Slashdot Mirror
New Tech Industry Lobbying Group Argues 'Right to Repair' Laws Endanger Consumers (securityledger.com)
chicksdaddy brings this report from Security Ledger:
The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers. The group released a survey last week warning of possible privacy and security risks should consumers have the right to repair their own devices. It counts powerful electronics and software industry organizations like CompTIA, CTIA, TechNet and the Consumer Technology Association as members... In an interview with The Security Ledger, Josh Zecher, the Executive Director of The Security Innovation Center, acknowledged that Security Innovation Center's main purpose is to push back on efforts to pass right to repair laws in the states.
He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks. Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves... Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety... "People say 'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."
He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks. Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves... Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety... "People say 'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."
The IT world needs your commentary, Mr. Stallman.
& history's shown that isn't a good idea. unfortunately, I'm guessing the not-so-tech-savvy politicians will fall for that argument, especially since they'll get a lot of money to do so.
They are in danger of NOT completely emptying their wallets to the fat-cats and the CEOs "Bonus" programs and Beer Funds.... Gotta fix that!
Let's let the consumers be the judge of what's a danger to themselves. People who try to go around making laws and rules for someone else's good tend to do a spectacularly poor job of it and generally cause just as much harm as good, even in the case where they're well-meaning instead of clearly under some ulterior motives as is the case here.
If people want to accept some increased risk (which I don't believe exists) by using third party repair services, that's on them. If a company wants to warn their customers about the possibility of danger, that's as far as they should go.
So if I repair my stuff myself I can be considered a HAXOR!!
What is next? If I breathe air and exhale carbon dioxide I can be blamed for contributing to global warming?
WTF? These "smart" devices already aren't secure, send your data to someone at a distant location, and don't always work as the manufacturer says they should. And these same people are worried someone might hack them?
What next? Making computers where the bits and pieces are welded on so one can't upgrade it?
I want to cut them open and pull out their heart with my bare hand.
Yeah, I sure would hate it if a hostile party had control of my device and was limiting its use and determining what I could do with it.
But I really like how their argument boils down to 'We screwed up the security, therefore you should trust us and only us.'
This is yet another reminder of why the IoT is a stupid idea. If your washing machine is even capable of identity fraud, you're doing something wrong.
as much as you can. and you know it!
Next thing you know, people will want to repair their own cars, and you can run people over with cars!
Anything that can be used against government tyranny, such as guns and computers, are considered "arms" and therefore protected by the 2nd Amendment in the U.S. We have a right to bear and maintain these devices.
Problem number 1 is you stupid fucks decided to put Wifi in a washing machine. I have an older washing machine with a clockwork type timer control mechanism. I had the replace he timer about 6 months ago, took all of 15 minutes to repair. My washing machine doesn't need to be internet connected.
A group representing electronics manufacturers, who stand to gain financially by controlling access to their devices, argues that granting consumers access to a device they bought is "dangerous" to them and to everyone. Right. Don't for a second believe these folks have anyone's interests at heart but their own - the laws of corporation actually strongly discourage executive officers from arguing otherwise.
"He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks."
Translation: most dhttps://it.slashdot.org/story/18/02/24/1939255/new-tech-industry-lobbying-group-argues-right-to-repair-laws-endanger-consumers#evices are routers.
Oh, the horror if people find that out!
---- The above post was generated by the Turing Institute. Maybe.
Because we are all unenlightened morons that would go around sticking our fingers in sockets without the infinite wisdom of our Big Brothers and Sisters in the tech industry. I'm a technician and power user of 25+ years (though I don't work under any of these corporate umbrellas), longer than some of these CEOs and lobbyists are old, and they can spare me, then blow me. Not many of us are that stupid, kiddos.
If they are breaking the law anyway this is hardly going to deter. This is quite similar to the "think of the children" type of argument. An appeal to emotion not logic.
This is all just absurd. The right to repair does not empower hackers. The availability of repair parts doesn't threaten people's safety. Guns can be used to threaten someone but there is no chance of us restricting them but repair parts now they are just criminal you might save a few dollars by repairing rather than replacing saving your family from financial ruin and heck even prevent greater tragedy. But let's criminalize repairing your own device violating the doctrine of first sale while putting more guns into tense situations because that will solve everything. In this absurd world maybe starving lions will lie down with sheep rather than you know doing the logical thing and eating them.
It bugs me that they called themselves the "Security Innovation Center". Those of us in security have consistently advocated for the need to be able to work on devices in order to secure them. Most recently the Obama administration tried to push through regulations requiring manufacturers to "prevent the installation of OpenWRT and similar third-party firmware" on routers. We successfully argued that preventing firmware upgrades often prevents security fixes.
These jack asses do NOT represent security anything.
So the very tech industry actors that created the stage for the Mirai botnet think letting consumer take any control of those same actors' faulty devices will create significant new dangers? I think allowing those manufacturers any more unsupervised commercial activity is far more dangerous.
They don't want customers fixing any of the "SMART" malware they purchased to no longer endanger their privacy, security, artificially limit capabilities or restrict choice.
Lost malware = lost revenue
If you're arguing that consumers shouldn't be able to fix stuff "because security", then we presume that you're promising the stuff you sell actually is secure and that you're willing to accept 100% liability when things get hacked?
* crickets *
Well then, fuck you too.
Log in or piss off.
that self-repair endangers the backdoors and exploits that are intentionally implanted by the manufacturers at the request of various government entities.. in addition, it'll make the manufacturers look bad when their lazy, shoddy programming and security is discovered and fixed by ordinary users..
"Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves."
"That's our job."
I have never walked into a house that had a router less than five years old. I keep mine for 10 years at least, it's a natural lifetime. Do any manufacturers provide software updates for hardware > 2 years old? no. I have two google nexus 5 phones, no software support at all I'm sure appliance companies said, sorry your washer is two years old, we don't stock those parts, they wouldn't stay in business very long. I don't understand making objects smart suddenly makes their useful lives shorter than a gerbil's.
There is an easy fix to the "Tech Group's" fallacious "survey" concerns about devices connected to the internet: just don't buy devices connected to the internet that don't need connecting to the internet. My fridge, my stove, my vacuum, my washer, my drier, my water heater, my breaker box, my...
Besides, those are not really what the issue is about. The issue stems from third parties, including users, not being able to repair their cars, trucks and tractors. I certainly do NOT need my tractors connected to the internet. Besides, there is no service here on our farm that the tractor would connect to - no cell, no wide area WiFi, etc. John Deere and other makers are sucking the life out of us by over pricing repairs and they're locking us in by banning us from repairing our own equipment.
Anything to control people...
Have gnu, will travel.
If these industries say it is too dangerous to allow consumers to repair, then put in place legislation that takes all profit out of repairs. They MUST fix your device for $5, and that cost can never change, no matter what. They also cannot refuse to repair your devices. This garbage has to end, and if they don't want the consumer to do it, then they can't gouge them either.
Why can't you sheep understand, the walled garden is the best thing ever! You can stand inside the wall and admire the flowers! You should be happy!. We love our walled garden that we sell to you at outrageous prices, and if a flower wilts, you'll only need to spend 3/4 of the cost of outright replacement... so you can enjoy your pretty flower again.
Oh, you think you could actually keep that flower alive? Even with help by somebody that knows how to make the flower better?
HACKZORZ!!!! Bad for Business! Veiled Security Threat #1... Veiled Security Threat #2... Veiled Security Threat #3..... call in the congressional lobbyists!! No mere mortal can save your flower in your pretty walled garden unless its *our* mere mortals... charging you 3/4 of outright replacement.
*boggle*... this is why we can't have nice things
That has to be the worst excuse I have ever heard. I sincerely hope someone superglues their ass cheeks together in their sleep so they will stop spewing so much shit.
that many of the people who are pushing back against right-to-repair legislation and sentiments, are the same ones who are pushing STEM education and mandatory comp sci courses in high school. Do they really think that having greater numbers of technically skilled citizens won't result in a much bigger, more knowledgeable, and more effective push for right-to-repair? I rather think the swelling ranks of the tech savvy will insist on using their hard-won skills on their own behalf to repair, manage, and control the devices and machines they depend on.
It's hard to tell if Big Tech simply hasn't spotted this contradiction, or if they're in damage control mode. Or maybe they're confident that the social engineering and propaganda mechanisms they've put in place are up to the challenge of controlling their future wage slaves' self-interested impulses.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
How do people who are not shilling for major corporations with nothing but a profit motive band together to address silly-assed arguments like this?
Are there groups that won't be merely waved off as a bunch of insignificant cranks because they don't have lobbyists?
EFF? Are they chiming in on this?
CUR ALLOC 20195.....5804M
this country is becoming so corrupt and stupid.
Is the bad, bad things they get up to isn't it?
what the bull leaves out in the pasture! I will dissect anything I purchase if I decide to! If I can not I do not want it in my life.
;)
Just my 2 cents
Hire someone to say Fucking Anything remotely coherent, put it on facebook, and people think it's the motherfucking Gospel.
As long as there's a way to program the original device, someone will eventually hack it.
Truth isn't Truth - Guliani
Since the devices might outlive the companies that sold them, all such devices must carry insurance, premium paid by the manufacturer, to make good on any damage they might cause.
Only when there is an actual cost that affects their bottom line these guys will take security seriously. Forcing them to buy liability insurance will make some one look at the devices and assess the security.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Wel I for one was unaware the Mirai botnet was caused by consumers repairing their washing machines, we live and learn..........
I can repair a present day smartphone as long as I can get the parts for it.
But that's another thing. How long does the right to repair enforce availability of all of the parts in that smartphone. 10 years? 25? forever?
Modular or component level repair?
What level of acumen is the baseline user? Someone like me, who has operated on chips themselves, or Grandma who has never dissasembled anything?
then there are power issues. Short out or damage that LiPo? scary stuff.
Then we get ot the upgradeability. Will this phone be required to have upgrades for lifetime?
I'm basically seeing this repairable phone as something huge and thick, and very expensive as a stockpile of every part or module is needed and the space requirements for making it possible to change the parts is added.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
If they can repair iPhone, I wouldn't buy it as it can cause security issue at deep level affecting Apple Pay, keylogger to grab password etc. I primarily use Apple products bought mostly from Apple store because that means they have not been tempered with. When I was on PC (25+ years), I used to buy brand name computers from major stores only. That does not mean I don't trust small guys. I have been using open source software since 1991. I just can't trust a random for-profit company with my security. I don't buy any internet connected refurbished products from unknown companies as there is no guarantee of their integrity.
It's what politicians and lobbyists do. Unfortunately our society is very susceptible to it. Maybe better education can make our country less susceptible to it. But with the way present-day politicians are slashing educational budgets, it doesn't look encouraging.
An effective "democracy" creates the illusion the people have a say in their government.
So if they had asked me: What do you value most:
In any case, I'm not trying to fix or repair my device; I'm attempting to break it. The equivalent of driving over it with the tractor. I'm allowed to do that. Of course I'm a terrible hack. I may not be entirely successful in my attempts to disable or destroy the device's firmware. Gosh darnit.
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
Their whole A+ certification revolves around ripping open a PC and building it again from scratch. If they're so against repairing electronics, then why would they "endanger" their certifees?
This is clearly collusion and should be investigated by the FBI.
Evildoers must not be sold washing machines! If they get their hands on them, terrible atrocities could occur! Washing machines are like machine guns!
FTFA: "'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."
The first day of university cryptography course, this rhyme: Security through obscurity is a fallacy. Here's another look at that: Knowing that the locks on your house have tumblers doesn't let the crooks instantly through the door. They are still kept out By Having Strong Locks! Now when it comes to repair: there are several things at play: if anyone can fix it, then the company doesn't get to say when the product is "all use up and unfixable". Can you imagine a car company saying "oh, sorry, your car has passed the 25,000 mile mark, its all use up and can't be fixed. We'll sell you a new one. Sorry we can't give you anything for the old one." Apple software is helping apple sell new phones to old customers. Their software is cheating customer, just like Volkswagen did with their diesels in benchmarks, just like Nvidia did with their video cards in benchmarks. Intels security problems let to a 1.5% decrease in performance because of preemptive execution and priveledge escalation, and also proof of concept abilities to read the TLB (computer high-speed index to programs in main memory). But it's more than that. John Deere is preventing farmers from fixing their tractors. If you swap the main board because the dealer can't see you for six weeks (till past harvest), then your tractor has no warranty (but if you don't harvest you have no income). And Ford and Chrysler and GM are doing the same thing, and its bullshit. These trade organizations (CompTia, et. al.) are a collective lobby group for greedy investors. They should be banned from their efforts. They have been a bane on the industry for over 25 years, but it depends, if you are a billionaire you probably like them, if you are a user of technology, they suck. They offer higher prices, lower or worse service, and less choice.
...speak out against Best Buy?
"Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves"
How is it any different than Best Buy dumping people's computer and phone contents onto their own systems?
Why didn't they go to Congress and yell, "They can't be trusted to repair stuff anymore!"
Care killed the cat, but satisfaction brought it back.
...innocent kind of belief they're going with there. Always the same boring, and mindbogglingly stupid argument:
"Those kinds of products in the wrong hands can be used to do bad things."
It would be the same as accusing the other 99% of actual product owners who just want to modify/optimize/better/repair and fix their own stuff to save a few buck, not to mention saving the entire planet - of being the criminals.
And if you own a product - YOU OWN IT! What part is there not to understand? Of course you can't demand warranty if you fiddle with it yourself, that is to be understood. But if it's yours then it's truly YOURS to mess with.
By all means makers - have fun, modify stuff. I'd do that regardless of laws. No law in this world is going to bar me from doing what I want with what I paid for. If there's lawmakers in my country that thinks otherwise, it's about time to ship them out somewhere else.
What this world is coming to - is for you and me to decide.
The great robbery was when the industry convinced their bought and paid for politicians that physical products were no longer sold but licensed. If the consumer is not allowed to have their low quality, broken devices repaired, we need to get mandatory 10 year parts and labor warranties that include firmware updates for known security flaws. If the manufacturer doesn't agree, don't let them sell in our markets.
This should be easier now that most of the tech products are made overseas and by foreign companies. Push this with our MAGA representatives as an us vs them issue and we should get some support for this idea.
It looks more and more to me like the "Industry" is trying to get things set so that they have all the rights, and final users do not. Mostly, this takes the form of "providing a service" over actual ownership a device.
If you Own it, you have every right to try and fix it, should it fail, or behave erratically. This allows you to get your monies' worth out of the darned thing, before having to buy a whole new one.
Should it be designated as a Service, then the service provider has the lions' share of the rights, and can force an upgrade, or phase out all or part of a service that is not as profitable to them whenever thy feel like it (more or less).
Just look at Microsoft. They would like us to swallow the notion that their O.S. is a Service, and have us pay a subscription fee for its use. They even tried this with M.S. Office. All this in their attempt to curb piracy of their over priced software.
On the hacker vulnerability: If they want access to a device, they'll hack into it! This will happen if it's legal to do so or not! Probably more-so, if it's been made illegal, as the rush is increased, and the chances of a user finding it through personal efforts to repair their oddly functioning device discovers something awry.
On a more Corporate focused level: The big companies want us to not see what they are doing in the background. Plain and simple. If we do not have the Right to Repair, we loose the right to investigate the operation of the devices we rely on for our daily functions, and security. If we can't see what's going on, then they can get away with murder! "Oh, your slow device is simply past its operating capacity, and you simply need to get a new one." Apple/iPhones, anyone? How about good old Microsoft XP/7?
Given this insight, is it any wonder why the Tablet aspect of the industry has not taken off?
On a personal note: I do Not trust "the Cloud" for anything. My files are stored on my own drives, and kept behind firewalls, routers, and in a reasonably secure network configuration. If hackers want my personal info, they have to hack into my network to get it, not simply invade Facebook when I'm not looking. If they are determined, there's very little I can do to stop them. Kind of like my car. If a thief really wants it, I can't stop them from dragging it onto a flatbed towtruck and hauling it away while I sleep.
One of the reasons I turn my systems Off at night, or when not in use. It's a LOT more difficult to get hacked when the system is not even powered on!
Of course, my Windows 10 systems seem to power on all by themselves, from time to time, and it took me a bit of doing to get that to stop...
I wonder what they were looking for?
Maybe, I'll never know...
We shoud buy our food allready cut, because... "Those kinds of products in the wrong hands can be used to do bad things."
Really?!
a Juden causing trouble ? say it aint so, and they wonder why every society in the history of man has ejected them, not for who they are, but what they do.
The only things "Right to Repair" endangers are monopolies and cartels.
EFF? Are they chiming in on this?
Yes. Electronic Frontier Foundation does in fact have an issue page about right to repair.
I fixed Windows 10 by never installing it.Everyone was warned way before hand what win 10 was..And everyone missed the warning signals, ms gave it away for FREEEEEEEEEEEEEEEE And tricked lazy/trusting people to installing even more copies. Lied to pro buyers and removed functionality they paid for the only people who have the real balls are people like me who just said no. If my PC dies im going Linux but i hate have to do that as linux wont allow me to install any of my software. but going windows 10 would be far worse...My times running out i have a EVGA 790i ultra MB that probable only last a few more years..Video cards are being phased out for 7 not even worth the trouble to upgrade the processor and intel probably stop making that processor as well..haven't checked though.
Jack of all trades,master of none
Put a mandatory 40 year warranty on everything then.
All that it really endangers is there bottom line.
are stealing our privacy and committing data-theft!
Hackers don't care about rule or laws. They will do what they want regardless, and anything that happens to the law will be moot concerning them. It just screws over the "legit owners".
... Ajit Pai used to justify repealing net neutrality? That consumer protections are actually harmful to the consumer?
Given the truly sociopathic tendencies of Silicon Valley, you don't need to know anything about this issue to know that if they don't want it, it must be good for consumers -- which also means, in the current environment, it ain't gonna happen.