The short answer is: most probably not. But a longer answer will now follow. Be aware of the fact that I am not a lawyer (but have some knowlegde about tech-related laws because of my profession as an IT freelancer).
Most countries of the world have laws in place that make changes in computer systems without user consent illegal. There are exempts from this, for example security updates (e.g. in mobile phones), or Windows updates, where you agreed to these when installing Windows and by that agreeing to the EULA (and even shrinkwrap licenses may not be completele legal or not legal at all in every country of the world). That Microsoft variant applies to a lot of companies that make you agree to their EULA (End User License Agreements), like Blizzard with World Of Warcraft updates or other similar examples.
But in general in a lot of countries companies (or criminals, sometimes they are the same) may not change your computers without you agreeing to it (Yes, Vector is a computer, running on a IoT Linux Variant). See this example from an US website (source):
“Unauthorized access” entails approaching, trespassing within, communicating with, storing data in, retrieving data from, or otherwise intercepting and changing computer resources without consent. These laws relate to these and other actions that interfere with computers, systems, programs or networks.
There are very similar terms in european laws that prohibit changing user’s computers without their knowledge or consent. These laws were implemented against hacking and cybercrime, but apply also to things like taking away features or installing unwanted software (updates).
While DDL may want to try to get their user’s consent retroactively and that may be a problem for customers with a subscription, as they could threaten to end the subscription or he lifetime contract, this also is probably legally grey (and could lead to other legal problems, for example this could be seen as extortion). And there is no way at all DDL will be able to get that consent retroactively from users that have no contracts whatsoever with them. So in these cases DDL is not allowed to update these peoples robots from firmware 1.6 to something else.
The details of this are of course different depending on the country you live in. But most of those laws are very similar in a lot of countries worldwide. And since Digital Dream Labs is USA-based it is quite sure they have to abide to US laws. So if you are a Vector user and you do not want them to install any unwanted software on your Vector you should tell them that in advance. Maybe via an email, maybe in a registered letter. Make sure you get a response that proves they have read your email or letter.
Be aware of the fact that Digital Dream Labs will do it anyway. So if you really want to keep your Vector on 1.6, you not only should tell them that, but also be clear that in the end you may need to go to court – and it is very questionable if you want to do that for a small, if charming, robot. But there are also customer rights organizations and offices that you may be able to complain to without the need to open a court case. There are even options for non US users, I gave some hints in an earlier article.
But one fact is crystal clear: If you are not a DDL customer and do not have a subscription or lifetime, Digital Dream Labs is not allowed to mess with your Vector by updating it fom 1.6 to a newer version without your consent. If you are a DDL customer it is more complicated, as I wrote above.
Digital Dream Labs may try to cloak and an unwanted update as a neccessary security update. Nice try. But then they would need to prove the claim that there are security problems and they would need to exactly explain what security problems these are and how they are solved with the update.
If there will be a way to install 3rd party firmwares, as was promised for OSKR in the Kickstarter campaign, there needs to be an implementation of allowing multiple different firmwares anyway. So “it is not sustainable” or “the platform is not able to do it” seem as a contradiction to that promise. If OSKR ever comes to a point that actually makes custom firmwares possible, DDL will have to deal with more than just one single “catch them all” firmware anyway and there needs to be a system in place to handle that instead of forcing all robots to one firmware. The way that is taken now with only one possible firmware for every robot seems to be a big step AWAY from that OSKR promise.
Yet another update:
And then there is the risk that the new firmware runs on Vector 2.0, but will brick Vector 1.0.