View from Washington: Time to put a ‘sell-by’ date on consumer electronics
Logitech is to brick a cloud-connected entertainment hub, raising issues around product marketing and regulation in the IoT era
Many owners of Logitech’s Harmony Link home entertainment hub have reacted angrily to the company’s decision to not just cease supporting the product but flip a kill switch on all units next March.
The company’s reason is not entirely unsound. Rory Dooley, head of the Logitech Harmony division, told Gizmodo, “The technology certificate (for Harmony Link) is an encryption certification that expires in the spring of 2018, which may open the product up to potential security vulnerabilities. We’ve refocused development resources on newer technologies, and therefore, we are not updating the Harmony Link certificate.”
The Link, launched in 2011, is a first-wave Internet of Things (IoT) consumer electronics (CE) device. It allows owners to use smartphones as remote controls for multiple entertainment devices. With many of its targets having integrated cameras and microphones, you can see the risks of a hack aimed at spying upon owners or installing ransomware on a telly. Either scenario could expose Logitech to massive compensation claims. And doesn’t it just make sense not to promote a potentially insecure product?
Logitech has offered to replace existing Links free-of-charge to owners with units still under warranty, and a 35 per cent discount against its newer model, the Harmony Hub, to all others. After all, the company points out, the Link is no newbie.
Mainstream sales stopped in 2015 (although sources claim firesale-priced units were still available in the last few months). The Hub costs about $100 (£75). So we are not talking huge sums, though out-of-warranty owners consider the replacement discount unacceptable. The news was dropped on them out of nowhere.
But another wider principle is also causing concern.
Logitech plans to brick Links by first, sending out firmware that shuts them down, and second ending support for the device in the cloud. Its ability to do this raises the question of who should be allowed to determine the end-of-life of a consumer electronics product, the owner or the OEM?
The assumption has long been that the owner held most power, with responsibility shifting to the OEM only in cases where products were found to be faulty or life-threatening because of design flaws. And where an OEM discovered a flaw, the received wisdom (and, in some cases, the legal responsibility) has been that the OEM should issue a recall and assume the full cost of replacement.
But that assumption dates from before we started connecting so many devices to cloud-based services. Even today, most consumer protection law tackles the issue from the perspective of the integrity and performance of the local electronics and functionality. It remains based on products that work in isolation, with little regard to, for example, online security.
National and regional variations in mind, a TV is expected to work as a traditional TV either for a specified or ‘reasonable’ time after its production or purchase date. In broader terms, the general assumption is that a reasonable life for a CE product is typically between five and seven years.
Of course, many products carry on working for much longer to their owners’ satisfaction. In those cases, why should anyone else have a say over the owners’ renewal decisions? And in Logitech’s case here, why shouldn’t the company simply renew and improve the security certification on the Harmony Links already in circulation?
It is looking increasingly possible that those issues will be raised in court (some Link owners claim that Logitech is preemptively blocking use of the words ‘class action’ on its customer service bulletin board). However I’m no legal expert, so I’m not going down that road.
Rather, let’s consider this a teachable moment and look at a marketing model better suited to the cloud/Internet of Things/connected environment in which most of today’s CE hardware operates.
First, set aside the provision of subscription services where software is bundled inside a box as an option. These involve a separate and additional transaction. We subscribe to Netflix, Amazon Prime or more specialised services under both corporate T&Cs and consumer protection rules that are considered generally sound.
Instead, let’s consider devices that, like the Link’s aggregation of remote controls, have a dedicated function or set of functions hard-wired into them, and which require some kind of dedicated cloud service. As the IoT seeks further growth, we will see a great many more of these.
No doubt, the T&Cs inside the box will make some reference to any cloud-based component and guarantees of its continued availability. That, though, hardly helps Joe Public when he’s reading packaging in a store or scrolling through the specs on Amazon.
Rather then, let’s put some kind of ‘sell-by’ date on these products. It may simply show the minimum period during which a company plans to provide the product’s cloud component beyond the date of manufacture or purchase. It may indicate for how long the security certificate governing the system is valid, with a proviso that it may not be renewed on expiration.
This idea is not entirely new, but it does look like its time has come, particularly as security connectivity and online functionality come to define hardware products as much as their PCBs.
The industry could even take this step without involving regulators, perhaps bringing in a body like the Consumer Technology Association to help develop a scheme. As noted, consumer expectations for the valid life of various types of product are well known, and there are existing benchmarks in different sale of goods acts.
Moreover, such an approach could encourage the uptake of IoT devices. Many consumers remain sceptical about connecting things to the cloud, particularly when it comes to things like HVAC systems, ovens, fridges or healthcare monitors. Explicit information about use-life and security features would foster greater confidence.
Going forward, this strategy would mean that fewer companies find themselves caught like Logitech between the Scylla and Charybdis of managing security liabilities and catching customers blind.
For now though, Logitech’s best-looking fix for its Harmony Link issue probably is to exchange the entire installed base free-of-charge. The company says there are not that many Links out there, so the cost of replacement may well be much less than the damage being done to a well-known brand.