As software takes over the Internet of Things (IoT), users can no longer blithely sign unchecked licence agreements, unless they want to hand the keys to their kingdoms to third parties.
Many suppliers, from Apple to Rolls Royce, are intensifying the role of software in operating their products and using the resulting data flows to rebase their business models on recurring revenue rather than CapEx.
This can have significant benefits for both suppliers and customers in terms of convenience, cash flow and matching capacity to demand. But End User Licence Agreements can seem like ransom notes from kidnappers when things go wrong.
This came out when US farmers were reported to be using John Deere software decrypted by Ukrainian hackers to repair their broken tractors.
Last October, tractor maker John Deere required buyers to sign a EULA that gives it sole ownership of all information related to the operation of the tractor.
This includes software, data files, documentation, engine calibration tables and machine-to-machine data from any John Deere licensed product.
The collected data includes engine control parameters such as fuel metering, fuel injection rates, fuel injection timing, fuel pressure, the engine speed versus torque relationship, intake boost pressure, fuel-to-air ratios and engine timing.
This forces farmers to use licensed workshops and mechanics to fix things when they go wrong.
Even if a farmer buys and fits new parts himself, he still needs a software key from a licensed person to enable them.
This can cost farmers hundreds of dollars and lost time, and even lost production.
John Deere is taking advantage of the Digital Millennium Copyright Act, a US law designed to penalise the theft of intellectual property such as videos and music, to force customers to use licensed channels to repair their machines.
The John Deere EULA appears to be transposed from licence agreements commonly found in consumer goods.
3 Things That Will Change the World Today
For example, it says the software is supplied as is and absolves John Deere from any responsibility as to its fitness for purpose.
It stops customers from suing for damages if things go wrong with the software, and the warranty period is 12 months at best.
Under the Digital Millennium Copyright Act, users are precluded from using workarounds. Criminal penalties include up to five years in jail and a $500,000 fine for a first offence.
The John Deere licence agreement terms are patently unsuitable for goods with a potential working life of decades.
They are even less suitable for equipment used in critical infrastructure, whether at national or corporate levels.
In response, several US states are considering so-called right to repair laws to force manufacturers to give owners and independent contractors access to repair information.
So, what is a farmer, or indeed any user of an IoT-controlled device, to do if a hacker bricks the device, or the system locks you out of your car or house?
This raises important issues for everyone selling or buying such devices: who owns the data generated by the system, whom should be able to access and use it, and under what circumstances?
Anyone who wants to take advantage of the IoT needs to scrutinise the associated licence agreements.
Users should insist on retaining their rights over the goods on which they depend and the data they produce.
With artificial intelligence and automated decision making increasingly modifying behaviour in the world, this will provide a necessary balance of power when things, as they sometimes will, go wrong.