Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"NSO can be sued under California law because they accepted the EULA" seems like a mechanical, strict, pedantic application of law though.


How does that seem pedantic? It's incredibly straightforward.

On the other hand, creating some kind of convoluted, contrived paper trail to claim that mysterious third parties were the ones to have physically pressed the "Accept" button on your 100 fake accounts and so you didn't even know there was a EULA seems kind of like it might actually be fraud.


In addition, it doesn't survive past the moment it is discussed in court documents, at which point NSO are screwed if they ever pull the same shit again.

A full paper trail would also necessarily disclose the entity that provided those devices, which they may well be loathe to do (since it either drags in a related company, who Apple can then also target, or embarrasses a third party who would rather remain nameless).

However, in practice, a technology engineering firm claiming to have no knowledge of the licensing that applies to the devices in which they also claim expertise, is such a far-fetched statement that it's almost trivially set aside, and earns a rebuke from the bench to boot.


I don’t see how this differs much from a common “clean room” reverse engineering strategy where one set of engineers accepts the eula and then writes down in excruciating detail exactly how the target item works, then a second set of engineers that have never seen the item in question (or accepted a eula) takes these detailed writings and uses them to reverse engineer the item in question. (A mere description of a device or software is not protected)

This is standard practice at large companies when reverse engineering chips, devices and software and seems very similar to the above eula argument.


In the clean room reverse engineering case:

1a. one team examines the device and products a detailed specification of it

1b. another team works solely off that newly produced specification; this team has zero contact with the actual device

In this hypothetical case:

2a. a third party affiliate accepts the Apple EULA, and gives the Apple IDs to NSO Group

2b. NSO Group uses the Apple IDs as credential to obtain Apple services

Notice that in case 2b, NSO Group has actual contact with Apple in two ways. They used Apple IDs, and that they obtain Apple services. This didn't happen in the reverse engineering case.


Good points - thank you!


Wouldn't there be an article in the EULA that states if you use an Apple device, regardless of clicking buttons, you automatically consent to the ToS? Or is that not how the law works ...?


EULA isn't ToS. If you accept EULA and EULA automatically joins you to ToS, then you also accept ToS, usually including all its future versions.


Yes, American companies love to stack the deck against their users when it comes to selecting venue, but at the same time balk when the EU requires that they have an EU anchor to allow legal enforcement.


Who balked? Apple anchored in Ireland and got an amazing deal. I doubt they balked at that.


That's how law works.


Taken out of its context to prove a point on a web forum and I would agree

Lots of people negotiated these things and agreed to make commerce happen.

Novel to you does not mean novel to humanity.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: