@dt_hayden - Agreed I wasn't clear on this. What I should have said is that supply chains are sufficiently complex that discontinuing business with a supplier of faulty equipment, while immediately gratifying and naturally of value to the consumer or manufacturer who discovers the problem, is an after-the-fact and slow method to dissuade counterfeiters who continue to profit from others who haven't yet discovered the problem or can't afford to switch suppliers. Illegal/immoral businesses thrive in these gaps before wide-spread awareness of the problem. More effective solutions need to attack counterfeiting at source, so there is no gap. Hope I expressed this more clearly.
@dt_hayden - sorry but I can't agree with your point about buying conterfeits being a moral decision. The Navy, among others, has bought counterfeit devices and I seriously doubt anyone there made a concious decision to support counterfeiters. The real problem is that there is enough complexity in the supply chain to make checking provenance a real challenge. Sure there is someone in that chain who knows they are cheating, but getting to who is a complex problem. And after the fact actions (no longer using that supplier) don't resolve the damage done in the first place, and don't prevent others from cheating. After all, cheaters are not doing what they are doing to build a long-term stable business.
Well, that is not the way it works with other counterfeits such as currency. He who is caught with the goods suffers the loss. At least with electronics, these exists the possibility of passing that pain onto the selling company and up the supply chain.
As far as medical devices, I doubt anyone in that business succumbs to the temptation of knowingly using counterfeits or dealing with dodgy suppliers who may supply counterfeits. Why? Because there are consequences. The decision to expose end users to counterfeit goods is a moral decision made by someone in the product supply chain. The fact that there are no critical consequences should not be an excuse to let those making those decisions off the hook.
I guarantee if a product I bought quit working due to containing counterfeit goods, and the company whose logo was on the goods refused to repair it, I would pass that pain on by not buying any more goods from that company. Without the ability to force changes in behavior, expect no change.
Your better idea is along the lines of the FBI/Interpol warnings at the beginnings of DVDs warning not to copy the content. How effective are those?
You are absolutely right @kszabo, and that's why the forums were up in arms.
I think the angle on safety ciritical designs is less important though, not because of the critical nature of the systems but because engineers go to great lengths to make sure that counterfeit parts don't get into the supply chain for such systems, with assured suppliers and 100% goods inward inspection - you are not going to go to eBay for your medical boards. And FTDI is is clear its mainstream customers haven't seen a problem.
Sometimes you may have to go to the grey market, particularly for obsolete devices, and counterfeiting is an issue there (the Component Obsolescence Group in the UK has strong views on this that I've written about before) but companies in this position - usually replacing old controllers in industrial systems or even nuclear submarines with thrity year design lifetimes - know testing is even more important.
And it does raise the issue of where the responsibility lies - flagging an error message or counterfeit warning puts the onus on the customer to contact FTDI or the board maker, which is not that likely to happen. Doing it this way, and tracking down the suppliers while helping the customers (which is also vitally important), seems to be the more proactive approach to stopping the fakers.
First off, I despise counterfeits. So anything to eliminate them in the long run is a good thing, but that must be balanced against near-term pain to customers and worse.
The people who will be hurt most by the driver doing a seek-and-destroy on suspected counterfeits will not be the counterfeiters. It will be the end users, most of whom have no idea that their box has a counterfeit part in it. They will just see the logo on the chip, the developer of the driver, and determine that the vendor's quality has slipped or worse. Damaging the device (even if counterfeit) is a very bad approach in my opinion, since the immediate reaction of the end user will NOT be "oops, I guess I have a counterfeit!". No, the reaction will be a number of choice expletives recommending physically impossible mating positions for the developers of the new driver along with thoughts of which vendor to avoid in the future.
Worse, imagine if real physical harm occurs to a client. If the device is in a medical unit for example, or some safety critical device that now stops working. If there is injury or death due to a deliberate attempt to disable counterfeits or work-alikes, you can expect to spend a lot of unnecessary money on lawsuits and lawyers.
The better idea is to warn the client that a potential counterfeit or non-compatible device has been found and NOT INSTALL. Provide a recommendation to the end-user to contact their equipment supplier to resolve the issue. Do not punish potential clients, since they will not be grateful.
I applaud the aggessive effort by a manufacturer to target counterfeit goods to protect their reputation and remain a viable business. Developing, marketing, and supporting useful products cost money which must be recouped.
As far as remarks to the effect that it is unfair to disable the counterfeit parts, if you choose to run a business playing in the sewers and gutters of moral decisions, expect to have some occasional effluent come your way.
This is an excellent response to an problem that transcends industries. Every day I deal with customers who think it's their responsibility to "stick it to the man" by buying counterfeits and clones, since the genuine product is "too expensive." Unfortunately, most customers do not realize that the job they're saving may be their own when they but genuine products. By combatting the problem at the point of use, you are effectively hitting the entire supply chain. It will take a while, but eventually customers will get the message that counterfeiting costs jobs.
That is exactly the heart of the discussion @mbp27 - there's less of a problem with making compatible parts, although that has its own pitfalls - it's passing off a chip as FTDI that's not just a copyright issue but fraud and a liability issue.
But the problem with the fake devices is you don't know who the customer is, and attempting to send a message from a fake installation is frought with security, permissions and privacy issues. What this has done is flag those fake installations and gives the chip vendor an opportunity to both address the fake parts and the supply chain, hence Gordon's comments on working with customers.
It's an interesting comment on the decompiled code - thanks for that link.
Gordon Lunn's statement that this is a side effect is disingenuous.
The driver has been decompiled and examined, and the routine responsible serves no other purpose than to disable the clones by changing their EEPROM (PID erased). It is very specifically crafted to exploit an imperfection in the clone's implementation, and cause the PID to be erased only on the clone. (ref: http://bit.ly/1tjvgIx)
FTDI could have easily detected the clone and refused to load the driver. Using the same method they could have modified the driver to not work with the clone, rather than modifying the clone's EEPROM to not work with the driver.
Most of the discussions I've followed seem to agree that FTDI has the right to protect their IP. Unfortunately for FTDI the clones are not copies but FTDI compatible implementations (the dies are different). Some, if not the majority, of these clones chips appear to be marked with the FTDI logo, which does infringe a trademark and could be considered counterfeit. However that alone does not allow FTDI to modify the clone such that it is effectively destroyed from the typical user's point of view. The driver IP should have been protected by refusing to function with the clones.
As many other have suggested, FTDI should have modified the driver such that it reported the chip was a clone, and refused to work with the clone, but not modified the clone. Instead the clones simply failed for unknown reasons resulting in countless headaches and hours of troubleshooting. Also, the clones could no longer be used with other OS drivers (Linux) which were not developed by FTDI, and over which FTDI has no claim.
I sympathize with FTDI and agree that there are serious supply chain issues which need to be addressed. However putting the end user of a device in the middle of a chip manufacturer, supply chain, vendor issue cannot the considered the correct approach. The better response would have been to notify users they have a product which contains a counterfeit chip, suggest the user contact the seller for a full refund (this would put pressure on the supply chain), and stop functioning with the clone (some people have suggested a grace period, I don't necessarily agree with that) but not modify its EEPROM.
What are the engineering and design challenges in creating successful IoT devices? These devices are usually small, resource-constrained electronics designed to sense, collect, send, and/or interpret data. Some of the devices need to be smart enough to act upon data in real time, 24/7. Are the design challenges the same as with embedded systems, but with a little developer- and IT-skills added in? What do engineers need to know? Rick Merritt talks with two experts about the tools and best options for designing IoT devices in 2016. Specifically the guests will discuss sensors, security, and lessons from IoT deployments.