'

HP told: Disarm printer ink 'self-destruct sequence' blocking third-party cartridges

Digital rights group EFF has launched a campaign to get HP to reverse its new technical block on non-HP and refilled ink cartridges.

hp-officejet-8610.png

With the new firmware lock in place, the HP ink that consumers must buy can cost more than a new OfficeJet printer itself.

Image: HP

HP should immediately restore customers' ability to use third-party ink cartridges, according to digital rights group the Electronic Frontier Foundation.

As many HP OfficeJet printer owners discovered last week, a recent firmware update to the model's "security chip" disabled third-party cartridges as well as refilled HP cartridges.

Read this

3D Printing: Building the Future

Here is our take on the state of 3D printing, the ways companies are using it today, and how it's going to revolutionize the future of business.

Read More

HP said the update served to protect its innovations and intellectual property, while the firmware on chips was updated in 2015 to maintain "secure communications between the cartridge and the printer".

As ZDNet's Steven J Vaughan-Nichols pointed out, with the new firmware lock in place, the HP ink that consumers must buy is more expensive than a new OfficeJet printer itself.

In an open letter to HP president and CEO Dion Weisler, EFF special adviser Cory Doctorow calls out the firm for using a "bait-and-switch" tactic on customers to deliver a "time-delayed anti-feature", which makes the printer less useful.

HP reportedly released the firmware update in March, but then didn't activate the block on non-HP cartridges until September. This may have left consumers holding a pile of useless non-HP cartridges.

Doctorow has called on HP to apologize to customers and restore the affected printers' original functionality "with a firmware update that rolls back the self-destruct sequence".

He also points out two potential security implications from the course HP chose for clamping down on non-HP ink cartridges.

First, since it was a security update, it may undermine consumer trust in the security update process and discourage consumers from accepting new patches in future that address a real security flaw.

"By co-opting the security update mechanism to deliver an anti-feature... you have introduced doubt into the patch process," he wrote.

Internet of things devices, such as baby monitors and home routers, are already woefully secured, often because people fail to patch their software. But by damaging trust in updates, HP may have put users' devices and personal information at risk of future infections, Doctorow argues.

On top of this, HP should be aware that networked printers, including its own brand, have been vulnerable to attacks that can compromise a customer's wider network.

Secondly, with HP's new technical block on non-HP ink, it also raises the specter of the US Digital Millennium Copyright Act (DMCA) for researchers who probe HP's firmware or chips for security flaws.

Section 1201 of the act makes it illegal to break controls that prevent access to copyrighted works. EFF sued the US Government earlier this year on behalf of two researchers to have this provision overturned.

Doctorow, who advises EFF on this section of the DMCA, asked HP to "promise to never invoke Section 1201 of the DMCA against security researchers or competitors who make legitimate aftermarket products".

So far the EFF's petition for HP to stop using digital rights management (DRM) in its printers has gained 9,600 signatures.

But with HP sitting on top of a declining print market, the company is unlikely to remove restrictions that protect the model of selling printers at a loss and recouping the money through proprietary ink sales.

MORE ON HP