Your hypothetical was lousy, I agree, but if you're going to hinge your argument on a lousy hypothetical, I'll push back on that hypothetical.
To answer your questions:
(1) Yes, driver code can do things like this. If you don't believe me, buy an HP printer, and see the driver code pop up all sorts of advertisements, deals, and other crap. Driver code has access to your system's low-level internals. From there, it can do whatever it likes.
(2) The parties at fault here are multiple. One of the keys to building robust systems is to understand failures can take place anywhere in the system. In medical device, the terminology is "single point of failure." If one failure can kill a person, a medical device won't be certified by the FDA. In the same way you want the hardware to be tolerant of a single-point-of-failure, you want your organizational processes, logistics, etc. to also be tolerant. Mistakes will happen, and when they do, people shouldn't die.
(3) No one would hold FTDI responsible for making sure clones work properly. Plenty of people would hold FTDI responsible for intentionally attacking my hardware because I had a clone, if things go wrong. Two wrongs don't make a right. There is plenty of case law around this. Here's a nice chain for you to go down to get you started:
If FTDI's drivers stop working with my device incidentally, they're not responsible. If they intentionally brick a piece of hardware I own, for any reason, including believing I violated or contributed to a violation of their IP, that's a pretty clearly digital trespass under CFAA.
Would I pursue FTDI for breaking a cheap consumer device? That's not worth anyone's time. Had it, as in your example, killed someone or took down a planeload of people, you can bet your butt there would be both civil and criminal prosecutions for stuff like that.
(4) Any regarding supply chains, whenever I've done this, I've worked for small companies that wanted to keep logistics simple. We'd try to make sure complete designs could be sourced from one distributor (usually Newark, sometimes Digikey). And no one had resources to do any kind of tracing of parts. I understand that's done in aerospace, but that's not done in hardly anything else.
If there's some mixup in the supply chain, and I've shipped a thousand consumer widgets with a bad FTDI chip, FTDI should go after the parties responsible: my distributor, and the pirate company. Not me. Not my customer. And it should do it properly through the legal system and pursue damages, not break devices vigilante-style.
To answer your questions:
(1) Yes, driver code can do things like this. If you don't believe me, buy an HP printer, and see the driver code pop up all sorts of advertisements, deals, and other crap. Driver code has access to your system's low-level internals. From there, it can do whatever it likes.
(2) The parties at fault here are multiple. One of the keys to building robust systems is to understand failures can take place anywhere in the system. In medical device, the terminology is "single point of failure." If one failure can kill a person, a medical device won't be certified by the FDA. In the same way you want the hardware to be tolerant of a single-point-of-failure, you want your organizational processes, logistics, etc. to also be tolerant. Mistakes will happen, and when they do, people shouldn't die.
(3) No one would hold FTDI responsible for making sure clones work properly. Plenty of people would hold FTDI responsible for intentionally attacking my hardware because I had a clone, if things go wrong. Two wrongs don't make a right. There is plenty of case law around this. Here's a nice chain for you to go down to get you started:
https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...
https://www.cs.uaf.edu/~cs393/CACHE/Wired_RIAA.pdf
If FTDI's drivers stop working with my device incidentally, they're not responsible. If they intentionally brick a piece of hardware I own, for any reason, including believing I violated or contributed to a violation of their IP, that's a pretty clearly digital trespass under CFAA.
Would I pursue FTDI for breaking a cheap consumer device? That's not worth anyone's time. Had it, as in your example, killed someone or took down a planeload of people, you can bet your butt there would be both civil and criminal prosecutions for stuff like that.
(4) Any regarding supply chains, whenever I've done this, I've worked for small companies that wanted to keep logistics simple. We'd try to make sure complete designs could be sourced from one distributor (usually Newark, sometimes Digikey). And no one had resources to do any kind of tracing of parts. I understand that's done in aerospace, but that's not done in hardly anything else.
If there's some mixup in the supply chain, and I've shipped a thousand consumer widgets with a bad FTDI chip, FTDI should go after the parties responsible: my distributor, and the pirate company. Not me. Not my customer. And it should do it properly through the legal system and pursue damages, not break devices vigilante-style.