Apple Is Lobbying Against Your Right To Repair iPhones, New York State Records Confirm

An anonymous reader quotes a report from Motherboard: Lobbying records in New York state show that Apple, Verizon, and the tech industry's largest trade organizations are opposing a bill that would make it easier for consumers and independent companies to repair your electronics. The bill, called the "Fair Repair Act," would require electronics companies to sell replacement parts and tools to the general public, would prohibit "software locks" that restrict repairs, and in many cases would require companies to make repair guides available to the public. Apple and other tech giants have been suspected of opposing the legislation in many of the 11 states where similar bills have been introduced, but New York's robust lobbying disclosure laws have made information about which companies are hiring lobbyists and what bills they're spending money on public record. According to New York State's Joint Commission on Public Ethics, Apple, Verizon, Toyota, the printer company Lexmark, heavy machinery company Caterpillar, phone insurance company Asurion, and medical device company Medtronic have spent money lobbying against the Fair Repair Act this year. The Consumer Technology Association, which represents thousands of electronics manufacturers, is also lobbying against the bill. The records show that companies and organizations lobbying against right to repair legislation spent $366,634 to retain lobbyists in the state between January and April of this year. Thus far, the Digital Right to Repair Coalition -- which is generally made up of independent repair shops with several employees -- is the only organization publicly lobbying for the legislation. It has spent $5,042 on the effort, according to the records.

My right to not buy iphones

I'm exercising my right to not buy iphones.

Re:My right to not buy iphones

Smartphones are useless pieces of shit. No, wait. They are worse than useless. They are harmful.

- They distance people from each other by taking away reasons to meet in person.
- They are designed to break.
- They are designed to be hard and expensive to fix.
- They cost so much the price alone ties the user to the product because he does not want to just throw it away and buy another.
- They are somebody else's cashiers the user voluntarily carries around just in case he wants to give some more of his cash away by buying immaterial crap. That's right, the users give away part of their paycheck to buy stuff _which_does_not_exist_. They put in their time, part of their lifetime to make the paycheck. In short, they buy nonexistent crap with their life.

People. Stop trying to fill your empty lives by shopping new stuff.
It. Does. Not. Work.
It won't make you happier.

Re:My right to not buy iphones

[Dutch+Gun]

It's a portable computer and communication device, nothing more. You can buy a decent one for as little as $150 and as much as $800, and typically last for several years if you take reasonably good care of it. If it's causing some existential crisis in your life, that's all on you, not on the smartphone.

Re: My right to not buy iphones

[jimbolauski]

There is all ready legal precedence that the federal government can mandate the purchase of goods or services, the MAPLE act is 100% constitutional.

Re: My right to not buy iphones

[houstonbofh]

All I care is that the boot loader is unlocked so I can install my own OS and remove the spyware. This can not be done with Apple or Samsung.

Re: My right to not buy iphones

[BronsCon]

This is offtopic and I'll accept appropriate moderation for it but... every time I see your sig I spend the next few minutes trying to correlate head injuries with raises I've received. Every time... I conclude that you're right.

Re:My right to not buy iphones

[vtcodger]

They allow you to call 1-666-GOSATAN where you may be able to negotiate a deal for achieving your rather modest desires in exchange for your immortal soul. You'll have to spend 45 minutes fighting with Hell's automated phone answering system but once you get through to a live demon, it shouldn't be hard..

Of course your soul may not be worth all that much. Depends on what you've been doing with your spare time.

Re:Well DUH

[alexo]

Stop dissing America, it has the best democracy money can buy.

Sounds like a job for crowdfunding!

[jenningsthecat]

Time to get the grassroots campaigns going. Repair Cafe fixers and clients, every member of every hackerspace, repair shops of all kinds, independent repair contractors, a large number of Slashdotters, and just average citizens who are tired of getting the shaft - all of them together could probably kick in enough money for some serious bribes. (Because let's face it - lobbying is essentially bribery). It might succeed in thwarting this loathsome, sleazy corporate assault on decency and fairness; but even if it doesn't, it will at least cost the bastards still more money for still bigger bribes, and will result in more news coverage that may convince more people to get behind the next campaign to tell the corporate bastards to fuck off with their 'you no longer own things, you only rent them' bullshit.

Re:Sounds like a job for crowdfunding!

[houstonbofh]

Or stop buying their shit so they have less money for bribes!

Re:futility

It seems reasonable that any parts that the company stocks to perform routine repairs at a service center would be available to the public.

You a car manufacturer wouldn't replace the internal parts of a water pump at a service center, they just replace the whole unit. They also sell the water pump as a whole unit to the public.
Likewise something like the screen assembly or battery for your phone are obvious components to make available to the public these parts are simple to replace and done in-store in minutes. Resoldering components on the logic board is something that isn't even done on refurb units, it's just not worth the cost to do those kind of repairs vs. just replacing the whole board.

Re:futility

If you follow any of the multitude of people working in the repair industry through their social media, you would know that your argument holds no water.

They already do all of the research, repair and diagnosis (quite effectively) while being handicapped by lack of first party software and tools or documentation (or sometimes they manage to find illegal versions on the webs) and then after they have managed to do all of this (sometimes apple cant even do these physical repairs) and they manage to do it at an affordable price to the consumer, they risk being sued for using the tools they had to obtain illegally.

There is zero reason for these company's not to make this material available other than greed.

When i buy something I own and can do whatever i want with it.

If that means fix it or pay to have it fixed in a country where it is illegal to deny you the right to service it or have it serviced, there is no reason for the OEM's to cut the legs out from under the local repair shops by denying them manuals and diagnostic software that already exists.

GREEDY A$$HATS!

Re:Not a right

[DigiShaman]

I have to agree with that statement. Apple doesn't have to do shit for anyone. That said, Apple has no right preventing anyone from repairing a device or locking out spare parts from the general public.

I'll tell you where this will end up. Future phones will be epoxied together. A single problem with it? Yeah, throw it in the shredder, get another device, and re-download your cloud profile/data. You can't repair what they will make unrepairable. Not that I agree with it, just sayin.

Re:futility

[alexo]

This is the most disingenuous post I have read on /. for quite a while. And that's saying something.

Exactly what types of broken states of a phone are you requiring a company to publish guides to fix, and make parts available for? Do you even know how many different ways a modern phone can fail? And what level of fix are you requiring they make available, and for what level of user capability? It's going to be pretty much useless if grandpa can't manipulate the microtweezers to fix the parts of the rear-facing camera module, so what then?

The law would require the company to make the exact same guides that they give to their "authorized" repair centers available to the public. And no, grandpa is not going to repair anything himself, but he will have the option to take his malfunctioning gadget to an independent repair shop which will fix it for a fraction of the price, since that's what competition does.

But you already knew that, because it says so very clearly in the text of the proposed legislation, only two clicks away.

Re:futility

[jenningsthecat]

"Apple kicks dogs and steals from your grandmother!"

You're trying to be sarcastic, but in spirit if not in fact, your statement is pretty much true and accurate.

Exactly what types of broken states of a phone are you requiring a company to publish guides to fix...

Let's see... broken screens, busted speakers and microphones, (yes, it happens, and it's happened to me), failed backlights, broken cases, damaged earphone jacks, (for the 'pre-bravery era iPhones), cracked solder connections, cranky power and volume buttons, and probably a few others I haven't thought of.

...and make parts available for?

For all of the above problems - and in addition, chips as well. You seem to think the expertise to repair these things doesn't exist outside the hallowed halls of corporate repair centres. You're mistaken.

Electronic devices have come a lot farther than a car engine that you could demand be user-serviceable, and these laws are misguided attempts to make them so.

They don't need to be user serviceable, they just need to be serviceable by repair people who aren't members of the corporate empires that are trying so desperately to control their products even after they've been purchased. 'Cause, you know, you can have a monopoly in the service markets, just as you can have a monopoly in any other market, and monopolies are a BAD THING.

Don't make a company the villain for objecting to things that are nice in (ancient) principle, but unworkable in reality.

It's the companies who have made themselves the villains, in oh so many ways. Among them is objecting to things that are nice in (modern) principle, and entirely workable in reality.

Re:futility

[lucm]

This is not just about phones. It's also about laptops.

Here's a link to a Dell Latitude manual that explains how to replace parts:

http://downloads.dell.com/manu...

Please provide a similar link for a Macbook repair guide. Let's just say I'm not holding my breath.

Re:futility

[drinkypoo]

Exactly what types of broken states of a phone are you requiring a company to publish guides to fix, and make parts available for?

This is horribly simple, such that any simpleton should be able to figure it out: any documentation they produce for in-house use should be provided to any customer, and all parts that they replace in-house should be available for sale to any parties at a reasonable price.

The goold ol' days

[istartedi]

The schematic for the TV set was inside the box. You pulled tubes and took them to the store to be tested. The companies made money hand over fist, and independent repair shops did OK too.

The companies that made those old TV sets *did* eventually go into decline, and in some cases Chapter 11. That had nothing to do with independent repair shops. It had everything to do with other countries making things more cheaply under an open trade policy, and other companies being more innovative.

So. Go ahead Apple. Try to lock yourself into the top spot. Go ahead. We dare you. Oh, and Cupertino? Rochester, NY and Detroit, MI might have some lessons to teach you. Enjoy your spaceship. These are the good ol' days.

Re: The goold ol' days

[Miamicanes]

The deathblow that killed the American TV-manufacturing industry was LCD TVs. LCDs are something profoundly subject to economies of scale... especially in larger sizes, with few/no dead/stuck pixels. The LCD panel accounts for most of the BOM cost. With Asian companies making basically 100% of consumer LCD panels, there's basically no real profit for a company to buy those panels & assemble them into TVs in America. Or Europe. I doubt whether many TVs are even still made in JAPAN (Japan hasn't been a 'cheap labor' country for at least the past 25+ years).

DLP TVs were the dying gasp of the American, European, and Japanese TV industries, because they were so big & heavy, the shipping logistics ALONE made assembly within surface-transportation-range almost a necessity... and even then, "American" TVs were mostly assembled in Mexico by Japanese companies.

Zenith ultimately fucked ITSELF out of business. ~10 years ago, DirecTV wanted to make a "whole house" DVR that rebroadcast recorded content over the customer's existing rg59/rg6 coax using ATSC (so you wouldn't need a box per tv... you'd just tune one tv to channel 2, one to channel 3, and so on, then associate the RF remote for that room with that channel. Everything went well when the prototypes were developed... then Zenith quoted them a jaw-dropping price for the 8vsb modulator's chipset that was so outrageously expensive, the American satellite tv industry just abandoned the whole idea of ATSC modulators in favor of ethernet (or MoCA, or HomePlug, or wifi) networked mini-STBs. Basically, Zenith and what was left of the American TV industry figured they could collectively milk consumers for ATSC-related royalties, and didn't expect DirecTV (and Dish network) to do an end-run around their broadcast-related ATSC patents.

Re:The goold ol' days

[tlhIngan]

The schematic for the TV set was inside the box. You pulled tubes and took them to the store to be tested. The companies made money hand over fist, and independent repair shops did OK too.

The companies that made those old TV sets *did* eventually go into decline, and in some cases Chapter 11. That had nothing to do with independent repair shops. It had everything to do with other countries making things more cheaply under an open trade policy, and other companies being more innovative.

So. Go ahead Apple. Try to lock yourself into the top spot. Go ahead. We dare you. Oh, and Cupertino? Rochester, NY and Detroit, MI might have some lessons to teach you. Enjoy your spaceship. These are the good ol' days.

The reason for this was a TV cost a year's salary. Which is why in the good old days, families were lucky to have A TV. Only the richest of the rich could afford to have more than 1 TV.

So families often spent years saving up for a TV. And after that, your TV breaks every couple of months (a tube usually blows). Imagine that - you spend 5 years saving for a TV, and the damn thing breaks within a couple of months. Usually a tube goes, so you take out all the tubes, go to the store, use the tube tester to figure out which ones were bad, and then pick up replacements, then take it all back and get your TV working again. And then you repeat this every month or so.

That's why TV repair shops did well - the damn things were unreliable as hell, and you only watched it from time to time!

Modern TVs are much cheaper - you can pick up a decent sized TV (larger than in the past) for a week's salary today, and it will work 24/7 for years.

Anyhow, the biggest problem today isn't broken products, because face it, modern technology is so reliable that failed products is extremely rare. The big problem is warranty fraud. And they can be brazen - taking an obviously water soaked product (it's dripping water on the counter) and claiming it's not water damaged

Or, you wouldn't believe how many people foul up the LCD screen replacement (we're not talking about the touch ID error, either) and still claim they didn't do anything.

Or think of it this way - why don't iFixit and other similar sites offer warranties? They're more than happy to sell you parts, show you how to do it, yet will not offer any warranty on any of it other than new stuff they sell (like tools). They know people screw up and they'll be on the hook for all the cock-ups the public does.

(Meanwhile, there are plenty of other independent Apple repair shops who do repair work, without help from Apple, too! They are not certified, but will repair Macs and all that...).

Re:The goold ol' days

[istartedi]

I think that must be hyperbole on your part to say a TV cost a year's salary. Here are some TV prices from the tube days. You can plug these numbers into a CPI adjuster (too bad they didn't do that for us). For example, you get $2,078.04 for the 1960 17" BW Tabletop Philco. I chose that one because we were still using something comparable when I was a real little kid in the early 70s. A PC cost about that much for a long time. Not cheap, but not ridiculous either.

Some of the other sets on that list do indeed cost quite a bit more in real terms--but few people would have purchased expensive color sets in the 1950s because most broadcasts were BW. The expensive consoles also pulled double-duty as furniture. I remember seeing these sets in people's homes, and some of them had extra space on the side where you could put your turntable and records. You'd put stuff on top of the set. Man, that was a lifetime purchase so of course you'd shell out more. Nobody ever wanted to *move* those things, but I digress.

Look at the prices in the early 70s. By then, "solid state" sets were available, but repair shops were still going at it with solder guns.

The 21" 1960 RCA color table top is $4131.04 in today's dollars. Definitely a pretty penny; but also for early adopters only. Five years after that purchase, only half of all network broadcasts were in color

I think the idea that TV sets were really expensive came from the frugality of the generation that was purchasing them--WW2 generation. They'd been through the Depression with radio. That colored their thinking, no pun intended. Also, sets were financed which makes it sound like they must have been really expensive; but buying appliances on "the installment plan" seemed like something that was being pushed a lot back then. I think it was part of the hard sell to get frugal customers to pry open their wallets.

Re:The goold ol' days

[houghi]

They are locked in for several years in the top spot selling overpriced goods (Otherwise where do those huge profits from?). The thing with these kind of lawsuits is that unless there is a serious political change in the US, that the question becomes not IF but WHEN this will be turned into law.

The majority of companies are waiting how this turns out and you can bet that this will become the standard for everything from cars to houses to your shoe laces. John Deere is just one of the bigger names out there who was already mentioned here on /.

Re: The goold ol' days

[swb]

It sure seems like the American TV industry went south before LCDs.

I seem to remember mostly Japanese TVs being desirable in the 1980s -- Sony, JVC, Panasonic. Maybe you could still buy an American made TV at that point, but they certainly weren't what most people were actually buying.

Re: The goold ol' days

[Miamicanes]

I believe digital comb filters were the last real advance of the pre-ATSC American TV industry. The things of that era that really MATTERED to consumers, like Trinitron picture tubes, S-Video, and PLL digital tuners, were all Japanese. What remained of the American VCR manufacturers was incinerated once Sony decided to allow VHS mfrs. to license its Betamax IP (remember how, pre-1986, VHS VCRs had to do the "pause-chuckka-chuckka" dance to switch between 'play' and ff/rw? Or the switch from low-fi linear stereo to hi-fi stereo? Or the arrival of "high quality" mode? Those were all improvements that used Betamax IP to improve VHS.

I don't remember how American, European, or Japanese LaserDisc and CED videodisc were... from what I recall, they were invented in the US (LaserDisc) and Europe (CED), then repeatedly bungled on both sides of the Atlantic until DVD killed them both off once & for all. AFAIK, LaserDisc was eventually popular in Japan, but Japanese players were never really marketed in the US because Sony & others thought the US market was too damaged & tainted by RCA to even bother with.

It's hard to believe, but at one time, Sony was actually the industry's innovative disruptor... then they started buying studios & distribution rights, and turned into late-80s IBM (where everything cool that the engineers came up with got ruined by the "service/content" side of the company.)

Got to sell new equipment somehow

Lets hear a story about a client of mine from two weeks ago.
She was using her computer one day. Goes to turn it on - and the hard drive symbol is flashing on the screen.

So she books an appointment with a Genius. Takes her 2010? 2012? IMAC to the Apple store for a hard drive replacement.
Only to be told "I am sorry. They do not make parts for that model anymore". Disappointed and a little suspicious she contacts my company. I advice her that not only did they mislead her - but I am going to make her computer faster than when she bought it by throwing in an SSD. I am sure you know what the results were.

It was very evident then and it is evident now that the reason why they do not want people to repair their products is because they want the customer to have to shell out money for a new device.

If greed is going to be the sole motivator for the majority of these businesses. As consumers we are going to be left in a very awkward position in a few years when the big business has managed to squeeze out all other competitors.

Lack of Financial Sense

[Khyber]

You're being given another source of (potentially more lucrative) aftermarket repair product sales, such as controller chips, processors (many shops can reflow these on no problem) headphone jacks, charge ports, etc.

You can charge money for the access to the documentation.

There's so much money to be made that if I were a SMART manufacturer, I'd be sitting here opposing anyone that opposed this law, and going ahead and doing this anyways, and start eating straight into the sales of Apple, Verizon, etc.

My tractors!

[Gravis+Zero]

But if you take my right to lockdown my tractors, how am I going to force the farmers to pay me for every repair?! -- John Deere

Re:futility

[ckatko]

I agree with the previous poster. Nobody except Ford should be allowed to fix my Ford car or even change the oil. It's much better for me if competition doesn't exist at all. I don't want my unqualified "grandpa" from changing my air filter. I'd rather pay $600 in labor for it.

Jackass.

Re:futility

MacBook repair guide:

How to replace the CPU:
    - See how to replace the motherboard.

How to replace the RAM:
  - See how to replace the motherboard.

How to replace the SSD memory:
  - See how to replace the motherboard.

How to replace the WiFi module:
    - See how to replace the motherboard.

How to replace the Bluetooth module:
    - See how to replace the motherboard.

How to replace the motherboard:
    - The motherboard isn't a serviceable component and it's not available to the general public. See also: how to buy a new MacBook.

How to buy a new MacBook: http://apple.com/macbook

Re: This isn't about rights at all.

[Miamicanes]

The problem is, components like USB ports (or Lightning connectors) can break, and if the port is a proprietary part used only by Apple or Samsung, there IS NO second source for replacement port connectors to solder on. Quite a few Android devices in particular had SERIOUS problems with broken USB ports (especially when the device was used by toddlers or pre-teens).

Also, VERY FEW 'bricked' devices are irreparable via JTAG... but if a mfr. is allowed to declare a model 'eol' and refuse any future service requests, while simultaneously refusing to release their JTAG utilities & rom images, you'd be fucked unless someone leaked the tool to XDA & the mfr. didn't throw DMCA takedown notices at them. (Motorola comes to mind as one of the more aggressive mfrs. determined to keep their software tools out of 'unauthorized' hands).

Holy crap is this company ever user hostile.

You know, a long time ago I used to feel like Apple actually cared about me as a user. They made some neat stuff that was genuinely easy to use, and whenever they came out with new stuff, it was generally worth upgrading to. If not, then you could be sure that your current hardware would continue to work as well as the day you got it until it broke. They didn't go out of their way to make it easy to service stuff, but they didn't make it hard either- anyone with half a brain, a copy of the service source manuals, and a few tools could pretty much fix 99% of the issues their hardware encountered after a reasonably long life of use.

I look at Apple today, and I just have to shake my head.

The iPhones are now being cryptographically paired on an internal component level. This is being done in the name of "security", which is bullshit, it's just great for their bottom line. You can't install any other software on them other than iOS, which again, is being done in the name of "security", but that too is bullshit- they just want to force upgrades down your throat to the point that your device becomes an inoperable mess (like the 4S and iPad 2 running iOS 9).

The iMacs have gone from a 100% modular, user serviceable layout (which was quite a remarkable feat of engineering) to a 100% user unserviceable built-as-cheaply-as-possible-in-China system, complete with all the major components soldered to the system board and non-reusable foam sealant all around the glass panel (which you have to break and replace to open up the system).

The Mac Mini has gone from a 100% user serviceable system that you could literally open up with two thumbs- to a system with half the power and soldered RAM on the main board. You can no longer open up the case without using special tools.

The laptops all have built-in permanent batteries adhered to the entire upper chassis. You need a new battery? You get a whole new upper chassis. The keyboards aren't even designed to be the least bit liquid resistant, and they're manufacturing them so thin now you're pretty much screwed if you ever drop the machine and warp the chassis (which you will, because it's made out of an extremely soft aluminum).

Then there's the Mac Pro, which went from a gorgeous silver tower that screamed "POWER" to... A tiny cylindrical machine that's prone to thermal throttling when loaded down to 100%, and the 2nd GPU is only accessible through an API that never quite worked right (OpenCL) and is now in the process of being depreciated and dropped.

Now I hear of stuff like this, and them insisting on recycling facilities shredding (yes, shredding) used Mac systems... What the fuck happened to this company? I've never seen a corporation so hell-bent on producing user hostile hardware before. I don't know why people continue to buy their stuff.

Re:Holy crap is this company ever user hostile.

[swillden]

The iPhones are now being cryptographically paired on an internal component level. This is being done in the name of "security", which is bullshit

If you're talking about the fingerprint scanner, it's not bullshit, it really is for a very good security reason.

I work on Android Security, at Google, and this is something that we want to do as well, but for complicated reasons haven't been able to do, not even in the Pixel devices. And we want to do it not because we're copying Apple but because it's addresses a real security issue. Let me explain:

The security of fingerprints derives not from the secrecy of fingerpints (they're not secret, you leave them everywhere, including all over the surface of your phone, which is very convenient for phone thieves), but from the difficulty of preventing a fake fingerprint from being "scanned".

The simplest way to fake a fingerprint scan is to disconnect the scanner and feed the digital fingerprint data in directly. This is really, really easy to do, given a little expertise and some very inexpensive equipment. The fingerprint scanner connects to the device via a standard SPI bus, so you just have to connect some other processor to the bus and feed in the bitmap of the fingerprint (which you photographed from the surface of the phone).

The way to defeat this attack is to have the fingerprint scanner attach a cryptographic message authentication code (signature, if you will) which is produced with a key known to the CPU that will do the matching. This requires that the scanner and CPU be "paired" by arranging to share a key between them for producing and verifying these MACs. Further, it can't be too easy to pair a different scanner because then the attacker could just do that.

So, the pairing of fingerprint scanners to SoCs really is for security. I have no idea what the motivation for fighting this bill is, and it may well be the brazen attempt to extract more money by disallowing third party repair that you claim it is, but that's not the case for the fingerprint scanner pairing.

Re:Holy crap is this company ever user hostile.

[BronsCon]

Further, it can't be too easy to pair a different scanner because then the attacker could just do that.

So only allow pairing a new scanner when the device is unlocked. Install a new scanner? PIN/password unlock, enter the service menu (which shouldn't be accessible on a locked device in the first place) and select "Pair Fingerprint Scanner".

If the reason for not allowing it is so that someone can't use an altered or imposter scanner to unlock the device, requiring the user to be able to unlock the device first is sufficient security, as it proves that... well... the user can unlock the device. Preventing a user who can unlock the device already from pairing a new scanner doesn't prevent that user from unlocking the device... because... that... user... can... already... unlock... the... device...

Re:Holy crap is this company ever user hostile.

[swillden]

So only allow pairing a new scanner when the device is unlocked.

That sounds good, and I actually typed a long paragraph agreeing with you but pointing out concerns about complexity and the difficulty of getting such a complicated solution that must touch several layers of hardware and software right... until I noticed the fatal flaw. The basic problem is that you're assuming that everything will work correctly, but that is what security engineers specifically must *not* assume, except when and where it can be adequately justified. In this case, you neglected to consider what could happen if iOS were compromised. Sufficiently-privileged malware could install its own key in the scanner when the device is unlocked, providing a way to remotely obtain a copy of the user's fingerprint. That's not a security problem (fingerprints are not secrets), but it is a pretty serious privacy problem. Not for most people, since malware that can exploit vulnerabilities to obtain root can already extract all sorts of personally-identifying information (PII), but there are people who have good reason to keep PII off their device, and enabling remote access to their fingerprints would be very bad. There are some other, less serious, problems as well, such as enabling a remote DoS of fingerprint auth functionality.

For this sort of system, we really need mutual authentication. The matching hardware cannot trust livescans from any device other than the correct scanner, or you have a security problem. The scanner must encrypt livescans so no device other than the correct matching hardware can decrypt, or you have a privacy problem. It must not be possible for an attacker to violate these guarantees, especially not in a remote, software-only attack. In a local attack we worry less about privacy because the atttacker almost certainly has access to the user's fingerprints.

Mutual authentication is very easy to bootstrap from a shared secret. It's also possible to bootstrap it using PKI but this adds complexity which the scanner probably cannot handle, as well as opening potential security holes; an attacker who can extract the relevant key from any device can pretend to be that device to any other. So an attacker that uses electron force microscopy to extract secrets from one phone could use those secrets to compromise any other phone. That could be mitigated by batch-level PKI (different root keys per batch), but that creates a lot of supply chain management problems -- and still doesn't really make the devices replaceable by third party repair shops.

Personally, I'd probably take a different approach based on bootloader-coordinated key agreement at each boot. As long as there's a way for the scanner to securely know when the device is booting, which can be done -- though it's a *lot* harder than it appears -- this provides a basis for establishing a shared secret that is secure against a remote attacker (there are good reasons to assume the bootloader cannot be remotely compromised). Against a local attacker, we don't worry about preserving the privacy of scans. This reduces the problem to one of ensuring that the matching hardware will only accept scans from authentic scanner hardware. PKI is probably a reasonable solution to that; the scanner only has to sign one message with a factory-burned private key, and deliver a public key cert. An attacker who extracts the private key from one scanner can fake it to other devices, but only in a local attack. This isn't quite as secure against local compromise as Apple's, because in Apple's the attacker would need to extract the secret from the scanner of every device they wish to unlock, which is expensive. But it's a reasonable middle path that allows third-party repair.

In the Android world, my approach would be preferable even ignoring third-party repair issues (which, honestly, I would probably not consider), because it would eliminate the need for every OEM to securely manage the keys needed to authorize pairing. Apple can do th

Re:futility

[_merlin]

The manuals for Precision and PowerEdge are absolutely awesome, too. Build quality of PowerEdge is great these days.

Re:futility

[TheRaven64]

The one law that would make a big difference there would be requiring vendors to unlock bootloaders and provide documentation for all hardware interfaces when they stop providing security updates. When an iDevice stops getting iOS security updates, it quickly becomes unsafe to use on a network and basically a brick. If you could install a third-party OS on it then that would make a big difference to waste (and, given the relatively small number of device types, it would be comparatively easy to support). Of course, this would mean that after a few years you'd probably see more iPhones running Android than iOS...

Enough with the smartphones...

[mschaffer]

Enough whining about smartphones. What about fixing other devices?
http://modernfarmer.com/2016/0...

Re:futility

[Maritz]

Really highlights the Stockholm syndrome effect a corporation like Apple has on people, that they defend it to the hilt in its attempts to take away their rights. Pretty hilarious.

US TV manufacturing died well before LCD sets...

[Ellis+D.+Tripp]

It was killed by "dumping" of sets into the US market at or below cost by Japanese manufacturers beginning in the 1970s, and peaking in the 1980s.

http://www.nytimes.com/1983/12...

https://www.washingtonpost.com...

The manufacturers are designing irreparable phones

[rickb928]

IP67/68 water resistance pretty much requires a sealed device, and sealing smartphones pretty much guarantees they are irreparable. Sealing with adhesives, thermal or other, denies the average consumer a means to disassemble the phone just to change the battery.

And we will accept water resistance because the phones are so expensive we don't want a brief moment of strawberry daiquiri exposure to cost us even the deductible.

And while battery life isn't on everyone's mind when they buy a new hot phone, it's a fairly common problem to see battery capacity diminish after 2 years. That is, for most of us, at least 800 charge cycles. Nothing is on the horizon that will do better. So we are mostly on a 2 year life cycle for most smartphones, especially the hot fast cool ones. 30 bucks a month in the US.

By design. For a long time to come. And more not less.

To be able to repair current design phones will require compromises, either design compromises or feature compromises. Water resistance the first.

When I laundered my M7 I was really, really peeved. Mostly because I could not disassemble it sufficiently to dewater it. Well, actually mostly because I even sent it through half a dry cycle... But I could, then, replace the display on my wife's iPhone 6s. The M7, impenetrable. And now my Android choices are limited, if I want to skip a generation of CPU and step up to the most current chipset. Which of the options I have are fixable? Oh, and support my carrier's better radio bands, WiFi hotspot, WiFi calling, oh that gets difficult.

We are being designed into losing the ability to fix stuff that could be fixed otherwise. I've been a two-way radio technician, calculator and tape recorder repairperson, typewriter repairperson, then PCs, but I can't see how to repair most smartphones for a living. The tools. The techniques. Impenetrable.

If this works,

[John.Banister]

Maybe next they could work on standardized connection interfaces for power tool batteries.