Governor Hochul: Tear Down That Wall To Repair!

It has been more than four months since the New York legislature passed the Digital Fair Repair Act with a veto proof majority in the Senate and a near unanimous vote (145-2) in the New York Assembly. It’s time the governor signed it into law. 

Because manufacturers routinely refuse to sell spare parts or provide access to repair manuals, it’s difficult or impossible to fix everything personal electronics like cell phones. When a manufacturer refuses to share the tools and information you need to fix a cracked smartphone screen or malfunctioning home printer, they get to charge whatever they want to repair it, or refuse to repair it altogether, pushing you to replace it, instead.

Removing barriers to repair

Right to repair laws remove these hurdles, giving consumers and independent shops access to what is needed to complete repairs. This idea is wildly popular with voters. A recent poll by Morning Consult and Politico found that close to 70% of voters surveyed said they support a legal right to repair. 

So who opposes the idea of people being able to fix their own stuff? Manufacturers, who very much prefer getting to decide what you can fix and what you can’t – how long a product can live and when it must die and be replaced. 

They’re not taking their loss in the legislature sitting down. We know that front groups funded by the electronics, home appliance and telecommunications industries (among others) have used the period since the legislature passed the law in June to lobby Governor Hochul hard to veto the Digital Fair Repair Act, in part by arguing that it will compromise security and privacy protections in consumer electronics. 

Cybersecurity pros support the right to repair

I don’t expect such arguments will be persuasive. However, as the founder SecuRepairs (pron. “Secure Repairs”), a group that represents more than 250 cybersecurity and information technology professionals who support a right to repair, I would like to set the record straight on the cybersecurity and data privacy implications of New York’s Digital Fair Repair Act. 

First: there is no cyber risk in repair. As the language of the bill makes clear: the Digital Fair Repair Act merely requires manufacturers that already provide repair information to their authorized repair providers to provide the same information to the owners of electronic devices and independent repair providers. Manufacturers tried to convince the Legislature that they should be free to share repair information with their business partners, but withhold the same information from their customers – the owners of the devices – all in the name of data privacy. That argument fell flat. 

Manufacturers dismal record on device security

Opponents have also painted a deeply misleading picture of the cybersecurity landscape. In their telling, device manufacturers are singly focused on cybersecurity and data privacy and have done exemplary work securing the smart, connected devices they sell to consumers and businesses. In truth, home electronics and smart home devices commonly roll off assembly lines and ship to customers with low quality software containing trivial, exploitable vulnerabilities. Still more devices are deployed with vulnerable communications ports left open by default and with easy-to-guess default username and password combinations. These are the digital equivalents of unlocked or un-lockable doors that malicious actors simply step through

A future of smart, repairable stuff

In a world populated by “smart,” Internet-connected, software powered objects, the Digital Fair Repair Act is vital: updating longstanding consumer and private property rights for a digital age. And it does so just as manufacturers seek to turn hundreds of millions of owners into unwitting tenants of their technology. It’s time for the Governor to make New York a leader on repair and consumer rights — and sign this landmark bill into law. 

Paul F. Roberts

Paul F. Roberts is the Editor in Chief of The Security Ledger and the founder of SecuRepairs.org (Secure Repairs), a group of more than 250 cybersecurity and information technology professionals who support a right to repair.