Since the release of the iOS 7 Beta, the issue of violating Apple’s Non-Disclosure Agreement (NDA) has been bubbling up in the Apple community. I’ve seen numerous tweets in the last week condemning websites that may have violated the NDA in discussing iOS 7 and some people seem to have actual anger towards those sites. Being a lawyer, you would think I would be in total agreement with condemning someone that violates a legal contract, however, I don’t think Apple’s NDA is as sacred and inviolable as many Apple pundits make it out to be.
To summarize for those unfamiliar, Apple releases all of its future operating systems to developers in advance as betas, so that the developers can find bugs, become familiar with the system, and make their apps play nice when it is finally released.The catch is only developers signed up through Apple’s official Developers Program, which costs $99 a year, are allowed to use the beta, and they agree to not disclose any confidential information about the beta.
The specific clause is Section 5 of the “Registered Apple Developer Agreement” which states in all its legalistic glory:
Nondisclosure and Nonuse of Apple Confidential Information. Unless otherwise expressly agreed or permitted in writing by Apple, you agree not to disclose, publish, or disseminate any Apple Confidential Information to anyone other than to other Registered Apple Developers who are employees and contractors working for the same entity as you and then only to the extent that Apple does not otherwise prohibit such disclosure. Except for your authorized purposes as a Registered Apple Developer or as otherwise expressly agreed or permitted by Apple in writing, you agree not to use Apple Confidential Information in any way, including, without limitation, for your own or any third party’s benefit without the prior written approval of an authorized representative of Apple in each instance. You further agree to take reasonable precautions to prevent any unauthorized use, disclosure, publication, or dissemination of Apple Confidential Information. You acknowledge that unauthorized disclosure or use of Apple Confidential Information could cause irreparable harm and significant injury to Apple that may be difficult to ascertain. Accordingly, you agree that Apple will have the right to seek immediate injunctive relief to enforce your obligations under this Agreement in addition to any other rights and remedies it may have. If you are required by law, regulation or pursuant to the valid binding order of a court of competent jurisdiction to disclose Apple Confidential Information, you may make such disclosure, but only if you have notified Apple before making such disclosure and have used commercially reasonable efforts to limit the disclosure and to seek confidential, protective treatment of such information. A disclosure pursuant to the previous sentence will not relieve you of your obligations to hold such information as Apple Confidential Information.
Looking at this paragraph it’s a lot of legal jargon, but it is fairly easy to parse out what it is saying. On it’s most basic level a developer agrees to not ‘disclose, publish, or disseminate’ any confidential Apple information. Apple always classifies its pre-release betas as ‘confidential’ information, except features they already have announced and made public. Therefore, developers agree to not publicly disclose anything that is in the pre-release betas that hasn’t already been made public. If a developer does violate this section, the clause further states, “Apple will have the right to seek immediate injunctive relief to enforce your obligations under this Agreement in addition to any other rights and remedies it may have.” For those unfamiliar, ‘injunctive relief’ means a court ordering an action to be done by a party, such as removing confidential information from a website. As to ‘other rights and remedies’ most likely that would be monetary damages that Apple theoretically could incur from the release of that information.1
But let’s put all this in context.
This is simply a contract that a developer enters into with Apple. It’s technically an “adhesion” contract, in that the developer cannot actively negotiate to the terms, but simply must accept what Apple says or not be let into the program. Most contracts the general public have with corporations are “adhesion” contracts and the corporations have all the power in setting the terms. Because this is simply a contract, it’s not criminally illegal to violate it. There are no law enforcement officers going after people that break contracts, no one is sitting in jail for simply violating a contract.2 It is the parties themselves that must actively enforce the contract in court, so if someone violates Apple’s NDA, the only party that can do anything about it is Apple itself.
Given the anger I’m hearing on the internet over people that have violated Apple’s NDA, you would think Apple would have started to go out and take action against these violators. However, Apple rarely, if ever, goes after any developer for releasing information about a pre-release developer beta. There are numerous websites that constantly release information that is technically under NDA, yet Apple seems to turn a blind eye and not send out its legal hounds.3
Given this fact, I don’t think Apple really gives a damn whether someone violates the NDA, because these violations are not harming them in any real sense. Apple states that the information is ‘confidential,’ however it openly allows anyone with $99 to access this information. There are likely tens of thousands (maybe even hundreds of thousands) of registered developers who can access these betas. Is this information actually secret when so many people can legally access it? At what point does confidentiality lose its meaning? If Apple truly thought this information was confidential and its release could harm them, they would make the beta program more private, limiting it to select developers, and enforcing any violation of the NDA. Yet, they don’t, and seem fine to let anyone with $99 access all its supposed secrets.
But then you might ask why the NDA is even in the Developer Agreement if Apple doesn’t care about it? The answer is, as is many things in life, lawyers. Any good lawyer wants to cover as many potential liabilities as possible, and will put whatever they think they can get away with in a contract, especially a contract that the other parties have no input. Why do you think the iTunes User Agreement is 56 pages long? The NDA is merely a standard clause that lawyers put into these types of agreements. If they think there is any far fetched future possibility that this information being released could do any type of harm to Apple, they will put the NDA in there. They are covering their butts, plain and simple.
Considering all this, I think people should dial back their righteousness when someone happens to break the NDA. Yes, it is a technical contract violation, but that’s a contract between that developer and Apple. If that developer wants to risk any repercussions that breaking the NDA could entail, let them. If there comes a point Apple actually thinks these violations are harming them, I’m sure they will send their lawyers out. Until then, these are simply technical violations that are almost never enforced, and that don’t deserve our attention.
1. It also says “[y]ou acknowledge that unauthorized disclosure or use of Apple Confidential Information could cause irreparable harm and significant injury to Apple that may be difficult to ascertain.” To me this has no real legal significance and Apple would still have to prove it was harmed or injured by the release of the information to be able to obtain damages.↩
2. Being a lawyer I realize there might be some way you could formulate a situation in which a person could act criminally in violating a contract. Nevertheless, in almost every case, breaking a standard contract will not involve the police or land you in jail.
3. Stephen Hackett states in his piece on Apple’s NDA that some unnamed blogs are still targeted by Apple with cease and desist letters. However, this seems to be a very rare occurrence and I’ve heard of no public reports of specific blogs being targeted.↩