[dataflow]

I don't really understand the legal arguments here:

> the manufacturer can even be sued [...] This hinges on the fact that the second-hand buyer has not entered into a consentual relationship with the manufacturer after the purchase.

Wait, but the first owner (presumably, for the sake of argument) agreed to this. Why isn't it the first owner's fault for not disclosing it to the second owner? Shouldn't they be sued instead? How is a manufacturer held responsible for an agreement between parties that they could not possibly be expected to have knowledge of?

[inkyoto]

Because common law is not a general «duty to disclose everything» bludgeon for ordinary used-goods sales, and the «why not sue the first owner» argument can only work in narrow fact patterns.

For example, if the first owner actively misrepresented the position (for example, they said «no remote access, no subscriptions, no tracking» when they knew the opposite), the second owner might have a misrepresentation claim against the first owner. But that is pretty much where the buck stops.

> «How can a manufacturer be liable for an agreement it cannot know about?».

That is not the right framing. The manufacturer is not being held liable for «an agreement between the first owner and the second owner». The manufacturer is being held liable for its own conduct (access/modification by virtue of an OTA update) without authorisation from the _current_ rights-holder because liability follows the actor.

It happens because, under common law, 1) the first owner’s consent does not automatically bind the second owner, 2) consent does not normally run with the asset, and 3) a «new contract with the second owner» does not arise automatically on resale. It arises only if the second owner consciously assents to manufacturer terms (or if a statute creates obligations regardless of assent).

So the manufacturer is responsible because it is the party _acting_. If the manufacturer accesses/modifies without a valid basis extending to the current owner or user, it owns that risk.

I am not saying that «every unwanted OTA update is a crime». All I am saying is that the legal system has a concept of «unauthorised modification/access», and the contention is over whether the access or modification was authorised or not.

[dataflow]

Thanks for explaining. I just don't understand how society is supposed to function if laws work like this.

For example suppose I ask someone to come demolish my fence next week when nobody is home. And then I sell the house in between. So is the company supposed to run a title check the moment they arrive, because the owner may no longer have the authority they once had prior to that moment?

Or say I click Accept on an agreement, sleep/hibernate the device right as installation is about to start, and then transfer the rights to the device. Now the vendor is responsible for not running a title check or asking for confirmation a second time before the first confirmation? And I'm in the clear because I never claimed there's no installation pending?

I can't imagine the law really works this way... these sound absurd. Surely there's gotta be much more to it than what you're describing?

[inkyoto]

It is the clear separation of property and contractual rights, which I find to be pretty logical.

In fact, the separation of concerns actually makes things simpler as the property rights do transfer with the property sale (a car, a house, a computer, etc.), and the contractual obligations do not travel with the asset (unless the law or a properly formed new agreement makes it travel – jurisdiction dependent). It is also important to note that the contract between the former owner and the manufacturer does not automatically lapse with the property sale.

Let's pick the two examples apart.

> […] I ask someone to come demolish my fence next week when nobody is home. And then I sell the house in between. So is the company supposed to run a title check the moment they arrive, because the owner may no longer have the authority they once had prior to that moment?

They are not required to, but it is very prudent of them to ascertain that the person who signed the contract happens to be the current owner of the house before they commence the demolition works – unless dealing with a litany of lawsuits is their core business. By doing so, they save time and money.

Now, imagine that, as the previous owner of the house, you also instructed the company to demolish the fence and demolish the entire house after. It is hard to imagine that the new owner would be delighted or feel ecstatic about finding their newly acquired house to have been wiped out of existence.

From the legal perspective, the demolishing company would be trespassing on the property that now belongs to somebody else, and they are in no position to proceed as the contractual rights stay with the previous owner and not with the property [0]. So in this situation, it creates a dispute (and – not unfathomably – a legal action) between the previous owner and the demolishing company, which the new owner is not privy to. Again, such a separation appears logical to me. Otherwise, the new owner would inherit a barrage of clandestine or dodgy contracts that the first owner might have signed in the past.

> Or say I click Accept on an agreement […]

Same separation still applies:

  1. The vendor’s contract with the first owner can remain on foot.

  2. That does not automatically authorise a post-sale access/modification of the second owner’s device.

In real litigation, what happens next turns on how «authorisation» is evidenced and managed. If the system is designed so that the physical device is still cryptographically tied to the old account, a court may treat that as strong evidence of practical authorisation, but it is not the same as legal authorisation by the current owner if the current owner never agreed. Practically, however, the new owner simply wipes the device out or resets it, and I do not think that it is commonplace for new owners to sue the manufacturer for merely applying an update, although the possibility is there.

All of the above segues into… the practical implications of separating property and contractual rights. Especially in the case of computing hardware (and EV's as well!), they have become particularly important in today's world, where vendors have been increasingly trying to move towards the rent-seeking model, where they want the device sale to be seen as a lease or a licence to use but not the right to own the device.

Common law insists on the separation between property rights in the physical asset and contractual or statutory rights governing any assented or connected services (including the software). Vendors/manufacturers may market modern computing hardware as an inseparable «hardware–software package» and frame the transaction as a licence to use rather than ownership, but that characterisation does not, by itself, displace the purchaser’s ownership of the tangible chattel (e.g. a car or a laptop). The line common law draws is therefore real, but the contemporary contest is about how far licensing and service dependency can be used to diminish the practical incidents of ownership.

[0] Unless the new owner has acknowledged and agreed to the demolishing works in a separate contract.