The Electronic Frontier Foundation (EFF) has penned a letter to HP Inc. president, Dion Weisler denouncing an update that was activated earlier this month rendering third party ink cartridges useless.
The firmware update was disseminated back in March, but the feature which made HP printers reject third party ink cartridges was only activated earlier in September.
At the centre of the EFF’s letter is the issue of trust. EFF special advisor, Cory Doctorow, tells Weisler that because security is a process, not a product, customers need to feel confident that they can accept firmware updates without fear that they might lose functionality.
“By giving tens of millions of your customers a reason to mistrust your updates, you’ve put them at risk of future infections that could compromise their business and home networks, their sensitive data, and the gadgets that share their network with their printers, from baby monitors to thermostats,” writes Doctorow.
Bait and switch?
Continuing on the theme of trust, Doctorow points out that HP knew for months that customers were likely buying its products on the assumption that they would work with third-party ink cartridges.
This feels like a shot in the dark from the EFF. HP, and many other printer manufacturers clearly state that only branded ink cartridges should be used in its printers. Whether you should be able to use any ink cartridge you please however, is a cause for debate.
Doctorow makes his point by saying, “HP customers should be able to use the ink of their choosing in their printers for the same reason that Cuisinart customers should be able to choose whose bread goes in their toasters.”
Pushing away security researchers
The EFF goes onto to allege that by shutting down third party ink cartridges, HP is showing signs of invoking Section 1201 of the 1998 Digital Millenium Copyright Act. This section of the DMCA makes it illegal to bypass copyright countermeasures, such as producing ink cartridges for HP printers if you aren’t HP.
The trouble is that this would also make it illegal for security researchers to disclose security vulnerabilities in HP printers they might find. “This means that bad guys are free to exploit vulnerabilities in these products, while good guys are scared off from warning the people who depend on them about the dangers lurking in them,” explained Doctorow.
The EFF has called on HP to take steps to resolve this issue and suggest they be taken “immediately”.
[su_box title=”EFF Demands” box_color=”#f37021″]
1. Apologize to your customers, and restore the original functionality of their printers with a firmware update that rolls back the self-destruct sequence;
2. Publicly commit that you will never again use your software update process to distribute anti-features that work against your customers’ interests;
3. Publicly commit that the effects of any software updates will be fully disclosed;
4. Prominently disclose any capability or plan to remove features from devices in your sales literature, so customers know what they’re getting before they buy;
5. Promise to never invoke Section 1201 of the DMCA against security researchers or competitors who make legitimate aftermarket products.[/su_box]
What do you think about all of this? Do you agree with the EFF and that HP should be open to allowing third party ink in its printers or do you think that HP is right to defend the integrity of its product?
Sling your thoughts into the comments below or let us know over on Twitter.
[Via – Electronic Frontier Foundation] [Image – CC BY 2.0 Esad Hajdarevic]