Last month, an Apple patent application was published describing a method of “Protecting electronic devices from extended unauthorized use” – effectively a ‘charging rights management’ system.
New Scientist and OhGizmo have stories explaining the system; while the stated intention is to make stolen devices less useful/valuable (by preventing a thief charging them with unauthorised chargers), readers’ comments on both stories are as cynical as one would expect: depending on how the system is implemented, it could also prevent the owner of a device from buying a non-Apple-authorised replacement (or spare) charger, or from borrowing a friend’s charger, and in this sense it could simply be another way of creating a proprietary lock-in, another way to ‘charge’ the customer, as it were.
It also looks as though it would play havoc with clever homebrew charging systems such as Limor Fried‘s Minty Boost (incidentally the subject of a recent airline security débâcle) and similar commercial alternatives such as Mayhem‘s Anycharge, although these are already defeated by a few devices which require special drivers to allow charging.
Reading Apple’s patent application, what is claimed is fairly broad with regard to the criteria for deciding whether or not re-charging should be allowed – in addition to charger-identification-based methods (i.e. the device queries the charger for a unique ID, or the charger provides it, perhaps modulated with the charging waveform) there are methods involving authentication based on a code provided to the original purchaser (when you plug in a charger the device has never ‘seen’ before, it asks you for a security code to prove that you are a legitimate user), remote disabling via connection to a server, or even geographically-based disabling (using GPS: if the device goes outside of a certain area, the charging function will be disabled).
All in all, this seems an odd patent. Apple’s (patent attorneys’) rather hyperbolic statement (Description, 0018) that:
These devices (e.g., portable electronic devices, mechanical toys) are generally valuable and/or may contain valuable data. Unfortunately, theft of more popular electronic devices such as the Apple iPod music-player has become a serious problem. In a few reported cases, owners of the Apple iPod themselves have been seriously injured or even murdered.
…is no doubt true to some extent, but if the desire is really to make a stolen iPod worthless, then I would have expected Apple to lock each device in total to a single user – not even allowing it to be powered up without authentication. Just applying the authentication to the charging method seems rather arbitrary. (It’s also interesting to see the description of “valuable data”: surely in the case that Apple is aware that a device has been stolen, it could provide the legitimate owner of the device with all his or her iTunes music again, since the marginal copying cost is zero. And if the stolen device no longer functions, the RIAA need not panic about ‘unauthorised’ copies existing! But I doubt that’s even entered into any of the thinking around this.)
Whether or not the motives of discouraging theft are honourable or worthwhile, there is the potential for this sort of measure to cause signficant inconvenience and frustration for users (and second-hand buyers, for example – if the device doesn’t come with the original charger or the authentication code) along with incurring extra costs, for little real ‘theft deterrent’ benefit. How long before the ‘security’ system is cracked? A couple of months after the device is released? At that point it will be worth stealing new iPods again.
(Many thanks to Michael O’Donnell of PDD for letting me know about this!)
Previously on the blog: Friend or foe? Battery authentication ICs
UPDATE: Freedom to Tinker has now picked up this story too, with some interesting commentary.