October 4, 2016
The Recycler first reported on the firmware update three weeks ago, and reported further complaints from the industry and consumers, with the OEM’s EU helpdesk claiming that it was “working on a solution” two weeks ago. The OEM told The Recycler a fortnight ago that the printers affected “will continue to work with refilled or remanufactured cartridges with an Original HP security chip”, but las week apologised and announced an update to reverse the firmware change.
The EFF sent a letter to HP Inc CEO Dion Weisler last week noting its alarm at the firmware update, with the EFF’s Cory Doctorow noting that “you must be aware that this decision has shocked and angered your customers”. Doctorow then set concerns “and the steps HP must take to begin to repair the damage it has done to its reputation and the public’s trust”. Now, Doctorow and the EFF have published a call-to-action to consumers despite HP Inc’s apology.
The latest article says consumers should tell HP Inc that there’s “still a long way to go to make up for breaking our printers”, with over 10,000 consumers signing the EFF’s letter to Weisler and telling the OEM that “it is absolutely unacceptable for a company to send out deceptive ‘security’ updates that reconfigure your printer so that it only accepts the company’s own high-priced ink”.
HP Inc “heard you loud and clear”, it adds, and the apology “speaks well of them” because it responded “so quickly and publicly”, but it “speaks better of you”, because “the inkjet business is in trouble”, and HP Inc “understands that the next printer you buy might be your last, and they can’t afford the kind of public shaming they are getting”. The EFF believes that “there’s plenty more for HP to do before it can claim to have made amends”, with three main objectives laid out.
The first is that the OEM “needs to promise never to use a security update to take away features again”, because there are “hundreds of millions of inkjet printers” that are “vulnerable to malicious software that can conscript them into jaw-dropping internet attacks”. Customers “have a take in HP’s printers being swiftly updated”, so the OEM shouldn’t give them “a reason to worry that the next ‘security update’ is yet another self-destruct mechanism” rather than a security patch.
The second is that the OEM “has to promise not to attack security researchers who disclose vulnerabilities in its printer”, because adding “digital locks” to cartridges sends a “legal signal that security researchers can hear”, in that the Digital Millennium Copyright Act (DMCA) has “been used to prosecute and harass security researchers who want to warn you about dangers lurking in the equipment you have put your trust in”.
Finally, the OEM “needs to come clean”, and state “which models does this affect? Have they put this in other models? How are they going to alert the customers whose printers they broke that there’s an ‘optional’ patch to unbreak them?” The 10,000 signatures, the EFF points out, “convinced HP to beat all corporate land-speed records reversing itself on this rotten decision”, and it asked customers to “tell your friends, tell your relatives, and post this to all your social feeds.
“Let every other company thinking of pulling an HP know that users won’t stand for it”.
Categories : Around the Industry