Last week, The Scottish chip manufacturer FTDI pushed out an update to their Windows driver that deliberately killed counterfeit FT232 chips. The FTDI FT232 is a very popular chip, found in thousands of different electronic appliances, from Arduinos to consumer electronics. The FT232 converts USB to serial port, which is very useful, and this chip probably is the most cloned chip on the planet.
Of course, not supporting counterfeit chips is any chip manufacturer’s right, since they cannot guarantee that their products work when used in conjunction with counterfeit hardware, and because it is a strain on customer support to provide support for devices not made by the company. This case however, is slightly different in that the update contains code that is deliberately written to (soft)brick all counterfeit versions of the FT232. By doing this, FTDI was deliberately destroying other people’s equipment.
One could simply say: don’t use counterfeit chips, but in many cases you simply don’t know that some consumer electronic device you use contains a counterfeit FT232. Deliberately destroying other people’s equipment is a bad move, especially since FTDI doesn’t know what device that fake chip is used in. It could for instance be a medical device, on which flawless operation people’s lives depend.
Hard to tell the difference
In the case of FTDI, one cannot easily tell an original chip from a counterfeit one, only by actually closely looking at the silicon are the differences between a real or a fake chip revealed. In the image above, the left one is a genuine FTDI FT232 chip; the right one is counterfeit. Can you tell the difference?
Even though they look very similar on the surface, the inner workings differ between the original chips and counterfeit ones. The driver update written by FTDI exploits these differences to create a driver that works as expected on original devices, but for counterfeit chips reprograms the USB PID to 0, which is a technical trick that Windows, OS X and GNU/Linux don’t like.
Parallels with Digital Rights Management (DRM)
I see some parallels with software DRM, which is aptly named Digital Restrictions Management by the Free Software Foundation. Because that is what it is. It isn’t about protecting rights of copyright holders, but restricting what people have always done since the early beginnings of humanity.
We copy. We get inspired by, modify and build upon other work, standing on the shoulders of the giants that came before us. That’s in our nature. Children copy and modify, which is great for their creativity, artists copy and modify culture to make new culture, authors read books and articles and use the ideas and insights they gain to write new books and articles, providing new insights which brings humanity as a whole forward. Musicians build upon foundations of others to make new music. Some, like the mashup-artists, even outright copy other people’s music and use them in their compositions as-is, making fresh and new compositions out of it. Copying and modifying is essential for human culture to thrive and survive and adapt.
According to the FSF definition, DRM is the practice to use technological restrictions to control what users can do with digital media, software, et cetera. Programs that prevent you from sharing songs, copying, reading ebooks on more than one device, etcetera, are forms of DRM. DRM is defective by design, as it damages the product you bought and has only one purpose: prevent what would be possible to do with the product or software had there not been a form of DRM imposed on you.
DRM serves no other purpose but to restrict possibilities in the interest of making you dependent on the publisher, creator or distributor (vendor lock-in), who, confronted with a rapidly changing market, chooses not to innovate and think of new business models and new ways of making money, and instead try to impose restrictions on you in an effort to cling on to outdated business models.
In the case of DRM, technical measures are put in place to prevent users from using software and media in a certain way. In the case of FTDI, technical measures are put in place to prevent users from using their own, legally-purchased hardware, effectively crippling it. One often does not know whether the FT232 chip that is embedded in a device is genuine or counterfeit, as you can see in the image near the top of this article, the differences are very tiny and hard to spot on the surface. FTDI wanted to protect their intellectual property, but doing so by sneakily exploiting differences between real and counterfeit chips and thereby deliberately damaging people’s equipment is not the way to go.
Luckily, a USB-to-serial-UART chip is easily replaced, but one is left to wonder what happens when other chip manufacturers, making chips that are not so easily replaced, start pulling tricks like these?