News Analysis

Opinion

Ownership and IoT

In the Internet of Things (IoT), there's a good chance you no longer really own the things you have paid for. HP recently mounted an impressive demonstration of how and why, with lessons that reach far beyond just smart printers.

On September 13, HP was discovered to have triggered a "feature" in the firmware of their printers to make them refuse to print with ink cartridges that did not pass a check for a valid security chip. That meant that anyone whose printer firmware had previously been updated and who tried to use third-party ink cartridges for their printer found they no longer worked, even if they had before. There were a few reports of "HP original" ink cartridges triggering the lockout as well.

After a few weeks, HP announced [1] it would eventually issue an optional firmware update to undo the lockout. Notably, they didn't apologize for the lockout, nor did they promise not to repeat the exploit. They said they wanted to:

"…ensure the best consumer experience and protect [customers] from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP. We should have done a better job of communicating about the authentication procedure to customers, and we apologize."

In other words, next time HP decides to break your printer remotely to blackmail you into trading only with them, they will give you plenty of warning. The printer you paid for is not yours to do with as you please. It contains software which is merely licensed to you, so HP retains legal leverage over you far beyond the scope of normal hardware purchases. When you started using the printer, you agreed to surrender your rights in perpetuity. So HP doesn't feel in any way obliged to ask you; if it does, that will merely be for PR purposes.

Even that is assuming you install the updated firmware. As far as anyone can tell, HP will neither install it automatically nor install it by default in new printers. But be thankful for small mercies. By providing a work-around to the lockout, HP is at least making sure you have a way to circumvent their restriction. That will keep you out of prison; if they had left it to you, or your supplier, to find a way out, you would very likely have been committing a criminal offense under the anti-circumvention measures in modern copyright laws.

Just doing and reversing this probably achieves their real goal, which is to scare ink suppliers. While proactive consumers will take note that HP has no regard for their freedom of choice, the majority will continue to make printer purchases based on the cost of the printer. But it's not just printers. This is the reality of the whole world of IoT and "Smart" devices. They are all throwaway containers in which the licensed works of your suppliers reside.

Back in the old days, you used to buy things in the store and own them. All the powers of the manufacturer were exhausted on purchase. But by inserting copyrighted works into their goods, manufacturers are able to require you to consent to a copyright license agreement. The terms it contains aren't just about copyright. They include liability waivers, agreements not to sue, agreement not to hack, consent to intrusion, and more. The terms of the license also survive way beyond the purchase of the product, into the ever-extending future of copyright durations.

When you use a device that's filled with proprietary software, you have only the rights the manufacturer chooses to bless you with. What better reason could there be to pursue devices that work with open source firmware and services? Don't just buy on price; buy on freedom, too [2].