Who has the “right to repair” a product after it’s been purchased? The intuitive answer would be the person or business that purchased it, but in the case of products with sophisticated technology and software — an increasingly common characteristic for just about any product — this becomes more complicated. In these cases, repairs likely require specialized equipment or software programs from the manufacturers, which in turn runs a higher risk of exposing trade secrets or reducing the security built into the product by requiring backdoor entry for repairs or diagnostics.
Legislators have grappled with trying to find this balance for some time. For example, take the case of cars, which now have complex onboard computers. Massachusetts passed a comprehensive right to repair bill in 2013. It required that manufacturers allow independent mechanics access to the same diagnostic and repair information provided to franchised dealerships. Similar issues have arisen around repairs for other complex technologies such as medical and agricultural equipment, for which 11 states have introduced legislation creating a general right to repair.
But consumer tech, such as smartphones, raises the issue of security to a new level. Opening any device to repair by third parties increases its vulnerability to unauthorized, unwanted software such as malware or spyware. It also gives third-parties access to sensitive user data which, without proper vetting of the third party, may put consumers at risk. Things like phones, tablets, and laptops store an enormous amount of personal data, and by ensuring third parties can access devices, backdoor security risks are inevitable.
Device makers have legitimate concerns about brand integrity and proprietary information. Consumers may blame manufacturers if unauthorized repairs damage products in ways that may not be immediately obvious, either because of software issues or incorrect assembly. In these cases, there is also the risk that any third party looking to get into the repair business will have access to technology and potential trade secrets, which would otherwise be the property of the manufacturer.
In an attempt to balance the benefits of third-party repair with potential business and consumer harms, New York has passed the Digital Fair Repair Act, which will go into effect this summer. A sort of compromise legislation, the New York approach will require manufacturers to provide manuals and parts to both consumers and independent repair providers, but with a few significant limitations.
Notably, the bill does not require any sort of backdoor access to bypass locks on a device. This provision ensures that third parties, and even consumers themselves, will be able to make repairs, but does not give up control entirely in a way that compromises the basic level of data security offered by the device. The bill also shields the original manufacturer from legal liability for damages to a product by a third-party during repair, while allowing the manufacturer to supply assemblies of parts rather than individual pieces.
Nonetheless, state efforts to address repairs for consumer tech goods point to the larger question of the need for right to repair legislation at the federal level. As is true in most cases which impact national industry, a national framework would be better than a patchwork of state legislation. However, as we observe the impacts of the legislation in New York, careful consideration must be given to the ways in which consumers may be harmed by regulatory action. It also must be considered how these fit into existing competition law with regard to aftermarkets, and the impacts to businesses outside of the consumer tech space.
Though the momentum currently lies in the states, Congress will ultimately have to act to create a national standard for right to repair. In the meantime, states should heed New York’s example and ensure any bill has the safety provisions necessary to ensure consumer protections, in contrast with bills currently moving in states like Washington and Minnesota, which both take a looser approach to repair where third parties are allowed more full access to devices for repair. Until Congress is ready to address this issue for both consumer tech products and other high-tech devices, states should take a cautious approach to legislation that will impact the national market.
