Tell Congress to Protect Our Personal InformationLearn More About Unauthorized Access to Data
Hack A Day is reporting that a recent Windows update destroys knockoff FTDI chips. More from Ars Technica here. The chips at issue let USB devices send and receive data to systems with older serial ports. As such, they’re in countless different devices, from hobbyist products like Arduino to off-the-shelf consumer electronic devices.
The update alters drivers for the chip on the Windows computer in such a way that if a device containing a counterfeit FTDI USB-to-serial chip is plugged in, the chip is permanently disabled—for any computer it might later be plugged into.
This raises a massive problem, since these tiny chips are in countless devices and components for devices, and it’s exceptionally hard for device manufacturers to tell the difference between the real and fake chips; even more so if the chips are already part of components they buy already assembled.
Even if the final product manufacturer knows that the product doesn’t have a real FTDI chip in it, that’s no consolation to the consumer whose device suddenly doesn’t work at all.
The fact that disabling countless devices without warning can harm millions of innocent users and manufacturers should be a screaming sign that this is the wrong thing to do. And if they’re doing this deliberately, this is wrong not just in the sense of being unethical, but illegal, too.
This is something that people seem to forget in the IP space, and also in the technology space, which makes it unsurprising that we see it here. It’s the same impulse that leads people to ask if they can shotgun a drone that strays onto their property (No, no more than you can torch a car that parks in your driveway), or whether you can destroy the computers of people who have illegally downloaded your song.
So whether or not FTDI has any trademark rights, copyrights, or other rights in whatever the knockoff chips are copying, the actual physical chips themselves are the property of their users, and FTDI doesn’t have the right to break them. A French vintner can’t stroll down the aisles of an American wine store with a hammer, shattering bottles of “California Champagne.” Roving gangs of Nike enforcers can’t rip fake Jordans off the feet of passing kids. And we don’t have Givenchy shock troops marching down Canal Street taking flamethrowers to fake handbags. If your IP rights are being infringed, the proper course of action is to go to court, not take the law into your own hands.
That’s Not Permission
The Ars Technica article also notes that there’s a notice inside the driver files:
Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT
...but being where they are, no one installing the update would ever see them (not even in a blink-and-you-miss-it clickthrough agreement). In other words, it’s a “warning” that’s less than useless.
Less than useless because not only does it fail to warn, but its inclusion seems pretty clearly an attempt to avoid liability for destroying someone else’s device, without them actually seeing the warning. To extend the earlier metaphor a bit, this would be like a disclaimer posted in the back room of a Nike store that said that, by entering the store, I had agreed to have the shoes I’m wearing inspected and shredded if they turn out to be fake Nikes. In other words, a completely unenforceable term.
We’ve spent a lot of time talking about how fine print can be used to fool consumers and deprive them of rights over what should be their own property before; this seems to be an extraordinary extreme of that. Maybe this should mark a turning point in the law’s willingness to support this kind of chicanery.
Photo credit: Flickr user derekGavey