There’s been a lot of talk around right to repair legislation so far this year, in both the US and Europe. And recently, Biden signed an order to have the FTC begin reviewing unnecessarily restrictive repair policies.
One of the main points I’ve seen people make against the order (besides John Deere yelling about tractor safety issues ) is with regards to security. Thus far these repair restrictions have generally meant more limited access to things like device parts and manuals, and sometimes even software. But those things are likely to become more readily available now, and easy access to that info could pose risks for various devices, including cars.
People in the healthcare industry seem to have similar concerns, especially since we’ve already seen instances of people exploiting vulnerabilities in IoT medical devices. There’s also the issue of whether more third party repair services will lead to an increase in personal data breaches.
On the other hand, these repair restrictions have been used historically to hinder or outright block security research. In many cases security researchers have had to obtain prior permission when using devices for research purposes, and that’s just not always feasible. Having those restrictions lifted could help teams expand their research and make bigger strides in security technology.
So, what do you guys think? I’d be interested in hearing your thoughts on whether these updates will be an overall positive for the industry, especially for things like security research.