Another day, another lawsuit against Apple. New Yorker Jay Brodsky has filed a class-action lawsuit against the Cupertino iPhone maker, alleging the company’s “coercive” policy of offering only a two-week grace period to disable two-factor authentication is inconvenient and also violates a number of California laws.
The complaint alleges that Brodsky “and millions of similarly situated consumers across the nation have been and continue to suffer harm” and “economic losses” as a result of Apple’s “interference with the use of their personal devices and waste of their personal time in using additional time for simple logging in.”
As noted by MacRumors, an Apple support document says the company prevents users from turning of two-factor authentication after a two-week period due to “certain features in the latest versions of iOS and macOS require this extra level of security”:
If you already use two-factor authentication, you can no longer turn it off. Certain features in the latest versions of iOS and macOS require this extra level of security, which is designed to protect your information. If you recently updated your account, you can unenroll for two weeks. Just open your enrollment confirmation email and click the link to return to your previous security settings. Keep in mind, this makes your account less secure and means that you can’t use features that require higher security.
The complaint claims Apple released a software update in September 2015 that enabled two-factor authentication on the plaintiff’s Apple ID without his knowledge or consent. In reality, two-factor authentication is enabled on an opt-in basis.
Brodsky also alleges two-factor authentication is required each time you turn on an Apple device. (Not true.) He also claims the process adds two to five minutes or more to the login process. (It adds mere seconds to the login process, which involves entering a verification code from a trusted device.)
The lawsuit says Apple’s confirmation email received by a user to confirm two-factor authentication has been activated contains an “insufficient” last line that warns customers they have only two weeks to disable the security feature.
Brodsky claims Apple is violating the U.S. Computer Fraud and Abuse Act, California’s Invasion of Privacy Act, and other laws. He is asking the court to reward monetary damages to be paid to himself and other users and for a ruling that prevents Apple from “not allowing a user to choose its own logging and security procedure.”
Thew full document is available here. (Via MacRumors)
