The Electronic Frontier Foundation has posted the news that Apple has filed comments with the US Copyright Office stating that the act of jailbreaking your iPhone is a copyright infringement and a DMCA violation, and therefore illegal. The EFF says that Apple is claiming that jailbreak apps still require modified versions of Apple's software, and Apple apparently believes that those versions are infringing on their copyrights.

The EFF responds, in turn, that "reverse engineering is a fair use when done for purposes of fostering interoperability with independently created software," saying that yes, even though jailbreakers are using Apple's copyrighted code, they are doing so in a way that allows them functionality that Apple doesn't provide access to on their own.

At this point, of course, this is just a complaint in the copyright office, and Apple hasn't made any legal moves yet against anyone responsible for jailbreaking. As the EFF states, it would be extremely hard for them to go after individual jailbreakers -- if you buy an iPhone, it should be your right to "get under the hood," as they say, and do what you want.

But (and keep in mind that this is TUAW, not The Unofficial Legal Weblog, and we are not lawyers) it seems Apple may be able to try and make a case against anyone offering software that does modify or otherwise "misuse" their copyrighted code. We'll have to see if they explore that position more in the future. You can read Apple's full response here (27 pages). You can see the EFF's initial filings here.

Stay tuned for more news and analysis on the issue.

Something is rotten in the state of Cupertino. Mr. Jobs, TEAR DOWN THIS NDA.

If the new iPhone 2.1 beta firmware is anything, it's a perfect excuse to say: "I told you so." It explains why the NDA failed to disappear on schedule. Apple kept its promise -- "Ve shall delivah the 2.0 iPhone und SDK on Yuly 11th" -- while working around the fact that that SDK was half baked at best. It was certainly not ready for prime time. The NDA simply expands the beta period. It offers cover to Apple, as they scramble to finish developing ready-to-ship software.

In retrospect, there really was no need for the NDA in the first place, nor this second new 2.1 NDA that just debuted. Anyone, including Apple's competitors -- even the really evil "big brother" ones -- can sign up and download the SDK for free. Apple isn't exactly keeping things hush hush on the down low.

All the NDA does right now is keep developers from talking to each other and blogs, magazines and book authors from publishing how-to articles. Said articles, etc., could actually help Apple reduce its tech support overhead. It would certainly help solidify the brand and allow third parties to make better, stronger App Store entries.

It made no sense then. It makes no sense now. But that's not where the grumbling ends. Our TUAW tipsters have been busy. They tell us that Apple is busy rejecting Applications from the App Store for grammar mistakes in onboard help files (not a joke) and for not presenting the user with the best playability options (also not a joke). Many of these frustrated developers tell us that some of their products have been waiting for review for four weeks and up and that their updates are getting caught in the gears. One wrote that his apps are getting poor reviews while fixes can't see the light of day.

And if the TUAW tipsters' tips are true (thanks TUAW tipsters), the new SDK throws a further wrench into the gears. 2.0 SDK Applications will not be immediately compatible with version 2.1 (although that could change between beta and release).

Other tremendously terrific tipsters tell us that the newest beta program isn't fully open. Apparently only a subset of iPhone SDK development members have been granted access. That once again puts some developers at a tremendous financial disadvantage.

All in all, the buzz in developer circles is not happy. While some look forward to their first August paychecks from App Store, others remain waiting and frustrated in the wings.

As always, please continue to use our tip line if you have anything you want to add anonymously to the discussion. Otherwise, feel free to opine in our comments.

Song Sender allows you to pick a song from your iPhone's song library and send it to a friend via email. If you'd like to use a song from your library as a ringtone, you can do that too. Install the package into your iPhone using your favorite installer application. When run, the software reads through your library, creating a scrolling list of your songs. Tap any song and you'll be prompted with three choices: play it, send it by email, or add it to your ringtones.

It practically reaches Zune-levels of squirting functionality! Small print: Fair use only. This software is not intended for pirating purposes. Use your powers for good, not evil. Do not take internally. Software is not a substitute for advice provided by a doctor, lawyer, or the EFF. In case of rash, itching, or swelling seek medical attention immediately. This software was brought to you by the letters E. r. i. c. and a. Do not use SendSong to install iTMS-purchased tracks as ringtones.

Update: Version that does not rely on whether you've installed /bin/cp is found here.

Anne Onymus (get it? hehe!) over at LowEndMac is hypothesizing that the entire Asteroid fiasco was all part of an evil Apple plan to quash rumor sites. The assumption is based on the fact that two years after the Asteroid leak, Apple still hasn't released a GarageBand breakout box. If Apple had actually put work into Asteroid, surely Jobs wouldn't be so petty as to shut down the entire project because of a leak? (Jobs is rumored to have pulled some product announcements at the last minute during MWSF2006 as a way of punishing the development teams for the leak.) Despite the fact that Apple's competitors then knew what was brewing in Cupertino, the company still had a good head start, and could surely have pushed the product to market well before anyone else. Anne postulates that Apple never had the slightest intention to release Asteroid, and created the product for the precise purpose of the leak. After the leak, Apple expected it would be a piece of cake to squash the rumor mill with a flood of law suits requesting the names of the mole. Instead, the EFF took over the case of the rumor sites, and a federal district court recently ruled that online journalists have all the rights and protections as the traditional media, effectively destroying Apple's claims.

While an interesting idea, I think LowEndMac might have the paranoia meter set a bit high this week. Apple may be secretive, but until I see evidence to the contrary, I'm sticking with Occam's razor.

With the nonsense on Capitol Hill this week, and discussion of DMCA revision and funding ramping up, I thought it would be a good time to talk about Tor, the award-winning privacy protocol and software from the EFF. Unlike other anonymizers that work by encrypting or proxying particular services and protocols, Tor's TLS-over-onion routing scheme works by re-routing all TCP traffic through a complex network of Tor nodes. Packets, including routing information, are encrypted between each node and each node has access to only very limited information about the next hop. Furthermore, packets pass through a random number of nodes (the more the merrier) and not all packets from a single session need follow the same route. This makes it very, very difficult (it's tempting to say impossible, but that's probably not quite true) to trace the ultimate origin or destination of any packet on the network unless the contents of the packet divulge revealing information.

There are drawbacks, of course. Although the onion routing algorithms are good, onion routing certainly has the potential for higher latency that traditional RIP and OSPF routing. Tor is also not an end-to-end solution. If the ultimate destination of a packet is a machine that doesn't support Tor, the packet is in the open from the time it leaves the Tor exit point and using traditional end-to-end encrytption on top of Tor is advisable.

The gains are significant, though, and as the protocol becomes more widely adopted the advantages will become even more pronounced. Aside from privacy protection, Tor's "next hop" TLS encryption virtually eliminates the potential for traditional "man in the middle" attacks within the network because such attacks rely on knowing the origin and destination of packets, and capturing a usable data stream. Tor, particularly if combined with end-to-end encryption, also makes encrypted data less susceptible to brute force attacks; it is much more difficult to capture a complete data stream, and data is encrypted multiple times with short-lived session keys.

Even though Tor is still in beta, it's well worth a download (The Windows version already won a PCWorld "Best Products of 2005, Security" Award). Take a look, and if you have a public IP, think about setting up a server.