934
FTC urged to make smart devices say how long they will be supported
(arstechnica.com)
This is a most excellent place for technology news and articles.
Effective [some future date], in order to sell any device connected to the Internet (or Bluetooth, or whatever), you must register your entire codebase and all internal documentation with the FTC, and keep it updated, along with any signing keys to lock bootloaders. The day you abandon support, if you haven't provided everything required for end users to take complete control of their device, your code base and any other IP enters the public domain, and the FTC uses their discretion on release of keys.
It would take new laws, and you'd have to be careful with language and structure to prevent abuse of "third party" code and abuse of corporate structure to try to prevent old devices from being usable, but you could do it.
I have had a similar idea. Basically some third party that is trusted to be the escrow for all the source code and documentation would basically release it once the company stops supporting it.
This sounds like a security nightmare though. A central repository of all code and keys is a gold mine for exploitation. Don’t get me wrong, I would really want this to work, but if it was compromised it could he catastrophic.
I do think there should be regulations in place that are clearly and easily enforceable by the FTC though. I’d love to see companies be hit with fines and/or compulsory refunds if they stop supporting devices and don’t provide some path forward for customers to keep using the device. That doesn’t solve for startups that go out of business, but it would at least cover the tech giants who are doing this garbage.
The government holds loads of confidential information, including keys. It's perfectly fine.
Anything short of the code already existing and being ready to release allows bankruptcy to kill devices and isn't good enough.