I’ve written an open letter to HP CEO Dion Weisler on behalf of the Electronic Frontier Foundation, asking him to make amends for his company’s bizarre decision to hide a self-destruct sequence in a printer update that went off earlier this month, breaking them so that they would no longer use third-party ink cartridges.
The letter points out that this is bad business — and it’s also bad for security. HP printers have previously been shown to be vulnerable to malware that spreads through sneaky codes in documents you print, that can steal your private data, raid your network, and become part of website-killing botnets.
HP hid its self-destruct sequence in a software update, making future updates — like those that patch this kind of defect — suspect, and decreasing the likelihood that HP’s customers will install them.
Worse still: HP can use Section 1201 of the DMCA to threaten security researchers who reveal similar defects, and to attack competitors who restore full functionality to your printer.
The letter — which you can sign onto! — calls on HP to take five steps:
1. Apologize to your customers, and restore the original functionality of their printers with a firmware update that rolls back the self-destruct sequence;
2. Publicly commit that you will never again use your software update process to distribute anti-features that work against your customers’ interests;
3. Publicly commit that the effects of any software updates will be fully disclosed;
4. Prominently disclose any capability or plan to remove features from devices in your sales literature, so customers know what they’re getting before they buy;
5. Promise to never invoke Section 1201 of the DMCA against security researchers or competitors who make legitimate aftermarket products.
What HP Must Do to Make Amends for its Self-Destructing Printers
[Electronic Frontier Foundation]