from the seems-like-a-stretch dept
Not surprisingly, it appears this case is yet another attempt to abuse the CFAA (Computer Fraud and Abuse Act), which is generally thought of as an anti-hacking law, but which is continulously stretched and abused to pull in other situations. In this case, the lawyers are claiming that accessing the UDID without permission is the equivalent of accessing a computer without authorization. Think about that for a second and then realize how silly this is. No one is hacking anything to get this info. The info is made available, and so it's been shared. Using the CFAA here is ridiculous. They also seek to use a similar California anti-hacking law in a similar way. This is clearly not what those laws are intended for.
Furthermore, it seems silly to blame Apple for the way that some app providers are sharing data. To get around this issue, the lawyers rely on two key points. First, that Apple itself recently changed its terms to ban apps from sending data to third parties such as ad networks. Of course, most people realized this was not about protecting privacy, but about forcing developers to use Apple's own ad platform. Second, the fact that Apple approves each of the apps in the marketplace. I know that some people assume this automatically adds liability to Apple for anything those apps do, but that seems like a bit of a stretch as well. It's ridiculous to assume that Apple tests all aspects of an app, and thus becomes liable for anything those apps do.
All in all this looks like yet another attempt by some lawyers to take some fear mongering and make some money out of it. It's not going to do anything to protect anyone's actual privacy.