I was on the Nebraska's side until I saw this, did everyone miss this part or did the article incorrectly wrote this?
> Right to repair bills in each state require manufacturers to provide software tools to bypass locks that prevent repair.
No, sorry. I do agree with companies (not just Apple) with locking down the security components to ensure no one could just take your device, replace a few components and give it back without your knowledge. We live in an increasingly mobile-only world and where such mobile components are getting more complex, powerful and more information-dense.
We're not talking about a dumb mower that is not storing any of your personal information, we're talking about a smart phone with complex security systems in it. Apple has the absolute right to protect it in order to protect your data, even in the ways that prevents you from repairing it yourself. With this law, there's no barrier or visible line between your ex replacing parts to monitor you and you replacing parts to repair it. Apple has a security lock for a very clear reason, to prevent your ex from doing this.
If you want to repair the broken Touch ID sensor and stuff, take it to Apple or if there's no store, mail it in.
If you just want to replace the battery or screen, then yes, Apple should be forced to sell these parts, just not the security related parts. Did the law clarify this distinction?
> Your entire argument amounts to: Trust Apple and nobody else. What makes you think that's a good idea?
I don't trust anyone, but I only want Apple to hold the keys, not all random repair stores. It is a FAR worse idea to force Apple to provide security bypasses.
If security bypasses can be provided securely as LONG as you authorize it on the spot, then heck yes, force Apple to do this. But if they cannot, then nope, they shouldn't be forced.
> Exactly. That's why it's even more important that we be able to repair it ourselves.
I don't think we're disagreeing here, I'm totally on your side that we should be able to repair everything ourselves but I cannot agree with forcing companies to provide security bypasses in a manner that may be done without your knowledge.
> There are no absolute rights. There are laws. I trust myself more than Apple and I don't think there's much you can say to convince me otherwise.
You are correct, I phrased it wrong since there is a clear technical definition of what absolute right means.
I didn't say you shouldn't have the right to repair everything yourself. I'm totally on this but I disagree again on the security components, you should be able to replace it as long as it can be securely does and with information that only you know. Forcing Apple to provide this to repair shops without explicit controls over it, is a bad idea.
> Nope. I'd rather not, thanks! That's why we're going to get this law passed.
> I don't trust anyone, but I only want Apple to hold the keys, not all random repair stores. It is a FAR worse idea to force Apple to provide security bypasses.
Each customer should hold a personalized key to his own hardware. Then the customer can decide whom he trusts, and give the key to whomever he wants (Apple, some other repair store, do it himself, ...)
The problem is that as long as somebody else holds the key to something you bought, you didn't buy it, you leased it. Or borrowed it. Somebody else can still control it to a greater degree than you yourself. And that somebody now has a monopoly he can use to force thing onto you. Like set prices for repair.
That's okay as well, the problem is, how do you do this correctly? You cannot store it in the cloud because that's a bad idea. Where else?
If you give someone a key to the device, how does the device itself enforce a time-limited key, especially if the crypto-based components are about to be replaced?
Among other things, you are missing a point. There are mainstream users, and there are tech savy users. You can repair your device, but a regular user who doesn't know about how electronics work is likely to send their device to a repair center with lowest cost.
Which means hackers could advertise cheap repairs, in exchange for placing malware hardware/software on user device.
I like to see the hardware opensource, as it is immensely valuable, but apple does have a point.
This. Why is it so difficult to understand?
We shouldn't trust Apple, Google, Microsoft (...) because they're inherently good. We should trust them because screwing up for them is much more financially risky than keeping up with their security promises.
That of course can not include Government interventions, which the companies cannot always reject. Regarding this, I trust Apple more than its competitors, based on recent history.
What's the incentive for mom&pop iPhone repair store to keep your phone safe? If your phone is in their control and someone from the FBI shows up commandeering them to modify something on it - they got the tools, so they're legally obliged to do it - what's their weight in opposing such an order?
I did a project on John Deere and how they are handling the repair of their tractors. In summary, the software that drives the tractor is a giant black box that the farmers don't own. And they have no way to get around that black box even if something was not wrong.
One example that stood out to me was that a sensor that told the machine something was broken was broken. Due to this, the farmer could not use a perfectly operational tractor for two weeks because there was no way to override the sensor. And the John Deere tech would take two weeks to get out there.
This line sounds like it is directly targeting John Deere and how they handle the manufacture and repair of their tractors. Farmers are actually paying more for ~10-20 year old equipment that can be repaired.
I know WIRED isn't the greatest, but these articles fascinated me. I think after looking at them, that line will make a lot more sense to you.
> Surely there should be a way to enable hardware repair without giving unfettered access to user data?
Yes of course, screen/battery/radio etc but suppose we're talking about the TouchID+SoC integrated security component that store your authentication data. Should Apple be forced to provide a security bypass to allow the repair shop to randomly replace this with a different part not authorized by Apple?
There has to be clear definition of what they mean by security bypasses.
I think that it is pretty clear that what they mean with the security bypass is unnecessary software that is only there to prevent you from repairing your product in any way without paying to the manufacturer to do so.
The Secure Enclave system has yet to be publicly broken. While CCC showed a hack against TouchID in a lab setting, it has not been replicated and is not easy to reproduce.
They're not safe, nothing is but they're harder because of the secure enclave and so on. Are you going to tell me that it is a good idea to force Apple to offer security bypasses to allow said repairs to Touch ID that should be permitted to pair with the secure enclave that was originally paired with the previous Touch ID sensor only?
I have a feeling I'm overthinking what the article said. I need to look at the law itself.
So Apple engineered a system that can't be repaired without introducing a (mostly irrelevant) vulnerability. This is Apple's fault, they can do better.
Here's an alternate universe: You replace your home button, and now you need to use your PIN to unlock the device and Touch ID is reinitialised.
And in any case, I don't know why we're playing into Apple's security theatre, if there are technically sophisticated adversaries who can invade your personal security trying to hack you, it's game over for you. Nothing Apple does with Touch ID will be relevant.
I ran out of time to edit my post, I was speaking in general and I forgot the clear definition of absolute rights.
I meant that Apple as a company has obligations to protect you and your data at all costs. State laws should consider the impact of said forced lock bypasses.
Right to repair should only apply to hardware. Anything software related is fair game for hacking/reversing. Otherwise it is like asking Apple to provide the special screwdriver that opens the special screws they designed to keep the world out of their walled garden. Apple should not be compelled to provide that special screwdriver and at the same time no other vendor, who has reversed the design, be prevented from selling it to interested users. You buy that tool, but the moment you apply it to an iPhone, all warranty from Apple is null and void.
User info should be locked away by the entity to whom the information was entrusted in the first place. In this case Apple. Yes, if you buy an iPhone and use it access/generate information then it is by definition already entrusted to Apple. Don't like it? Don't buy an iPhone. Better yet, go use a self-built Linux PC. Forgo smart phones altogether.
Except the only lock Apple has placed is to prevent compromising your TouchID/secure enclave data, which is understandable. They're not locking you out of repairing other components like screens, batteries.
Of note, notice the carve-out for automotive industry.
> Sec. 7. Nothing in the Fair Repair Act shall apply to motor vehicle manufacturers, any product or service of a motor vehicle manufacturer, or motor vehicle dealers.
Why is Nebraska making it easy to repair farm equipment and cell phones but not cars?
Do, if Apple becomes or buys a motor vehicle manufacturer, they are exempt? If their self driving car project gains steam, this is in the realm of possibility.
To save Nebraska, maybe Apple should campaign for similar laws to be passed in all states; then, there will no incentive for the hackers to move there.
My understanding of Apple's argument is that currently, it would take a significant investment of resources to introduce a working hardware vulnerability to a target device, and that if this ability became commoditized (and thus viable on a larger scale) the decreased security might cause irreparable harm in the time it takes us to collectively correct it. Say, a device that stores screen tap locations and exflitrates as you walk by free public wifi? Don't know how practical that is but you get the idea. There's no hardware equivalent of a hash function to verify that what you've acquired is what you requested. Most people will never take it apart to check or would be able to spot something amiss if they did.
> "Apple said we would be the only state that would pass this, and that we would become the mecca for bad actors," Brasch, who is sponsoring the bill, told me in a phone call. "They said that doing this would make it very easy for hackers to relocate to Nebraska."
Isn't all this depressing after realizing the origins of Apple. There are no machines for hackers these days.. it's all "look at the looks of this fancy UI" today, with actual interaction being all but an afterthought.
It'd be a different, better world if Symbolics had survived... but you know evolution doesn't quite work that way.
The Homebrew Computing Club would be raided for trafficking in bare components, such as a novel, hand-soldered motherboard from a tiny company founded by two guys named Steve.
I'm very rarely for new regulations (very much libertarian and conservative), but this is one issue I will gladly "reach across the isle" on. In the end it'll spur all the things I like: small businesses, competition, market diversity, and innovation.
One of the issues is that this is a state policy and may act as a deterrent for global companies wanting to sell products within the state. It may very well be easier to just skip Nebraska and focus resources elsewhere. Especially for low margin electronics products.
I'm sure Apple has enough resources to follow through with this but not all companies can afford the lawyers and special operations centers to appease local regulatory laws in a single state. Just look around you house and consider how many electronics came from a low budget Chinese vendor.
I'm all for state rights but the costs should always be considered.
As Thomas Sowell said: "Economics is not about good intentions and hopes. It's about cause and effect".
For ex: US Chamber of Commerce just posted this article that 1/3 of small businesses surveyed said they hire less people because of health care costs. It's easy not to spare a tear for big companies. But the real victim of regulatory burden is not mega corps its the small businesses who account for 50% of all employment in the US and 90% of businesses are SMB.
Are you seriously saying you think Apple or HTC would stop selling things to Nebraskans? How's Apple gonna stop Amazon from sending iPhones to Omaha? eBay? Are they going to instruct Best Buy employees to demand proof-of-residence in neighboring states to prevent those conniving cornhuskers from replacing their batteries?
> Are you seriously saying you think Apple or HTC would stop selling things to Nebraskans?
I literally just said Apple isn't the one who will have trouble affording to pay for these regulations. And that it's difficult to spare a tear for a big company.
How many small manufacturers make a large percentage of their income by having a lock-in on repairs to their proprietary hardware? I'm having a hard time understanding who these little companies are that you're worried will be harmed by this law.
81 major regulations were added each year on average under the Obama administrations 8 years. Major was defined as costing over $100 million each.
The federal register recording legislation has exploded to 75,000 pages from 20,000 a few decades ago.
There are plenty of statistics which show the level of downward pressure regulation puts on small business. This isnt just mega corps wanting to dump chemicals in rivers. It's death by a thousand cuts to reach some ideal perfect consumer marketplace through extensive administrative oversight.
Meanwhile the number of people are starting small businesses has declined significantly and GDP growth has totally stagnated.
It's not a mistake that small business optimism index reached the highest point in decades (since 1980) after Trump announced major regulatory reform.
> Recently, the National Small Business Association released a survey, the 2017 Small Business Regulations Survey, which showed that the average small-business owner is spending at least $12,000 every year dealing with regulations.
> When asked to estimate their businesses’ first-year regulatory costs, the average fee was a whopping $83,019! Nearly one-third of small-business owners spend more than 80 hours each year complying with federal regulations.
> This burden is becoming a barrier to entrepreneurship and a likely driver in the lagging start-up rates we’ve seen in recent years.
> More than half of small businesses have held off on hiring a new employee due to regulatory burdens.
- the business environment (taxation, regulatory burden, availability of capital) influence the number of people starting businesses
- small businesses already struggle with regulations, especially anyone doing hardware consumer electronics products
- plenty of new major regulations were getting added each year
- the federal register tracks regulations, which is growing in size very fast
- therefore the effect of this new forced repairs regulation would only add to the burden on small electronics companies, making it hard to start them up and compete with the big firms
- small business optimism has been connected to anticipation of the regulatory environment. Regulations must always be factored into to future business planning, it creates a lot of risk to know new ones get added all the time. Not every industry is effected but a big chunk of them do and likely influence the optimism index.
Would this really add a burden? These companies already make parts and service manuals available, some of them just restrict who is able to obtain them. To comply with the law, they would just need to stop restricting them.
For those not in the know, Thomas Sowell is a conservative historian, and the US Chamber of Commerce is not as official as it sounds; it's a group that opposes government protections.
Maybe you're onto something, maybe we should only regulate big business.
You could make the argument that this law is only required because copyright, patents, licensing, and other regulations have gone far too far already. But the genie's out of the bottle. Seems like a good idea to me, too.
I'm pro open devices and anti imaginary property myself, but I don't see your argument. The only way I can connect your points is that perhaps without imaginary property, companies wouldn't have developed such a culture of secrecy and control - software would have stayed being seen as an "uninteresting" requirement of making a complete device. But with the ever-increasing complexity of software and the inherent irreversibility of compilation, I don't think that era would have lasted long regardless.
Many forms of limiting what you can do to a device are DRM based, e.g. printer ink. And you can't legally circumvent DRM to enhance/restore what devices are actually capable of, not for any technical reason though.
As for "complexity of software", it often isn't. What's complex are all the software patents and the licensing. I think you see a similar thing hobbling a lot of wireless hardware, or interop with wireless hardware.
I get that many things now have software in them, but some things still need to be treated as a tool instead of a "service" for which you are granted a license. And if it's a one-time payment, being able to update the license whenever a company wants doesn't feel right either. Good steps towards this include this law, or the ruling in Germany (I think) that EULAs are invalid when presented to the user after the point of purchase.
> things still need to be treated as a tool instead of a "service" for which you are granted a license
I fully agree with your normative point. Especially as more of the world is computerized, humans are left powerless if they do not have control over the computers they "own". I'm coming from the same place as you here, but...
> Many forms of limiting what you can do to a device are DRM based, e.g. printer ink. And you can't legally circumvent DRM to enhance/restore what devices are actually capable of, not for any technical reason though.
Sure, but many are limited by technical means. For example, there are many phones for which custom ROMs are not available, either because there hasn't been enough interest in rerooting the device or supplying developer time to create the alternative distribution. There's a lot of interest in doing so for a new popular device, but as it keeps getting revved and additional manufactures enter the market, enthusiasm is diluted and dissipates. And while manufacturers save costs through standardization (eg Linux/Android), they also work to decommodify their products to keep from entering a race to the bottom. We're fighting an uphill battle, fundamentally because understanding (compression) is harder than execution (compiling).
Furthermore, devices have become cheap due to economies of scale, which inherently supports the centralization that leads to that decommodification. It's hard to see that we'll ever have a cottage industry of electronics production that isn't drawing from some heavily-centralized component source.
I'm not saying the situation is hopeless, and obviously there is an equilibrium that we are in. But one must acknowledge these fundamental gradients if one wants to have any hope of addressing the situation in a pro-freedom manner.
It is so telling that when we [1] read this headline, we thought Apple was saying how great this would be for Nebraska; that Apple is suggesting Nebraska can boost its economy and profile by becoming a hub for technological innovation.
Turns out they're trying to scare Nebraska into not doing it.
Doug Barnes, of course, told us all along that Apple was hostile to hackers.
[1] Or at least, "I"; I'm hoping it applies to other people as well.
This seems to be about the most reasonable legislative idea I've seen in tech in years. It's not surprising that Apple don't like it, but I don't think anyone expected them to, and the desperation and implausibility of the arguments they're presenting against it just reinforces how reasonable the changes would be.
I did laugh slightly at the part where the Apple rep discovered they were dealing with an elected representative who actually was technical and actually would defend their position.
The whole planned obsolescence and recently "repairs/modifications only by authorized companies" is utter bullshit. At least it's easier to stop buying Crapple than John Deere.
The ideology in their logic: "Mecca" is bad because muslims are bad. Hackers are bad because they "think different" about your intended use for the technology.
"Apple said we would be the only state that would pass this, and that we would become the mecca for bad actors," (implying that hackers are bad actors)
"They said that doing this would make it very easy for hackers to relocate to Nebraska." (implying that Mecca is where bad people go)
Out of all of the places that people make pilgrimages to, Mecca is the most well known, and therefore commonly used to refer to a place that's popular for likeminded followers to visit. E.g:It's very common in Canada for marijuana enthusiasts to refer to Vancouver as the Mecca of pot in Canada. There's no negativity in that phrase at all.
I think you're underestimating how carefully Apple chooses it's words when it's crafting these one-line public statements. When they use an ambiguously charged word like 'Mecca', they have carefully worked through every possible sub-text that might be associated with it, and if they use the word, then they are intentional about having those subtexts be associated with their statements.
They could have said that 'right to repair legislation will turn Nebraska into a hub for Hackers', but that's not what they said.
>When they use an ambiguously charged word like 'Mecca'
I don't believe mecca is an ambiguously charged word, nor do I see any evidence to support this claim. It's probably the most commonly used metaphor for a gathering place of like-minded individuals, and was the perfect choice in this context.
Using Mecca in the context of 'central gathering point' is very common in the English langusnge and it's use here or otherwise carries no conotation that muslims are bad. If you want to see hate your going to find it everywhere you look.
Suitably facetious counter-argument for the facetious Mecca statement: Well, given that the Hajj is over a million folks per year and Nebraska only has two million people, being that Mecca would bring in a ton of tourist money and employment opportunities. A huge economic windfall for the state.
Even a shareholder would care about impact to revenues more than his ability to get an iphone from a neighboring state
But nice try, turns out you can also own shares of foreign corporations that do no business anywhere near you, so there goes the basis for that argument
I do not see how stopping the sale of iPhones in Nebraska would help Apple solve the potential loss of revenue from the new competition in the repairs market.
The main thing it would do is reduce sales revenue. I think every shareholder (based in Nebraska or otherwise) would be concerned about that.
Turns out some of those bills were practically written by Apple lobbyists - they are worded in a way to "let you do as much as Apple certified Repair", which as this video shows means it lets you mail in your broken stuff to Apple ... :(
> Right to repair bills, which are currently making their way through eight states (Nebraska, New York, Tennessee, Wyoming, Minnesota, Kansas, Illinois, and Massachusetts), would require electronics manufacturers to make repair parts and diagnostic and repair manuals available to independent repair professionals and consumers, not just "authorized" repair companies.
This seems like forcing Apple rather than releasing consumers. Just another example of over interfering Govts.
It's an abuse of HN to use the site primarily for political or ideological battle. That's destructive of what HN is for. Since you've done nothing else even after we warned you about this, we've banned this account.
IMO it's a very good law for the population/nation/citizens. Ignoring that it will help small businesses, being able to do what you want with the things you bought should be a right, not a privilege. The government exists for stuff like this. If they don't interfere, then what?
Your car stops working because you haven't made your mandatory overpriced yearly checkup? Sounds neat
Also having access to at least service manuals (if not complete schematics) can help repair and reuse electronics, which is great for the environment, low wage workers/families and developing nations in general.
> IMO it's a very good law for the population/nation/citizens.
But this is how Govts make enemies in business communities. Actions like these what made China 2nd most wealthy nation in record time.
> Ignoring that it will help small businesses.
How ? Common sense tell me this will put more legal requirements; those are never fun.
> being able to do what you want with the things you bought should be a right, not a privilege
Absolutely. But this forces Apple/others. It does not release customers from restrictions. If there are such any restrictions, Govts would be with in their rights to make such user/customer agreements unenforcable. But again, thats what not happening here.
> Your car stops working because you haven't made your mandatory overpriced yearly checkup? Sounds neat
How about you look for more favourable company ? But you know thats what people do. Such anti-customer corporations you are describing does not last for long in the market unless ofcourse Govts are helping them in someway, as the history shows.
> Also having access to at least service manuals (if not complete schematics) can help repair and reuse electronics, which is great for the environment, low wage workers/families and developing nations in general
Irrelevent. You are curbing liberties. Thats the argument against the law.
The government is for all people not only businesses.
Small businesses providing repair services is what I meant, but it could also help businesses keep costs low by repairing stuff themselves.
BTW, I'm not only talking about Apple with this right to repair stuff, I'm talking about every company. Companies that make devices everyone lives with and depends on, and they want to retain control of them even though people pay the full price not for renting, but owning.
Yeah you can look for another company. Do it before they're driven out of business or acquired by the established ones. Or you can force corporations to do something that will benefit the population.
Liberties of the corporations. Well, companies really need some restrictions right now. The chase for growth and profits is insane and will fuck up the majority of people and this planet pretty soon.
You sound either like a multi-millionaire CEO or a brainwashed person who believes he's gonna be a millionaire someday.
Well, guess what, if you're middle to low class, the odds you'll strike it big are quite low (and they're getting lower every year).
Rich is relative. Sure, China has the second largest GDP but on a per capita basis it's not even in the top 50 (regardless of purchasing power parity or straight up wealth).
Doesn't seem like it. Repair manuals don't cost anything to release, and it's not like the innovation today is at the PCB level; it's interference if the state forces someone to support outdated products by ensuring the availability of ICs and stuff... but the firms in the supply chain should only be too happy to supply if there is demand (ebay is chock full of every imaginable parts peddled by Chinese traders).
Frankly these corporations way too much power, from planned obsolescence to bad hardware. I for one would welcome the right to defend against these giants.
or perhaps it means just not making them impossible or certainly very difficult to repair, requiring a costly replacement or ending up in landfill. The only reason apple do this is to keep people buying new devices, they repair the broken ones and resell them. If the govt didnt mandate then apple have no reason to change their behaviour even though it is to the detriment of everyone except apple.
To say the only reason Apple makes products that are hard to repair so that they can force consumers to buy more new products is disingenuous. Could it not be that they are trying to make the most efficient use of space to make products smaller thereby having a second order effect of being less repairable? I am not saying this is the entire justification or that what you are saying isn't factored into their decision making process. What I am trying to say is that asserting they ARE doing something with the only reason being x, is wrong unless you have explicit knowledge of their internal thought process.
The trick here is Apple does NOT provide "repair parts, diagnostic and repair manuals" to their Authorized Certified repair shops. What they provide is a mail address and $17 per one mail in, all his while Apple charges $150-299.
Microsoft has become less evil than Apple in the mindshare of the "technical folks" these days. This is pretty amazing!
I am very quickly starting to lose any sympathy for apple as they turn from a great product company into a financially engineered entity without a trace of real innovation. With a full-on user-hostile attitude, to boot.
I'm always surprised people see this as a recent trend. If a machine has no expansion ports and the case is sealed with the weirdest screws they could find, it was meant to be an appliance for consumers rather than a tool for people.
Mhmm, and BMW isn't well known as a pinnacle of open, easy to repair cars either. Usually you end up pulling apart the whole front end on your beamer for something that'd take a few minutes to fix/replace on most other cars.
> Right to repair bills in each state require manufacturers to provide software tools to bypass locks that prevent repair.
No, sorry. I do agree with companies (not just Apple) with locking down the security components to ensure no one could just take your device, replace a few components and give it back without your knowledge. We live in an increasingly mobile-only world and where such mobile components are getting more complex, powerful and more information-dense.
We're not talking about a dumb mower that is not storing any of your personal information, we're talking about a smart phone with complex security systems in it. Apple has the absolute right to protect it in order to protect your data, even in the ways that prevents you from repairing it yourself. With this law, there's no barrier or visible line between your ex replacing parts to monitor you and you replacing parts to repair it. Apple has a security lock for a very clear reason, to prevent your ex from doing this.
If you want to repair the broken Touch ID sensor and stuff, take it to Apple or if there's no store, mail it in.
If you just want to replace the battery or screen, then yes, Apple should be forced to sell these parts, just not the security related parts. Did the law clarify this distinction?