Tuesday, January 30, 2018

Nokia Disables Feature and Removes Customer Data From their Phones during "over-the-air update"

 
   I received important news from Nokia concerning my Body Cardio scale on the 24th of January, 2018. The company informed me that it had disabled a feature on my in-home scale during an over-the-air update. Nokia also removed the feature from my iPhone, and removed all of the corresponding data. The feature provided "Pulse Wave Velocity" readings.
In the email, Nokia writes,
phone  "After routine review, we now believe that this feature may require a different level of regulatory approval. In light of this, we have decided to deactivate the Pulse Wave Velocity feature on January 24. As a result, Pulse Wave Velocity readings will no longer appear on the scale screen nor will they be viewable in the Nokia Health Mate app. Your data will be retained and is downloadable." 
   With such a drastic and draconian measure being taken to remove the feature from all devices already purchased and deployed in customers' homes, the first question that came to my mind was if this was a move to avoid potential fines for failure to pay for additional FDA testing and approval - or if the move is designed to head off potential law suits for currently unknown damages to the users of this product from the Pulse Wave Velocity measuring process that was used.
   And while all of that is interesting, especially if I come to find out that the scale somehow damaged my family or myself; right now, I'm just in awe at how something I bought at Best Buy, from a manufacturer named Withings, who sold the ownership of the product line to Nokia could be materially changed "over-the-air" during an update from the company, across the Internet.  And similarly, how the application on my iPhone could be, without my consent, changed and my data deleted from my device as a part of this update.
   We are living in a world governed by End User License Agreements (EULA) that the average customer does not read. The acceptance of the EULA is, of course, either obligatory to proceed in using the product, or assumed as accepted for using the product.

   Somewhere in all of this we are lacking an "informed consent". 

   While there are certainly some benefits from allowing a manufacturer to modify the firmware or software of their products, the power they have - which could be misappropriated by a malicious hacker - does appear to be absolute.
   On the plus side, if this Pulse Wave Velocity process is in fact harmful to myself or my children, whose small and developing bodies might be more readily impacted by passing an electrical current through their bodies to take these measurements, I certainly would want the manufacturer to be able to disable the hazard they created in my home. In a likewise situation, we could imagine the maker of a toaster-oven who realized a flaw in their firmware programming could lead to an in-home fire able to update and correct that hazard. These would be a good application of this unsolicited reprogramming with or without consent, in my humble opinion.
   On the other hand, if a malicious hacker was able to turn my expensive digital scale into an even more expensive door-stop, by disabling all of the features over-the-air; or if a less scrupulous manufacturer decided to impair features to ensure future sales of their next model... I think we all would find such abilities needing oversight.
   It is my hope that by publishing this information and these ideas, that we can come together at some point to put forth some basic rights for the customer. I'm not a lawyer, and for all I know there are already laws governing this sort of thing.  But, I suspect they have not been keeping pace with the advances of technology.
   And, perhaps, in a more perfect world, we won't need more laws. Perhaps, if we, as customers, demand more, the product and service providers will meet us on the road to sanity. In such a more perfect world, perhaps a product would request our permission to remove a feature before the digital code butchering could begin. And if the current vendors are not willing to provide us this level of ownership of the things we buy from them - then perhaps new start-ups will emerge to take their place.