Biden Sets Up Tech Showdown With 'Right-to-Repair' Rules for FTC (yahoo.com) 65
President Joe Biden will direct the U.S. Federal Trade Commission to draft new rules aimed at stopping manufacturers from limiting consumers' ability to repair products at independent shops or on their own, Bloomberg reported Tuesday, citing a person familiar with the plan. From the report: While the agency will ultimately decide the size and scope of the order, the presidential right-to-repair directive is expected to mention mobile phone manufacturers and Department of Defense contractors as possible areas for regulation. Tech companies including Apple and Microsoft have imposed limits on who can repair broken consumer electronics like game consoles and mobile phones, which consumer advocates say increases repair costs. The order is also expected to benefit farmers, who face expensive repair costs from tractor manufacturers who use proprietary repair tools, software, and diagnostics to prevent third-parties from working on the equipment, according to the person, who requested anonymity to discuss the action ahead of its official announcement.
Biden will fold the adminiostration is (Score:1)
Re: (Score:2)
loaded with ex Big Tech exec's paying their previous and future employers forward.
Ya, I'm sure Biden can't wait to get out of the White House and start working at an Apple "Genius Bar". :-)
Re:Biden will fold the administration is (Score:1)
loaded with ex Big Tech exec's paying their previous and future employers forward.
Ya, I'm sure Biden can't wait to get out of the White House and start working at an Apple "Genius Bar". :-)
That's not really how it works. Somebody gave Biden a job that he didn't have to show up to:
https://www.inquirer.com/news/... [inquirer.com]
"Joe Biden didn’t teach regular classes or have a defined role at Penn, but the school was likely paying him for something else, experts said: the prestige of associating with a former vice president and global figure."
"What did the University of Pennsylvania get for the more than $900,000 it has paid Joe Biden?
The former vice president collected $371,159 in 2017 plus $540,484
Re: (Score:2)
That's not really how it works. Somebody gave Biden a job that he didn't have to show up to (in normal English usage would I would insert a three dot ellipsis here to indicate omitted text, but Slashdot is stupid) This is pretty common and probably on both sides of the political spectrum.
Yup. Completely normal for ex-presidents / premiers / governors / senators / lords et al. in most western countries and across all political stripes.
Often they will be appointed to the boards of multiple corporations or trusts where they do equally little work for the money.
cheap at twice the price [Re:Biden will fold t...] (Score:2)
"What did the University of Pennsylvania get for the more than $900,000 it has paid Joe Biden? The former vice president collected $371,159 in 2017 plus $540,484 in 2018 and early 2019 for a vaguely defined role that involved no regular classes and around a dozen public appearances on campus, mostly in big, ticketed events."
Uh, politicians of his level typically get $200,000 and up for a speech, If Penn paid him $900,000 for 12 appearances, Penn was paying under half the going rate.
Former presidents ask a lot more, of course: https://www.thoughtco.com/form... [thoughtco.com] . Trump charges $1.5 million per speech. [go.com]
Re: cheap at twice the price [Re:Biden will fold t (Score:2)
He was on the payroll with a fake job. Itâ(TM)s actually quite different.
Re: (Score:2)
He was on the payroll with a fake job. Itâ(TM)s actually quite different.
He was on the payroll giving speeches. That is not "quite different", that is what most national level politicians do after leaving office,
Re: Biden will fold the adminiostration is (Score:2)
Re: (Score:2)
If just the DoD said they weren't buying anything (Score:5, Interesting)
...without a minimal level or repair-ability or support for 3rd party repairers that could end a lot of the resistance right there.
Re: (Score:2)
Dead right!
Among other additional USAF duties I was an equipment custodian and getting aircraft test equipment repaired in a timely manner was and remains a monster asspain.
While programs supporting local repair like Gold Flag are a start the DoD should demand ALL the IP for everything it buys and the right to both locally repair and contract other repair facilities as a condition of purchase.
Big words. . . lack of action. (Score:1)
I expect this to be another round of theater to keep people chomping at the bit, but in the end it will be utterly toothless much like any other move against the tech-bros or larger businesses in general. Right to repair is dead and gone as long as money is the only motivator in the USA. And the last few decades have shown, beyond all doubt, that the money is the ONLY thing that matters. It's more important than right to repair. It's more important than fair use. It's more important than physical or me
Re: (Score:3)
You Americans should get yourselves a better type of government. One that is for the people and by the people would be a good start.
Re:Big words. . . lack of action. (Score:5, Interesting)
I just read Alaska is doing two new to Alaska things for voting that will effect the midterms. First, they are opening up all primaries, so you don't have to be of a party to support a candidate. Second, they are going to do ranked voting. The top 4 candidates to start.
Maine has the ranked voting and it has resulted in more moderates in both parties. If this works well for Alaska, maybe more and more states will get on board. This could really help get people voting for issues their candidate supports rather then what party they happen to be in.
It shows there is a glimmer of hope our country could maybe hang on to democracy and avoid another civil war.
Horray for AK [Re:Big words. . . lack of action.] (Score:2)
I just read Alaska is doing two new to Alaska things for voting that will effect the midterms. ...Second, they are going to do ranked voting. The top 4 candidates to start.
Horray for them.
Approval voting [electionscience.org] would be better --if nothing else, it makes vote counting easy (the counting method is unchanged from the current method)-- but the current "largest plurality wins" method fails badly if there are more than two candidates, and is one of the biggest contributors to the current polarization. Almost anything else would be an improvement.
Re: (Score:2)
--
Re: (Score:3)
All fine and dandy, but it's not the biggest problem. We'll continue to fail until we get the money out of politics. We need SCOTUS to back off on their idiotic ruling in Citizens United, or we need Congress to pass a new law. I don't see either of them happening anytime soon.
Re: (Score:2)
...it has resulted in more moderates in both parties.
Both parties? Why can America not have 6 parties, or 8 parties?
Re: (Score:2)
Because we don't have ranked voting? I'm forced to vote D or R because most of our voting is first past the post, winner take all. If we could all put our preferred candidate first and then a D or R further down the list, it would really shake things up a bit.
At least one would hope so. I still think most people party vote so they don't have to think.
Re:Five reasons why right to repair won't pass (Score:5, Insightful)
1: DMCA/WIPO. Right to repair goes against that, and no matter what Biden states, going against a passed law is not going to anyone nowhere. Right repair violates DRM protection, so trying to get that pass just isn't going to happen. Components like the Secure Enclave parts are matched and signed for a reason, and replacing them with no-name items just means the entire device's integrity is compromised. As an example, you could repair a DVD player that has stopped playing disks but it wouldn't be legal to disable the DRM circuits or repair it if it failed. You could possibly replace the complete circuit though if the player was designed in such a way that that is a possibility.
It is easy enough to include a clause that the RTR doesn't invalidate DRM so if a part in a device is responsible for DRM the RTR rules don't apply to that part. The rest of the device would be subject to the RTR though.
3: Right to repair just opens the door for more tech lawsuits, when someone tries fixing something, punctures a battery, starts a fire.
I'm sure it could lead to more lawsuits in the short term but I doubt in the long term that those lawsuits would hold much water. If you are incompetent and can't safely remove the battery then you shouldn't be trying to repair the device and instead get someone that is competent to do the repair.
4: Most people do not have the engineering skills to reball, rebase and handle chip repair, or even pry off a battery on a board without puncturing it. What will happen is that someone clobbers their phone.
Most people don't have the skills to fix their own cars either. What happens when they clobber their cars?
5: This will disrupt communication. Someone screws up a cellphone, and it can disrupt things in that entire region. So, right to repair is already blocked by the FCC.
This may be theoretically possible but you would be hard pressed to find a real world example where fixing a cell phone disrupted the whole cell network.
Re:Five reasons why right to repair won't pass (Score:4, Insightful)
1. The DMCA claim is a non-issue. Things like secure enclaves and other issues can be solved by chain of custody, a concept which is already pretty well understood in any data recovery context. Companies like Apple are large enough to have warranty lookups, they can easily create a form to give owners a way of authorizing a repair, or they could be required to do it themselves (instead of throwing away the whole unit as they do now).
2. Broken window fallacy has been used in economic contexts many times, but what makes this one any better than the others? If some uncareful neighbor kid breaks your window, you should be forced to buy a new plot of land. Why do you hate the economy?
3. The amount of damage and risk to devices having "no user serviceable components" has exclusively gone up since their batteries are internal and not user replaceable. It is more expensive to do a responsible serviceable battery design, but this cost saving measure hasn't manifested in lower costs for complete devices.
4. Chip repair isn't a common problem, although it's quite difficult and there's a risk of breaking other components. The other components are simply thrown away in the "throw-away" repair model though. More common are wire failures, fuses, caps and general corrosion. Those problems are absolutely fixable by hobbyists, especially for common devices where you can find a howto by someone more experienced. See the Xbox clock cap fix guide: https://www.youtube.com/watch?... [youtube.com] Would microsoft do that for you, or suggest you should just buy a new always-online subscription box (that's not in stock)?
5. The software controlling your LTE "modem" is undocumented, not open source, and there's no open source alternative available. Nothing in RTR requires these problems to be fixed, only that replacements are available.
It's high time some laws challenged or limited overly abusive policies created by the DMCA. It's a law, not the corporation bill of rights, and if these corps are abusing its mistakes, the case for having it curtailed or limited is obvious.
Re: (Score:2)
There's a big load of FUD there. Many people don't have the skills to repair electrical wiring, plumbing, or their car but because the parts are easily available they have a wide variety of professionals they can hire to do it for them.
People can repair their car or their lawnmower, yet the manufacturers aren't on the hook if they screw up and get injured. Even if they puncture their gas tank next to their gas water heater.
Replacing the glass or LCD on your phone doesn't circumvent DRM. Doing that would req
Re: (Score:2)
Yeah. Right-to-repair was the default in the past. Anyone (having enough skill) could repair a TV or a radio. It used to be the same with cars, but I do not like the trend, so I drive a car that can be repaired by anyone.
Re: (Score:2)
And it still is the same with cars, no?
Re: (Score:2)
It is for older cars, but newer ones have some limits on what an "unauthorized" mechanic can do. Someone I know changed tires on his car and had to to to the dealer to reset something. Tesla also looks like it tries to prevent "unauthorized" mechanics from repairing cars made by them.
Re: (Score:2)
I suspect the actual issue is that BMW cut way too many corners and didn't design the ECU appropriately for it's operating conditions. It's not in safe mode, it's crippled because it didn't correctly save operating parameters to flash or EEPROM.
Not sure I care about custom DOD devices (Score:3, Interesting)
What we should care about is the repair of farm tractors(John Deere) and cars(Tesla). "Rich Rebuilds" has been denied many parts to the Tesla cars he tries to repair. Even denied a repaired car from the super charngin network. Tesla says the repair of an electric car is WAY too dangerous for a mortal. Tesla thinks all tesla cars should be replaced when any repair is over $500 LOL
Re: (Score:3)
But more seriously, it's not just Tesla. Try getting updated firmware for _any_ modern vehicle component other than from a manufacturer approved ($$$) service center.
Re: Not sure I care about custom DOD devices (Score:2)
Why limit it?
"All sold goods must by easy to repair." Period.
No qualifiers. No nothing.
The only exception I can think of are naturally perishable things, like food. Can't repair a rotting egg.
Re: (Score:2)
Why limit it?
"All sold goods must by easy to repair." Period.
No qualifiers. No nothing.
Nice in theory, and then you have to back it up legally. So, define "easy to repair"...it's too vague and would be tossed from every court in the country.
Good (Score:3)
I hope they come down hard on Sacramento, CA [jalopnik.com].
Right to repair for secured hardware (Score:2)
Allowing everyone to repair a high security device usually equates to lowering its security. Can't hack a passcode on this nuclear detonator? Just follow the right-to-repair "reset passcode" procedure, manufacturer cannot put anything in there to stop you. Cannot stop you from flashing your own firmware means private keys required to sign said firmware have to become public knowledge, nullifying the security of signing the firmware completely. How long before US adversaries get a hold of DOD repair manuals
Re: (Score:2)
Allowing everyone to repair a high security device usually equates to lowering its security. Can't hack a passcode on this nuclear detonator? Just follow the right-to-repair "reset passcode" procedure, manufacturer cannot put anything in there to stop you.
Wow. I want to write that story!!!
Re: Right to repair for secured hardware (Score:3, Interesting)
Bullshit.
A physical lock can be fully repaired without being less secure.
The screws just are on the inside of the door.
A padlock, as another example, has its screw down the hole that the shackle goes in when closed.
The same principles apply to any device.
Just have a damn case lock. Yes, on smartphones too.
Re: (Score:2)
Ok, now apply your principle to signing updated on the phone. What is the analogy there for the screw on the inside?
Anyone with physical access to the above lock can compromise it. Cyber security scope goes way beyond that. Even if you have physical access to a device (e.g. a lost or stolen iPhone), you still should not be able to get access to its data (unlike your physical lock example, if I steal the safe and have it in my lab, I can force it open).
Re: (Score:2)
Even if you have physical access to a device (e.g. a lost or stolen iPhone), you still should not be able to get access to its data
You need look no further (for example) than FIPS 140-2 (formerly) Level 4.
For RTR, if a device needs to be repaired and is not pre-authorised by the owner (by setting a repair passcode or some other authoriser/authenticator), then the data can be wiped clean when it is repaired.
Data protection and device repair are neither mutually exclusive nor inextricably linked.
Re: (Score:2)
Banks are already using XP. Whoever has you on their payroll is definitely not getting good value for their trolling dollar.
Re: (Score:2)
That just means the device is poorly designed in the first place...
In your example, the keys should be generated and controlled by the owner of the device not the manufacturer. As only the owner of the device would know the private keys, security would actually be stronger since you'd be far less susceptible to a supply chain attack where the manufacturer got breached.
Old software only becomes a security risk because the developer stops maintaining it. The device itself is not, and most of those old devices
Re: (Score:2)
That just means the device is poorly designed in the first place...
In your example, the keys should be generated and controlled by the owner of the device not the manufacturer.
Ok, I'll bite. So when you buy an iPhone, Apple gives you a private key which you must use to sign any all updates to your phone. Lose that key, no more updates for you? Or is that key built into the iPhone, therefore any update will just self sign and apply? If the latter, you basically threw out the benefit of signing updates. If the prior, now there is a manufacturer wet dream, every time you lose your private key, you have to buy a new iPhone and throw the old one away. I'm not even going to begin going
Re: (Score:2)
So when you buy an iPhone, Apple gives you a private key which you must use to sign any all updates to your phone.
Apple gives me a private key that I can use, but also makes it so that I can install updates signed with Apple's own private key. It does not have to be one or the other. If I want to use a specific version of the firmware or modify it, I can use my own key to sign and install it.
Creating new software releases, especially when the underlying kernel changes (most open source does not support the old kernel for decades) costs a huge amount of money. IIRC it was Samsung who tried once selling a $10 a year subscription to finance supporting their phones beyond the original support period, almost nobody signed up.
And yet, I can use a 10 year old or older PC no problem. It's slower, of course, but I can run the latest version of lubuntu or maybe even Windows (though that would be really slow). Or, I could use an older version of Windows.
I ha
Re: (Score:2)
Take the example of a Linux distribution...
You install the system, and during installation you can choose to encrypt the drive. When you do so, you create your own keys and are encouraged to back them up. Only you have these keys, and you should not share them with anyone.
When you download updates, the updates are still signed by the distribution, and you can still use their public key to verify that the updates genuinely come from the distributor before you install them.
If someone steals the device and boo
Re: (Score:2)
Cannot stop you from flashing your own firmware means private keys required to sign said firmware have to become public knowledge, nullifying the security of signing the firmware completely.
While I would prefer to be able to flash any firmware to a device that I own (and have physical access to), the signature requirement can be right-to-repair compliant, as long as I can either download the firmware from the manufacturer or buy a MCU that has the firmware already flashed to it, then I would be able to repair a device with a broken MCU.
There could also be a limited list of what is exempt from right-to-repair rules, for example, bank card readers. However, because there are some specific device
Re: (Score:2)
Systems are secured as a whole, so for example an MCU may be already "paired up" with storage, or memory, or security coprocessor, or even the screen. That means that you have to change them out all at once. I suspect nobody would care to fix iPhones if you had to replace an entire motherboard and peripherals for same or more money than a new device, just so you can reuse the mechanical enclosure.
As far as what you'd consider sensitive devices, your phone contains much more sensitive information than your b
Re: (Score:2)
Your smart TV is connected to your network.
No, it's not. But even if it was, for someone to tamper with it, they would have to already have broken into my home. In that case I have bigger problems than somebody reflashing the firmware on my TV.
I specifically mentioned physical access to do this. Yes, if anyone could just do it over the internet, it would be bad, but using ICSP or similar should be OK.
your phone contains much more sensitive information than your banking card
Not really, well, I do not store embarrassing pictures on it, so, somebody with my bank card could cause me more loss. And if my phone gets stolen, I'l
Re: (Score:2)
If Tesla allowed people to flash their own firmware to do that, they could be held liable. This is why they don't.
Where do you get this bullshit from? No, no, no.
Re: (Score:2)
Define "high security device": I have serviced high security padlocks before, be it rekeying, cleaning them out, replacing various key components (cores, shackles, actuators), changed combinations, installed, and removed locks from service. Some "high security devices" like S&G or Dorma Kaba safe locks have very good instructions on how to keep them maintained. More common locks like Best, American PacLock, or even commercial grade Master are openable with a hex wrench or a screwdriver and are easily
Re: (Score:2)
How long before US adversaries get a hold of DOD repair manuals and things such as private keys required to repair/replace components or sign their own firmwares to inject into the right supply chains.
Sorry, no. First off, the DoD can get any repair manual they contract equipment for...it the standard way of doing contractual business (37 year defense contractor here). And even if they couldn't, what makes you think your "US adversaries" couldn't get them from the OEMs just as easily?
Alternatively... (Score:4, Interesting)
Re: Alternatively... (Score:1)
For an interesting and amusing* exploration of what happens if you invent the perfect product that never wears out, you should watch The Man In The White Suit.
https://en.wikipedia.org/wiki/... [wikipedia.org]
* that is, if you like your humour dated and British...
DOD? (Score:1)
Wow. Imagine your massive battleship shutting down because you replaxed a button.
Joe will get right on that after his ice cream (Score:2)
https://twitchy.com/samj-3930/... [twitchy.com]
Right To Repair Online Video Game Servers! (Score:1)