In a recent interview, HP CEO Enrique Lores laid out the company’s view that people who buy printers are ‘investments’ that don’t pay off if they go third-party.
Printers are one of the banes of modern computing, expensive and frustrating relics that are nonetheless occasionally necessary. Over the last few years, HP seems to be doing its best to make them even more expensive and frustrating by milking the infamously exploitative ink market until both the literal and metaphorical cartridge runs dry. After enraging customers by blocking third-party ink and bricking printers with dodgy firmware, HP’s CEO recently said the quiet part out loud.
A bit of context: In an interview with CNBC last week during the World Economic Forum in Davos, HP CEO Enrique Lores gave a few choice quotes. In response to a recent lawsuit over HP’s software updates that block ink cartridges from non-HP sources, he started by saying, “I think for us it’s important to protect our IP [intellectual property]. There is a lot of IP that we built in the inks of the printheads, in the printheads itself in the printers, and what we’re doing is when we identify cartridges that are violating our IP, we stop the printer from work[ing].”
“So they’re rip-offs, they’re counterfeit, and you’re going to break the printer as a result?” replied CNBC Squawk Box host Rebecca Quick.
“In many cases it could be,” said Lores. “It can create all sorts of issues, from the printer stop working [sic], because the inks have not been designed to work in our printers, to even creat[ing] security issues. We have seen that you can embed viruses in the cartridges, through the cartridge…to the printer, from the printer…to the network, so it can create many more problems.”
This claim is problematic. Ars Technica took a deep dive into this idea, and found that, yes, it’s technically possible to embed malware (if not a classic computer virus) in a printer cartridge. HP proved this with a 2022 bug bounty to specifically design an attack around a printer cartridge. The buffer overflow was limited to the printer itself, and there’s no evidence that it posed a risk to any further computers or networks. Security experts find it unlikely that any malefactor with fewer resources than a nation-state actor would actually be able to exploit this vulnerability, making the risk to everyday users and small businesses vanishingly small.
At the risk of being reductive, it seems a lot like HP has invented a problem and then supplied the solution, which just happens to include locking out third-party ink suppliers and locking customers into massively overpriced ink. HP is being accused of unfairly forcing customers to buy first-party ink in a federal class action lawsuit in the US after locking down printers that were previously compatible with third-party cartridges via software updates. At this point, it seems prudent to take Lores at his word, specifically that HP’s IP (and the lock-in to its supply chain that comes along with it) is a more immediate concern than customer safety.
Saying the quiet part out loud
Maybe it was just the Davos winter temperatures, but even the market-focused CNBC hosts didn’t seem to be buying it. “Do you think that the idea of third-party cartridges, at all, are a bad idea? That there should be no third-party market?” asked Andrew Ross Sorkin.
“That’s competition,” said Quick, quickly, before Lores could make his next pitch. Following claims that nebulous and possibly fictional hackers can embed malware in third-party ink cartridges, the CEO said the quiet part out loud (emphasis ours):
HP CEO says the quiet part out loud: ‘Make printing a subscription’
Printers are one of the banes of modern computing, expensive and frustrating relics that are nonetheless occasionally necessary. Over the last few years, HP seems to be doing its best to make them even more expensive and frustrating by milking the infamously exploitative ink market until both the literal and metaphorical cartridge runs dry. After enraging customers by blocking third-party ink and bricking printers with dodgy firmware, HP’s CEO recently said the quiet part out loud.
A bit of context: In an interview with CNBC last week during the World Economic Forum in Davos, HP CEO Enrique Lores gave a few choice quotes. In response to a recent lawsuit over HP’s software updates that block ink cartridges from non-HP sources, he started by saying, “I think for us it’s important to protect our IP [intellectual property]. There is a lot of IP that we built in the inks of the printheads, in the printheads itself in the printers, and what we’re doing is when we identify cartridges that are violating our IP, we stop the printer from work[ing].”
“So they’re rip-offs, they’re counterfeit, and you’re going to break the printer as a result?” replied CNBC Squawk Box host Rebecca Quick.
“In many cases it could be,” said Lores. “It can create all sorts of issues, from the printer stop working [sic], because the inks have not been designed to work in our printers, to even creat[ing] security issues. We have seen that you can embed viruses in the cartridges, through the cartridge…to the printer, from the printer…to the network, so it can create many more problems.”
This claim is problematic. Ars Technica took a deep dive into this idea, and found that, yes, it’s technically possible to embed malware (if not a classic computer virus) in a printer cartridge. HP proved this with a 2022 bug bounty to specifically design an attack around a printer cartridge. The buffer overflow was limited to the printer itself, and there’s no evidence that it posed a risk to any further computers or networks. Security experts find it unlikely that any malefactor with fewer resources than a nation-state actor would actually be able to exploit this vulnerability, making the risk to everyday users and small businesses vanishingly small.
At the risk of being reductive, it seems a lot like HP has invented a problem and then supplied the solution, which just happens to include locking out third-party ink suppliers and locking customers into massively overpriced ink. HP is being accused of unfairly forcing customers to buy first-party ink in a federal class action lawsuit in the US after locking down printers that were previously compatible with third-party cartridges via software updates. At this point, it seems prudent to take Lores at his word, specifically that HP’s IP (and the lock-in to its supply chain that comes along with it) is a more immediate concern than customer safety.
Saying the quiet part out loud
Maybe it was just the Davos winter temperatures, but even the market-focused CNBC hosts didn’t seem to be buying it. “Do you think that the idea of third-party cartridges, at all, are a bad idea? That there should be no third-party market?” asked Andrew Ross Sorkin.
“That’s competition,” said Quick, quickly, before Lores could make his next pitch. Following claims that nebulous and possibly fictional hackers can embed malware in third-party ink cartridges, the CEO said the quiet part out loud (emphasis ours):
“Our view is that we need to make printing as easy as possible. And our long-term objective is to make printing a subscription. This is really what we have been driving. We know it reduces the barriers to print, it offers a much more convenient solution to customers, and especially, [it] is more sustainable. Because every time a customer uses a cartridge, we take it back, we recycle, we use it again.”
HP CEO Enrique Lores
As distasteful as Lores’ comments might sound, it’s nothing new. HP has been attempting to get customers to subscribe to ink and toner cartridges for years via the Instant Ink program, and it isn’t the only one. I think it’s even safe to say that some businesses appreciate the option, as it streamlines the supply chain and offers discounts, at least compared to buying HP ink at retail prices. Lores goes on to admit that HP loses money on printer sales, relying on high profit margins on supplies like ink and paper to make up the difference. He wouldn’t go into specifics on how much the company loses per printer…or makes per cartridge.
