> the mere capability renders the machine fundamentally untrustworthy.
I've said this a couple of times before, but I find it fairly astonishing that we don't have legislation covering what manufacturers are allowed to do to a product with embedded devices after a user has purchased it.
I want to be very clear - after I have bought a product, ANY CHANGE WITHOUT MY CONSENT done by the embedded software at the behest of the manufacturer is essentially breaking and entering (Computer Fraud and Abuse Act (CFAA)). They have the ability to stick a "little green man" inside the car, that should not absolve them of the legal repercussions of using it without my permission.
I don't believe that sticking a term/clause into a user agreement that is not negotiable is an acceptable way to deal with this situation.
This is rapidly becoming one of my strongest political beliefs. I think the concept of ownership is at stake.
My wishlist is essentially:
1. Devices that contain digital locks MUST provide all keys to all locks to the buyer at time of purchase. The user can opt into allowing the manufacturer to keep a copy, but they must be allowed to opt out.
2. Devices that require remote services must explicitly list all services and features that depend on those services. The user must have the option to opt out of remote services.
3. Buyers of devices that choose to opt out of remote services are revoking consent for manufacturer access to the device. Any future access by the manufacturer (at all, from updating code to reporting usage to remotely starting a car) will be considered a violation of the CFAA.
4. Manufacturers must justify why a feature requires a remote service. "Profit" is not an acceptable answer.
> I want to be very clear - after I have bought a product, ANY CHANGE WITHOUT MY CONSENT done by the embedded software at the behest of the manufacturer is essentially breaking and entering (Computer Fraud and Abuse Act (CFAA)).
Sure - although I'll point out that technically the CFAA already covers this, it's just never applied in this manner (caveat - the CFAA can cover basically anything given the vague wording... so the value of it is up for debate)
Basically - I want a simple contract that ensures that the device I've bought will continue working as expected (assuming no use of remote/internet connected features) and that the manufacturer is unable to enter my property and change how it functions after sale.
I don't find that particularly unusual. I think the unusual part is rather than manufacturers have this new ability at all. For the majority of our legal history it was either prohibitively expensive or downright impossible for a manufacturer to embed a device that only obeys the manufacturer into consumer products.
Now it's both possible and cheap, and I'd like to see some regulation regarding my rights to purchase a tool.
A small number of places are paying at least a little attention and beginning to ban the most egregious cases of this (ex: NJ considering banning car subscriptions with a specific call out to the behavior of BMW around seat heaters).
But this is going to become a tidal wave of consumer abuse in the very near future - I can fucking guarantee it.
Why would anyone ever sell you a product when they can rent it to you and let their "little green man" be the property manager for free? They won't - not unless they're forced to.
And while I think renting can be a useful way to acquire a product - I sure as hell think it shouldn't be the only one.
Not true, at least in my state. If you buy a car with a loan, you own the car and the financer has a lien on it. You unequivocally own the car, though.
The only restrictions that the financer can put on your use of the vehicle are ones that you agreed to in the loan agreement. They can't just restrict your use of it as they see fit -- unless, I suppose, you were foolish enough to sign an agreement allowing them to.
The only restrictions I've ever personally seen have been a requirement to carry comprehensive car insurance for some minimum amount. And, of course, there's a lien on the car so you can't sell it without having the lien removed (typically by repaying the loan).
"Foolish enough" to sign an agreement allowing them to do whatever they want? Even website EULAs are all made up of the exact same "we can do everything and you can do nothing" legal boilerplate. Seriously doubt bankers are foolish enough to give people any choice in the matter. What are people gonna do when all the bankers standardize on the same non-negotiable self-interest maximizing contracts?
Huh, which state is that? Every car I've ever financed, the bank owns the title until the loan is paid off. Exactly the opposite of mortgaging a house, where I've owned the deed but the bank put a lien on it.
I've said this a couple of times before, but I find it fairly astonishing that we don't have legislation covering what manufacturers are allowed to do to a product with embedded devices after a user has purchased it.
I want to be very clear - after I have bought a product, ANY CHANGE WITHOUT MY CONSENT done by the embedded software at the behest of the manufacturer is essentially breaking and entering (Computer Fraud and Abuse Act (CFAA)). They have the ability to stick a "little green man" inside the car, that should not absolve them of the legal repercussions of using it without my permission.
I don't believe that sticking a term/clause into a user agreement that is not negotiable is an acceptable way to deal with this situation.
This is rapidly becoming one of my strongest political beliefs. I think the concept of ownership is at stake.
My wishlist is essentially:
1. Devices that contain digital locks MUST provide all keys to all locks to the buyer at time of purchase. The user can opt into allowing the manufacturer to keep a copy, but they must be allowed to opt out.
2. Devices that require remote services must explicitly list all services and features that depend on those services. The user must have the option to opt out of remote services.
3. Buyers of devices that choose to opt out of remote services are revoking consent for manufacturer access to the device. Any future access by the manufacturer (at all, from updating code to reporting usage to remotely starting a car) will be considered a violation of the CFAA.
4. Manufacturers must justify why a feature requires a remote service. "Profit" is not an acceptable answer.