Comment Articles

The Lexmark lesson - make more noise

Rupert Goodwins ZDNet.co.uk

Published: 16 Nov 2004 17:45 GMT

Lexmark's printers are smarter than they look. Perhaps a little too smart -- a recent story showed that the printer drivers for a recent model were surreptitiously relaying information over the Internet back to base. Users were mystified, and more than a little outraged. Spyware, they said. Lexmark was stung. 'It's not spyware, it's remote reporting about printer parameters,' the company said after a marked pause. We told you all about it when you installed the drivers. It's even got a name -- Lexmark Connect.

Remote reporting is nothing new. Mainframes and minicomputers did it back in the 1970s, using a modem to dial up a service agent when something was amiss. More recently, printers on LANs have done it to warn the system administrator of paper problems or other mishaps. It's a simple enough task: the printer's internal microcontroller spots the error and sends a code down the communications link.

With PCs on broadband, it's just a matter of the printer driver parcelling up data collected from the printer, establishing an HTTP link -- thus bypassing any firewalls -- with a remote server, and sending the message. There's virtually no extra load on the connection, and the printer manufacturer gets valuable usage information that can be used in designing the next generation of products.

So what went wrong? The problem is that such behaviour is identical to that of spyware -- stuff you don't want -- which earns its crust in exactly the same way by quietly passing data back to a third party. The only difference is that users are supposedly informed about the Lexmark software. That clearly didn't happen, at least not in every case: if you don't know, then it's spyware.

That knowledge may be easy to miss. Not every user installs their own printer. Some systems come with printers pre-installed; some are set up by technicians on delivery; some by passing help. Not everyone reads all the disclaimers, end-user licence agreements, warnings, copyright statements and other densely worded legalese that habitually demands our clicks of allegiance when we load new software. This is partially the fault of the companies who rarely take the time to clearly, simply and unambiguously say what's happening and why -- and sometimes give the impression of omitting this deliberately. We have learned to think of this stage of installation as a pointless annoyance, to be got through as quickly as possible.

Users do have some responsibility. It is a commonplace in consumer electronic companies that you could print "READ ME FIRST" in the biggest, reddest letters available, on every part of the packaging, handbook, installation notes and CD covers, and the user wouldn't even glance at it until they'd plugged stuff in and failed to make it work. Even here, though, that's what people do -- manufacturers have to assume the worst and design their products accordingly.