HP Issues Flimsy Mea Culpa For Recent Printer Cartridge DRM Idiocy, But It's Not Enough
from the not-helping dept
A few weeks ago we noted how HP had effectively delivered a DRM time bomb in the form of a software update that, once detonated, crippled customers’ ability to use competing third-party print cartridges in HP printers. While such ham-fisted behavior certainly isn’t new, in this case HP had actually first deployed the “security update” to its printers back in March — but didn’t activate its stealthy payload until last month. Once activated, the software update prevented HP printers from even detecting alternative ink cartridges, resulting in owners getting a rotating crop of error messages about faulty cartridges.
HP customers were obviously annoyed, and the EFF was quick to pen an open letter to HP, quite correctly noting that HP abused its security update mechanism to trick its customers and actively erode product functionality. Ultimately HP was forced to respond via a blog post proclaiming the company was just “dedicated to the best printing experience” and wanted to correct some “confusion” about its DRM sneak attack. In short, HP strongly implied it was just trying to protect consumers from “potential security risks” (what sweethearts):
“HP printers and original HP ink products deliver the best quality, security and reliability. When ink cartridges are cloned or counterfeited, the customer is exposed to quality and potential security risks, compromising the printing experience. As is standard in the printing business, we have a process for authenticating supplies. The most recent firmware update included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned.”
And while HP ultimately said it would deploy an “optional firmware update” in a few weeks, the mea culpa is filled with the usual assortment of garbled half-truths — including HP patting itself on the back for being ultra-transparent and proactive after its customers began brandishing pitchforks. The EFF is fortunately attempting to hold HP’s feet to the fire, urging the company to more fully disclose just how many printers were impacted, detail how it intends to inform users about the update, and stop undermining their customers confidence in the security update process:
“HP needs to promise never to use a security update to take away features again. There’s hundreds of millions of inkjet printers out there, and they’re vulnerable to malicious software that can conscript them into jaw-dropping internet attacks. Whether or not you own an HP printer, you have a stake in HPs’ printers being swiftly updated when bugs are discovered in them. That means that HP must not give customers a reason to worry that the next “security update” is yet another self-destruct mechanism aimed at protecting the security of HP’s cartridge division, rather than the security of our printers, to which we supply our credit card details, Social Security Numbers and personal photos.”
The EFF is also urging annoyed customers to sign this petition, which currently has 12,400 signatures and counting.