I still like my car to have an immobilizer, and locks on the ignition and doors. There is certainly some level of access controls that most people definitely want.
That's not what people are taking about, though. Certainly people want security features that make it more difficult for someone else to steal their car. But those features should be under the control of the owner of the car, not the manufacturer.
It's really hard to do that and make the thing a consumer-friendly product. We've been trying to solve this problem for most of the history of computers, yet, attacking authentication (often indirectly) is still the #1 way that computers are compromised.
Most people simply are unable to properly handle private keys. All of the systems with the highest levels of consumer satisfaction have third parties that manage (or at least can override) keys on the user's behalf. Systems that do what you're suggesting are notoriously plagued with issues surrounding key management to the point where they never reach mainstream use. i.e. PGP, bitcoin, etc.
Those are still "yours" in a sense, so don't fall into the feature set the poster you are replying to is talking about. Though the immobilizer somewhat skirts the line. (Or at least from my personal view).
Think John Deere implementing software lockouts in the tractor ECU. That is nothing more than forcing their business model onto the end user through digital logic.
Those are the sorts of things that need to be legislated. You should not be able to lockout people from ECU for example, but the person would have to be willing that a compromised ECU can blow up/damage their engine and they will have to accept that the warranty is invalid the second they mess with the ECU programming.
That's no good because the car can malfunction for reasons other than damage caused by the ECU, and the warranty covers those reasons too. You shouldn't have to lose your warranty on part A because you modified unrelated part B.
They're just as much "mine" as an iPhone is. It is extremely common for digital authentication of physical keys to be protected by encryption or signing by the manufacturer.
Sure, but to be as blunt as possible - You don't own your iPhone. Full stop.
You are renting it from Apple. They control what you run, when you run it, what you can install, what you can remove.
By default, they're shipping you a device where you're literally not the root user. I can't possibly think of a clearer argument that you're renting, and entirely at the whim of Apple (which does have root access, and actually owns the device you happen to be using).
The issue to me is that ownership implies the right to modify and change a thing, especially in ways that the original manufacturer doesn't support or agree with.
If the manufacturer is still calling all the shots on your device, you don't own the device!
Sure. No matter what your definition of "own" is -- I am saying, my car is already the same thing.
The question is, do we have a good solution to enable the average user to own their device while also ensuring security and availability?
We have two options with cars, either intentionally implement a security hole, or let the manufacturer "own" it. Because the other option -- tell the customer they're SOL when they lose their private key, is not a solution that is practical (grandma will lose hers) or possibly even legal (manufacturers' obligation under lemon law).
This is a solved dilemma. Lets take the car - There's already a huge security hole: The car key.
That key disables all the security measures to stop the car from moving and lets the user drive it.
Why should the same key not also allow 3rd party parts to be installed, or disable any other security feature the user would like to disable?
The user has already been given a device the compromises the entire security system, why do you think they need to do anything as complex as store a private key (it's embedded in the physical key).
Same question for phones - The user's pin/password already removes essentially all functional security from the system. I'd add a requirement for a physical switch to be toggled in the case of the phone (a tiny toggle header, or a certain combination of presses on the available buttons should do just fine) to rule out network based access.
In general though, security measures added by the manufacturer always fail, because the user has to actually use the thing at some point.
So given we already have the hole, the only reasons I can come up with for continuing to forbid the owner of the device from actually owning it are
1. It adds cost to the product
2. It removes future revenue from the company (because that pesky owner might choose a cheaper repair shop if they actually own the device... however will the company maintain their monopoly on parts/service?!?!? Think of the children!)
