Vendor abuse of authority, lock-in, and non-judicial policing

Picture this:

“Sorry sir… yes, we sold you this hammer, but we really must insist that you only use brand X nails.
Oh you don’t agree? Well, with regret we render your hammer in-operable. Good day sir.”

Unlikely scenario? You’d think. A hardware vendor cannot expect to get away with that, except when they’re vendor of the kind of hardware that contains software. See http://boingboing.net/2012/07/03/cisco-locks-customers-out-of-t.html where Cory writes:

Owners of Cisco/Linksys home routers got a nasty shock this week, when their devices automatically downloaded a new operating system, which locked out device owners. After the update, the only way to reconfigure your router was to create an account on Cisco’s “cloud” service, signing up to a service agreement that gives Cisco the right to spy on your Internet use and sell its findings, and also gives them the right to disconnect you (and lock you out of your router) whenever they feel like it.

Unfortunately, Cisco is not the only one – I’m not even singling them out, they just happen to be this week’s occurrence. Each case is slightly different, but I presume you’re already at least vaguely aware that Apple can remove apps from your iPhone and also shut down those mobiles remotely, and that Amazon can remove eBooks from your Kindle device, to name a few examples with well-known names. Technically, similar things have been possible for a long time – the recent development is how vendors use this capability. What remains is for the vendor to regard it as justified and use it as a valid business practice, and for you to decide whether to accept it.

When you use a service you agree to adhere by the defined terms and conditions. From time to time those terms get updated and you can either agree or choose to not use the service any more. If you don’t like the way your bank changes its terms, you can take your business elsewhere and there is generally legislation in place to prevent you from getting charged nasty exit fees for making the transition for this reason. This freedom becomes rather more difficult to exert with some online services, where there is often no covering legislation, and either no equivalent service or no way to get your data out and across to a new service.

It’s even more of a mess when dealing with hardware. While you purchased a physical device, you are now no longer really the owner. That is, you hold the physical casing, but it it’s useless weight unless and only so long as the vendor allows you to.

In the European Union there’s just been a ruling that a vendor must allow a software license to be transferable (see http://www.zdnet.com/oracle-cannot-block-the-resale-of-its-software-in-europe-7000000189/) which of course also affects devices with embedded software and I presume other licensed material such as eBooks as the ruling refers to anything licensed by a copyright holder and not software specifically.

So now you can sell on your device at least, but if you keep it the vendor can make you jump at will. In Cisco’s case they require that you sign up for certain services, and they also reserve the right to shut down your device for uses they find undesirable. A key problem there is that what they find undesirable may be what someone else finds perfectly ok and the latter may be backed by the applicable law of the land – yet that won’t matter.

However, the vendor reserves the right independently from the law. That is, they don’t require a legal ruling in order to take action, they can do so at their discretion. The fact that they technically can is indisputable, but the fact that they now explicitly declare this is a very worrying development.

It’s non-judicial policing, and I believe it to be very wrong. In most countries, we have chosen to outsource such tasks to a criminal justice system (police and courts). These days, posses and vigilantes are generally frowned upon. But now they’re back, in the form of corporations. And so far, they’re getting away with it.