Lobbyists for major tech firms like Cisco and IBM are trying to push through legislation in Colorado that would drastically roll back a groundbreaking right to repair law under the guise of protecting national security and data centers.The legislation, which passed through a Colorado state senate committee on Thursday, would exempt hardware from the existing right to repair law if that hardware \u201cis considered critical infrastructure.\u201d One of the issues with this is that \u201ccritical infrastructure\u201d is very broadly defined, and could include essentially anything. In practice, the law could essentially repeal huge parts of one of the most important right to repair laws in the United States.\u201cIt relies on a broad, vague definition that allows the manufacturer themselves to self-designate whether their equipment is for critical infrastructure,\u201d Louis Rossmann, a right to repair expert and popular YouTuber, testified at a hearing on the bill Thursday. \u201cSo if a laptop manufacturer knows the Pentagon buys their laptops, they can declare that line exempt. If a networking company sells a $20 switch to a federal building, they can claim that hardware is critical infrastructure. It\u2019s a blank check for manufacturers to exempt themselves.\u201dEver since consumer rights advocates began pushing for right to repair legislation roughly a decade ago, hardware manufacturers have been fear mongering to lawmakers by telling them that right to repair would introduce security threats by requiring them to reveal proprietary information about their products. In practice, the exact opposite has happened, because greater access to repair parts, tools, diagnostic software, and repair guides means that broken equipment that could potentially be more vulnerable to hacking attempts can be fixed more quickly.\u00a0\u201cWhen we talk about critical infrastructure and fixing things, we often do not have time to wait for an official fix from a company that may not be motivated to fix things,\u201d Andrew Brandt, a security researcher and cofounder of the nonprofit Elect More Hackers, testified Thursday. \u201cWhat ends up happening is that with smaller companies, where they may have spent most of their budget buying some firewall or router that they can no longer afford, they end up in a situation where they\u2019re just going to keep running that device in an unsafe state and leave themselves vulnerable to cyber attack.\u201dThe groups pushing for this legislative rollback appear to be legacy enterprise hardware manufacturers, who highlighted during the hearing the fact that their technology is increasingly being used in data centers, which seem to be one of the only things the current American economy seems capable of building. Lobbyists for the Consumer Technology Association, which represents many large manufacturers, testified in support of the bill, as did Joseph Lee, who works for Cisco.\u00a0\u201cWhile Cisco appreciates the arguments offered in favor of right to repair devices, not all digital technology devices are equal. A router used in a home is fundamentally different from the infrastructure equipment used to manage a power grid or secure confidential state agency data,\u201d Lee said.\u00a0Chris Bresee, a lobbyist with the National Electrical Manufacturers Association, also highlighted the fact that, broadly, there is IT equipment that will need repairs at data centers.\u00a0\u201cA growing number of products in data centers with connection to our electric grid as well. It is of the utmost importance to safeguard these critical systems,\u201d he said. \u201cThis is not an argument against repair or against consumers rights, it is a recognition that fixing a smartphone is not the same as modifying systems that keep the lights on for our country.\u201dThe argument being made by these lobbyists and major tech companies is that only the manufacturers or their authorized representatives should be allowed to fix these types of electronics. But, again, the definition of \u201ccritical infrastructure\u201d is so broad that it can be applied to almost any type of electronic, and there is nothing fundamentally different between a router used at a data center and a router used in a school, business, or home.\u00a0\u201cYou look at who is backing this bill, it is large firms like Cisco and IBM. They sell information technology equipment to tens of thousands of Colorado businesses, and they are looking to create a de facto monopoly on that service, which exists in the states that have denied this business to business right to repair,\u201d Paul Roberts, a cybersecurity expert and founder of SecuRepairs testified. \u201cThe big tech companies backing the bill are using a very real concern about cybersecurity and resilience of US critical infrastructure to pad their bottom line, locking in a monopoly on service and repair. Cyber attacks on US critical infrastructure are rampant and have nothing to do with information covered by Colorado\u2019s right to repair law.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"