Leading cyber-security experts endorse right to repair

Nathan Proctor
May 1, 2019 · 2 min read

New group, Securepairs.org, counters industry claims that people fixing their own stuff undermines security

Securepairs.org homepage

I help represent the Right to Repair campaign across the country, which promotes a simple, common sense proposition: when you buy something, you should be able to fix it yourself, and not have to take it to the company that made the product or its authorized repairers.

In many places, industry representatives, speaking for the manufacturers, say it’s a cyber-security issue. If we let consumers or independent repair techs access tech manuals, diagnostic software or firmware patches it will mean the loss of security of our electronics … or so the claims go.

It turns out that the who’s who of cyber-security experts disagree with these industry claims, and believe a more open repair market improves security.

The group of more than 20 cyber security professionals who support this premise includes some of the most regarded names in information security. Among them: Bruce Schneier of IBM and Harvard University, an author and globally recognized expert in cryptography; Gary McGraw, the computer scientist and author of 12 books on software security; pioneering vulnerability disclosure expert Katie Moussouris of Luta Security; Chris Wysopal, Chief Technology Officer at Veracode, Joe Grand (aka “Kingpin”) of Grand Idea Studio and Dan Geer, the Chief Information Security Officer of In-Q-Tel, a non-profit, venture arm of the CIA.

“As cyber security professionals, we have a responsibility to provide accurate information and reliable advice to lawmakers who are considering Right to Repair laws,” said Grand, a hardware hacker and embedded systems security expert.

Now, to correct one-sided information from manufacturers, journalist Paul Roberts has created Securepairs.org.

“False and misleading information about the cyber risks of repair is being directed at state legislators who are considering right to repair laws,” said Roberts, who is editor-in-chief at The Security Ledger, an independent cyber security blog. “Securepairs.org is a voice of reason that will provide policy makers with accurate information about the security problems plaguing connected devices. We will make the case that right to repair laws will bring about a more secure, not less secure future.”

For my part, I’m grateful the real experts are standing up, and setting the record straight: There is no cyber threat from repair.

Just let us fix our stuff.

U.S. PIRG

U.S. PIRG is a consumer group that stands up to powerful interests whenever they threaten our health and safety, our financial security, or our right to fully participate in our democratic society. Part of the Public Interest Network. https://uspirg.org/

Nathan Proctor

Written by

Running campaigns to advance a more sustainable economy that works for people. #RightToRepair advocate

U.S. PIRG

U.S. PIRG

U.S. PIRG is a consumer group that stands up to powerful interests whenever they threaten our health and safety, our financial security, or our right to fully participate in our democratic society. Part of the Public Interest Network. https://uspirg.org/

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade