Big manufacturers have won past fights for the right to repair through fear-mongering. | #itsecurity | #infosec | #cybersecurity | #infosecurity | #hacker

Several years ago, faced with a broken laptop screen and a $700 quote from Apple to repair it, journalist Jason Koebler thought:Why not try to fix this thing myself?” Ten hours, $50, and one ill-advised Exacto knife to the screen later, Koebler had a working laptop and a newfound desire to discover why exactly repairs cost so much, and why it’s so difficult to perform them ourselves. The answer that Koebler has found is that manufacturers—from Apple and Microsoft to John Deere—make it that way. They control both the supply of parts and the software needed to fix them.

But there’s a movement to change this, to allow people to fix their own products or take them to whoever they choose. It’s called the Right to Repair. And it just got some very powerful allies in the Biden administration and the Federal Trade Commission who want to create new rules so tech companies and manufacturers have to let people repair their own devices.

On Friday’s episode of What Next: TBD, I spoke with Jason Koebler, editor-in-chief of Motherboard Advice, about the right to repair and what stands to be gained (or, for big manufacturers, lost) from the FTC’s new rules.

Lizzie O’Leary: If you were to just look around your house, how much of your stuff or a person’s stuff can’t be fixed by you or an independent repair person?

Jason Koebler: Most things. It’s everything, it’s your phone, it’s everything in your kitchen. It’s definitely Keurig machines and coffee machines. That’s a big one. It’s washing machines.

Let’s lay out how things used to work. If my washing machine broke, I could fix it or have somebody do it. Now, what stands in my way?

The thing that stands in your way is computer chips, and encryption, and passwords, and things like this. All of our things have sensors on them now, and all of the sensors are encrypted or have password protection. And the only people who know the password are the manufacturers.

But trying to bypass the manufacturers can be risky. Until a couple of years ago, if you took your iPhone to an independent repair place, like a mall kiosk, there was a chance the unauthorized repair might kill your device. You’ve done a lot of reporting about this issue in Nebraska, regarding tractors. What was happening there? 

So John Deere is obviously this big tractor company, the biggest in the world. They have this situation where only authorized dealers can work on tractors. What kept happening was people were out in the cornfields in Nebraska and their tractor would break and they would call John Deere and they would be far from a dealer. And the dealer would say, “OK, I can come tomorrow.” Or, “I can come in three days,” or whatever. The farmers there would say, “Well, my corn is going to go bad. I need it now.”

There’s this piece of software called John Deere Service Advisor, and that is a piece of software on a computer that you hook into the tractor, and that says, “Hey, this person is authorized to work on this tractor.” So if you put a new part in and don’t have that piece of software, it won’t work. I found a community of people who are using Pirate Bay—which is what I used to download music and movies on in high school illegally—who had found a hacked version of John Deere Service Advisor that was taken from a guy in Ukraine, and they were passing it around and were using it to hack their tractors.

My mental picture of a hacker is not a bunch of middle-aged white dudes in Nebraska driving John Deere tractors who were actually swapping tips about how to get around these software protections.

My favorite detail is actually the place that I found the software and found that this was happening was on an auto parts website, where you have to buy a part. I think it was a spoke for a wheel or something, but in the fine print of the details of that product said, “We’re not going to send you a spoke. We’re going to send you a link and a password to log into a forum where we talk about how to fix your things.” So it was like a password-protected secret forum where farmers were trading repair tips.

There’s this entire movement from activists and repair folks and people who are angry at Apple and John Deere and things like this to pass right to repair rules. And what that means is, it would become essentially illegal for manufacturers of our equipment to not sell the same replacement parts that they provide to their own—the Apple store or the John Deere dealer. They would have to sell that to the general public as well. And this is already the rule of the land for cars. If your car breaks, you can take it to the Ford dealer, or you can take it to the random person around the corner, and they’re going to be able to fix it. It might be a tough repair, but there’s nothing preventing them from fixing anything that’s wrong with your car. And so this is the same state of affairs that people want to have happen for tractors, for refrigerators, for laptops, for phones.

The farmers did get some Nebraska state lawmakers on board in 2017. But the bill met with intense pushback from John Deere, manufacturing trade groups, even Apple—and it failed. Similar fights have unfolded across the country in more than 17 states. And most of the time, the big manufacturers win.

They hate Right to Repair. And so anytime this has popped up in any state, lobbyists will show up and will start fear-mongering about why it is very dangerous to make it easier for people to fix their things. The main argument that they make is they say it’s a security issue.

Yeah, they say, “we make this private and safe and secure.” Do you think that claim holds up?

It doesn’t hold up, because they’re giving this to a bunch of authorized service providers. And there’s thousands of people in the US who can fix these things because they just pass it out kind of willy-nilly to anyone who pays them money. State lawmakers are often not security experts. And so Apple has been able to go to a lot of different states and say, “Oh my God, if you pass this law, you’re going to turn into a lawless hacker state, and it’s very dangerous.” And so they’re able to scare lawmakers out of passing this sort of thing.

You got some documents a couple of years ago that seemed to show that Apple specifically is quite capable of doing what activists want, giving some small repair companies access to software, to parts, etc. What did the documents say?

The documents didn’t say, We could do this but we’re greedy and we want to make a lot of money. It was more like, We could do this, but it’s difficult for us to implement. Apple has spent the last five years saying that the iPhone is the most secure device on the planet. And we care about your privacy.

That’s their big selling point.

Yeah. They make a very good product. And from everything we know, they take security very seriously. And so the idea that, by selling you a new screen, and by allowing you to fix Touch ID or Face ID if it’s broken, that the entire security ecosystem of the iPhone would be undermined, it doesn’t stand up to scrutiny. Apple is a much more sophisticated company than that.

In July, President Biden issued an executive order that calls on the Federal Trade Commission to make new rules around the right to repair. And the FTC’s chair, Lina Khan, said big companies are hurting consumers with their repair restrictions. How much can the FTC really do?

What the Biden administration said is, there should already be a law in the books that allows the FTC, the Federal Trade Commission, to enforce antitrust rules. So they’re basically saying, by creating this repair monopoly, all of these manufacturers are already in violation of existing antitrust laws. And so his executive order states that the FTC needs to create rules that would specifically ban this anti-competitive behavior. The FTC voted and said, “We are going to create rules and enforce them.”

So I think it’s a big deal. I think, whether it stands the test of time, like whether manufacturers challenge this in court or whether the next administration repeals these sorts of rules, that could happen. But it’s a big deal. I think it will make things easier for everyone.

Future Tense
is a partnership of
New America, and
Arizona State University
that examines emerging technologies, public policy, and society.

Original Source link

National Cyber Security Consulting App





National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.