back to article Apple gets lawsuit over Meltdown and Spectre dismissed

A California District Court judge has dismissed a proposed class action complaint against Apple for allegedly selling iPhones and iPads containing Arm-based chips with known flaws. The lawsuit was initially filed on January 8, 2018, six days after The Register revealed the Intel CPU architecture vulnerabilities that would …

  1. Anonymous Coward
    Unhappy

    "security vulnerabilities are not central"

    The Oregon judge applied it to CPUs. The California judge applied it to products containing those CPUs.

    Truer words were never spoken, much as we might want it not to be the case.

    Mass market CPUs are designed for some combination of performance and price. Security is, at best, a tacked on feature.

    1. Falmari Silver badge

      Re: "security vulnerabilities are not central"

      @HildyJ “The Oregon judge applied it to CPUs.” Yes, the judge did.

      “The California judge applied it to products containing those CPUs.” No, the judge did not do something that simple.

      What the Californian judge did was cite a couple of cases that defined the central functions of a smart phone to be speed, performance and also cellular and wireless connectivity. That should have been enough to show security defects are not central functions defects of iPhones and iPads.

      But he went on to cite a case that found that security vulnerabilities are central defects for network security products and then the Oregon case. Neither case was the product a smartphone so why cite them? Were they just more examples of central functions defects? No, they were there to rule on this.

      “Plaintiffs are asserting that the affected component (i.e., the Processor) is central to the product’s function, but the standard as set forth in Hodsdon requires that the defect be central to the product’s function.”

  2. sreynolds

    Why not start with a slam dunk case...

    Hang on a minute, why didn't someone start off with features taken out of processors because they didn't work. I well remember the TSX debacle in Haswell and Skylake which were never fixed. I reckon a 10% loss of performance should mean a rebate for all of us and the lawyers.

    1. Jamie Jones Silver badge

      Re: Why not start with a slam dunk case...

      " I reckon a 10% loss of performance should mean a rebate for all of us and the lawyers."

      Whilst I agree with you, I think you meant to write:

      " I reckon a 10% loss of performance should mean a rebate for all of us and the lawyers."

  3. Jamie Jones Silver badge

    Money, money, money

    So, I preusme the judge won't complain if he has any dodgy photos on his phone, and they end up all over the internet?

    1. lglethal Silver badge
      Stop

      Re: Money, money, money

      If they were obtained through Spectre or Meltdown, I'm sure your right. But the chances of that are pretty much zilch.

      Whilst these where pretty bad bugs, they are also extremely difficult to exploit on the wild. If my memory serves me correctly, you need physical access to the device to make them work. And, if someone has physical access to your device there are significantly easy ways for them to get access to all your info.

      So I rate these bugs a 7/10 for they shouldn't have been there in the first place reasons, but only a 1/10 for exploitability in the wild.

      1. Jamie Jones Silver badge

        Re: Money, money, money

        But the judge made the decision based on "security", not spectre/meltdown.

        "But on Wednesday, US District Judge Edward Davila, based in San Jose, California granted Apple's motion to dismiss the case, citing the plaintiff's failure to demonstrate that security is a central function of Apple's products, among other legal deficiencies."

  4. Falmari Silver badge
    Devil

    Security a central function?

    “dismiss the case, citing the plaintiff's failure to demonstrate that security is a central function of Apple's products”

    Doesn’t Apple tout security as a big feature of IOS devices? Apple also claim user’s security as reason for IOS devices not allowing side loading, that apps can only be installed from Apple’s store.

    It seems to me, security is a central function of Apple's only Arm products in 2018, IOS devices.

    1. GreggS

      I believe the point here is that the judge is saying that security is not a central function of the CPU. It therefore stands to reason that the overarching OS is therefore responsible for it, which is basically what Apple is saying in their argument.

      1. Falmari Silver badge

        @GreggS I did not think that security was a central function just stretching a point ;)

        I thought the judge was saying that security is not a central function of the product (iPhone, iPad).

        "In evaluating the centrality of a defect, courts in this District have found that security vulnerabilities are central defects for network security products, Beyer v. Symantec Corp., 333 F. Supp. 3d 966, 980 (N.D. Cal. 2018); defects affecting speed and performance are central to a smartphone’s central function, Norcia v. Samsung Telecommunications Am., LLC, No. 14-CV00582-JD, 2018 WL 4772302, at *2 (N.D. Cal. Oct. 1, 2018); and cellular and wireless connectivity defects are also central to a smartphone, Anderson v. Apple Inc., 500 F. Supp. 3d 993, "

        That the defect has to be central to the product's (iPhone, iPad) function. The CPU is not the product.

        "Plaintiffs are asserting that the affected component (i.e., the Processor) is central to the product’s function, but the standard as set forth in Hodsdon requires that the defect be central to the product’s function. See Hodsdon, 891 F.3d at"

  5. Joe Gurman

    What a novel concept in the law

    At least for non-lawyers: That a party must be able to prove they've suffered some damage before bringing suit for damages. Duh.

  6. Doctor Syntax Silver badge

    "paid more for their iDevices than they were worth because Apple knowingly omitted the defect."

    Were they sure that was the reason?

  7. John Brown (no body) Silver badge

    US law can be fun.

    I can see why the case was attempted. Selling something with a known flaw and not highlighting said flaw ought to be a no-no. Whether said flaw is part of the core function of s device really is neither here nor their if it's any of the assumed or advertised functions.

    On the other hand, barring appeals, it seems a car insurer in the US is on the hook for $millions because a woman suffered injuries whilst in car. Her injury? She caught an STD from a guy while having sex in his car and he KNEW he was infected.

    Obviously all future policies will now have exclude any and all injuries incurred while having sex in the insured vehicle whether the vehicle is stationary or in motion. Clearly an extension of the "Contents may be hot" for takeaway coffee cups, "may contain nuts" on peanut packets etc.

    1. Richard 12 Silver badge

      Re: US law can be fun.

      If Geico don't want to pay out when their customers do stupid stuff in their cars, they're in the wrong industry.

      The STD case is about whether the injured party gets a reasonable settlement paid out by the insurers, or gets basically nothing at all because the person who injured her has little to no assets.

      In the civilised world the payout would be much smaller as medical expenses are far, far cheaper, but this is really no different to a driver ramming someone.

      The insurer still pays, so the injured party can be "made whole" as far as possible.

      And of course, the "at fault" driver will probably never be able to get insurance again, but that's their consequence.

      The civil remedies are of course totally separate to any criminal charges that may or may not apply.

      1. John Brown (no body) Silver badge

        Re: US law can be fun.

        If they lose and end up having to pay, this will have an interesting effect on ALL insurance. It will make household insurance responsible for the medical bills of victims of domestic violence where the perpetrator is the policy holder. I suspect in most countries, the case would have been thrown out of court since the vehicle itself was in no way involved in the "injury". It could have happened anywhere. It was simply a location. Would she have got a payout from a Hotel if it had happened there? I doubt it.

  8. Anonymous Coward
    Anonymous Coward

    "citing the plaintiff's failure to demonstrate that security is a central function of Apple's products, among other legal deficiencies."

    So, err, where does that leave Apple's claims that their App Store walled garden exists primarily to provide security to protect the users? Or, eh, does "security" only apply to Apple devices/software at Apple's discretion? Seems like talking out of both sides of the same mouth, but I'm a prole, so what do I know...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like