Last Monday, we published our open letter to Hewlett-Packard CEO Dion Weisler, and more than 10,000 of you promptly stepped up to sign it, telling the company that you agree that it is absolutely unacceptable for a company to send out deceptive “security” updates that reconfigure your printer so that it only accepts the company's own high-priced ink.
For a company as big as HP to respond so quickly and publicly speaks well of them — but it speaks better of you. The inkjet business is in trouble, down year on year as more of our grocery lists, boarding cards, and snapshots live on our phones, rather than on sheets of pressed vegetable pulp. HP understands that the next printer you buy might be your last, and they can't afford the kind of public shaming they are getting.
But there's plenty more for HP to do before it can claim to have made amends.
First: HP needs to promise never to use a security update to take away features again. There's hundreds of millions of inkjet printers out there, and they're vulnerable to malicious software that can conscript them into jaw-dropping internet attacks. Whether or not you own an HP printer, you have a stake in HPs' printers being swiftly updated when bugs are discovered in them. That means that HP must not give customers a reason to worry that the next “security update” is yet another self-destruct mechanism aimed at protecting the security of HP's cartridge division, rather than the security of our printers, to which we supply our credit card details, Social Security Numbers and personal photos.
Second: HP has to promise not to attack security researchers who disclose vulnerabilities in its printers. It's great to see HP underwriting tech-oriented podcasts and TV shows about security, but when they add digital locks to their inkjet cartridges, they're sending a legal signal that security researchers can hear clear across the net. That's because Section 1201 of the Digital Millennium Copyright Act — which protects locks that control access to copyrighted works — has been used to prosecute and harass security researchers who want to warn you about dangers lurking in the equipment you have put your trust in. When security researchers have to sue the federal government for the right to do their jobs, HP needs to tell us where they stand on this issue.
Third: HP needs to come clean. Which models does this affect? Have they put this in other models? How are they going to alert the customers whose printers they broke that there's an “optional” patch to unbreak them?
10,000 signatures convinced HP to beat all corporate land-speed records reversing itself on this rotten decision. The next 10,000 signatures can push 'em over the finish line, to win first prize in the 100 Yard Most Lessons Learned event and take home the gold in Making It Up to Us All and Never Doing it Again. Tell your friends, tell your relatives, and post this to all your social feeds. Let every other company thinking of pulling an HP know that users won't stand for it.