New group, Securepairs.org, aims to counter industry claims repair undermines security
I help represent the Right to Repair campaign across the country, which promotes a simple, common sense proposition: when you buy something, you should be able to fix it yourself, and not have to take it to the company that made the product or its authorized repairers.
In many places, industry representatives, speaking for the manufacturers, say it’s a cybersecurity issue. If we let consumers or independent repair techs access tech manuals, diagnostic software or firmware patches it will mean the loss of security of our electronics … or so the claims go.
It turns out that the who’s who of cyber-security experts disagree with these industry claims, and believe a more open repair market improves security.
The group of more than 20 cyber security professionals who support this premise includes some of the most regarded names in information security. Among them: Bruce Schneier of IBM and Harvard University, an author and globally recognized expert in cryptography; Gary McGraw, the computer scientist and author of 12 books on software security; pioneering vulnerability disclosure expert Katie Moussouris of Luta Security; Chris Wysopal, Chief Technology Officer at Veracode, Joe Grand (aka “Kingpin”) of Grand Idea Studio and Dan Geer, the Chief Information Security Officer of In-Q-Tel, a non-profit, venture arm of the CIA.
“As cyber security professionals, we have a responsibility to provide accurate information and reliable advice to lawmakers who are considering Right to Repair laws,” said Grand, a hardware hacker and embedded systems security expert.
Now, to correct one-sided information from manufacturers, journalist Paul Roberts has created Securepairs.org.
“False and misleading information about the cyber risks of repair is being directed at state legislators who are considering right to repair laws,” said Roberts, who is editor-in-chief at The Security Ledger, an independent cyber security blog. “Securepairs.org is a voice of reason that will provide policy makers with accurate information about the security problems plaguing connected devices. We will make the case that right to repair laws will bring about a more secure, not less secure future.”
For my part, I'm grateful the real experts are standing up, and setting the record straight: There is no cyber threat from repair.
Just let us fix our stuff.