The Security Innovation Center is a lobbying group backed by CompTIA, CTIA, TechNet and the Consumer Technology Association for the express purpose of fighting laws that would legalize repairing your own property, or choosing to have it repaired by third parties.
The group released a push-poll that showed that people were (quite rightly) concerned about malicious software and defective products, with the nonsensical conclusion that this means that states should not pass "right to repair" legislation that ensures that Americans can fix their own tools, or choose to take them to independent repair shops for service.
The group's spokesman warned of a hypothetical risk of third parties introducing defects during service, citing attacks like the Mirai worm -- but Mirai spread because manufacturers sold defective products, and not because independent service centers introduced defects to these products after they were sold.
The group also supports a ban on reporting defects in products, arguing that manufacturers should be allowed to censor security researchers who discover dangerous flaws that expose their customers to risk.
Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety.
“Product owners should continue to have multiple options to repair their products. That is what iFixIt does,” Zecher wrote in an email, mentioning the popular self-repair website. “However, changes to a product should not compromise the privacy, security and physical safety of individuals and businesses.”
Zecher warned, for example, that stalkers could commandeer smart home devices to spy on occupants by taking advantage of open platforms like those proposed by Right to Repair laws. “Many of the bills don’t exclude security functions from diagnostic information,” Zecher said, noting the requirement under many right to repair laws that manufacturers make diagnostic information from devices available to owners. “That could allow a reset of security related functions, or you could have security data lost via mishandling.”
The group’s concerns extend to public disclosure of software vulnerabilities, as well. “In our principles on our website we explain that ‘the public disclosure of information about product alterations should be weighed against the public interest of choice, consumer security, privacy and intellectual property protection,'” Zecher wrote.
Consumers, he said, are less fearful of expensive vendor lock-in than of having their information stolen from connected devices.
Updated: A New Lobbying Group is fighting Right to Repair Laws [Paul/Security Ledger]
(Image: Security Innovation Center)