| It doesn’t fall apart. I have a phone. It has a Lock Screen and advertising it can be locked. It is easily bypassed. Millions of phones are vulnerable. Manufacturer provides a patch that doesn’t work. Manufacturer fixed the problem on more recent phones with a physical hardware change but chooses not to fix the previously released phones, leaving customers stranded with no solution even though it’s readily available. Over time everyone is getting their phones targeting because thieves arr going after the phone knowing they can get at all the valuable data in addition to a working phone, and easily sell the parts in the phone that have now become scarce due to all the theft — a virtuous feedback loop created by the phone manufacturer. Manufacturer finally gets sued by a class action for failure it fix and settles the suite for two hundred million and offers 3-5000 per phone to every person affected, but without admitting ‘guilt.’ Users defend phone manufacturer: Defense: the Lock Screen isn’t needed in the safe country the phones are made in Reality: that’s ok, they weren’t sold there they were sold in the market that does have less safety and that was true when they were sold. Also, these products were so poorly designed they are 2/3 of all phone thefts and other manufacturers had no problem providing solutions to this problem and the manufacturer had ample time to do a fix and failed to perform a fix for customers. FAQ But what about locks? You said locks before but locks aren’t that secure. The term “fitness for purpose” refers to a product or service that is not working as intended or expected. If you don’t sell a car with locks and claim you have a security system, no fault. But if you do and it doesn’t work, fault. Same for locks. Physical locks are not meant to make things impossible to get to. They just make it hard to get to. No amount of physical locks will ever make something 100% secure because even if they are unpickable, and there are some unpickable locks, physical things can be broken. The point of physical locks are that it takes the robber time and energy to get around them. If it takes more time and energy to do it most robbers will just go to the next location and hope there is less security. because of this most people just need convenient locks. Ones that do not take up a lot of space or time to open. It is only when we see extremely valuable things that the higher tech locks that take a lot of space/time/energy to work with. Source: https://www.reddit.com/r/explainlikeimfive/comments/6c7bj5/e... That metaphor doesn’t work! Probably, because Lock Screen failure didn’t lead directly to 8 verifiable deaths (more now) and you can’t die from getting run over by a phone as they are not considered ‘deadly weapons’ like cars, but without the metaphor it’s actually much worse. Imagine a gun safe manufacturer whose locks could be easily bypassed, who knew it, and did nothing even while criminals stole guns and used them on shooting sprees. Probably better metaphor but it’s insensitive to people who are actually experiencing gun violence so I didn’t use it. Should they have provided a Lock Screen that worked? Yes. Is the root of the issue the fact that it had a feature that should have worked and didn’t? Yes, and that they provided a fix that didn’t work but claimed it would, and sold a defective product in the first place. Did they have ample occasion to recall and fix the issue permanently? Yes. Maybe that metaphor will work better, because there are two issues. One is that something was sold fit for purpose and wasn’t. Another is that the MFG failed to fix on multiple occasions and didn’t. Only after being sued did they eventually perform to a baseline standard. Yes, but the NHTSA could have issued a recall! “At this time, NHTSA has not determined that this issue constitutes either a safety defect or noncompliance requiring a recall,” wrote Cem Hatipoglu, NHTSA's acting associate director for enforcement, referring to the Hyundai and Kia vehicles susceptible to theft because they lack engine immobilizers.* In particular, Hatipoglu said, the federal standard for automotive safety does not require cars to come with immobilizers, the hardware at the center of the controversy that has put affected vehicle owners on edge.* Hatipoglu said the standard by which NHTSA would normally issue recalls “does not contemplate actions taken by criminal actors to break open or remove part of the steering column and take out the ignition lock to start a vehicle." In casual parlance, that's what's called hot-wiring a car.* The 18 attorneys general, led by Bonta, wrote to the agency in April asking that all vulnerable Hyundai and Kia vehicles manufactured from 2011 to 2022 be recalled and retrofitted with immobilizers to keep them from being stolen.* "Thefts of these Hyundai and Kia vehicles have led to at least eight deaths, numerous injuries and property damage, and they have diverted significant police and emergency services resources from other priorities," the attorneys general wrote. The only reason they didn’t issue a recall is that this particular technology is not required by code and the code does not the specific technology that almost all manufacturers are using address theft because up until KIA had this problems there was no need for them to because manufacturers didn’t have this problem. I’m sure code will get looked at in future iterations as the automotive standards slowly evolve. The root argument that holds water has been made by a couple of people on HN and that is that the US standards aren’t sufficient to address this problem and that is a totally valid argument. Fortunately we have a way to compel manufacturers to fix broken products that kill people: the court system, product defect and class action lawsuit. And they have already settled their first major lawsuit (just California, so only 1/9 of America is covered so far) in which they admit no guilt but will pay you thousands of dollars if it happens to you and you have a police report. I consider that an omission of guilt, but just lacking the legal admission, don’t you? It’s reasonable to argue against it, but when you choose to pay up instead of fight the accusations there is some degree of statement in that. The only real debate is whether this is a case if negligence or incompetence. Sources https://www.nhtsa.gov/press-releases/hyundai-kia-campaign-pr... https://www.hbsslaw.com/hyundai-kia-usb-car-theft-defect/faq |