HP isn’t actually sorry that it has enslaved your printer and rejected your ink

HP would prefer that you didn’t use third-party or refilled ink cartridges, so it has updated its printers’ firmware to reject “counterfeit” ink. When this upset printer owners, it apologized in the most weaselly, self-justifying way possible. Its statement shows how companies can either apologize, or defend themselves, but shouldn’t do both at once.

In March of 2016, HP updated the firmware on its printers. Six months later, that firmware began to check the chips in ink cartridges, and reject any that aren’t authorized by HP. That day, printers without genuine HP cartridges just stopped printing. (If you refill your cartridge, the chip still says it’s empty, so refilled cartridges don’t work either.) For a revealing narrative about what actually happened and why it’s a problem, see Boing-Boing’s account.

Who controls your printer: you or HP? You bought it, but HP wants to determine how you can use it. Belatedly, the company created an optional update that rolls back the changes, but according to Cory Doctorow’s interviews with HP printer engineers, less than 1% of customers install the optional updates. Of course, you could set your printer to reject all updates, but that would would leave it open to security hacks that could compromise your network.

Breaking down HP’s “apology”

Here’s HP’s “apology” announcement with my analysis and translation:

Dedicated to the best printing experience

By HP Corporate Newsroom
Published: September 28, 2016 (Updated October 12 2016)

HP engineers the best and most-secure printing systems in the world. We strive to always provide the highest-quality experiences for our customers and partners. As a new company, we are committed to transparency in all of our communications and when we fall short, we call ourselves out.

Analysis: Everything in the is opening statement is bullshit. HP’s printing systems are not secure; researchers have shown that hackers could use them to attack networks or make the printers catch on fire. Buying only HP cartridges is not the highest-quality experience, it’s the most expensive. HP is an old company, not a new one. And as you’ll see below, not only HP’s behavior around the firmware, but their communication in this release is anything but transparent.

Translation: We messed with our customers, now we want to justify ourselves.

There is confusion in the market regarding a printer firmware update – here are the facts:

We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP.

Analysis: Hmm. Why are you “protecting” customers from less expensive cartridges that “infringe on” the company’s IP? This sentence starts out customer-focused, and ends up about protecting HP.

Translation: We modded your printer so now you have to buy new cartridges from HP.

HP printers and original HP ink products deliver the best quality, security and reliability. When ink cartridges are cloned or counterfeited, the customer is exposed to quality and potential security risks, compromising the printing experience.

Analysis: HP passive voice “is exposed to” hides the fact that it is HP’s code that exposes the printer to security risks. HP presents no evidence that the cartridges, rather than the printer, are the source of the risks.

Translation: It will be scarier for you if you don’t buy our cartridges.

As is standard in the printing business, we have a process for authenticating supplies. The most recent firmware update included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned.

Analysis: After justifying its sneaky actions, HP uses words like “dynamic security feature” and “cloned security chips” to scare people.

Translation: All your cartridge are belong to us.

We should have done a better job of communicating about the authentication procedure to customers, and we apologize. Although only a small number of customers have been affected, one customer who has a poor experience is one too many.

Analysis: Finally, the actual apology, buried deep in the statement. In an apology statement, lead with the apology. And be more sincere than “We should have done a better job.”

Translation: We didn’t tell you about what would happen when you updated your printers. That was sneaky. Sorry.

It is important to understand that all third party cartridges with original HP security chips continue to function properly.

Analysis: Do any such cartridges exist?

Translation: If you don’t want to buy from HP, there may be equally expensive alternatives.

As a remedy for the small number of affected customers, we have issued an optional firmware update that removes the dynamic security feature.

To get the update, customers should visit support.hp.com, select their product, select the product support page, and click on the Software and Driver table to download it. Additional information about this update, including answers to frequently asked questions, can be found in HP’s Support Forum.

Analysis: HP admits that it doesn’t actually need to authenticate cartridges, but makes you go to the trouble of downloading the update, instead of automatically updating the firmware as it did originally.

Translation: Here’s a patch that undoes what we did. That proves the update wasn’t actually necessary for security, and we changed your printer just to make you buy our ink.

We will continue to use security features to protect the quality of our customer experience, maintain the integrity of our printing systems, and protect our IP including authentication methods that may prevent some third-party supplies from working.

Analysis: HP reserves the right to do this again.

Translation: Think you own your printer? Nope. We can update it any time we want.

However, we commit to improving our communication so that customers understand our concerns about cloned and counterfeit supplies. Again, to our loyal customers who were affected, we apologize.

Translation: Sorry. Next time we screw you over, we won’t be so sneaky about it.

Sincerely,

Jon Flaxman
Chief Operating Officer, HP Inc.

Lessons from the HP saga

There are two lessons here: one about communication and one about devices.

• Apologies should apologize. If you make a mistake, start by talking about the mistake you made, and saying you’re sorry. Only then explain why it happened. The more you justify your actions, the less sincere your apology seems. Use simple words, speak directly to the customer, take responsibility, and say what you will do differently in the future.
• Devices should obey their owners. Author and EFF affiliate Cory Doctorow is a leader in calling out this problem. He refers to connected devices as “The Internet of Shit.” He believes you, not the device manufacturer, should control what you do with a device after you buy it — if the pacemaker in your chest connects to the Internet, the manufacturer shouldn’t be able to turn it off or speed it up without your consent. Even so, the makers of these devices need to keep them secure so they don’t become part of hacker botnets.

While we’re talking about disingenuous apologies, here’s a quick reminder: if you want to vote on the biggest bullshitters of 2016, including the worst apologies, there is still time, right here.