[plagiarist]

Oh, yes. I agree that this sounds like actual fraud if it is undocumented. I disagree that disabling the machines would count as "hacking."

I am cynical about the latter because I personally would like this sort of malicious shit to qualify as hacking. I'd also like the telemetry and recording in all modern cars to be considered hacking.

[hedora]

One practical solution is to make certain clauses unenforceable in end user license agreements and all non-negotiated contracts.

For starters clauses allowing the vendor to upload any user specific data (anonymized or not) and prohibitions against specific uses of the software would be unenforceable.

The former ensures privacy, and the latter would make the behavior of the train manufacturer illegal (in the US), since it’d fall under the CFAA:

https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

(Sections a.5 and a.7 in the section “Criminal offenses under the Act”)

[p_l]

Various contract provisions are illegal in Poland as well, for example a contract can't prevent you from disassembling and reverse engineering any software or hardware, including building a compatible device so long as you do not literally copy the results over.

In this case, NEWAG violated contract, because they did NOT win the bid to do servicing, and didn't write anything down about being the only party able to service the machines.