Rebutting the Claim that Right To Repair Undermines Security

In their testimony before the Massachusetts Legislature on a bill similar to New York’s S. 618-C, experts from the Harvard Berkman Klein Center for Internet and Society testified that “Right to Repair” improves security in some critical ways: 

1) Security that depends on no one understanding how things work is a faulty model.

“Opening the Right to Repair to third parties and device owners will have the overall effect of enhancing security, rather than compromising it … if the security of a product relies only on nobody knowing how it works, then it is much less likely to be effective. This is known as “Security through obscurity”, and this concept is key to motivating more transparency in the implementation of security in the systems upon which our lives and society rely.

2) Transparency help to fix flaws. 

“… the more transparent a system’s design is, the higher quality it can become, since it can be reviewed and audited by third parties, and proactively improved.”

3) More user control helps identify weak links in complicated systems, like those of hospitals or governments. 

“We must consider the economic, emotional and physical toll that not being in control of the tools we use, and being made vulnerable to their malfunction, or third-party abuse of them, can take. Further, while device manufacturers may be able to offer state-of-the-art security for their latest models, devices rarely operate in isolation. Any system is only secure as its weakest link.”

4) Repair helps improve security for older products. 

“The true key to security in a connected age is keeping a device updated, patched with the latest fixes, for the full lifespan of the device. When device manufacturers discontinue support for devices, either through planned obsolescence or because the company ceases to exist, this creates critical security holes that require third-party involvement. While there is little profit motive in this, it is essential that it happens, whether by legal requirement, or communities of willing users.”

Testimony from Rachel Kalmar and Nathanial Freitas. The full version of the testimony is avilable here.