The DMCA Has Delivered Us Into The Hands Of The Proprietary Internet Of Disconnected Things
from the a-William-Gibson-novel-where-a-guy-who-buys-a-light-bulb-is-the-protagonist dept
The phrase “Internet of Things” suggests connection. The problem is there’s nothing financially motivating about interconnectedness. Manufacturers of connected devices would prefer homogeneity, which leads to actions like Philips’ which recently pushed a firmware update that locked competitors’ bulbs out of its Hue “smart” lighting fixtures. Sure, it rolled back the update and (mostly) allowed owners to use bulbs they had already purchased, but it was also suggested in the same quasi-apology that the company would rather limit the options available to its purchasers in the future, funneling them through its “friends of Hue” program.
Those of us who’ve watched the DMCA help turn “purchases” into “licenses” saw this sort of thing as the inevitable result. The desire to limit consumer choice dates back to inkjet printers, and the DMCA is the legal stick used to justify the elimination of competition.
Bruce Schneier, writing for the Atlantic, points out the particular clause in the law that allows companies to sell products promising flexibility while simultaneously giving them the option to take it all away at a moment’s notice.
To stop competitors just reverse-engineering the proprietary standard and making compatible peripherals (for example, another coffee manufacturer putting Keurig’s codes on their own pods), these companies rely on a 1998 law called the Digital Millennium Copyright Act (DCMA). The law was originally passed to prevent people from pirating music and movies; while it hasn’t done a lot of good in that regard (as anyone who uses BitTorrent can attest), it has done a lot to inhibit security and compatibility research.
Specifically, the DMCA includes an anti-circumvention provision, which prohibits companies from circumventing “technological protection measures” that “effectively control access” to copyrighted works. That means it’s illegal for someone to create a Hue-compatible lightbulb without Philips’ permission, a K-cup-compatible coffee pod without Keurigs’, or an HP-printer compatible cartridge without HP’s.
The old adage about building a better mousetrap still applies, only this time, the better mousetrap won’t allow you to reset the trap without using the manufacturer’s proprietary Smart Trap Bait-N-Reset Cartridge™ (sugg. ret. $8.99). It’s not just printers and connected lighting rigs and coffee makers refusing to perform their functions without manufacturer-approved “refills.” It’s also stuff that’s probably better off remaining “stupid,” like cat litter boxes.
Contained within the SmartCartridge is an RFID chip that tracks fluid levels and turns the automatic litter box into a useless stinkhole once the fluid runs out. It can’t be tricked into believing you’ve refilled it. It can only be replaced with a new one. Like any number of printers that won’t let you print/scan/copy without replacing an ink cartridge, the wonderful, self-cleaning litter box refuses to do anything but collect cat excrement until new cartridges are installed.
That’s a $200+ litter box that becomes indiscernible from the $6.99 non-auto version once the proprietary cleaning fluid runs out. You’ll need a $20+ cartridge to get up and running again.
While a non-functional high-end litter box tends to prompt comments about fools and their spending habits, the same thought process — aided and abetted by the DMCA (the litter box company has issued cease-and-desist orders to those “jailbreaking” their litter boxes) — is everywhere. The end result is innovations that promise great things, but purposefully underdeliver, thanks to the innate desire of companies everywhere to eliminate possible competitors.
Because companies can enforce anti-competitive behavior this way, there’s a litany of things that just don’t exist, even though they would make life easier for consumers in significant ways. You can’t have custom software for your cochlear implant, or your programmable thermostat, or your computer-enabled Barbie doll. An auto-repair shop can’t design a better diagnostic system that interfaces with a car’s computers. And John Deere has claimed that it owns the software on all of its tractors, meaning the farmers that purchase them are prohibited from repairing or modifying their property.
Not only is the phrase “Internet of Things” proving to be deceptive, but it’s bringing with it more bad than good. Customers are often unaware of the limitations of their products at the point of purchase. Others are more aware of the limits (early adopters) but frequently find themselves stuck with less product than they purchased after companies like Philips (or Sony, etc.) arbitrarily decide to remove previously-available functionality.
Add to that the problem innate to the “Internet” part of the “Internet of Things” — an increased number of attack vectors for miscreants seeking access to email accounts, banking/credit card info, etc. — and the future of connected products seems like a long slide into dystopia. There are ways this could turn into a better, smarter world, but the law that allows manufacturers to eliminate competition also frequently prevents security researchers from fully examining the underlying software for flaws.
This is not to say there are no positive aspects to the “Internet of Things.” There are, but the premise has been sabotaged by the execution. And a restrictive law, supposedly meant to target copyright infringement, is being used to eliminate competition and lock purchasers into to higher-priced, purposefully-underperforming products. For now, the future is a walled garden. And the supposed “Internet of Things” is little more than a series of underattended LAN parties thrown by manufacturers.