Today the USB-IF, the non-profit behind the USB standard's marketing and specifications, revealed the formal launch of its "USB Type-C™ Authentication Program," originally announced back in 2016. The optional program "defines cryptographic-based authentication for USB Type-C chargers and devices." If that sounds like a thinly veiled euphemism for hardware DRM to you, that's because it is.

The new authentication mechanism "empowers" vendors to "protect" us customers against "non-compliant USB chargers." Bad chargers and cables are/were a legitimate problem for the USB Type-C ecosystem (praise be to Benson), but the USB-IF's program allows for vendors to use this means of accessory certification for anything they choose. This isn't just a standard set by the USB-IF for cables and chargers to meet, any OEM can use it to bake-in support for only "approved" devices if they like. Remember when Apple clamped down on third-party hardware with its MFi certification program? Now USB-C-wielding OEMs can get in on some of that licensing action, and better, it's being done in the name of security.

In addition to pushing PD compliance, the nascent standard is being spun as a security enhancement, protecting us consumers from malicious firmware and hardware attached to USB devices. But even the marketing PR can't help but point out how useful it will be for OEMs in other, less consumer-friendly ways: "Using this protocol, host systems can confirm the authenticity of a USB device, USB cable or USB charger, including such product aspects as the capabilities and certification status."

USB-IF President and COO Jeff Ravencraft even included a quote: "USB-IF is excited to launch the USB Type-C Authentication Program, providing OEMs with the flexibility to implement a security framework that best fits their specific product requirements" (emphasis added). Furthermore, "products that use the authentication protocol retain control over the security policies to be implemented and enforced." So while the USB Type-C Authentication Program could be used to enhance security and ensure hardware is tested to meet spec, the standard is more than open enough to allow vendors to use it as they see fit.

DigiCert was selected to manage registration and certificates for the new DRM spec.

The existence of this new program isn't a guarantee that hardware OEMs like Samsung, LG, or even Google will use it to lock consumers into only purchasing/using "supported" accessories, but by providing the means, it opens the door. Mutually incompatible hardware fast-charging standards may have just been the start for USB-C. The day may come when different OEMs are all using the same licensed third-party charging spec, but thanks to hardware DRM, you'll need to buy different chargers for different phones anyway.

That is, assuming we even have a USB-C port to use in the future.

PRESS RELEASE