When a negotiating party acts in bad faith, this can motivate creative reciprocal responses. If "right to repair" is being blocked, expand the Overton Window to "right to modify". Create a yearly Transformed Electronics contest for creative mods to consumer devices. Add new features, remove unwanted features. If everything is declared impossible, then anything is possible. Repair shops can compete in electronics surgery, expanding the art of the possible.
Create a super-premium market for modified devices, where incremental revenue goes to repair shops and not the original vendor. Since modified devices cannot use a vendor warranty, that redirects consumer budget to warranties provided by repair shops. Grow the market for quality 3rd-party components. Promote OSS firmware and vendors of modular, repair-friendly products like the Framework laptop.
These things are being made illegal using the DMCA. So if you go public with this you are risking imprisonment. Thats always the end state of the bureaucracy.
> For many car owners, their vehicle is an extension of their personality — and as such they customize it to reflect their individuality and uniqueness. That’s particularly true for young car enthusiasts ages 16 to 24, who spend $7.2 billion each year customizing their vehicles, according to a recent study by the Specialty Equipment Market Association (SEMA). “More than 7.9 million young people customize, modify or upgrade their vehicles each year,” says SEMA Director-Market Research Gavin Knapp. “Their vehicles not only help them get from A to B, they are also an integral part of their social lives.
> Go ahead, jailbreak your cellphone. But just know that tablet computer of yours is off limits.
The device market of largest economic and social interest to users and the repair industry is smartphones. This market has sold 5+ billion devices which are used daily in the rough and tumble real world, not stationary on a desk or couch. Constant mobile usage = high risk of accidents and need for repair.
Some aftermarket mods do not require jailbreaking, e.g. removal of microphones for security.
You are cherry picking something that itself is a hole that is being closed by the vendors (ie. Apple is now signing iPhone/iPad components so that if you replace them the device either puts a warning sign on the screen or refuses to operate.) Given the direction we are heading in, I can see the iPhone refusing to operate without a valid microphone connection. Then your only choice is to hack the software layer putting you back into the crosshairs of the DMCA.
Just do the mods in a country that isn't insane and import the modified devices. There already is a small market for unique modified phones [0], but those are still quite basic as far as hardware mods go. Imagine if they started doing real mods like adding a headphone jack, brighter flash, USB C...
Doing this at scale you risk your devices being impounded at the border. This has happened to Louis Rossmann before with replacement Mac components. If you are operating at low volume it is hard to make it financially feasible and you still have a nonzero risk of impoundment(even if it is less likely).
Just to add some background, the Right to Repair bill passed in NY legislature and went to the governor. Kathy Hochul then amended the bill heavily before signing it into law. As far as who is opposed to right to repair in NY, take your pick, everyone from Apple to John Deere have to fighting against this for years.
I didn’t know governors could make changes to the law before signing it. Because they can’t. What they CAN do is threaten to veto it and ask the legislators to change it and vote again on it. I kind of wish they had stuck with it and made her go on the record why she’s vetoing it, but of course they have to play nice to get anything done. Ultimately, not enough important people cared about it so it was DOA.
I agree. This is problematic in so many ways. So essentially 43 states (according to wikipedia article shared) have no fruitful division of political powers. If executive power has legislation power, how that can go wrong I wonder -- looks at history book...
a line item veto makes sense in the case (as the name implies) of line items of a budget bill, deleting budgetary line items. It was initially intended to fight pork barrel politics.
The New York governor is a very powerful executive because the governor can tightly control the budget process and introduce budget legislation. In the 90s there was an infamous stalemate situation where the republican senate and democratic assembly would block budget bills for months. Subsequent court cases put control of the process in the governors hands.
The advocates for this bill pushed it in the wrong year. With political circumstances of 2022, it unfortunately got neutered by the many interests against it.
Someone exerted influence. It would be useful to know whom. I’m failing to think of an obvious in-state employer with the motivation and pull to demand this.
Hmm, Honeywell, HP and CDW, possibly GM or Toyota, look big enough. Wonder if any had their registered lobbyists taking meetings with the Governor in the days before the amendment.
She also sat on it for seven months so that it wouldn't affect her election bid. She knew all along it was going to be gutted and didn't do her job when it would have hurt her.
The video "Governor Hochul sabotages NY right to repair bill, right on schedule"[1] from Louis Rossmann (guy who fought for the right to repair for 7 years), while emotional, explains it in detail.
>It was a victory because the Digital Fair Repair Act is the first law in the nation to enshrine the right of consumers to have access to the information and parts needed to repair their electronics.
>It was a defeat because of a host of last-minute amendments, at Hochul’s request, that weakened the law.
It was pure defeat. the purpose of passing it toothless is to be able to say "look we passed it" and the purpose of making it toothless was to to make the passing of it meaningless. It became a 100% waste of time and effort, circumvented by politicians in corporations pockets who don't care about anything but ingratiating themselves into the wallets of the rich for future funding.
Plus, the longer they can keep 3rd parties locked out of repairs, the longer they have to retrain the entire industry with propaganda that dictates what should be fixed vs replaced.
What happens after a generation or two of the workforce is trained by industry groups that are approved by the companies that don't want us to be able to repair or control our devices? IMO, the lie about non-repair-ability becomes accepted as fact, the expertise from people that know it's a lie isn't passed on, and suddenly the lie becomes the truth because there's no one left that knows how to perform the repairs that were deemed unprofitable.
I feel like that ship sailed long ago (unfortunately), with the trend of replacing entire subassemblies rather than building devices/subassemblies to be field diagnosed and repaired.
Semi-related rant: I recently bought a Haynes manual for a '15 Civic. I figured it would, at the very least, have thorough wiring diagrams and describe the physical layouts of the wiring harnesses. Nope - over half is just generic information about tools and general car repair. The "wiring diagram" is woefully incomplete - it shows one single reference to a "CAN Bus" off the ECU, rather than the 7 or so devices on one bus, and 10+ on the second bus.
Luckily I managed to stumble upon a 15k-page OEMish service manual that details a lot of this stuff (via procedures, rather than easier-to-read diagrams, but at least its authoritative). I know car repair information has been obfuscated and proprietarized by manufacturers, but it looks like Haynes isn't even trying. Either at least document what's physically there, or just stop pretending to sell a repair manual.
(I'm not opposed to going to the dealer if I can't figure it out. I've just heard too many stories of people having electrical/control issues, and the stealership goes on a wild goose chase replacing part after part. So I figured I'd take a crack at it first)
That's disappointing. I had thought I heard good things about them over the years, and finally had occasion to buy one (previous cars I'd managed to find service manuals online straight away).
> Disabling software locks that prevent repair has no bearing on the cybersecurity of covered devices.
This is presented without adequate proof.
It is plainly not true for hardware locks and physical security. For example, a car with a sealed, inaccessible engine would be hard to repair and maintain, but also harder to tamper with or sabotage, and it would be harder for thieves to steal the catalytic converter. But what if the engine compartment door is controlled by software that only permits access by authorized repair providers? The same argument applies.
Similarly, a device or OS that refuses to run unsigned or unauthorized device drivers might interfere with repairs such as replacing component devices with new ones that required new drivers, but would likely interfere with the operation of unauthorized, driver-based malware.
There are clear counterexamples disproving the claim that disabling software locks that prevent repair has no bearing on security ("cyber" or otherwise.) On the contrary, software locks that make benevolent repair harder can also make malicious tampering (to hardware and/or software) more difficult as well.
Bluntly put: Making it harder is not security. Security is not a pile of obfuscation and hoping it will make things difficult enough.
Lets forget your analogy with stealing car parts. We can just do that :)
Lets have the realistic or real world settings where we are all purchasing incredibly cheap IoT devices that bring us all kinds of wonderful functionality.
Businesses, factories or brands making incredibly cheap stuff are not very stable. They make a popular widget for a while then dissolve and everyone moves on.
They can also move on to the next version of their product abolishing support for previous version.
If build reasonably well and used rarely or carefully such devices can last for many decades.
It thus is guaranteed for a large percentage of the devices to not have a single authorized repair provider for the longest period of their usage. Real security holes will be found, bugs will be exploited, they will be easy to find online and come with a life time guarantee to work.
The analogy would be a catalytic converter that might explode. You shouldn't drive this car in your drive way. You should buy a brand new one from the same brand! But doesn't that have the same catalytic converter? Maybe! But as long as you don't know about it you are safe! Their 15.4 has just been released and non of them exploded!
Sorry but stopping thieves/malware is not worth the economic damage that manufacturer repair monopoly brings to the consumer.
You can make your phone 100% safe by turning it off and encasing it in concrete but having to pull out the pneumatic hammer to make a call is prohibitively expensive and very much not useful.
Moreover security is a poor excuse anyways as many measures taken by manufacturers do not improve security in any way. And for those that do, there are ways to achieve that security without harming the consumer.
Manufacturers are tilting the scale in their favor to such a degree that I'd argue should be made illegal because it damages society as a whole. There is a reason antitrust laws used to be enforced way back in Microsoft's days.
As much as I support Right to Repair and end-user control, and also don't particularly like some of the ideas coming out of the security side, I think you're right. The statement you quoted is very much not true, both here specifically, and also in general.
In optimal conditions, it seems to me that you always have a trade-off - "security or utility, pick one". If it often looks like you can get both, it means both currently are bad (er, suboptimal, to be polite). In the limit, the most secure computer is an inert rock: there's no way an attacker can break in and exploit it for anything. The flip side being, of course, that it's completely useless for the legitimate operator too.
Coming back from the theoretical extremes, straight to real-life systems:
> software locks that make benevolent repair harder can also make malicious tampering (to hardware and/or software) more difficult as well.
This is true and self-evident, IMHO. A security system (whether hardware or software) can't reliably tell who's accessing it and why. The goal is to only have the right people use the device/program for the right reasons, but such discrimination can only be achieved by proxy. Auth (both kinds) proxy for "right people", and "right reasons" is just assumed.
I highlight the latter because people can be "hacked" too. You can imagine having a magical system that can correctly authenticate and authorize users 100% of the time, defeating any impersonation attempts (including attacker having unfettered physical access to the system in question) - but that system is still highly vulnerable, because the attacker can confuse, gaslight, scare or threaten the authorized user into self-pwning. The badly but memorably named "Self-XSS" attack is just the most trivial example.
Point being: once you correct for bad UX and shitty corporate practices, dealing with risk of self-pwning (and, related, the risk of misinformed or accidental misuse) will always make security trade against the capability of the owner (or the agents of that owner, such as a repair shop). And then it gets much more complicated when the device has multiple owners with conflicting interests, and/or there are additional stakeholders, such as the general public[0]. Balancing those conflicting needs often requires not just legal, but also technological lockouts.
All this is why I don't find "but security!" as a valid argument in itself. There is such a thing as too much security. Balancing conflicting needs of the owner, the other owners, additional stakeholders and a sense of fairness in general, is an exercise of trade-offs. Often you need to sacrifice security to achieve fairness. Conversely, security features can also be used unfairly, as a form of abuse. DRM technologies, for example, are abused quite a lot - and Right to Repair is, to a large degree, also a fight against security measures that favor the vendors at the expense of end-users and society at large.
--
[0] - A modern car, for example, may be owned by the buyer, but thanks to intellectual property laws its also partially owned by one or more companies, and you have both governments and the public in general as stakeholders - all of which have mutually conflicting interests. E.g. you may want to redo the entire UI of the car - but you'd need access to IP the vendor doesn't want to release without a license, and it's way too expensive to them to license those secrets to you individually. Then, this would fly against homologation procedures, and the government ain't going to change them just for you. Meaning your mod can't go through processes establishing road-worthiness, safety and emission standards - all of which is important for... just about all the stakeholders, perhaps other than you.
Good points. One reason I think that locked-down systems like iPads can be good for some users is that they are harder for the users themselves to mess with, either intentionally, accidentally, or under the influence of bad actors.
Create a super-premium market for modified devices, where incremental revenue goes to repair shops and not the original vendor. Since modified devices cannot use a vendor warranty, that redirects consumer budget to warranties provided by repair shops. Grow the market for quality 3rd-party components. Promote OSS firmware and vendors of modular, repair-friendly products like the Framework laptop.
HN ranking graph for this story: https://hnrankings.info/34460821/