The Detail Devils of the IoT

I. Grant

Summary Bullets:

  • The John Deere copyright clause is a stark warning to scrutinize IoT EULAs.
  • Inaction could kill recurring revenue business models for thousands of manufacturers.

Companies looking to take advantage of the Internet of Things (IoT) need to scrutinize their end-user license agreements (EULAs). This follows an attempt by tractor manufacturer John Deere to use the Digital Millennium Copyright Act (DMCA), US legislation designed to prevent theft of intellectual property such as videos and music, to force customers to use licensed channels to repair their machines.

Last October, the tractor maker required buyers to sign a EULA that gives it sole ownership of all information related to the operation of the tractor. This includes software, data files, documentation, engine calibration tables and M2M data from any John Deere licensed product. Data includes engine control parameters such as fuel metering, fuel injection rates, fuel injection timing, fuel pressure, the engine speed versus torque relationship, intake boost pressure, fuel-to-air ratios and engine timing.

This forces farmers to use licensed workshops and mechanics to fix things when they go wrong. Even if a farmer buys and fits new parts himself, he still needs a software key from a licensed person to enable them. This can cost farmers hundreds of dollars and lost time, and even lost production. As a result, some farmers are reportedly going on the ‘dark web’ to buy decrypted John Deere software from Ukrainian hackers.

The John Deere EULA appears to be transposed from EULAs commonly found in consumer goods. For example, it says the software is supplied ‘as is’ and absolves John Deere from any responsibility as to its ‘fitness for purpose.’ It stops customers from suing for damages if things go wrong with the software. Under DMCA, users are precluded from using workarounds. The warranty period is 12 months at best. Criminal penalties include up to five years in jail and a $500,000 fine – for a first offence.

So, what is a farmer to do if a hacker bricks his tractor, or indeed any IoT-controlled device? This raises several important issues for everyone selling or buying such devices: who owns the data generated by the system, who should be able to access and use it, and under what circumstances?

The John Deere EULA terms are patently unsuitable for capital goods with a potential working life of decades. They are even less suitable for equipment used in critical infrastructure, whether at national or corporate levels. In response, several US states are considering ‘Right to Repair’ laws to force manufacturers to give owners and independent contractors access to vehicle repair information.

Many capital goods manufacturers are intensifying the role of software in operating their products and simultaneously looking to rebase their business models on recurring revenue rather than CapEx. This can have significant benefits for both manufacturers and customers in terms of cash flow and matching capacity to demand. But, EULAs like John Deere’s can seem like ransom notes from kidnappers when things go wrong.

There is clearly a balance to be struck. But, it will be up to customers to insist on retaining their rights over the goods on which their operations depend and the data they produce. Unless they opt to buy litres of compressed air rather than compressors, or welds rather than welding robots, customers need to face the unthinkable fact that the EULA could literally give the keys to the business to third parties… and act accordingly.

What do you think?

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.