‘Right to Repair’ Laws Will Break Innovation and Security
By Dan Savickas
Technology repairs are never fun. In most cases, the average DIYer doesn’t know what’s going on in the first place. Then, finding a trustworthy repair shop with the time and ability to fix the issue is another process in and of itself. State governments say they are trying to make it easier with “Right to Repair” laws. Unfortunately, this is not what’s happening. In fact, these so-called “Right to Repair” laws will create a new host of issues for consumers and businesses.
These proposals (with some small variations across different states) would implement a number of new requirements on device manufacturers. The first would require them to sell any tools, documentation, or parts that would be used during repairs. More importantly, the rules would mandate the companies provide disabling of any security locks upon requests from third-party repair shops.
The first set of requirements would violate manufacturers’ rights as companies in the free market. The tools and parts required for certain repairs are rightfully the property of the company who made them. In some instances, they have proprietary information that they need not legally share with anyone outside of the company. Further, sharing this information would not go towards solving the problems “Right to Repair” is trying to solve.
Additionally, companies have the right to negotiate and contract with whomever they please. Compulsory contracts severely inhibit their ability to come to an agreement. If manufacturers are forced to sell their parts, documents, and tools to repair shops, there is no recourse if the terms of the deal are unreasonable in any way. Part of any free and fair negotiation process is the ability for both parties to walk away if their needs aren’t being met. The compulsion in “Right to Repair” laws would eliminate that ability.
Perhaps most concerning, though, are the security implications of these proposals. Making any refusal to cooperate with a third-party repair shop presumptively illegal, lawmakers are opening a cybersecurity Pandora’s box. Manufacturers would have to justify trying to secure their devices and their customers under threat of protracted lawsuits and further legal action from the government. With cyber threats becoming more sophisticated, this is hardly the precedent lawmakers should be setting.
These new laws would apply to anything with an IP address. This includes less-thought-of devices like video cameras, carbon monoxide detectors, or fire alarms. Requiring manufacturers to release software or security patches to these devices – among a host of others – would create many security concerns. Giving potentially malicious actors access to this kind of information on such a wide array of devices is asking for trouble.
There is a reason manufacturers play so close to the vest with this type of information. It might be easy for lawmakers to sell it as corporate greed, but the consequences of over-simplifying this are too great. “Right to Repair” laws would not make breaking a laptop any less miserable, but might ensure that there are a host of other technological issues with which consumers will have to contend.
Published on March 29, 2023Original Publication