Maker News
Repair Wars: Cory Doctorow on the State of Right to Repair
This article appears in Make: Volume 80. Subscribe now for more maker stories and projects delivered to your mailbox.

In January 2019, Apple CEO Tim Cook published his annual shareholder letter, and with it, a dire warning to Apple investors: The iPhone market was cooling off, because Apple customers were hanging onto their phones for longer, getting off the annual upgrade treadmill and instead fixing their busted screens rather than using a dropped phone as an excuse for an upgrade.

This is what is meant by “saying the quiet part out loud.” Cook’s letter was the capstone on 2018, a year in which the company had defeated 20 state-level “right to repair” bills — bills that would have forced Apple and other companies, from John Deere to Wahl (of shaver fame) to facilitate repairs by independent service centers. These were bitter fights, in which repair activists — environmentalists, makers, digital rights advocates, and reps from fix-it shops — pleaded with lawmakers to do the right thing, while their corporate adversaries warned that independent repair would usher in an era of devices that leaked your data or even exploded in your face.

This anti-repair parade of horribles was short on evidence, but lawmakers bought it. That was good news for Apple and any other company that wanted to juice its profits. Attacking independent repair let manufacturers reap huge profits from repair jobs, freeze out rivals who made replacement parts, and, best of all, decide when a device was “beyond repair,” so that customers would be forced to “upgrade” to a new one.

Why do we need right to repair laws in the first place? Why couldn’t fix-it shops and third-party parts makers collaborate to fix our phones, laptops, shavers, Xboxes, cars, and tractors, with or without the help of the original manufacturers?

Well, they can … sorta. For years, iFixit — the great heroes of the repair revolution — have produced independent, unofficial, unauthorized, free, open access repair manuals for all kinds of devices. They make these manuals without help from the manufacturers, by tearing down gadgets and figuring out from first principles how to fix them.

Likewise, there’s a longstanding process of producing third-party parts for the stuff we use. Sometimes, these are standard parts that anyone can manufacture by reading the specifications, and other times they too are part of the guerrilla warfare between manufacturers and repairers, created through canny reverse-engineering.

Making Repair Hard

With independent repair guides and third-party manuals, the independent repair sector should have everything it needs to fix your stuff, or show you how to fix it for yourself. Manufacturers have gone to great technical lengths to prevent this — obfuscating the workings of their products, say, or designing them to require special tools just to open them — but in this battlefield, the challengers always have an advantage over defenders. A company that makes its devices completely unrepairable by third parties will almost certainly render those devices impossible for their own repair technicians to fix (and likely impossible for their own customers to use).

So the war on repair has largely moved from the technical front to the legal front. Manufacturers use a suite of legal theories — often distorted beyond recognition or sense — to maintain their monopoly over repair. Take copyright law. In 1998, Bill Clinton signed the Digital Millennium Copyright Act (DMCA), and Section 1201 of the DMCA makes it a felony to provide tools or information that aid in bypassing an “access control” for a copyrighted work.

Originally, this was used to make it a crime to tell someone how to deregionalize their DVD player (so it could play discs from overseas) or jailbreak their Sega Dreamcast (so it could run homebrew games). Game console and DVD manufacturers argued that the embedded operating systems that enforced these restrictions were the “copyrighted works” mentioned in the DMCA, and that the digital locks that stopped you from altering these OSes were “access controls.” Since altering the OS involved bypassing an access control, anything you did to the OS without the manufacturer’s blessing violated DMCA 1201, and providing someone with tools or instructions to do so is a felony punishable by a 5-year prison sentence and a $500,000 fine for a first offense.

Today, this relic of the last century is the go-to tactic for blocking repair. John Deere are true pioneers here: They embed cheap microchips in their replacement parts. After the part is installed, it has to be “initialized” with an unlock code before the rest of the engine will accept it. This allows the company to insist that farmers who fix their own tractors pay a technician to come out and solemnize their repair by typing a password into their tractor’s console, charging up to $200 for a useless “service call” — and as a side bonus, this cryptographic handshaking allows Deere tractors to detect and refuse third-party or refurbished parts, like an inkjet printer balking at printing with refilled ink cartridges.

This process is even more closely associated with the automotive industry, where it’s called “VIN-locking” — that is, locking parts to the engine’s indelible Vehicle Identification Number. But while VIN-locking may have started in cars and tractors, it’s spread into every gadget with a microchip, which is to say, every gadget.

This came to a head during the pandemic, thanks to Medtronic’s use of VIN-locking to prevent repairs of its workhorse PB840 ventilator. Medtronic is the world’s largest med-tech company, thanks to an unchecked program of buying and killing off competitors, something it is able to do thanks to the savings it realized by selling itself to an Irish company in history’s largest-ever “reverse-merger.” Flying an Irish flag of convenience virtually wipes out Medtronic’s tax bill, leaving it with more cash to neutralize competitors.

Medical technicians working in hospitals have long been accustomed to doing their own repairs. When you’ve got a patient in the ER, you can’t wait three days for a manufacturer’s repair-tech to come out and swap out a part or fix a bad solder joint. Medtronic dressed up its VIN-locking tactics as a concern for patient safety, but really it was about extracting revenues from hospitals. If Medtronic really cared about patient safety, they’d prioritize technical support for on-site med-technicians, rather than creating a world full of busted ventilators in dusty closets, awaiting a visit from the official Medtronic technician.

Covert Response

All this got a lot worse during the pandemic, of course. Overnight, the need for ventilators shot through the roof — just as lockdown meant that Medtronic technicians couldn’t just hop on a plane and come to hospitals where the ventilators were breaking down.

Lucky for the world’s sick and dying, a Polish technician went rogue. This anonymous tech was an ex-Medtronic repair guy, and he had held onto the software used to initialize VIN locks after new repairs. He reverse-engineered its cryptographic signing routine and invented a microcontroller-based gadget that could initialize a field repair. He improvised housings for this out of small electronic devices, like alarm clocks and guitar pedals, and mailed them to hospitals all over the world. The technicians at these hospitals were able to cannibalize parts from multiple busted ventilators to make working ones

VIN-locking is a globally attractive nuisance. The rogue Polish Medtronic tech has stayed anonymous because Poland is part of the EU, and the EU unwisely allowed the U.S. Trade Rep to pressure it into adopting its own version of DMCA 1201 in Article 6 of the 2001 EU Copyright Directive. Canada got its version in 2012, Mexico got one in 2020, and the rest of the world — Australia, Russia, Central America, the Andean nations — got their own somewhere in between.

The existence of a global mesh of laws that say that owners of devices can’t alter or repair them without the manufacturer’s okay is a powerful incentive to mischief, tending to a universal inkjet-printerization of everything. Apple has repeatedly announced new iPhones that use VIN-locking to prevent independent screen replacements, only to back down after public outcry. The most recent attempt was in November 2021.

Supply-Chain Stoppages

DMCA 1201 isn’t the only legal barrier to repair. Manufacturers use bogus patent claims to stop imports of third-party spare parts at the border, and they use trademark claims to stop refurbished parts from entering the country, saying that their own products become “counterfeits” the minute they’re resold as a used good. On top of that, manufacturers use terms-of-service and end-user license agreements to intimidate, bully and block independent repair, claiming that cybersecurity laws (like 1986’s Computer Fraud and Abuse Act, which the Supreme Court finally narrowed in the summer of 2020 in its ruling on Van Buren v. United States) and weird contract-law theories about “tortious interference” make independent repair into a civil and/or criminal matter.

This is grossly unfair, of course, a recipe for a world drowning in e-waste as devices are scrapped rather than being repaired. But it’s also economically catastrophic, because the independent repair sector is an engine of economic growth: According to the Repair Coalition, recycling a ton of e-waste creates 15 jobs, while repairing that same mountain of busted stuff creates 150 jobs — good, middle-class, local, small-business jobs that serve their communities (overall, independent repair accounts for a whopping 4% of U.S. GDP).

The war on repair is aimed squarely at killing off these jobs. When an industry manages to make independent repair difficult or impossible for five or 10 years, it guarantees that these small businesses will shut down. What local phone-repair place could survive for half a decade without being able to fix iPhones? Even if the independent repair sector — and the maker community — manage to find a way around the impediments thrown up by Big Tech monopolists, each anti-repair gambit reduces the pool of technicians who are able to set up shop.
Let’s not lose sight of the stakes here: Independent repair is a proxy for the right to decide how your stuff serves you, and when it’s time to retire it and move on to a new gadget. This is the right to technological self-determination — the right to decide not just what your stuff does, but who it does it for and who it does it to.

A Small Victory

As I write these words, Apple has just sued for peace in the war on repair. In November of 2021, the company announced that it would start selling tools and parts to its customers so they could do their own repairs. The announcement is both seismic and worryingly vague: Apple is the vanguard of the war on repair, and there are plenty of ways it could implement its owner-repair program that would be effectively useless (say, by insisting that home repairs require swapping out whole assemblies rather than individual components, which could make replacing a screen nearly as expensive as buying a new phone). What’s more, the mere existence of an owner-repair program could be mobilized as a pretext to kill future right-to-repair bills that safeguard independent repair by requiring that manufacturers make parts, manuals, and diagnostics available to competitors.

It’s great that Apple has decided to permit its customers to fix their stuff, but ultimately, this shouldn’t be Apple’s call. You bought your iPhone, you own it. Who fixes it is your decision alone — and the same goes for tractors, ventilators, shavers, and every other gadget besides.

Tagged
Cory Doctorow

Cory Doctorow (craphound.com) is a science fiction author, activist, and journalist.

View more articles by Cory Doctorow