Upload Module breaks MOD_SECURITY rule directive

I'm seeing the following after realizing that many of my MOD_SECURITY rules were not firing:
When the core Upload module enabled, the t:lowercase directive is rendered useless, breaking many mod security rules. Only new nodes created with a form that includes the File-Attachments field are affected. Comment-fields are not affected and file uploading itself works fine. Nothing is stored in the auditlog or error logs.

Disable the upload-module or create a node from a form that does not have "file-attachments" and all is well..

To test, try the following mod_security rule:

SecDefaultAction "log,deny,auditlog,phase:2,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace"
SecRule REQUEST_METHOD "POST"
SecRule REQUEST_BODY "aBadWord|www.spammy.com" \
"rev:2,severity:'3',msg:'Keyword blocked'" 

Create a new node from a form with "file-attachments" (ie; node/add/forum) and include a 'aBadWord' or 'www.spammy.com' .. the node will add happily..
Reply to that node with the exact same text, and mod_security will prevent it
Create a node from a form that does not have 'file-attachments' (ie a custom form or node/add/blog) and mod_security will prevent it.

If you remove 't:lowercase' it will work, but then the rule is strictly case-sensitive, making it pretty much useless.

I've tested this on several different sites with all other modules disabled. Can anyone else reproduce this and/or have any suggestions on troubleshooting or fixing ?