New Tech Industry Lobbying Group Argues 'Right to Repair' Laws Endanger Consumers

chicksdaddy brings this report from Security Ledger: The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers. The group released a survey last week warning of possible privacy and security risks should consumers have the right to repair their own devices. It counts powerful electronics and software industry organizations like CompTIA, CTIA, TechNet and the Consumer Technology Association as members... In an interview with The Security Ledger, Josh Zecher, the Executive Director of The Security Innovation Center, acknowledged that Security Innovation Center's main purpose is to push back on efforts to pass right to repair laws in the states.

He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks. Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves... Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety... "People say 'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."

AKA Security Through Obscurity

[Zamphatta]

& history's shown that isn't a good idea. unfortunately, I'm guessing the not-so-tech-savvy politicians will fall for that argument, especially since they'll get a lot of money to do so.

Re:AKA Security Through Obscurity

[PolygamousRanchKid+]

I'm guessing the not-so-tech-savvy politicians will fall for that argument, especially since they'll get a lot of money to do so.

I'm guessing that the NSA is afraid that if we are allowed to open up the devices we own, we might find the "friend" that the NSA has planted in there.

Like and Intel Management Engine, for instance.

YEAH! They endanger customers!

[Zurkeyon3733]

They are in danger of NOT completely emptying their wallets to the fat-cats and the CEOs "Bonus" programs and Beer Funds.... Gotta fix that!

Let's let the consumers decide

[alvinrod]

Let's let the consumers be the judge of what's a danger to themselves. People who try to go around making laws and rules for someone else's good tend to do a spectacularly poor job of it and generally cause just as much harm as good, even in the case where they're well-meaning instead of clearly under some ulterior motives as is the case here.

If people want to accept some increased risk (which I don't believe exists) by using third party repair services, that's on them. If a company wants to warn their customers about the possibility of danger, that's as far as they should go.

Re:Let's let the consumers decide

[burtosis]

"Which has up to now been assumed to exist" assumed by who? Because I clearly remember apple trying to claim and also fight in court that jailbreaking is illegal Also that fixing your home button is illegal - they bricked phones over it before the backlash of stupid forced them to recant (FFS just disable the print reader not the phone) Tell this to farmers who can't repair thier own tractors because it's illegal, it goes on and on. We wouldn't need right to repair laws if it was always assumed.

Re:Let's let the consumers decide

[William+Baric]

You just repeated the nonsensical argument of the industry. I do think the "overrated" mod was appropriate.

Is it possible that a repair shop would install a Trojan horse on one of their customers' devices? I guess. Is it probable? No. Believe it or not, but not every technician is a criminal who wants to empty your bank account and then flee the country.

Do you also believe company should forbid people to change their hard drive and to reinstall the OS on their computer because they would end up being "controlled like a puppet?"

Re: Let's let the consumers decide

[Puls4r]

By your reasoning , we'd be finding gps trackers installed in our cars so independent repairman can sell or location data. Plumbers would install remote shutoffs so we had to call them back. By your logic, no repair would ever be a safe repair if done by a third party. You are an idiot.

Re:Let's let the consumers decide

[CrashNBrn]

However, I feel it necessary to point out that the logic being used by these industry trade groups boils down to

This is a "Lobbying Group." And much like most such groups,
1) Claims to represent companies|people that it doesn't,
2) Chooses a name "Security Innovation Center," that is the polar opposite of it's actual intent,
3) And like most Lobying Groups exists soley to bring about specialist protectionist legislation that will screw over the most people for the least amount of money.

Re:Let's let the consumers decide

[JaredOfEuropa]

Neither of these are black and white issues, unless you believe in an absolute right to bear arms or repair stuff. There's always a trade-off, and usually there are multiple options between the 2 extremes. Someone may want the right to repair because the upside (cheaper repairs because of no monopoly, more devices being repaired instead of thrown out) outweighs the downside (a very very very farfetched scenario where a rogue repairman called Harry Tuttle installs an illegal little bypass in your aircon). There's no contradiction in that same person weighing the upside of owning guns for self defense against the fact that with guns we invariably end up with a bunch of dead kids from time to time, and deciding that a ban on guns is better. Or maybe to push for gun control and registration, if that means we can have guns but no dead kids. It's not about whether or not people can choose for themselves or not, but what the potential consequences of their choices are.

Security, privacy and safety?

[quonset]

WTF? These "smart" devices already aren't secure, send your data to someone at a distant location, and don't always work as the manufacturer says they should. And these same people are worried someone might hack them?

What next? Making computers where the bits and pieces are welded on so one can't upgrade it?

stop putting crap on the internet

"People say 'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."

Problem number 1 is you stupid fucks decided to put Wifi in a washing machine. I have an older washing machine with a clockwork type timer control mechanism. I had the replace he timer about 6 months ago, took all of 15 minutes to repair. My washing machine doesn't need to be internet connected.

Re:stop putting crap on the internet

[Mashiki]

Electromechanical devices (with moving parts) fail more than a properly designed all-electronic control panel. Key phrase: properly designed.

Except for those millions of cases where they don't right? Ask yourself how many times you've heard from someone saying that their brand new electronic whatever has already failed in warranty, but their parents 30 year old whatever is still chugging along and hasn't stopped. Or you have some asshat of a company like Samsung that built their fridges to fail just outside of the warranty phase(all electronic bits fyi). Here's the thing, we're really good at making electromechanical devices that last long, and have low rates of failure. The relays and emr-switches that our company uses have a failure rate of 1:900k over 10 years. They have to handle wet, dry, humid, extreme heat/cold and keep going day in and day out.

I'll agree that some stuff has a higher failure rate, cars for example with non-electronic ignition had multiple points of failure and were prone for the simplest no-start problems mostly relating to the rotor. On the other side, for every $1k central console in car that fails and takes out the: radio, navigation, heater, signals, and so on. That 20 year old clunker next to you with all mechanical relays, wires, and switches is still going strong.

Annoys me that the used the word "security"

[raymorris]

It bugs me that they called themselves the "Security Innovation Center". Those of us in security have consistently advocated for the need to be able to work on devices in order to secure them. Most recently the Obama administration tried to push through regulations requiring manufacturers to "prevent the installation of OpenWRT and similar third-party firmware" on routers. We successfully argued that preventing firmware upgrades often prevents security fixes.

These jack asses do NOT represent security anything.

Re:Annoys me that the used the word "security"

[burtosis]

Just run it through the BS inverter:
Security Innovation Center" - Illegal Corporate Lock In Center
"Right to work" - Divide and Conquer
"Patriot Act" - Unconstitutional Removal of Privacy Act
etc...

Leave barn door open, blame cows for results

[rgriff59]

So the very tech industry actors that created the stage for the Mirai botnet think letting consumer take any control of those same actors' faulty devices will create significant new dangers? I think allowing those manufacturers any more unsupervised commercial activity is far more dangerous.

Okay

[c]

If you're arguing that consumers shouldn't be able to fix stuff "because security", then we presume that you're promising the stuff you sell actually is secure and that you're willing to accept 100% liability when things get hacked?

* crickets *

Well then, fuck you too.