New Tech Industry Lobbying Group Argues 'Right to Repair' Laws Endanger Consumers (securityledger.com) 146
chicksdaddy brings this report from Security Ledger:
The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers. The group released a survey last week warning of possible privacy and security risks should consumers have the right to repair their own devices. It counts powerful electronics and software industry organizations like CompTIA, CTIA, TechNet and the Consumer Technology Association as members... In an interview with The Security Ledger, Josh Zecher, the Executive Director of The Security Innovation Center, acknowledged that Security Innovation Center's main purpose is to push back on efforts to pass right to repair laws in the states.
He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks. Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves... Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety... "People say 'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."
He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks. Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves... Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety... "People say 'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."
Paging Richard Stallman... (Score:1)
The IT world needs your commentary, Mr. Stallman.
Re: (Score:3)
The IT world needs your commentary, Mr. Stallman.
Give him some time. He needs to wait for his cron job to finish. He surfs the internet as follows: [stallman.org]
"I usually fetch web pages from other sites by sending mail to a program (see https://git.savannah.gnu.org/g... [gnu.org]) that fetches them, much like wget, and then mails them back to me. Then I look at them using a web browser, unless it is easy to see the text in the HTML page directly. I usually try lynx first, then a graphical browser if the page needs it (using konqueror, which won't fetch from other sites in such
AKA Security Through Obscurity (Score:5, Insightful)
Re:AKA Security Through Obscurity (Score:4, Insightful)
I'm guessing the not-so-tech-savvy politicians will fall for that argument, especially since they'll get a lot of money to do so.
I'm guessing that the NSA is afraid that if we are allowed to open up the devices we own, we might find the "friend" that the NSA has planted in there.
Like and Intel Management Engine, for instance.
Re: (Score:1)
Re: (Score:2)
There is some of that, sure, but they actually have a point hidden in the doublespeak.
For instance, in the case of the touch sensors used by iPhones, they’re uniquely paired with the rest of the hardware via cryptographic keys, ensuring that if a bad actor ever tried to replace the sensor with one that would grant them unfettered access the rest of the iPhone would refuse to play along.
The problem, however, is that this trade organization is trying to suggest it’s an either-or problem when it is
Re: (Score:2)
YEAH! They endanger customers! (Score:3, Insightful)
Let's let the consumers decide (Score:5, Insightful)
If people want to accept some increased risk (which I don't believe exists) by using third party repair services, that's on them. If a company wants to warn their customers about the possibility of danger, that's as far as they should go.
Re:Let's let the consumers decide (Score:5, Informative)
I don't think you are following along with this subject (though mysteriously you are currently rated "Score:4 Insightful").
It sounds like you think that there is a movement afoot to pass laws to ban people from repairing their own property. That is the opposite of what is happening here. Businesses are trying to take away the ability to repair products through purchase contracts, designing products that can only be repaired by the manufacturer (there are various ways of doing this), and restricting access to spare parts. People are trying to get legislation passed to preserve the ability to repair products, which has up to now been assumed to exist.
The whole point is that corporations are trying to take away the ability of letting consumers decide.
Re: (Score:2)
The whole point is that corporations are trying to take away the ability of letting consumers decide.
Well, in the past you were mostly concerned with the quality of the repair and we've had that whole run with third party parts and uncertified labor. Unfortunately with a lot of modern gadgets it's not that it doesn't work, it's that it's also a Trojan horse. Like, whatever the customer wanted fixed is fixed, but it'll also steal all your private data or contain a backdoor to be controlled like a puppet. With digital signing it can empty your bank accounts and do serious damage. It's not just because they w
Re: (Score:1)
That "-1, Overrated" mod really should be replaced with "-1, I disagree but I got no arguments or facts to contradict you with so I'll just try to silence you". Ah well...
Re:Let's let the consumers decide (Score:5, Insightful)
You just repeated the nonsensical argument of the industry. I do think the "overrated" mod was appropriate.
Is it possible that a repair shop would install a Trojan horse on one of their customers' devices? I guess. Is it probable? No. Believe it or not, but not every technician is a criminal who wants to empty your bank account and then flee the country.
Do you also believe company should forbid people to change their hard drive and to reinstall the OS on their computer because they would end up being "controlled like a puppet?"
Re: (Score:2)
Do you also believe company should forbid people to change their hard drive and to reinstall the OS on their computer because they would end up being "controlled like a puppet?"
If you believe all the phone manufacturers and video game console manufacturers*** , then yes!
*** Actually, just about every consumer electronics company outside of the desktop computer market.
Re: (Score:2)
... I'll just try to silence you ...
Hyperbole.
I can see the post, so it's certainly not silenced.
Value judgement aside, moderation doesn't work the way you apparently think it does.
Re: (Score:1)
Except this is being used by John Deere to make it so only they can repair their tractors.
So, farmer John's tractor needs an oil change. He could do it for $80 for the oil and a filter, but NO - he has to call John Deere, so they can send a technician to do it for him. Sure, the oil change is only $120 (50% mark up), but the trip charge (farms tend to be isolated places, away from civilization). is another $240. So, yeah, now you're talking about an $80 oil change costing $360. Keep complaining about the co
Re: Let's let the consumers decide (Score:5, Insightful)
Re: (Score:2)
So don't trust any third party repair companies, but totally trust the first party manufacturers because reasons. They are no more trustworthy and they know it.
Re: (Score:3, Insightful)
Re: (Score:2)
Bought two Surface Books -- 3 year warranties -- with the full knowledge that warranty service means a clean unit is sent back to me. Hello Cloud. The detach feature on one of them borked, and it was seriously painless to restore my account when the replacement arrived. To me, this is far preferable to the hunk of iron that my Thinkpad was -- as much as I loved the TP's keyboard, it was serious shoulder strain. Pretty certain the Macbooks are equally not repairable.
Re: (Score:2)
I don't think you are following along with this subject
What? Of course he is. *you* appear to be the one not following along.
It sounds like you think that there is a movement afoot to pass laws to ban people from repairing their own property.
There is. From TFS: "The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers. "
A movement afoot to ban people form repairing their own property.
That is the opposite of what is happening here.
O really? From TFS: "The group released a survey last week warning of possible privacy and security risks should consumers have the right to repair their own devices."
Right there, "risks" should
Re: (Score:2)
Sounds standard for mission critical systems where hundreds or thousands of lives could be at stake. Don't like
boenig's exorbitant maintenance fees? Come to Bob's discount 787 repair.
Provided Bob is licenced (ie they've proved they really understand how to fix stuff properly) - there really isn't a problem.
Re:Let's let the consumers decide (Score:4, Interesting)
Let's let the consumers be the judge of what's a danger to themselves. People who try to go around making laws and rules for someone else's good tend to do a spectacularly poor job of it and generally cause just as much harm as good, even in the case where they're well-meaning instead of clearly under some ulterior motives as is the case here.
I totally 100% agree with you. However, I feel it necessary to point out that the logic being used by these industry trade groups boils down to "these are dangerous things which must be kept out of the wrong hands."
Coincidentally, or not coincidentally depending on how conspiracy-minded you are, that is the same argument used by gun control advocates.
Now the merits of the position can certainly be argued as to how they pertain to both smart electronics and also firearms. However, I would consider anyone that supports right-to-repair and gun control, or who opposes both, to be engaging in some sort of congnitive dissonance. People can either choose for themselves or they cannot.
Re:Let's let the consumers decide (Score:4, Insightful)
However, I feel it necessary to point out that the logic being used by these industry trade groups boils down to
This is a "Lobbying Group." And much like most such groups,
1) Claims to represent companies|people that it doesn't,
2) Chooses a name "Security Innovation Center," that is the polar opposite of it's actual intent,
3) And like most Lobying Groups exists soley to bring about specialist protectionist legislation that will screw over the most people for the least amount of money.
Re:Let's let the consumers decide (Score:4, Insightful)
Re: (Score:2)
Um, why the cognitive dissonance? A libertarian could easily oppose gun control and government regulation of what private corporations make, or someone could think guns dangerous enough to warrant regulations and want the ability to repair legislated, dismissing this claimed danger. Those are completely consistent viewpoints.
Re: (Score:3)
If, as these industry leaders say, these products are so dangerous, then liability for errors in their design needs to be written into law.
And especially for well known bad design errors such as common admin passwords, backdoors, and ports open by default to incoming connections.
At first I agreed that letting the consumers be the judge of what's a danger. There's no way a consumer can know about the internal design of these products, and it's probably illegal to try to find out anything if the manufacturer
Re: (Score:1)
Letting consumers be a judge of what's dangerous sounds good in theory, but people are generally not very knowledgable. See, tide pod challenge, stupid tech support questions, etc.
Look, we had like what? 50 years where people could get their VCR or TV repaired at some third party without problems.
They could easily have harmed themselves by trying to do so themselves. Mains current is dangerous and a CRT could give you a shock and a if you poke at the high voltage.
The idea that we shouldn't be allowed to repair or stuff wherever we want is stupid and people arguing for less ability to repair are either stupid or malicious.
Re: (Score:1)
What is next? If I breathe air and exhale carbon dioxide I can be blamed for contributing to global warming?
That argument HAS been made. Also if you fart. Especially if you're a cow.
No, really! They've passed laws (at least in California) requiring cow farts to be collected, rather than letting the methane (several times more3 greenhousey than CO2) be released into the atmosphere to cause global warming. Since it's not practical to build a machine to suck them out of the cows, cattle operations now hav
Re: (Score:1)
Or they could just add red seaweed to their feed [foodtank.com].
Re: (Score:2)
And so they're trying to fool with bovine genetics to get the farts out of the gene pool. No, really.
Fool with cow genetics, try to fix your washing machine. Which one is worse? We have a schematic for the freaking cow, but we can't get one for the washing machine.
That's a problem.
Re: (Score:1)
"Also if you fart. Especially if you're a cow."
It's the burps, not the farts that produce most of the methane
http://metro.co.uk/2017/03/25/... [metro.co.uk]
Security, privacy and safety? (Score:5, Insightful)
WTF? These "smart" devices already aren't secure, send your data to someone at a distant location, and don't always work as the manufacturer says they should. And these same people are worried someone might hack them?
What next? Making computers where the bits and pieces are welded on so one can't upgrade it?
Re: (Score:3)
What next? Making computers where the bits and pieces are welded on so one can't upgrade it?
Isn't that basically what Apple has been doing for years?
Re: (Score:2)
Welding? no of course not.
They gonna pot the whole thing.
Re: (Score:2)
Re: (Score:2)
There are other reasons to pot all the components, for example, stopping people from repairing your device by turning it into a solid chunk of resin.
Points for chutzpah anyway (Score:1)
Yeah, I sure would hate it if a hostile party had control of my device and was limiting its use and determining what I could do with it.
But I really like how their argument boils down to 'We screwed up the security, therefore you should trust us and only us.'
This is yet another reminder of why the IoT is a stupid idea. If your washing machine is even capable of identity fraud, you're doing something wrong.
Re: (Score:3)
If your washing machine is even capable of identity fraud, you're doing something wrong.
My robot has its own Facebook page and plans to hack the next election in the US.
It is also apparently fluent in Russian, because it chats Russian late at night.
Re: (Score:2)
Anything that can be used against government tyranny, such as guns and computers, are considered "arms" and therefore protected by the 2nd Amendment in the U.S. We have a right to bear and maintain these devices.
No. Firmware on your musket prevents you from loading anything but original brand mini-balls.
Re: (Score:1)
No. Firmware on your musket prevents you from loading anything but original brand mini-balls.
Quibble: They are Minié balls [wikipedia.org], named after their inventor, Claude-Étienne Minié. They are fired from muzzle loaded rifles. "Musket" usually refers to smooth bores.
Minié balls were used in America's worst mass shooting [wikipedia.org].
stop putting crap on the internet (Score:5, Insightful)
Problem number 1 is you stupid fucks decided to put Wifi in a washing machine. I have an older washing machine with a clockwork type timer control mechanism. I had the replace he timer about 6 months ago, took all of 15 minutes to repair. My washing machine doesn't need to be internet connected.
Re: (Score:3, Interesting)
Sadly, I used to work for one of the companies that made the clockwork timers in white goods. The big appliance companies have transitioned away from electromechanical. That's part of the reason I no longer work for that company. Their business dried up.
Now I am working as a repair tech on stuff that includes John Deere products....
Re: (Score:3)
Re: (Score:2)
Re:stop putting crap on the internet (Score:5, Interesting)
Well that's because electromechanical devices have a low failure rate. If they can't charge out the ass by forcing the customer to buy an entire new front-end array for half the cost of the washing machine it's really bad for the bottom line.
Now I am working as a repair tech on stuff that includes John Deere products....
Bet that's fun, most farmers around here dumped their Deere stuff a few years ago when they decided to be pricks over the farmers ability to control their equipment. You can pick up a 2yr old Deere tractor loaded to the gills for $20k but no-one is buying. On the other side of that, the price for Fendt and Deutz-Fahr have gone up around 30% and there's parts shortages.
Re: (Score:3)
Re:stop putting crap on the internet (Score:4, Insightful)
Electromechanical devices (with moving parts) fail more than a properly designed all-electronic control panel. Key phrase: properly designed.
Except for those millions of cases where they don't right? Ask yourself how many times you've heard from someone saying that their brand new electronic whatever has already failed in warranty, but their parents 30 year old whatever is still chugging along and hasn't stopped. Or you have some asshat of a company like Samsung that built their fridges to fail just outside of the warranty phase(all electronic bits fyi). Here's the thing, we're really good at making electromechanical devices that last long, and have low rates of failure. The relays and emr-switches that our company uses have a failure rate of 1:900k over 10 years. They have to handle wet, dry, humid, extreme heat/cold and keep going day in and day out.
I'll agree that some stuff has a higher failure rate, cars for example with non-electronic ignition had multiple points of failure and were prone for the simplest no-start problems mostly relating to the rotor. On the other side, for every $1k central console in car that fails and takes out the: radio, navigation, heater, signals, and so on. That 20 year old clunker next to you with all mechanical relays, wires, and switches is still going strong.
Re: (Score:2)
Laundry equipment is my favorite example of an expensive model being worse than the cheap base models. When I bought my set of laundry machines I got the $500 pair frankly because that was what I could afford. Right around the same time my Parents moved to a new house and my Father decided to splurge on a new $1000 washing machine. Within a few years the safety shutoff switch on the door of his washer failed because it had rusted apart. Then a couple years later the computerized controls failed and had to b
Re: (Score:2)
Haw many times do you think my parents replaced various parts in that 30 year old whatever?
Generally? Once. I'll give you an example, the fridge my parents have was made in 1973, it's now 2018. They've had to replace the thermostat in it once, that was back in 1994 or so. That's it.
You think the temperature sensor, timers, alternators, etc. in those things just last forever?
Generally? Those things do last forever. The average failure time on an alternator is around 12 years. Various engine sensors are built to last around 8-10 years. Doesn't mean there can be issues, for ones that have "rotational components" built into them like TPS and so on, or do duty in an extreme-heat environm
Re: (Score:1)
Bullshit. My ma's old Kenmore dryer lasted 30 yrs with only *one* service call -- for a worn-out belt that I could have changed myself. The electromechanical controls were still working just fine when she scrapped it in 2001. This is with normal use every other day for a household of five.
Re: (Score:2)
But the source (Score:1)
A group representing electronics manufacturers, who stand to gain financially by controlling access to their devices, argues that granting consumers access to a device they bought is "dangerous" to them and to everyone. Right. Don't for a second believe these folks have anyone's interests at heart but their own - the laws of corporation actually strongly discourage executive officers from arguing otherwise.
Annoys me that the used the word "security" (Score:5, Insightful)
It bugs me that they called themselves the "Security Innovation Center". Those of us in security have consistently advocated for the need to be able to work on devices in order to secure them. Most recently the Obama administration tried to push through regulations requiring manufacturers to "prevent the installation of OpenWRT and similar third-party firmware" on routers. We successfully argued that preventing firmware upgrades often prevents security fixes.
These jack asses do NOT represent security anything.
Re:Annoys me that the used the word "security" (Score:5, Insightful)
Security Innovation Center" - Illegal Corporate Lock In Center
"Right to work" - Divide and Conquer
"Patriot Act" - Unconstitutional Removal of Privacy Act
etc...
Oh, the horror! (Score:2)
"He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks."
Translation: most dhttps://it.slashdot.org/story/18/02/24/1939255/new-tech-industry-lobbying-group-argues-right-to-repair-laws-endanger-consumers#evices are routers.
Oh, the horror if people find that out!
Repair parts as dangerous as guns? (Score:1)
This is all just absurd. The right to repair does not empower hackers. The availability of repair parts doesn't threaten people's safety. Guns can be used to threaten someone but there is no chance of us restricting them but repair parts now they are just criminal you might save a few dollars by repairing rather than replacing saving your family from financial ruin and heck even prevent greater tragedy. But let's criminalize repairing your own device violating the doctrine of first sale while putting more g
Leave barn door open, blame cows for results (Score:5, Insightful)
What they are really afraid of (Score:2)
They don't want customers fixing any of the "SMART" malware they purchased to no longer endanger their privacy, security, artificially limit capabilities or restrict choice.
Lost malware = lost revenue
Okay (Score:5, Insightful)
If you're arguing that consumers shouldn't be able to fix stuff "because security", then we presume that you're promising the stuff you sell actually is secure and that you're willing to accept 100% liability when things get hacked?
* crickets *
Well then, fuck you too.
Re: (Score:1)
Their tact is that since their product will be 'locked down' we will not have the ability to even determine if the security is at fault. They want black boxes everywhere that absolve them of blame.
Re: (Score:2)
Missing from the tool's quote (Score:2)
"Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves."
"That's our job."
Then why do they churn out abandonhardware? (Score:3)
Re: (Score:2)
I don't understand making objects smart suddenly makes their useful lives shorter than a gerbil's.
Because it makes it makes planned obsolescence easier. People are often willing to buy again every few years in order to get something incrementally better. Also, the appliances in question are often small and easy to get rid of.
Re: (Score:2)
Not everything needs to be computer controlled.
Absolutely. My new computer controlled, energy & water conserving, "kind to clothes" machine sucks in ways you can't even imagine.
Easy Fix (Score:2)
There is an easy fix to the "Tech Group's" fallacious "survey" concerns about devices connected to the internet: just don't buy devices connected to the internet that don't need connecting to the internet. My fridge, my stove, my vacuum, my washer, my drier, my water heater, my breaker box, my...
Besides, those are not really what the issue is about. The issue stems from third parties, including users, not being able to repair their cars, trucks and tractors. I certainly do NOT need my tractors connected to
What they don't want ... (Score:2)
What a load (Score:2)
That has to be the worst excuse I have ever heard. I sincerely hope someone superglues their ass cheeks together in their sleep so they will stop spewing so much shit.
I find it interesting, (Score:2)
that many of the people who are pushing back against right-to-repair legislation and sentiments, are the same ones who are pushing STEM education and mandatory comp sci courses in high school. Do they really think that having greater numbers of technically skilled citizens won't result in a much bigger, more knowledgeable, and more effective push for right-to-repair? I rather think the swelling ranks of the tech savvy will insist on using their hard-won skills on their own behalf to repair, manage, and con
Online Petitions? Counter arguments? (Score:2)
How do people who are not shilling for major corporations with nothing but a profit motive band together to address silly-assed arguments like this?
Are there groups that won't be merely waved off as a bunch of insignificant cranks because they don't have lobbyists?
EFF? Are they chiming in on this?
EFF: Defend Your Right to Repair! (Score:2)
EFF? Are they chiming in on this?
Yes. Electronic Frontier Foundation does in fact have an issue page about right to repair [eff.org].
I call that (Score:2)
Just my 2 cents
The Rise of the Industry Tool... (Score:2)
Hire someone to say Fucking Anything remotely coherent, put it on facebook, and people think it's the motherfucking Gospel.
As long as there's a way to program the original device, someone will eventually hack it.
They should be held responsible for security (Score:3)
Since the devices might outlive the companies that sold them, all such devices must carry insurance, premium paid by the manufacturer, to make good on any damage they might cause.
Only when there is an actual cost that affects their bottom line these guys will take security seriously. Forcing them to buy liability insurance will make some one look at the devices and assess the security.
Those evil washing machines (Score:1)
Wel I for one was unaware the Mirai botnet was caused by consumers repairing their washing machines, we live and learn..........
How about (Score:2)
I can repair a present day smartphone as long as I can get the parts for it.
But that's another thing. How long does the right to repair enforce availability of all of the parts in that smartphone. 10 years? 25? forever?
Modular or component level repair?
What level of acumen is the baseline user? Someone like me, who has operated on chips themselves, or Grandma who has never dissasembled anyth
Re: (Score:2)
Let's take an example of a small computing device like the Raspberry Pi. Let's also assume it meets that 50 dollar limit. So in making it repairable by the consumer, the manufacturer would need to make certain that a stockpile of parts were on hand. This is a problem that manufacturers have today with device design. There are some venerable semiconducter component
Fear mongering (Score:2)
It's what politicians and lobbyists do. Unfortunately our society is very susceptible to it. Maybe better education can make our country less susceptible to it. But with the way present-day politicians are slashing educational budgets, it doesn't look encouraging.
Slanted poll? (Score:2)
So if they had asked me: What do you value most:
In any case, I'm not trying to fix or
When did the The Security Innovation Center... (Score:2)
...speak out against Best Buy?
"Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves"
How is it any different than Best Buy dumping people's computer and phone contents onto their own systems?
Why didn't they go to Congress and yell, "They can't be trusted to repair stuff anymore!"
You're automatically guilty until proven... (Score:2)
...innocent kind of belief they're going with there. Always the same boring, and mindbogglingly stupid argument:
"Those kinds of products in the wrong hands can be used to do bad things."
It would be the same as accusing the other 99% of actual product owners who just want to modify/optimize/better/repair and fix their own stuff to save a few buck, not to mention saving the entire planet - of being the criminals.
And if you own a product - YOU OWN IT! What part is there not to understand? Of course you can't d
Right to Repair? More Like the Right to Phase Out! (Score:2)
It looks more and more to me like the "Industry" is trying to get things set so that they have all the rights, and final users do not. Mostly, this takes the form of "providing a service" over actual ownership a device.
If you Own it, you have every right to try and fix it, should it fail, or behave erratically. This allows you to get your monies' worth out of the darned thing, before having to buy a whole new one.
Should it be designated as a Service, then the service provider has the lions' share of the rig
Re: (Score:2)
Stop selling knives!!! (Score:1)
We shoud buy our food allready cut, because... "Those kinds of products in the wrong hands can be used to do bad things."
Really?!