Monthly archives of “August 2007

Dishonourable discharge?

Nokia phone with battery visible

Long overdue, I’m currently reading Bruce Schneier‘s excellent Beyond Fear, and realising that in many ways, security thinking overlaps with architectures of control: the goal of so many systems is to control users’ behaviour or to deny the user the ability to perform certain actions. I’ll post a fuller comparison and analysis in due course, but one example Bruce mentions in passing seemed worth blogging separately:

Nokia spends about a hundred times more money per phone on battery security than on communications security. The security system senses when a consumer uses a third-party battery and switches the phone into maximum power-consumption mode; the point is to ensure that consumers buy only Nokia batteries.

Nokia is prepared to spend a considerable amount of money solving a security problem that it perceives – it loses revenue if customers buy batteries from someone else – even though that solution is detrimental to consumers.

As a battery authentication method, this is more subtle than the systems we’ve looked at before, which actually refuse to allow the device to operate if a non-original-manufacturer battery (or perhaps charger) is used.

Nokia’s system attempts to persuade the customer that the new (cheaper) battery he or she has bought is “no good” by making the phone discharge the battery more quickly – in an extremely underhanded way. From the point of view of the (uninformed) consumer, though, it makes Nokia look good. “Oh, that cheap battery I bought is rubbish, it doesn’t seem to hold its charge. Nokia make them so much better, guess I should stick to them in future.”

But if the Nokia batteries were genuinely ‘better’ than the cheap replacement ones, surely this kind of underhanded tactic wouldn’t be necessary?

P.S. I have no idea whether this Nokia ‘trick’ is real/common/still used, as Beyond Fear has no references, or whether other manufacturers do something similar (as opposed to outright battery authentication-and-denial). I’ll ask a friend at Nokia.

P.P.S. Jason Kottke also noted this tactic back in 2003.