Infosec supports the right to repair

Welcome to securepairs.org! We’re a resource and a platform for information (“cyber”) security professionals to articulate a shared vision for device security and add their voice to the chorus of consumer- and civil liberties advocates who are pushing lawmakers to enshrine the right to repair in law.

Right to Repair Laws pending in 21 States

Right now, legislators in 21 states are weighing right to repair legislation in some form. These proposed laws are different, but share many features. Most require original equipment manufacturers (OEMs) and other device makers to provide their customer (aka: “owners”) with service manuals, diagnostic codes and – if needed – access to diagnostic software or tools required to read and interpret those codes. Some states require that device makers (think: farm equipment makers like John Deere or smart phone manufacturers like Apple and Samsung) make replacement parts available for owners and independent repair shops to purchase. These laws are designed to empower owners to service their own property and to foster free market competition for parts and service for a wide range of connected stuff. And, if you took Econ 101, you know that more competition will lower the cost of those services.

Fix It Clinic Coach
A repair coach works on a small, personal electronic device at a FixIt Clinic in Boston, MA.

Contempt of Business Model?

Manufacturers as a rule do not like these laws, which risk upsetting very lucrative, near monopoly businesses they’ve created offering expensive repair and replacement for broken products. That makes sense: what car dealer wouldn’t like to insist that their customers only, ever bring the vehicle back to their repair shop to service? That would be a lucrative source of revenues post-sale. The same goes for smart phones, home appliances, farm equipment, MRI machines and more.  They have used a number of means to try to eliminate or curtail independent servicing and repair, from claims about patent violations to onerous end user license agreements (EULAs) that surreptitiously curtail the long held rights of owners using contractual language. (This is what Electronic Frontier Foundation has called “contempt of business model.”)

Pushing the Hacker Panic Button

This site exists because one of the Panic buttons OEMs are pushing in their efforts to sink these laws is the “cyber security” or “hacker” button. By arguing to legislators that providing information on servicing and repairing Internet connected devices will open a Pandora’s box of security and privacy problems, they hope to scare lawmakers into rejecting the right to repair out of hand.

As security professionals, we know that such arguments hold no water. Most of us spent the 1990s listening to Microsoft’s empty arguments about the security risk that open source software like Linux posed, simply by being open. The triumph of open source has been a powerful rejoinder to those empty arguments. And, as of April, 2018 and the release of Azure Sphere, Microsoft itself became a vendor of Linux based product.

Our expertise and insights are needed once again. This time to counter misinformation and cynical arguments by industry groups, OEMs and their lawyers. While “security through obscurity” has long been debunked in technology and information security circles, it has a kind of intuitive appeal and, thus, carries a lot of currency among less technically savvy audiences. Informed voices are badly needed to push back against the warnings of the misinformed or the mendacious.

That’s why securepairs.org exists: to give the information security community – you – a platform to call your own, a set of principles to rally around and a platform to speak with one voice. We hope you’ll join us and let us add your name to the list of security professionals who support the right to repair!

I look forward to working with you!

Sincerely,

Signature

Paul F. Roberts
Publisher, The Security Ledger
Founder, securepairs.org