My understanding (which is incomplete) is that this is only a signing key.
Even if they are somehow relying on this key to prevent cloning, are they seriously under the impression that a 512-bit key is sufficient to keep a bunch of guys in Shenzhen from making a firmware-compatible device? Any effort to clone has long since come to fruition, and it's extremely likely they know this.
My guess: lawyers justifying their existence by picking fights with people they expect can't fight back. I'm glad the EFF has stepped in.
It's not even keeping anyone from cloning, because a Chinese manufacturer could just copy the ROM wholesale, signing key and all. Or patch out the signing key checks, or replace the key with one of their own... quite literally, the only thing this key is doing is keeping device owners from installing unauthorized applications and replacement OSes.
Even if they are somehow relying on this key to prevent cloning, are they seriously under the impression that a 512-bit key is sufficient to keep a bunch of guys in Shenzhen from making a firmware-compatible device? Any effort to clone has long since come to fruition, and it's extremely likely they know this.
My guess: lawyers justifying their existence by picking fights with people they expect can't fight back. I'm glad the EFF has stepped in.