How The DMCA And The CFAA Are Preventing People From Saving Their Soon-To-Be-Broken Pebble Watches
from the bad-laws dept
I’ve made no secret of the fact that I think smartwatches are really wonderful, even as lots of people scoff at the concept (and sales have been disappointing across the board). The first device that clued me in to the possible power of the smartwatch was the original Pebble smartwatch, which I (and many, many others) backed on Kickstarter. I ended up backing their second Kickstarter campaign as well — but was disappointed in the end product and ended up moving on to another smartwatch instead (the Moto 360, though now it looks like Motorola is dumping that business as well). I didn’t end up backing Pebble’s latest Kickstarter campaign, which turned out to be a good thing, because as you may have heard, the company announced last week that it had sold its assets to Fitbit, and no more work would be done on Pebble watches (and people who backed the latest project would eventually get refunds, but no watches).
But, things are even worse for those who already do have (and still use) Pebble watches. In the announcement, the company admits that since Pebble watches rely on Pebble servers for certain features, the functionality of the watches may be reduced in the future:
Active Pebble watches will work normally for now. Functionality or service quality may be reduced down the road. We don?t expect to release regular software updates or new Pebble features. Our new mission will focus on bringing Pebble?s unique wearables expertise to future Fitbit products. We?re also working to reduce Pebble’s reliance on cloud services, letting all Pebble models stay active long into the future.
Of course, as Cory Doctorow rightly notes, the real problem here is that thanks to stupid laws like the DMCA Section 1201 (barring circumvention of technological protection measures) and the CFAA (barring certain forms of “hacking”), users will have trouble fixing or saving their own watches. It’s yet another case of not really owning what you thought you bought… thanks to DRM and bad laws.
The watches are among the many cloud-based Internet-of-Things products that are reliant on the ongoing maintenance of server infrastructure for normal functionality. This problem is exacerbated by the widespread IoT deployment of DRM to lock devices into manufacturer-controlled infrastructure — thanks to laws like section 1201 of the Digital Millennium Copyright Act, developers who create software to replace cloud functions with alternative/self-hosted servers, or with local computing, face potential jail sentences and millions in fines. Add to that the Computer Fraud and Abuse Act, which has been used to threaten and even jail researchers who improved services but violated their terms of service to do so, and the IoT space is the land of the contingent, soon-to-be-bricked devices
As Cory notes, Pebble should allow their own users to hack their stuff, by releasing source code, schematics and more. Unfortunately, this is unlikely to happen. But it’s yet another case of the law getting in the way of something you thought you owned.
Filed Under: cfaa, dmca, hacking, ownership, pebble watches, smartwatches
Companies: fitbit, pebble
Comments on “How The DMCA And The CFAA Are Preventing People From Saving Their Soon-To-Be-Broken Pebble Watches”
Despite the challenges mentioned above, there is a newly formed community for open source pebble development.
http://rebble.io
Those that want to tinker should support open source.
There’s an entire OS for smartwatches, AsteroidOS. https://florentrevest.github.io/2016/12/07/asteroidos-alpha
Re: Re:
The closed nature of the watches was large part of why I didn’t have one. Upon recently finding the AsteroidOS project I ordered a watch to install it on.
I kind of hope this kind of thing happening more and more often will wake people up and make them realized how bad closed systems are.
Re: Re: Re:
“The closed nature of the watches was large part of why I didn’t have one.”
That pretty much describes my attitude
towards all of the “smart” aka “spying”
devices produced in the last decade.
For some reason, Silicon Valley VC’s hate
government spying on their users, but
their own spying is OK. They seem not
to have heard of the “Third Party
Doctrine”, which gives governments
any and all information that they have
collected for their own spying.
Re: Re: Re: Re:
Consumers choose spy devices. They don’t have a choice of government.
Re: Re: Re:2 Re:
Regarding the choice of owning a device or not … they might not have that choice to make in the future. Newer vehicles today have black boxes, some of which are supposedly transmitting data. It is not yet illegal (I think) to remove these, how long will that last? I think the car manufacturers should have to inform potential customers about the use of this interface, because it could be compromised and whomever can then possibly cause your car to crash while you are in it. afaik, there is no customer available method to turn off the bluetooth and or wifi.
Re: Re: Re:3 Re:
Hmmm… What are the legal ramifications of driving a networked/transmitting car into the National Radio Quiet Zone (NRQZ)?
Re: Re: Re: What about the word "watch" don't you understand?
“The closed nature of the watches was large part of why I didn’t have one.”
“Watch”, as in “we’re watching you”
Ken White
Off topic, but important:
”Ken “Popehat” White — who as a former Assistant US Attorney and current criminal lawyer”
Many people will agree that most lawyers are criminals. But in this case, Ken is a criminal defense attorney. Steele and friends are criminal attorneys.
As a criminal defense attorney, people should know that not all of us are criminals.
Nope, I'm not buying them
As one who makes a living promoting technology, I would normally be in favor of all these kinds of products, but I won’t be buying them until I can have some semblance of control over how, and if, they function. Sadly, I am becoming a bit of a luddite as more and more technology products depend upon the good graces of [somebody] to keep functioning. I don’t buy games that rely on some proprietary server somewhere, I don’t pay money to subscribe to services that may suddenly fold (Netflix and Prime excludes), and it’s apparent that I won’t be buying any clever watches either. I’m no technophobe; I am, at heart, a programmer who also spends some time in systems administration and teaches college-level programming classes on occasion. But I won’t be 100% dependent on somebody else’s goodwill to continue to provide some sort of service that my purchased product requires.
Re: Nope, I'm not buying them
You’re probably on the right track. If their products quit selling, they’ll look to change their business models.
Re: Re: Nope, I'm not buying them
It’s not even that. Plenty of this sold -as-a-service, when they hardly need to be dependent on the service part in the first place, are built and sold that way with control and planned obsolescence in mind in the first place. Others simply move on to "improved" products or sell out without a care for the fans and customers who made them possible in the first place. Too much runs over the internet and on remote servers for absolutely no reason at all other than this kind of control, and sheer laziness.
Failures are more understandable, but surely one could maintain the remote support necessary rather cheaply, move all functionality to the devices or local servers, and more directly relevant to the claims of the article title: Remove any restrictions on user self-support that never should have been there in the first place. The DMCA and CFAA are completely irrelevant if the vendor isn’t a dick.
Re: Nope, I'm not buying them
“I am becoming a bit of a luddite”
I do not consider good consumer practices to be anything near “luddite”.
Just because some new shiny gadget is on the market and I’m not buying it does not make me a luddite. There are plenty of good reasons to avoid any product(s) out there and certainly do not feel the need to justify decisions.
However, the DMCA only applies if you do for financial gain. So creating your own workaround, for your own personal use, is not a crime, because you have not done it for financial gain.
Re: Re:
The same can be said about filesharing but that is the original reason the DMCA was created!
Re: Re:
No, rooting iPhones, for example, is “illegal” unless the LoC happens to say it is ok at the moment. The same for pen and bug testing various things, including cars, where the intent wasn’t even to patch vulns or add free code. These activities can and have been attacked using the DMCA, even when there is zero commercial purpose or even an offering of free to use and modify alternate code. Hell, even if there wasn’t a public disclosure yet.
Re: Re: Re:
But the felony criminal penalties only apply if you do it for financial gain. Civil penalties may apply to such tinkerers, but you cannot be put in jail until you done it for financial gain.
Re: Re: Re: Re:
Due to the difficulty of even finding someone who jailbroke their device, if they catch you, they will want to make an example of you and throw the whole book at you. You would be guilty till proven innocent. You would be forced to either take a plea bargain or spend years fighting it while putting your deeper in debt until they locked you up.
Does 1201 apply?
The article suggests 1201 may apply but doesn’t give enough detail to justify it. Do these watches have any “technical protection mechanisms” that prevent OS replacement?