blastermaster555 t1_j26jaou wrote
Reply to comment by Guffawker in New York breaks the right to repair bill as it’s signed into law | The bill was signed by NY governor Kathy Hochul on December 28th, making New York the first US state to broadly protect a consumer’s right to repair their own tech. by chrisdh79
Every theft is a chance to get caught.
I understand the separation, but the way the post was worded, it sounded like advocating for being able to unlock locked devices, which means getting access to user data.
Before the device locking (device tied to account, requires unlock), phone theft was more profitable, because tossing the sim card and resetting it was trivial. Now that we have stolen phone databases (carriers refuse phone on the network when stolen), device sign in requirements (phone serial attached to account and required to unlock), and on device encryption, now we have a different problem.
From what I understand via RtR, the problem is not this, but being able to connect replacement parts that are serialized for security reasons. It is a security risk to have a bugged part paired such as a touchscreen or print reader that can easily have an extra chip used to steal customer info. The problem that it clashes with RtR is with manufacturers not providing a way to put official parts on yourself (such as re-pairing these serialized parts with the device).
Guffawker t1_j26swiw wrote
Yes, but getting caught is not a deterrent to theft. If it was....people wouldn't steal. The people that steal do it because the risk of getting caught is worth the return. That doesn't change just because a device is locked. Phones are easy to steal. So it will always happen. Even with increases in security phone theft is on a rise. People don't give a shit if the device is locked or not, again, because they can pick it up, stick it in their pocket, and walk away. No amount of increased security changes how easy they are to steal. It's the same thing as spam emails. It works because you only need 1% of the 99% you go after to be unsecure for it to be worth your while.
Again, kill switches are the problem. I know how trivial it was. I've worked tech repair/IT my whole life. I've dealt with this issue. All that happens is the dude that came in with a phone asking for it to be fixed just walks outside and throws it in the trash. The theft still happens, but the device ends up in a landfill which is a problem. It may reduce it slightly, but it's not going to prevent it, all it does is prevent that device from ever being used again. If you want to stop the theft, make better measures of tracking the device, not allowing manufacturers to turn their device into a useless $1000 piece of landfill. These companies don't do this because it "protects" your device. That's just an added bonus. They do it so their devices don't end up costing $200 at a pawn shop. They could build other methods of theft reporting/alerting into the software if they wanted, but it's more beneficial for them if the device becomes a brick, because it kills the second hand market and the og owner now has to purchase a new one. Again, as you've said too, carriers have already implemented blacklists and such for stolen devices, so bricking the device does even less in that regard.
Again, data should always be secure.
This isn't in any way pointing to this as the problem of RtR.....this was a response to someone discussing the particular aspect of this bill that referenced the article mentioning the lack of requiring manufacturers to provide access to "save locked devices" as an oversight of this bill.
As far as RtR is concerned that's hardly the issue at all. It's not about using unofficial parts. That has little to do with RtR at all. RtR is honestly a LOT of fights wrapped into one, but the bi issue is about manufacturing companies having a monopoly on the ability to service and repair devices they manufacture, often to the detriment of the user. RtR is about separating the "electronics repair" industry from the "electronics manufacturing" industry, because they are two separate entities. It doesn't mean "users can shove whatever they want into their tech" (although, largely, they should be able to. It's your equipment, you bought it, you should be able to do what you want with it), it means "John Deere must provide other companies (and even the tech savvy DIY farmer) with the parts for repairs and make repairs accessible via normal means. You're still using their manufactured stuff, it's just you have more options then your current option of "Pay John Deere $7500 to service my tractor, or throw it away and buy a new one". A lot of tech companies have a monopoly on their services and outright refuse to sell parts to any other company. That means they can charge you whatever they want because your only solution to fixing the device is "buy a new one". Even if the fix is simple. Your argument is the kind of shit companies spew to make it seem like RtR is a bad thing, but it doesn't mean or prevent anything, and largely has little to do with RtR itself. RtR is about forcing manufactures to provide access to the tools/software/components for users and third party individuals to actually have options to repair, especially, because as is, it's completely legal to repair and modify things you purchase. It's not a security thing. It's about manufacturing companies not wanting to provide repair materials to external companies and individuals because if they are the only ones that can service their devices, they can make a shit ton more money. It's not a security risk at a to allow people to repair their own equipment or use a third party. It's not even a security risk to allow third party manufacturers to make parts that work in your equipment. We already have regulations on that shit, and consumers can/do spend time researching options like that when replacing parts. As a side note, things aren't serialized like that for "security" it's so the manufacturer can detect if you're using their parts and void/refuse service if you aren't. If people want to steal your data, they aren't going to "install an unauthorized touchscreen". They are gonna use cheap external hardware that can easily be removed/installed/disposed of, that they have full access to instead of having to find a way to implement it in the companies software as well, that would have to continually broadcast data to them in some way.
Manufacturing companies having a monopoly on servicing their products doesn't prevent a security risk. You, as a consumer, can still shop around for reputable repair service tecs, that use genuine parts provided by the manufacturer, or do it yourself with parts purchased from them.
The whole intent of RtR is to point out and clarify that manufacturing and service are two different industries, and just because you provide the former, does not give you exclusive rights to the later. In fact, just the opposite. It should be incredibly difficult for a company providing a product to be allowed to be the sole service point of that product, as it's in direct violation of already established copyright laws and allows the company to extort the consumer for repair cost.
Viewing a single comment thread. View all comments