Printers are one of the banes of modern computing, expensive and frustrating relics that are nonetheless occasionally necessary. Over the last few years, HP seems to be doing its best to make them even more so by milking the infamously exploitative ink market until both the literal and metaphorical cartridge runs dry. After pissing off customers by blocking third-party ink and bricking printers with dodgy firmware, HP’s CEO recently said the quiet part out loud.
A bit of context. In an interview with CNBC last week during the World Economic Forum in Davos, HP CEO Enrique Lores gave a few choice quotes. In response to a recent lawsuit over HP’s software updates that block ink cartridges from non-HP sources, he started by saying, “I think for us it’s important to protect our IP [intellectual property]. There is a lot of IP that we built in the inks of the printheads, in the printheads itself in the printers, and what we’re doing is when we identify cartridges that are violating our IP, we stop the printer from work[ing].”
“So they’re rip-offs, they’re counterfeit, and you’re going to break the printer as a result?” replied CNBC Squawk Box host Rebecca Quick.
“In many cases it could be,” said Lores. “It can create all sorts of issues, from the printer stop working [sic], because the inks have not been designed to work in our printers, to even creat[ing] security issues. We have seen that you can embed viruses in the cartridges, through the cartridge…to the printer, from the printer…to the network, so it can create many more problems.”
This claim is problematic. Ars Technica took a deep dive into this idea, and found that, yes, it’s technically possible to embed malware (if not a classic computer virus) in a printer cartridge. HP proved this with a 2022 bug bounty to specifically design an attack around a printer cartridge. The buffer overflow was limited to the printer itself, and there’s no evidence that it posed a risk to any further computers or networks. Security experts find it unlikely that any malefactor with fewer resources than a nation-state actor would actually be able to exploit this vulnerability, making the risk to everyday users and small businesses vanishingly small.
At the risk of being reductive, it seems a lot like HP has invented a problem and then supplied the solution, which just happens to include locking out third-party ink suppliers and locking customers into massively overpriced ink. HP is being accused of unfairly forcing customers to buy first-party ink in a federal class action lawsuit in the US after locking down printers that were previously compatible with third-party cartridges via software updates. At this point, it seems prudent to take Lores at his word, specifically that HP’s IP (and the lock-in to its supply chain that comes along with it) is a more immediate concern than customer safety.
Saying the quiet part out loud
Maybe it was just the Davos winter temperatures, but even the market-focused CNBC hosts didn’t seem to be buying it. “Do you think that the idea of third-party cartridges, at all, are a bad idea? That there should be no third-party market?” asked Andrew Ross Sorkin.
“That’s competition,” said Quick, quickly, before Lores could make his next pitch. Following claims that nebulous and possibly fictional hackers can embed malware in third-party ink cartridges, the CEO said the quiet part out loud (emphasis ours).
Our view is that we need to make printing as easy as possible. And our long-term objective is to make printing a subscription. This is really what we have been driving. We know it reduces the barriers to print, it offers a much more convenient solution to customers, and especially, [it] is more sustainable. Because every time a customer uses a cartridge, we take it back, we recycle, we use it again.
As distasteful as Lores’ comments might sound, it’s nothing new. HP has been attempting to get customers to subscribe to ink and toner cartridges for years via the Instant Ink program, and it isn’t the only one. I think it’s even safe to say that some businesses appreciate the option, as it streamlines the supply chain and offers discounts, at least compared to buying HP ink at retail prices. Lores goes on to admit that HP loses money on printer sales, relying on high profit margins on supplies like ink and paper to make up the difference. He wouldn’t go into specifics on how much the company loses per printer…or makes per cartridge.
But even if you’re aware of HP’s business model, Lores’ attitude is a bit chilling. “Every time a customer buys a printer, it’s an investment for us,” he says, “and if this customer doesn’t print enough or doesn’t use our supplies, it’s a bad investment.” He went on to say that he wants the subscription model to extend further, “not only for printers, but for PCs and the rest of the products that we build.”
Now I’m not a CEO, and I’ve never been interviewed by CNBC. But as a humble consumer, the idea that I am an investment, a product, instead of investing my money into the product that I buy, is not an appealing one. I’ve already sold my digital soul to Google, Amazon, and Facebook in order to use the modern advertising-driven web. I don’t want an HP printer in my home if that hardware is much more interested in selling me ink than in printing out my shipping labels. It smacks of the same kind of nickel-and-dime attitude that makes Amazon charge you to remove the ads that no one forced it to put on Prime streaming, or BMW to charge a recurring subscription to turn on the heater in your car seats.
This has become a fundamental conflict between HP and some of its customers. As Lores himself said, an HP printer owner who won’t buy HP ink is a “bad investment.” (Again, it’s baffling that HP is referring to its customers as “investments” after the customer has paid money for a printer.) If customers buy HP printers at artificially reduced prices, and refuse to buy HP ink at artificially inflated prices, the business becomes unsustainable.
Knowing this, it’s easy to sympathise with the class action plaintiffs, who accuse HP of forcing bogus “security updates” on its printers as a means of protecting its business model rather than its users.