Does that include TeleScreens?
The All4 app on my 'smart' TV stopped working because the All4 server's GeoLocation code doesn't believe my IP address is in the UK any more, and no-one is taking responsibility to fix it.
The European Commission has revealed a Cyber Resilience Act that will require manufacturers of connected devices to secure them properly before shipping, disclose and fix flaws promptly, and guarantee fixes will flow for five years. "Computers, phones, household appliances, virtual assistance devices, cars, toys … each and …
I don't know about the UK, but in the US, I don't think there are any dumb TVs available that just tune and display channels. Haven't been for many years. Neither, apparently can you roll-you-own using a monitor and a separate tuner with just a power button and a channel select switch. They don't seem to make the latter anymore.
That would be called a set-top box, e.g. An Apple TV [or similar] or a Raspberry Pi equipped with TV headend and streaming over the network to a Kodi box. Both emit signals quite happily out of an HDMI port.
The so-called smart TV Android functionality is bypassed by feeding everything into HDMI1, we haven't had a terrestrial TV aerial for six years, nor satellite.
In case you're not being sarcastic - it's impossible to buy a decent TV that isn't 'smart'.
That said, power users can of course plug something decent in like a PC or console and not use any of the crappy apps. Mine isn't even on the LAN, and never will be.
Is it the fault of the device or the app? I don't believe any smart tvs are guaranteed to run any particular catch-up or streaming service (except some specifics instances like Netflix). Broadcasters can change their specific "technology" at any time and that may break delivery on a device but it's not the fault of the manufacturer who could not predict that change.
Welcome to the world of "not me guv'" and guaranteed obsolescence.
One would reasonably expect the All4 server process to do a Geolookup based on the static IP address it has from the client's connection.
So it looks like it's likely to be the Geolookup mechanism - whether the server is calling some external API to a 3rd party or else duff static locally cached Geo data (or both).
"Sale of Goods act should apply..."
Replaced in 2015 by the Consumer Rights Act. Broadly similar in terms of your customer rights, but the question of quality and how long something should reasonably last for now also takes into account "many different factors like product type, brand reputation, price point and how it is advertised."
Also "For example, bargain-bucket products won’t be held to as high standards as luxury goods."
According to Which.
Good Lord! Just display HDMI1. That is all I want. Get rid of the smart TV garbage spyware. I absolutely refuse to agree to a EULA just to watch HDMI1!!!!
Do people even realize what is going on? Brand new TV. Excited to watch it. First power-on they blindly hit the 'OK' button when EULA pops up. Next they connect to their Wifi. Now their viewing habits are being slurped by Big Data. Forever. And they willingly agreed to it.
Absolutely not. No 'Smart' TVs on my network. Mac Mini's drive all my TVs. No, not a perfect solution. But at least I have some measure of control over what is being reported.
..the desire to protect citizens, but who is going to want to launch a new tech product in Europe when the slightest mistake could result in a painful legal battle and fine?
Startups will go to America where "move fast and break things" works. Products will be launched where early fixes and revisions are tolerated, and maybe taken to Europe a few years later. Maybe.
Mistakes are allowed. You just need to fix them and provide updates in a reasonable time period. No company that does this will have to worry. Those selling junk that is insecure and unmaintained will not be in business for long.
Plenty of people will continue to launch and release products in Europe as it is a massive market that has money to spend. Equally of all the cheap and disposable junk stops being sold and nobody wants to ship new products to Europe then European businesses will launch their own products to fill the gaps. You do realise that plenty of products are designed and manufactured in Europe?
"Are designed and manufactured in Europe", or "Were designed and manufactured in Europe"?
I jest, but when you're a startup, there is not much of a line between cheap and disposable junk, and the next great innovation. You launch a product hoping you can get through the next three months whilst you figure out what needs to change, not committing to supporting that exact first revision for five years.
Clearly from your response you believe companies can magically afford to commit to a five year product support cycle when developing something new. I don't think that's true, and I suspect it's just going to cause more companies to close down early to avoid being dragged into legal battles. Or not launch in Europe in the first place.
This is not about the good intentions or otherwise of product developers, this is about the financial and legal realities of developing new products, which in the current economic environment means making pragmatic decisions about what and where you launch.
Startups depending on making money from a first version of their product that is likely defective will already have a hard time if they sell to consumers here.
They are liable for defects for 3 years and can choose to either repair or replace with a working version at their cost and if unable to do either in a reasonable time they have to refund the full price.
The problem is, you're trusting unseen bureaucrats to set the criteria for "quality products".
As I say, I can understand people wanting someone in power to make everything safe and reliable. But it's ridiculous to believe they have the power to do so, and there won't be unforeseen consequences in an industry that relies on innovation and experimentation.
The problem is, you're trusting unseen bureaucrats to set the criteria for "quality products"
Not really, i don't expect them to define quality for all products in any meaningful way.
I hope this latest initiative will lead to products that can and are used for longer than currently. I fully expect producers to compensate by increasing prices.This should lead to buyers taking more care of what they get and so the consumers will vote on "quality" with their wallet.
Only bad if you always need to have the latest shiny to dispose of when the next hyped thing arrives.
There will always be a way around it e.g. an incumbent in the UK:
Power Line LAN - yes, we know it is an illegal transmitter, but you daredn't do anything about it.
"Even more powerful signal" broadband wireless router - yes, we know the previous version was right on the limit of allowable transmitter power, but you daredn't do anything about it.
who is going to want to launch a new tech product in Europe when the slightest mistake could result in a painful legal battle and fine?
I hope we can tag Windows too as code attached to a device and fine the screaming cr*p out of Microsoft for providing code that other companies would not even dare release as alpha level dev test, but I know for a fact that especially in the country I live there is absolutely no chance of that.
..the desire to protect citizens, but who is going to want to launch a new tech product in Europe when the slightest mistake could result in a painful legal battle and fine?Reducing the amount of IoTrash out there, reducing the ability to just release the next buggy, insecure, unsupported, thoughtlessly designed and implemented and just overall shitty piece of IoTrash is a feature, not a bug.
Noting the number of downvotes on my original post - as usual, the knee jerk reaction is to assume that any objection to regulation like this is an endorsement of shitty(er) products. It's not.
Instead it's an observation that this sort of regulation (whilst much wanted etc. etc.) is not without consequence. Whilst the slightly parochial desire to stop Chinese importers from dumping goods in Europe may be well intentioned, the consequence is that the riskier end of the industry (which is where innovation happens) will tend to focus on other markets. That's not a judgement on whether this is good, bad or indifferent - just an observation that regulation is a cost on industry, not an enabler.
We can all agree that better supported devices would be welcomed with open arms - but you have to disable every critical faculty you have to believe that this regulation will make much of a difference to products in this space. Companies will work around it, or avoid it altogether.
Don't want to get into that particular discussion just highlight that Apple thinks there is money to be made in highlighting the security and privacy of their devices and software.
Some examples of regulation having a beneficial effect for consumer products: max power draw in standby; max power for vacuum cleaners (turns out more power, didn't mean better cleaning); lower vehicle emissions.
The argument that regulation is the enemy of innovation is just something that Silicon Valley likes to use to try and remove regulation because VCs love unregulated markets and the profits that can accrue to their monopolistic (monopsoditic) exploitation.
-- max power for vacuum cleaners (turns out more power, didn't mean better cleaning); --
There speaks someone who never owned a dog or cat!
Also take into account the small fact that if the requirement had been in place BEFORE the rest of the technology caught up we'd probably still be with maid powered vacuum cleaners.
" Companies will work around it, or avoid it altogether."
To be effective and prevent work-rounds it needs to make the entire marketing chain - yes, eBay, that means you - responsible.
Avoiding a well regulated market if you want to ship shoddy goods is quite acceptable to the market. If the manufacturers have a problem with that there's no point coming to me for sympathy. Innovation is no excuse for cutting corners or making customers act as QA.
"Products will be launched where early fixes and revisions are tolerated, and maybe taken to Europe a few years later."
Excellent - up to a point. That means the EU gets good products and elsewhere gets the crap. Up to a point because here in the UK we no longer get that protection.
"Who is going to want to launch a new company selling boiled sweets in the UK, when the slightest accidental inclusion of arsenic in them would render them unsaleable. Why, we can't even use brightly coloured lead salts to make them attractive any more!"
It's almost like there's some sort of reason why we have regulations to make sure people are getting what they pay for, and products aren't unsafe or falsely described.
The fact sheet gives an obligation of the expected lifetime or five years. Who decides that lifetime?
Also, it's "whichever is the shorter". It certainly seems ridiculous for a car manufacturer to have no requirement for what is in practice more than half the lifetime of a car.
While a car is probably the most extreme example, similar can probably be said for many products.
We can expect products whose cyber security warranty will be void when connected to the Internet. Like some smartphones advertised waterproof whose warranty will not cover water damage. So everybody don’t worry, cheap crap will continue to flow into EU.
Okay, so the law can demand that manufacturers provide security patches for device lifetime/5 years ... but they can't enforce the effectiveness of those patches.
v1.0: "if ! strcmp( password, "letmein1234" ) rootmode = 1; ..."
v1.1: "if ! strcmp( password, "correcthorsebatterystaple" ) rootmode = 1; ..."
v1.2: "if ! strcmp( password, "theGPDRsuxors" ) rootmode = 1; ..."
> The fact sheet gives an obligation of the expected lifetime or five years. Who decides that lifetime?
Not the manufacturer.
There is plenty of precedent for this sort of thing. For example, in Australia, products that don't have their own specific legislated warranty requirements (e.g. cars have their own acts around them) have general consumer act merchantability warranty requirements that say something like "must repair or replace the product if it becomes defective during its lifetime".
This is usually based on a combination of:
1) its purpose (e.g. a disposable single-use surgical face-mask vs an industrial fitted biological-rated filter-mask with replaceable filters);
2) its price (a $2 plastic kinder surprise truck vs a $500 cast-metal tonka toy truck);
3) any advertised or stated claims as to its quality and usage made by the manufacturer or their agent or the vendor of said product (such as an advert, specification sheet, blurb on the side of the box, a verbal claim made at a trade show or by a retailers/sales outlet staff member about the product);
4) a reasonable person's (the legal standard of a 'reasonable person') expectation of such a product, usually based on a combination of the preceding elements.
5) any established precedents based on previous relevant regulatory, tribunal, or court decisions.
Basically, the expectation is that everyone (the manufacturer, vendor, consumer) is acting in good faith. If any of them aren't, then regulatory agencies and the courts step in.
Not sure that's technically or practically possible.
If my Magic Doohickey synchronises with my Phone using some discoverable server in a vendor specific cloud, there is no easy answer when the discoverable server stops existing.
"Sorry, we have failed as a company - here are the instructions for installing Couchbase, twenty microservices, an SMS relay and a proprietary speech to text tool we depend on. Also, here is the source code that we spent a million euros developing."
IMHO it is possible but not likely to happen.
Laws could force companies to put those instructions and the source code into escrow and allow public access if the company ceases to exist. Any liquidator should only be allowed to sell that IP if the buyer continues the service. It would stop companies from selling on the IP for a token price and then fold to get rid of liabilities.
"If my Magic Doohickey synchronises with my Phone using some discoverable server in a vendor specific cloud, there is no easy answer when the discoverable server stops existing."
Here are a few:
1. Require it to be able to synchronise with your iPhone over your WiFi. It means you can't contact it remotely unless you open your network for incoming connections from your phone. But it's a non-bricking fall-back.
2. Have a manual mode as fall-back.
3. Make it clear to purchasers before buying that you have not made any provision for ongoing operation of the service, that you cannot guarantee to keep operating the service and that if the service lapses the product is bricked. And see how many sales you get then.
TL;DR design your device to fall-back sensibly or tell the customer very clearly they're about to buy a pig in a poke.
"Sorry, we have failed as a company - here are the instructions for installing Couchbase, twenty microservices, an SMS relay and a proprietary speech to text tool we depend on. Also, here is the source code that we spent a million euros developing."
There's a thing called escrow. The organisation I work for has all of our source code in escrow, so that, if we go out of business for whatever reason, this is then made available to our customers who depend on it, so that they can make alternative arrangements to continue to support it. I doubt that this situation is unusual.
I've often thought about that kind of technical "living will" and I think it has a lot going for it. I have almost no "smart" (ie. connected to someone else's computer) gadgets because I'm pretty sure I don't need them and don't want that kind of dependence having seen a few people buy into the dream only to have throw the kit away a few years later.
Which are supposed (in the UK) to have a 15 yr life, as opposed to the 40 years of "dumb" meters (before they are re-certified and can be reused)
OTOH the head of IT for a certain US energy company (in Congressional testimony) said they are computers, with a lifespan of about 7yrs before they need replacing.
But these are UK smart meters, which will be a special order.
Yeah. Right.
Still good start for the rest. And I do like the "Offline mode required" so if (when) the company goes TITSUP the product has some usability.
Quote #1: "The Act provides infosec requirements that must be met before products can reach Europe's markets, some covering their design, development and production."
Quote #2: "....having already led the world with the General Data Protection Regulation (GDPR)...."
Quote #2 first........The Royal Free Trust allowed Google/DeepMind to slurp 1.6 million personal medical records...not one single citizen was asked for their consent as required by GDPR. No penalties (yet) for the Royal Free or Google. So much for enforcement of GDPR.
Quote #1.....Now we get this suggestion that someone (unnamed) will be certifying the business processes inside device manufacturing companies. Really?? ......there are thousands of such manufacturers, many (most) of them in China. Not possible!!
Both laws have almost no possibility of enforcement. Both are simply government marketing of the sort -- "Someone is doing something". Like GDPR this latest suggestion is a joke.
The proposed regulation does provide some exceptions for products such as medical devices, airplanes, and cars, as they are already subject to other regulations.
Right, so the implanted insulin pumps and pacemakers that are known to be remotely hackable by wireless won't be covered because there are already regulations saying they must be made of bio-inert materials. Slightly missing the point I think.