Monday, March 24, 2014

How do you DRM a thing like a coffee pod?

A brewing system lockdown may echo the tale of printers and ink cartridges.

Soon, new Keurig brewers will only take Keurig-approved K-cups.
Keurig's next generation of coffee machines will have a way to prevent any coffee not licensed by Keurig from brewing in the machine as early as this fall. Locking down a thing like coffee seems both trifling and difficult to accomplish—no one has yet described how Keurig can differentiate its own pods enough so that its machines would honor those pods and only those pods.
Security can be as complex or as simple as a user wants, but it does have limitations: size and cost. It's easy to imagine how, for instance, a credit card with a smart chip works in its own ecosystem. But how can something as small, relatively cheap, and disposable as a coffee pod be protected? And even if it can, how strong could that protection be without raising the cost too significantly?
To suss out the issue of coffee DRM, it makes sense to look at a relatively close analog product with its own rights management and interoperability issues—printer toner cartridges. Each printer company jealously guards its model of cartridges, doing everything it can to make them proprietary and unrefillable, because, of course, the real money in printing is in selling the ink at a very large profit.
In the early 2000s, Lexmark attempted a widespread lockdown of its toner cartridges in what it called the Prebate Program. The company provided proprietary toner cartridges to its customers at a steep discount under the condition that they would use the cartridge a single time and return it to the company.
In 2002, a company called Static Control Components (SCC) figured out how to replicate the microcontroller exchange Lexmark used between its cartridges and printers. SCC began selling its own chips to toner cartridge refillers. Lexmark sued, accusing SCC of violating copyright law and the Digital Millennium Copyright Act.
As far as applying DRM to proprietary goods, "this is not new, although it's probably new to coffee," said Mitch Stoltz, a staff attorney with the Electronic Frontier Foundation. When asked how Keurig might do this with a coffee pod, Stoltz speculated that the pod and the coffee machine would have to perform a handshake similar to that of Lexmark's printers and cartridges. "I imagine you could do this with the equivalent of the RFID chip they put in subway tickets," said Stoltz. "My guess is that a chip that could do this could be very small and very cheap."
RFID hacks crop up regularly in the news, so if Keurig went this route, it could probably expect its system to be infiltrated in fairly short order. Bill Rosenblatt, founder of GiantSteps Media Technology Strategies, suggested that Keurig might go for an arrangement in each pod that involves a processor and memory, in the vein of Lexmark's system. "There are various degrees of complication of authentication protocol," said Rosenblatt. "They're going to be looking for a cost-security trade-off."
"If this thing goes to market, probably within a day people will have figured out how to break it. They will take it as a challenge," said Stoltz. The issue is less whether anyone will try to break it—they certainly will—but what they might try to do with that information, how Keurig might react, and how the courts will treat the situation.
"You can build a car that only accepts a particular brand of tire," said Stoltz. "The other question is, will the law stop people from getting around that? In the case of digital stuff, the courts are actually split on that." Lexmark has thus far been unsuccessful in proving that SCC violated the DMA; the US court of appeals for the Sixth Circuit ruled in favor of SCC in 2012, 10 years after the original suit was filed. Lexmark is currently appealing the decision in the Supreme Court.
In Keurig's case, it's less likely that the company is trying to lock coffee competitors out rather than bring them under control. Whatever security scheme it lands on, the company already said it plans to license to third parties so they will still be able to get their product on Keurig machines for a price. Rosenblatt compared the licensing scheme to that of Apple's devices and third-party accessories.
Two companies that currently makes third-party K-cups, TreeHouse Foods and Rogers Family Company, are already suing Green Mountain on the grounds (no pun intended) that their proposed proprietary system is anti-competitive, exclusionary, and designed to edge out companies who won't comply with their rules. If a third party tries to replicate Keurig's verification scheme outside the walled Green Mountain, there is a chance the company would take them to court. Whether Keurig could successfully defend the necessity of a DRM'd coffee pod is another matter.

1 comment:

  1. I think Keurig’s idea to put smart chips in coffee pods and coffee pots are more ludicrous than when Lex mark and their printers, the only difference is at least Lex mark sells printers for computers so a chip in a printer I get that. In a coffee pot or the coffee pod. I think Keurig has had way to much coffee of their own coffee. I think Keurig coffee is a great coffee, but a little on the expensive side and i know the say if you want quality you have to pay for it. If consumers who buy Keurig coffee products before now feel the pinch, imagine how much more it will now cost if Keurig continues with this insanity. This issue is not about coffee this issue is about principle, what’s next Colgate Toothpaste saying we will pass code our toothpaste if you don’t buy our toothbrushes or Whirlpool saying we are going to pass code our washing machines to only use Tide laundry detergent. Keurig needs to rethink this crazy idea before they kill off their loyal Keurig Coffee consumers. Putting Smart chips in coffee makers and pods,what rocket scientist came up with that idea? The world may never know.

    ReplyDelete