7 “dynamically manages the maximum performance of some system components when needed to prevent a shutdown … in some cases users may experience longer launch times for apps and other reductions in performance.”

UK Position- Computer Misuse Act 1990

In the UK, computer users are protected against the unauthorised modification of computer material by the Computer Misuse Act 1990. In particular, section 3 introduced the offence of carrying out unauthorised acts with intent to impair the operation of a computer.

This offence has two elements. First, there must be an unauthorised act done in relation to a computer and the person doing the act must know it is unauthorised at the time. Second, that person must intend or be reckless as to whether that act will impair the operation of the computer, of any program, the reliability of any data, or if it will prevent or hinder access to any program or data.

By slowing down the part of the iPhone’s computer which processes instructions from the phone’s programming and from its user, Apple have acted to slow the phone’s overall speed. If impairing and hindering are given their natural and ordinary meanings, this is to impair the phone’s operation and hinder access to its programmes and data.

Apple may argue that they have improved the phone’s operation and the reliability of its data. They would have to convince a court that slower processing speed and reduced performance is a sacrifice worth making if sudden shut downs are to be prevented.

This argument has merit; from the point of view of data reliability, clearly data can be accessed and used more reliably on a phone that doesn’t suddenly shutdown.

However, this might not be enough for Apple, for a couple of reasons. First, section 3 CMA 1990 is offended if the operation of the phone or any program or the reliability of any data is impaired. While Apple may be able to show improved data reliability, this may not counteract the impairment to the phone’s overall operation.

Second, the secrecy around the release of the modification would suggest that Apple were not confident that it upgraded the phone so much as it downgraded it. This speaks to the lack of authorisation Apple had to modify user’s phones in this way.

Section 17(8) CMA defines authorisation as consent from the person who is entitled to determine whether the act may be done: in this case, the phone’s owner. Apple may have implied consent to make and issue software updates; however, this has limits. The Divisional Court in DPP v Lennon [2006] EWHC 1201 rejected the defence that, because the owner’s computer was set up to receive emails, the owner had consented to receiving multiple emails intended to swamp the system.

Therefore, the implied consent to modifications that arises from the periodic download of system updates is likely to be limited to cases where those modifications upgrade not, as the case may be here, downgrade the system.

None of the CMA’s offences are included in the Crime and Courts Act 2013 as being among those that can be prosecuted against a company. Therefore, any prosecution would be against individuals, for instance Apple executives, as in the French criminal case initiated by environmental campaign group Halte à l’Obsolescence Programmée (HOP — Stop Planned Obsolescence).

There will not be any issues with jurisdiction as section 4 of the CMA provides jurisdiction to prosecute even when the unauthorised act took place outside the UK provided that, as per section 4(2), at least one significant link with the UK exists. Section 5(3)(b) allows for the unauthorised act being done to a computer in the UK as being a significant link.

If tried summarily, the accused will face a penalty of up to 12 months in prison and / or an unlimited fine; however, given the seriousness and scale of the offence, any accused would likely be indicted and therefore may face up to 10 years in person and / or an unlimited fine.

Twitter: @soapboxscholar

Instagram: soapboxscholar

YouTube: Scholar’s Soapbox

Originally published at ipharbour.com on January 21, 2018.