from the that's-not-how-it's-supposed-to-work dept
FTDI chips are quite popular with hackers and there are plenty of them out there -- both real and fake. And, quite frequently, developers/hackers have no idea if their FTDI chips are legit or not, because they just buy devices that include them, and they assume they're legit. But the drivers in that Windows update didn't care and bricked any one using a fake FTDI chip. As Ars Technica notes, this really sucks for a bunch of hackers who never even did anything wrong.
The result of this is that well-meaning hardware developers updated their systems through Windows Update and then found that the serial controllers they used stopped working. Worse, it's not simply that the drivers refuse to work with the chips; the chips also stopped working with Linux systems. This has happened even to developers who thought that they had bought legitimate FTDI parts. It can be difficult to tell, and stories of OEMs and ODMs quietly ignoring design specs and using knock-offs instead of official parts are not uncommon. As such, even hardware that was designed and specified as using proper FTDI chips could be affected.It's not entirely clear if this is something FTDI did on purpose or not (though, their comments below suggest they did), but it is worrisome, and it's simply not okay -- whether it was on purpose (in which case it's potentially illegal) or not (in which case it's just bad).
Every USB device has a pair of IDs. One, the Vendor ID (VID), is allocated by the USB group. Each vendor has its own unique VID and uses that VID on every USB device it makes. The second is the Product ID (PID), allocated by the vendor, with each distinct chip type having its own PID. Windows uses the VID/PID pair to figure out which driver a given piece of hardware needs. The counterfeit chips use FTDI's VID and set the PID to the PID of whichever chip it is they're cloning (FTDI has a range of similar parts, each with their own PIDs).
The new driver reprograms the PID of counterfeit chips to 0000. Because this PID does not match any real FTDI part, it means that FTDI drivers no longer recognize the chips and, hence, no longer provide access to them. This PID is stored in persistent memory, so once a chip has been reprogrammed it will continue to show this 0000 PID even when used with older drivers, or even when used with Linux.
Sherwin Siy, over at Public Knowledge does a nice job explaining why copyright (or other IP laws) are never a legitimate reason to break a device -- even if a contract warns it might happen (as is apparently the case with FTDI).
Unfortunately, in this era of intellectual property maxmalism, people seem to forget these things. They assume that if you have a "fake" chip then obviously it's "okay" to break the device, because they falsely seem to believe that copyrights and trademarks and the like give the holder "all the rights over everything," rather than a limited set of rights over certain things. FTDI's response to all of this (including removing the driver from the latest Windows update) suggests (but does not outright claim) that it did this on purpose:
The fact that disabling countless devices without warning can harm millions of innocent users and manufacturers should be a screaming sign that this is the wrong thing to do. And if they’re doing this deliberately, this is wrong not just in the sense of being unethical, but illegal, too.
This is something that people seem to forget in the IP space, and also in the technology space, which makes it unsurprising that we see it here. It’s the same impulse that leads people to ask if they can shotgun a drone that strays onto their property (No, no more than you can torch a car that parks in your driveway), or whether you can destroy the computers of people who have illegally downloaded your song.
So whether or not FTDI has any trademark rights, copyrights, or other rights in whatever the knockoff chips are copying, the actual physical chips themselves are the property of their users, and FTDI doesn’t have the right to break them. A French vintner can’t stroll down the aisles of an American wine store with a hammer, shattering bottles of “California Champagne.” Roving gangs of Nike enforcers can’t rip fake Jordans off the feet of passing kids. And we don’t have Givenchy shock troops marching down Canal Street taking flamethrowers to fake handbags. If your IP rights are being infringed, the proper course of action is to go to court, not take the law into your own hands.
As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honourable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.Honorable intentions or not, counterfeit products or not, actively going in and breaking the property of others is not an acceptable response.