Amazon Alexa is a graduate of the Darth Vader MBA

I am altering the deal. Pray I don’t alter it any further.

Cory Doctorow
7 min readOct 26, 2023
A cylindrical black Alexa speaker on a coffee table; it is wearing a Darth Vader helmet. Image: www.quotecatalog.com (modified) https://commons.wikimedia.org/wiki/File:Alexa_%2840770465691%29.jpg Sam Howzit (modified) https://commons.wikimedia.org/wiki/File:SWC_6_-_Darth_Vader_Costume_(7865106344).jpg — CC BY 2.0 https://creativecommons.org/licenses/by/2.0/deed.en

Next Tuesday (Oct 31) at 10hPT, the Internet Archive is livestreaming my presentation on my recent book, The Internet Con.

If you own an Alexa, you might enjoy its integration with IFTTT, an easy scripting environment that lets you create your own little voice-controlled apps, like “start my Roomba” or “close the garage door.” If so, tough shit, Amazon just nuked IFTTT for Alexa:

https://www.theverge.com/2023/10/25/23931463/ifttt-amazon-alexa-applets-ending-support-integration-automation

Amazon can do this because the Alexa’s operating system sits behind a cryptographic lock, and any tool that bypasses that lock is a felony under Section 1201 of the DMCA, punishable by a 5-year prison sentence and a $500,000 fine. That means that it’s literally a crime to provide a rival OS that lets users retain functionality that Amazon no longer supports.

This is the proverbial gun on the mantelpiece, a moral hazard and invitation to mischief that tempts Amazon executives to run a bait-and-switch con where they sell you a gadget with five features and then remotely kill-switch two of them. This is prime directive of the Darth Vader MBA: “I am altering the deal. Pray I don’t alter it any further.”

So many companies got their business-plan at the Darth Vader MBA. The ability to revoke features after the fact means that companies can fuck around, but never find out. Apple sold millions of tracks via iTunes with the promise of letting you stream them to any other device you owned. After a couple years of this, the company caught some heat from the record labels, so they just pushed an update that killed the feature:

https://memex.craphound.com/2004/10/30/apple-to-ipod-owners-eat-shit-and-die-updated/

That gun on the mantelpiece went off all the way back in 2004 and it turns out it was a starter-pistol. Pretty soon, everyone was getting in on the act. If you find an alert on your printer screen demanding that you install a “security update” there’s a damned good chance that the “update” is designed to block you from using third-party ink cartridges in a printer that you (sorta) own:

https://www.eff.org/deeplinks/2020/11/ink-stained-wretches-battle-soul-digital-freedom-taking-place-inside-your-printer

Selling your Tesla? Have fun being poor. The upgrades you spent thousands of dollars on go up in a puff of smoke the minute you trade the car into the dealer, annihilating the resale value of your car at the speed of light:

https://pluralistic.net/2022/10/23/how-to-fix-cars-by-breaking-felony-contempt-of-business-model/

Telsa has to detect the ownership transfer first. But once a product is sufficiently cloud-based, they can destroy your property from a distance without any warning or intervention on your part. That’s what Adobe did last year, when it literally stole the colors from your Photoshop files, in history’s SaaSiest heist caper:

https://pluralistic.net/2022/10/28/fade-to-black/#trust-the-process

And yet, when we hear about remote killswitches in the news, it’s most often as part of a PR blitz for their virtues. Russia’s invasion of Ukraine kicked off a new genre of these PR pieces, celebrating the fact that a John Deere dealership was able to remotely brick looted tractors that had been removed to Chechnya:

https://pluralistic.net/2022/05/08/about-those-kill-switched-ukrainian-tractors/

Today, Deere’s PR minions are pitching search-and-replace versions of this story about Israeli tractors that Hamas is said to have looted, which were also remotely bricked.

But the main use of this remote killswitch isn’t confounding war-looters: it’s preventing farmers from fixing their own tractors without paying rent to John Deere. An even bigger omission from this narrative is the fact that John Deere is objectively Very Bad At Security, which means that the world’s fleet of critical agricultural equipment is one breach away from being rendered permanently inert:

https://pluralistic.net/2021/04/23/reputation-laundry/#deere-john

There are plenty of good and honorable people working at big companies, from Adobe to Apple to Deere to Tesla to Amazon. But those people have to convince their colleagues that they should do the right thing. Those debates weigh the expected gains from scammy, immoral behavior against the expected costs.

Without DMCA 1201, Amazon would have to worry that their decision to revoke IFTTT functionality would motivate customers to seek out alternative software for their Alexas. This is a big deal: once a customer learns how to de-Amazon their Alexa, Amazon might never recapture that customer. Such a switch wouldn’t have to come from a scrappy startup or a hacker’s DIY solution, either. Take away DMCA 1201 and Walmart could step up, offering an alternative Alexa software stack that let you switch your purchases away from Amazon.

Money talks, bullshit walks. In any boardroom argument about whether to shift value away from customers to the company, a credible argument about how the company will suffer a net loss as a result has a better chance of prevailing than an argument that’s just about the ethics of such a course of action:

https://pluralistic.net/2023/07/28/microincentives-and-enshittification/

Inevitably, these killswitches are pitched as a paternalistic tool for protecting customers. An HP rep once told me that they push deceptive security updates to brick third-party ink cartridges so that printer owners aren’t tricked into printing out cherished family photos with ink that fades over time. Apple insists that its ability to push iOS updates that revoke functionality is about keeping mobile users safe — not monopolizing repair:

https://pluralistic.net/2023/09/22/vin-locking/#thought-differently

John Deere’s killswitches protect you from looters. Adobe’s killswitches let them add valuable functionality to their products. Tesla? Well, Tesla at least is refreshingly honest: “We have a killswitch because fuck you, that’s why.”

These excuses ring hollow because they conspicuously omit the possibility that you could have the benefits without the harms. Like, your tractor could come with a killswitch that you could bypass, meaning you could brick it at a distance, and still fix it yourself. Same with your phone. Software updates that take away functionality you want can be mitigated with the ability to roll back those updates — and by giving users the ability to apply part of a patch, but not the whole patch.

Cloud computing and software as a service are a choice. “Local first” computing is possible, and desirable:

https://pluralistic.net/2023/08/03/there-is-no-cloud/#only-other-peoples-computers

The cheapest rhetorical trick of the tech sector is the “indivisibility gambit” — the idea that these prix-fixe menus could never be served a la carte. Wanna talk to your friends online? Sorry there’s just no way to help you do that without spying on you:

https://pluralistic.net/2022/11/08/divisibility/#technognosticism

One important argument over smart-speakers was poisoned by this false dichotomy: the debate about accessibility and IoT gadgets. Every IoT privacy or revocation scandal would provoke blanket statements from technically savvy people like, “No one should ever use one of these.” The replies would then swiftly follow: “That’s an ableist statement: I rely on my automation because I have a disability and I would otherwise be reliant on a caregiver or have to go without.”

But the excluded middle here is: “No one should use one of these because they are killswitched. This is especially bad when a smart speaker is an assistive technology, because those applications are too important to leave up to the whims of giant companies that might brick them or revoke their features due to their own commercial imperatives, callousness, or financial straits.”

Like the problem with the “bionic eyes” that Second Sight bricked wasn’t that they helped visually impaired people see — it was that they couldn’t be operated without the company’s ongoing support and consent:

https://spectrum.ieee.org/bionic-eye-obsolete

It’s perfectly possible to imagine a bionic eye whose software can be maintained by third parties, whose parts and schematics are widely available. The challenge of making this assistive technology fail gracefully isn’t technical — it’s commercial.

We’re meant to believe that no bionic eye company could survive unless they devise their assistive technology such that it fails catastrophically if the business goes under. But it turns out that a bionic eye company can’t survive even if they are allowed to do this.

Even if you believe Milton Friedman’s Big Lie that a company is legally obligated to “maximize shareholder value,” not even Friedman says that you are legally obligated to maximize companies’ shareholder value. The fact that a company can make more money by defrauding you by revoking or bricking the things you buy from them doesn’t oblige you to stand up for their right to do this.

Indeed, all of this conduct is arguably illegal, under Section 5 of the FTC Act, which prohibits “unfair and deceptive business practices”:

https://pluralistic.net/2023/01/10/the-courage-to-govern/#whos-in-charge

“No one should ever use a smart speaker” lacks nuance. “Anyone who uses a smart speaker should be insulated from unilateral revocations by the manufacturer, both through legal restrictions that bind the manufacturer, and legal rights that empower others to modify our devices to help us,” is a much better formulation.

It’s only in the land of the Darth Vader MBA that the deal is “take it or leave it.” In a good world, we should be able to take the parts that work, and throw away the parts that don’t.

(Image: Stock Catalog/https://www.quotecatalog.com, Sam Howzit; CC BY 2.0; modified)

If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/10/26/hit-with-a-brick/#graceful-failure

--

--