Noted cryptographer and security expert Bruce Schneier published an opinion piece in the Atlantic Monthly across the Christmas holiday, meaning it probably was largely overlooked. Which may be just as well, because he got it (uncharacteristically, to be fair) wrong.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Actually, his main point he got absolutely right: companies that clamp down control over their proprietary protocols stand to hurt the overall emergence of the Internet of Things. No argument there. When John Deere says farmers can’t fix their own tractors, it is attempting a power and money grab directly against its own core customers.
But Schneier’s main example has to do with light bulbs. Speaking of the Philips Hue IoT light bulbs, he notes that “in mid-December, the company pushed out a software update that made the system incompatible with some other manufacturers’ light bulbs, including bulbs that had previously been supported.”
Which sound like poor sportsmanship on Philips’ part (and it was, and the company got sufficiently roughed up by popular outcry that it backed down). Philips customers complained that Hue products are supposed to be compliant with the Zigbee wireless mesh standard. The light bulbs from other manufacturers that the Hue hub no longer controlled were in fact Zigbee compliant.
It’s a good thing
What’s missing from Schneier’s analysis is mention of the possibility that this actually a case of an open standard working the way we hope it will. Zigbee, as far as I’m aware, isn’t a standard that prevents a controller from deciding which things it will communicate with. If Philips doesn’t want to talk to the other guy’s light bulbs, it’s hard to see how that’s actually something that “undercuts the purpose of having smart objects in the first place. We’ll want our light bulbs to communicate with a central controller, regardless of manufacturer.”
We do want that interoperability, to be sure. But just because Philips won’t make a fully interoperable hub doesn’t mean that competitors won’t. And it doesn’t mean that Philips customers won’t have a cow when Philips tries to take functionality out of products they’ve already paid for. They have the expectation of interoperability because Zigbee is open. With the case of HP printers that reject competitor ink cartridges, the public unfortunately didn’t have the expectation that HP printers would use an open standard cartridge, because there isn’t one.
Schneier gets sidetracked on the way in which the Digital Millennium Copyright Act can be used to prevent researchers from figuring out how the software on the Philips hub works. It certainly can be used that way, which is only one of a number of aspects of DMCA that make it breathtakingly bad legislation.
If Philips had the market dominance to just stick it to light bulb customers and force them to lump it, it’s true and regrettable that the DMCA could be used to punish anyone who figured out a workaround that enabled connection with those other bulbs. Be that as it may, the Hue product is part of a larger, open Zigbee ecosystem.
This is a case where open standards exerted pressure in just the sort of way we want them to. It’s also a good argument for the development for open source products that work within these standards. There’s an open-source Zigbee stack; there’s also open-source Zigbee hardware.