Navigating Repair Rights Amid Cybersecurity Concerns

Speaker 1: 0:13

Welcome to Auto Care On Air, a candid podcast for a curious industry. I'm Stacey Miller, vice President of Communications at the Auto Care Association, and this is Traction Control, where we chat about recent news from the global to the local level and what it may mean to the industry, featuring guests on the front lines. Let's roll. I have with me today in the studio Paul Roberts, and I've been waiting a long time to get Paul on the podcast. Even though the podcast is new, he was one of the first guests that I really wanted to highlight and chat with him. Paul is the publisher and editor-in-chief of the Security Ledger and founder of securerepairsorg. I first came across Paul on securerepairsorg. Paul, you're also on the Fight to Repair sub stack, which is a really amazing place to learn about everything that's happening with right to Repair across industries across America and just following it from the beginning, what's really happening. So welcome, paul. We're so happy to have you, but tell us a little bit about Secure Repairs and how you got into the whole fight to repair.

Speaker 2: 1:20

Good question and great Thanks for having me on. It's really a pleasure to be here. So Secure Repairs was a group I started about five years ago and it really coincides with getting involved in the right to repair movement. It happened because, like you said, I have this cybersecurity journalist for a couple of decades now, started my own publication, security Ledger, back in 2012. According to LinkedIn, this is actually the anniversary the 12 year anniversary of starting Happy anniversary.

Speaker 2: 1:55

Thank you, it just reminded me. And that publication was really focused around the security of the Internet of Things and kind of connected stuff and, you know, covering that and writing about it every day gives you this kind of nuanced understanding of the challenges around cybersecurity and connected devices and, kind of over time, I just started to gravitate towards some of the sort of big questions around connected stuff, including this question around repair. So I was doing some research for a story, looking at the questions of repair and IoT devices, ended up talking to Nathan Proctor, who, like me, lives in the Boston area and he is the head of the US PIRG's right to repair campaign, and was like hey, why don't you come down? We're doing a fix-it clinic at this library in Boston. Come check that out. And we got to talking about PIRG's efforts back then this kind of 2018 time period to pass state right to repair laws and basically one of the things he said to me is yeah, you know, cybersecurity is a big issue for us, because manufacturers are coming into these hearings at state houses and basically just saying hackers and hacking and the legislators are running screaming. You know they're. You know, if you pass this law, your state's going to be a you know Mecca for hackers and they're going to use this information to. You know, hack into everything cars and you know, smart home devices and stuff and I just knew that that argument was not based on fact, that that's not how hacks against connected devices work, that it's not about schematic diagrams and service manuals and diagnostic software. That's not how things get hacked.

Speaker 2: 3:49

And so I was sort of like I've got a really good network of cybersecurity people and my gut is they're pro-repair people too. Why don't I try and connect you with some of them? Maybe we can get some of them to turn up to these pre-COVID, get some of them to come out to the state houses and show up at these hearings and just kind of voice their support and also bring their bona fides with them. You know I'm a lifelong cybersecurity expert. I understand this topic, you know in depth and you know what you're hearing from the other side on.

Speaker 2: 4:19

This is just not backed up by facts. And so that was the birth of the Secure Repairs Group, and five years later, we've got more than 400 supporters and we have been able to, I think, make a meaningful difference in terms of the debate and conversation around right to repair, most notably in 2019,. Gary McGraw, who's one of our members, testified at the FTC's Nixing the Fix event on a panel around cybersecurity and repair, and Gary did a great job just kind of laying out this core idea that repairability and cybersecurity are not at odds with one another, they're not mutually exclusive, that you can have a device that is fixable, repairable and also secure.

Speaker 1: 5:09

So yeah, yeah, absolutely. We're so lucky to have folks like you advocating on behalf of the across all the industries. Right, because I see posts about automotive, which is what we're talking a little bit about today, but agriculture, personal electronics, medical devices right to repair spans across all these different industries and I think you've been touching pretty much all of those industries throughout some of your research and the stuff that you've been talking about online. It's so nuanced. Right, because we get asked a lot of questions. Well, hey, why isn't there just one right to repair bill across all industries and not just automotive, not just agriculture? And the answer is it's complicated, but there are probably more commonalities that most people would think, and it's just that authorized, certified repair just making sure that the technicians are certified and they're trained Repairability should exist across all those industries. Why would that be so different?

Speaker 2: 6:13

Absolutely? I guess the answer would be do you understand how laws get passed in this country? It's a scary thing and, yes, an omnibus repair bill makes total sense, because there isn't really a fundamental difference between these issues. As you look across, you know, kind of the problems as they're passed, whether it's agricultural equipment or personal electronics or automobiles, don't look fundamentally different from each other. They're just, you know, narrowed to, you know, cover a certain type of device.

Speaker 2: 6:59

What it's reflective of, of course, is the power of industry and industry money to kill legislation that they don't like. And so, from a practical standpoint, as you guys know, if you just cast a broad net with your legislation, yeah, if it passes, you've created a broad new right, but you've also picked a fight with a broad range of powerful, well-financed industries who are going to go to war with that. And you know, try and get it, you know, killed off in committee, which is what happened in with, you know, personal electronics right to repair bills for years, about four years, before one finally passed at the very end of 2022 in New York.

Speaker 3: 7:43

Yeah.

Speaker 2: 7:44

And yeah.

Speaker 1: 7:46

There have been dozens of right-to-repair laws, I guess, introduced across the states over the past at least a year. Right Am I wrong? Is it more than that?

Speaker 2: 7:54

Yes, five, depending on how you count. There have been five kind of what I would say broad or omnibus type electronics right to repair bills passed. The first, like I said, signed into law by New York Governor Kathy Hochul at the very end of 2022, like December 30th or something, 2022. And then in 2023, minnesota and California passed actually more toothy kind of powerful electronics right to repair bills that covered a much broader range of devices. And then this year we've seen Oregon and Colorado pass also pretty, pretty strongly worded, pretty powerful electronics right to repair bills.

Speaker 2: 8:46

In the meantime, there have been other bills passed as well. Colorado actually leads the nation in passing right to repair bills. They, even before the personal electronics bills passed. They passed one covering power wheelchairs to get people who are, you know, rely on a power wheelchair the ability to fix their own device or get an independent person to fix it. And they passed one dedicated to agricultural equipment as well, the only one in the country at this point. So there have been those as well. So, depending on how you count, that's five or seven. If you count the auto right to repair bills in Massachusetts and now Maine, it's nine. So you know.

Speaker 1: 9:28

Yeah, and our, our bills. I mean it's really good. We we need more. Obviously we need something federally, nationwide, across all these industries. But we're so, we're so thrilled about what had happened in Massachusetts, the successes that we've had in Maine and trying to carry that momentum to the rest of the states. It was a really long and hard fought battle but you know, the will of the consumer, the constituent in the district, prevailed. I think about and I look at you know news about right to repair and other, even countries, and it seems like maybe Europe a little bit in Asia they seem more into repairability than the states. And why do you think that is? Do you have any thoughts on that? Just curious.

Speaker 2: 10:12

Well, it's like yes and no, Like you're right, If you look at kind of comprehensive legislation, federal, what we would think of as federal legislation. The EU is way ahead of us on this. They passed a right to repair law that applies across the EU. Now each member state needs to adopt it individually, but that went into effect a few months ago and it's pretty good. It mandates a lot of stuff around length of support that you need to provide, needing to provide, you know, replacement parts, needing to, you know, allow people to, you know, repair their stuff and so on. On the other hand, it is limited to a subset of devices and it is not comprehensive.

Speaker 2: 11:09

The language of the bill doesn't really specify, as many of the state laws in the US do, that the parts and tools that you provide to do repair have to be provided at an affordable price. That leaves the door open for manufacturers to just jack up the price and make it, you know, impractical. So if you look at, if you look at a law like Colorado or Oregon passed right, or California even, or Minnesota those are those are toothier and stronger really than anything that's been passed in the EU in terms terms of what they I mean Colorado and Oregon specifically ban things like part pairing, part serialization that companies like Apple use to. You know, bind a certain screen to a certain iPhone body, so you can't just take a broken screen off of one iPhone and replace it with, you know, the working screen from a similar model. I ban that as a practice. Eu hasn't done that.

Speaker 2: 12:09

That said, you're right. I feel like the conversation around things like concepts like circular economy not just reduce, reuse, recycle we should really be focusing on the first two of those, and recycling is kind of a last resort, and I feel like the EU is much further down the road in talking about the need to move to an economy that is circular than here in the States. I mean, gosh, we're in the middle of a presidential campaign. I don't know if the word circular economy has made it into any rally conversation, and it just is not. It's just not on the radar here, yeah, even even though there are plenty of groups and and and and people, individuals, who, who are supportive of it who are supportive of it.

Speaker 1: 13:04

Yeah, and it's. I mean the word green, I feel like has been thrown around a lot and like one could argue what, what the meaning of the word green is Like. I think reduce, reuse, recycle, repairability, those that, like those, are synonymous with green. So you know I just it kind of blows my mind because because right to repair really supports some of that sustainability too. We're just we're just not seeing it, or maybe we're not emphasizing that as much as we should.

Speaker 2: 13:29

What's so funny about it, too, is it's such a political winner. I mean, you look at Massachusetts' update to its 2012 auto repair bill that expanded it to include telematics right 2020 ballot measure almost 75, three quarters of people voted for it 74% and that was in the face of tens of millions of dollars in negative advertising from the automotive industry to kill it, to defeat it, did not matter. Maine had a ballot measure in 2023. Frankly, the automotive industry didn't even bother run ads because I think they realized like it doesn't matter. Maine had a ballot measure that in 2023, frankly, the automotive industry didn't even bother run ads because I think they realized like it doesn't matter.

Speaker 2: 14:09

Like there's so much support for these 83% of voters. 83% of voters voted yes. So you're like man, if you're a politician, how many issues are you going to get 83% of people to vote for? And like this is one of them. Like I just don't understand why you're not like jumping on that, being like I'm just gonna ride this horse all the way, you know, to the finish line. Yeah, because it is something with bipartisan support red, blue, left, right like people just consumers, business owners just absolutely see the need for it and support these laws who doesn't support. It is the kind of, you know, corporate interests that have determined that. You know this is a threat to our business model. But yeah, I mean it's not a part of our conversation right now politically. I don't really understand why. Yeah.

Speaker 1: 15:06

We have. We have really big hopes for the next administration and you know we're we're so close with with this federal bill, hr 906, the repair act. I think it's got nearly 60 co-sponsors, completely bipartisan. You know, a no, a nowhere's arc strategy if you will right One on each side all the way down. Tons of support, but we're running out of time. I think September is the last chance that we have to get this bill to the floor for a vote. You know we're really hoping for that support. We just need a gust of wind. So you know, if anybody listening can help us get that floor to a vote, you know like.

Speaker 2: 15:50

This is our plea, right? This is our last chance before we got to start this all over again. Yeah, call your rep, it is. I mean, I had the honor of testifying in front of the house committee subcommittee that was that was considering that bill July of 2023. I had a hearing on right. You know what is? Is there a right to repair?

Speaker 2: 16:00

I think it was the name of the hearing, but the repair act was kind of front and center for that hearing and, um, you know, like I've said there, if you watch that hearing, it's very hard to tell who's democrat, who's republican. There seemed to be just a general attitude of support and, and, lo and behold, the bill made it out of that subcommittee, um, and, and went to the full um, uh, house committee, uh, and it was energy and commerce, um, but it's sitting there. And this House Committee Energy and Commerce, but it's sitting there. And this happens so often. I think it's part of the reason people get a little cynical sometimes is because, yeah, you got a bill here with a lot of support, bipartisan support, consumers support it.

Speaker 2: 16:42

So why isn't it?

Speaker 1: 16:42

becoming law. Yeah yeah, there's a lot of otherworldly powers.

Speaker 2: 16:48

Maybe that makes people, that makes people cynical. I mean it does like OK, so somebody's got a veto here who you know isn't an elected rep and isn't a voter, so you know. But so, but I do feel like if voters really get clear like we want to see this thing get done, you know write the email, make the phone call. You know show up to the local. You know when your reps come back home to you know, talk to people. You know, make it clear that it matters to you. I mean my, my reps are Catherine Clark and and Elizabeth Warren in the Senate, so I'm preaching, preaching to the choir, but you know, not not afraid to bring it. You know it. Sometimes it's just about, hey, bring this, bring this to your attention and making it clear that it needs to be on your docket.

Speaker 1: 17:43

Yeah, yeah, absolutely, and Elizabeth Warren did, did some great work. She was, you know, questioning NHTSA and some of the agencies about their statements on right to repair. She's visited repair shops to hear directly from them about the issue. So we do appreciate that and those are important steps towards getting a resolution really important steps, this case in mass.

Speaker 2: 18:03

We pass that law in 2020 and it got, you know, challenged in court, went to this judge and it's been sitting there for three years. Basically Hasn't been any action of any kind in almost a year. It really is. It's hard to wrap your head around what's been happening here, and the in massachusetts is very complex because, you know, our, our new attorney general, andrew campbell, is enforcing the law, right, um, but there's, but automakers have been saying, well, we're not going to comply with it. You know, because there is no clear ruling from the courts, uh, even for them to appeal, um and um. So it's, it's, it's just kind of a messy situation and, yeah, um, you know we'll, it's, it's just kind of a messy situation and, um, you know we'll, we'll see what happens with it. Hopefully we'll get a decision out of that court sometime soon.

Speaker 1: 18:52

I mean it's very clear that that the will of the people definitely prevails when it comes to passing the laws. You know, we can get a little discouraged Sometimes. We say you know, the manufacturers are just trying to delay. Delay, deny, distort, that's the three Ds. And anytime a law gets passed, whether it's automotive or other industries, there seems to be some sort of interference. They come in, they try to change some of the original parts of the law to be a little bit more in favor of what they want. I think we saw that with John Deere, maybe a little bit with that electronics bill in New York, and then we had some interference in automotive in Maine as well. So what, what's your take on that? And is there any way to avoid that? Because it blows my mind that you could pass a law that people say this is what I voted for, and then, after it gets passed, it's like well, we're going to change just a couple little minor things that maybe aren't so minor to some of us.

Speaker 2: 19:46

Yeah, absolutely, you know, I think it's it's it's part of the democratic process that sometimes laws get passed that that do need to, that have unintended consequences and do need to be revised time, but to try and do that before the law has even taken effect and you've identified those problems, yeah, I mean that did happen back in 2012 with the original auto repair law, where the legislature kind of modified it before it was finally, you know, you know, enacted, which you know has been okay in the last 12 years. But you know, you know, I think, in general, yeah, we need, you know, I think we need a way to, you know, I really feel like this is just a matter of, you know, people being able to, you know, connect with their representatives and make it clear what their priorities are and what their needs are. And you know, I do think that you know, lawmakers, both at the state and federal level, hear a lot from you know, lobbyists and industry representatives and so on. It is harder to hear from the small independent repair shop or auto body shop, because you know they're working all week long, or auto body shop because you know they're working all week long. You know they don't have the time on a Wednesday afternoon to go spend four hours at the statehouse talking to representatives, and that dynamic, I think, really affects the way these conversations happen and it can make the needs of those small business owners or families or whatever kind of diminish.

Speaker 2: 21:39

I'd like to think there's a fix for that. I don't know, I don't know what it is, but I would really like, like you said, I would really love to see some changes that make it easier for you know, representatives, whether at the state or federal level, to connect with and hear from their constituents, definitely at the federal level I mean, whether at the state or federal level to connect with and hear from their constituents. Definitely at the federal level, I mean at the state level. I feel like it's it's a little less of an issue definitely at the federal level.

Speaker 1: 22:05

Absolutely. I mean, we saw hundreds of repair shops talking to their legislators, hosting them in the shop itself, having their employees talk to them, or going to their office. And you know, I get it. It can be intimidating. Maybe I don't want to get involved in politics, I don't want to seem like I'm on a particular side or I don't know what I'm supposed to say to a legislator, right, Like that's really intimidating.

Speaker 1: 22:27

But when you, when you start to explain to people, it's not about what side of the aisle you're on, it's about what does this mean to you, what does it mean to your business and what does it affect? You know, you, you humanize it. You humanize it a lot. Do you? Do you drive a car? Yeah, Do you want to be able to? You know, get in your car and get to the place where you need to go, Um cost effectively and efficiently, yeah, Okay. So that's what my business does and this law hurts my business. So things like that are very, you know, education that we're trying to give to people and really get down to that grassroots level to keep this movement going where it needs to go. So, absolutely, Do you think?

Speaker 1: 23:06

I mean the bills that have passed so far. We've seen automotive, we've seen electronics and we've seen agriculture. Were there any like commonalities between any of those that you think made them so successful? Because I think, like cybersecurity probably came up in all of them, right? And the manufacturer said, well, someone's going to hack this cell phone, someone's going to hack this tractor, someone's going to hack this car. But ultimately those arguments were defeated, right?

Speaker 2: 23:34

Yes, they were. They were, you know, in some cases, like I'm thinking about Minnesota's law and New York's law, you know there were some last minute additions to those laws, kind of language thrown in at the very last minute to kind of, you know, accede to what I think are basically kind of baseless arguments around cybersecurity. You know so. But by and large, yes, those arguments didn't win the day as they did for, you know, the preceding years. They didn't result in the bill dying in committee.

Speaker 2: 24:12

You know, honestly, I think what distinguishes each of the bills that passed was that in each of those states you had reps or senators, or both bill sponsors who were willing to stick their neck out and put political capital on the line and basically see these things through.

Speaker 2: 24:34

They not only sponsored the bill, they really believed in it and they, they burned some political capital. They, you know they, they got it done and I think that is the commonality between, you know, diverse states, like you know, new York, minnesota, colorado, oregon, california, like you know, was just that, having a sponsor or sponsors who just saw it through and got it done. Use your connections, use your experience to to, to, you know, settle those questions, to tamp down the what ifs and, oh my God, it's going to be a disaster, and just see it through. That's both encouraging and and sobering because, as you know, in a given state, you know, or given legislature, you might not have that person who has both the connections um and but also the political will and kind of passion to get it done. And if you don't have that person then the chances of that bill languishing or dying in committee are much higher.

Speaker 1: 25:46

Yeah, I couldn't agree more. I mean, when we you know you talk to legislators and you learn more about what else is important to them, and they've got other constituents who are arguing on other sides of the coin. So trying to understand both sides of this coin, both sides of the story, can be really difficult. And, yeah, them supporting your bill could be political suicide for them, but it's important to the people and what is right for all of the people in their district, right?

Speaker 2: 26:16

Yeah, I think there's a familiarity issue too, and I think that's why we saw years of failure, failure, failure, failure, and then, all of a sudden, this switch in 2022, 2023, like all of a sudden, oh, we're getting bills passed. And I think some of that is just legislators getting familiar with this issue and not being, like right to repair, like what you know, kind of understanding what the what the bill is about, um, having the conversations that they're going to have, both pro and con, and settling on you know whether they're for or against it or whether it's important for them or not, um, and so I do think that there is a, you know, time is on our side, in that way of like the more every year that these get reintroduced, legislators have to engage with it, get a little bit more comfortable with it, maybe also start to understand the consequences of not doing anything. That we're seeing in states like Massachusetts. Or we're seeing them with higher repair costs for vehicles. We're seeing them with, you know, higher repair costs for vehicles.

Speaker 2: 27:15

We're seeing them with this problem of abandonware and brick devices. You know, you bought a smart device 18 months ago, you know the Spotify car thing, and now, all of a sudden, it's basically a $300 paperweight, you know, and you're like how did that happen? So some of the you know, technology is driving change really quickly. Legislation moves really slowly and I think it can be sometimes hard for to get past the wait what are you talking about and what is this? And get to the like okay, you know, here's what I support. Here are my conditions.

Speaker 1: 28:04

Exactly, and I think that's that's probably the reason why I'm so happy that so many other industries you know, unfortunately, they're dealing with right to repair. But because they're dealing with right to repair, they've heard about it in some other industry. So it used to be that you would go and have a conversation on the Hill and talk about right to repair and they're like what? But now we go into offices and we talk about it and they're like, oh, you mean tractors, right? We're like, no, the cars, please the cars and the trucks. But the familiarity with it is definitely increasing thanks to all these other industries that have been going through it. So, you know, a rising tide raises all boats and, you know, while it's an issue, it's a good thing that we're able to surface this issue and make it much more prevalent.

Speaker 2: 28:47

And cars are kind of the canary in the coal mine for this right I mean auto, auto right to repair was the first right to repair law of any kind in this country, in Massachusetts, back in 2012.

Speaker 2: 28:58

So, in some ways, cars launched this whole conversation, the auto industry launched this whole conversation, and I do think, as you know, this is a much bigger conversation than just your right to fix your own car like the types of exclusive, you know monopolistic ecosystems that manufacturers would are certainly looking to create where, hey, it's a walled garden and we're the only company that can access, service, maintain, update, repair this device, because, oh, hackers or, oh you know, you can't trust independent repair people like that ecosystem.

Speaker 2: 29:39

That business model could very easily be replicated from cars to agricultural, to medical devices, to home appliances, to you name it, and if we allow it to, it will. But that's going to be a disaster for consumers and a disaster for our economy and a disaster for the environment. And so, you know, I do feel, when I talk to legislators, the need to sort of call out like this train is coming down the track and this is not a conversation that's limited to cars or agricultural equipment. Cars or agricultural equipment Like this could affect every corner of our economy and have huge costs for us if we don't, you know, enact the types of smart laws as we did a hundred years ago. Right, the smart around aviation or automobiles or whatever, to make sure that this is. You know, that this technology continues to serve people and serve all of us, not enslave us.

Speaker 1: 30:38

Yeah, yeah, we don't want to live in iRobot.

Speaker 2: 30:42

We do not. We do not, yeah, so yeah. Or there's a movie, Brazil, that I did a talk at DEF CON a couple of years back that kind of picked up on the Brazil theme, the Terry Gilliam film about the you know air conditioner repair, you know rogue air conditioner repairman, you know. In this sort of dystopian future, so, yeah, I mean there are all kinds of kind of dystopian visions of what that future could look like, and our job is to not make those a reality, exactly.

Speaker 3: 31:13

This is DTP IT Director and Sustainability Committee Staff Liaison at Auto Care Association. Are you passionate about shaping our industry's future? Join an Auto Care Association Advisory Committee and make a real impact as a volunteer. You will drive innovation, tackle key challenges and collaborate on cutting-edge solutions for the entire supply chain. Don't miss out. Join us at our upcoming Leadership Days event to start making a difference. Learn more at AutoCareorg slash Leadership Days and find information on current committees at AutoCareorg slash committees.

Speaker 1: 31:50

So I'm really glad that you mentioned that automotive kind of set the precedent back. Set the precedent, the precedent, back in 2012, when the first right to repair law was passed and that was in Massachusetts, massachusetts. It's 12 years later and here, you know, here we are again with auto. We've got all these other industries that are making headway. Do you think that there's any other industry that is going to set a precedent for the future, for the next 10 years, for the next 20 years? Or do you think you know it's, it's whoever's first to the game?

Speaker 2: 32:21

That is a great question. So you know, like you, I really hope that our lawmakers and policymakers see the forest and don't get too focused on the trees. We need comprehensive new laws, regulations that govern all manner of software-driven connected smart devices, because these problems stretch across all different product categories. I do think that the battle we're seeing right now over connected vehicles is at the forefront. I think the conversation is the most advanced around smart connected cars, both in terms of service and repair. Also in terms of you know, what types of data are these devices connecting, collecting? How are automakers, you know, using or repurposing or modifying, monetizing that data? Those are all conversations I think apply equally well to all manner of other devices, but the conversation is very pointed right now in the automotive sector. So automotive is again the canary in the coal mine. I think automotive is where we're going to see the earliest battles around this other device categories or areas where I think you know you'll also see a lot of attention and probably regulatory focus. Obviously you know having options to repair his or her iPhone or whatever Like they get it. So I think that's going to be one. You know things like kitchen appliances and so on, for sure People understand that. You know, in terms of legislation and speaking, putting my cybersecurity hat on, in terms of some of the other issues that have come up as we're amidst, you know, in this conversation around repairability, serviceability, you know, resilience, you know medical devices are one where I think, from a policy perspective, we've done the most or furthest down the road in terms of really trying to put some hard lines around and some structure around things. Issues, important issues like software security and software integrity and secure design, secure deployment. Medical devices and the FDA are way out in front of the rest of the government on that. Really, I'd love to see those same types of you know policies applied across all different types of product. You know products because right now it's real Wild West.

Speaker 2: 35:31

You make a software product that you sell to people, whether it's businesses or individuals. There really are no laws or regulations that tell you that. You know it's got to be secure. The software has to be of high quality. Here's what your responsibility is to support it and maintain it. It's you know.

Speaker 2: 35:50

Again, you could sell a smart connected product to somebody for 300, 400, $500. Six months later you can brick it. You can basically say, oh, I'm done, I'm not going to, you know, shutting down the server? Sorry, bring it to your local recycling center. Oh my God, there's no law, there's nothing that says you can't do that to a consumer. And consumers are like what are you talking about? I spent $500 for that. It's like oh well, yeah, I'm sorry it doesn't.

Speaker 2: 36:15

You know, we looked at the numbers and it says the products aren't really selling the way we wanted it to. So it's insane. It's insane and it's just. It's a reflection of the fact that, hey, man, you know, software is driving changes in the economy and in the consumer space that have gotten way ahead of the regulations that we have around warranties and things like that, that all go back to the 70s and stuff. So there need to be changes, there need to be updates that just reflect the new reality of buying stuff. So, you know, I do think I look at medical devices and I'm like that's where we're seeing, that's where we've seen some laws that that are very forward-looking and or at least modern, but we need to get them applied to other types of stuff as well, including including automobiles.

Speaker 1: 37:06

Honestly, yeah, and that? So technology is not going to slow down, it's only going to increase every single day. You've created something in response to this for the future, something called SERF. Tell us a little bit about that.

Speaker 2: 37:30

The website secure-resilientorg. So this is a advocacy group that we set up, kind of an outgrowth of secure repairs, but really focused not just on right to repair but on the broader issue of needing to foster both cybersecurity and resilience and, and you know which includes repairability and maintainability, and you know, the ability to continue reusing stuff, to sell it and exchange ownership and all this stuff that we sort of take for granted. But I love that that we that we can take for granted in the current environment. Yeah, so surf is is an advocacy group really for the cybersecurity community to have a seat at that policy table and, to you know, use our voice and our knowledge and expertise to help policymakers create and pass, you know, forward looking smart legislation.

Speaker 2: 38:28

One of the issues that we're focused on, kind of out of the gate we're only a few months old is around bricked and abandoned devices. Some people call abandonware, just as I said, the ability of manufacturers to just walk away from smart devices, and we saw that actually just last week, I think, with Amazon kind of just saying that it was discontinuing this photo subscription for one of its Alexa devices and you know which is basically the whole reason that people would have bought this device. You know just, we need policies, laws, regulations that protect consumers from that type of abuse or harm. Yeah, we saw it with the Spotify, we've seen it with Sonos speakers, all kinds of things. It potentially could be coming to you know a car dealership near you where you, you know, spend an extra $2,000 for a you know I don't know some smart seat feature or something like that. And then the manufacturer says yeah, we're not supporting that. Sorry, we're shutting down those servers. It's going away. Could?

Speaker 2: 39:41

you imagine yeah, so we're focused on that issue, but others as well, including yeah, just how do we clean up this software space? How do we get the organizations, the companies making smart connected stuff, to emphasize things like resilience, cybersecurity, data security, produce high quality, longevity, reusability, right, and so that's what we're about.

Speaker 1: 40:16

I mean there was a time where you would buy a product and you know people would brag about how long it lasted, and you don't. You don't hear those conversations anymore. I love that you brought this up. I had a security camera in my house and I got an email and it said you know this, this camera has reached its end of life, the software is no longer supported. And I got an email and it said you know this, this camera has reached its end of life, the software is no longer supported. And I went what are you mean? The camera works, there's nothing wrong with it. But now you're telling me it's going to stop functioning. Oh, by the way, here's a discount on the new cameras. And I thought no, freaking way like this is not okay. And I can't imagine driving a car off the lot and having paid for something and then at one day it's not supported anymore and I lose a feature or the car is bricked and abandoned.

Speaker 2: 40:57

Like that is a dystopian future one of the things that surf is going to help to try and work out is what is the proper policy response to that Right? So you can be pretty sure you know whether that's um, uh. You know some requirement on how long you support a device and also some notion of a what one of our board members, tara Wheeler, calls a graceful handoff. So if you, as a company, make the decision that is yours to make as to whether you want to continue supporting a product or not, that's fine. But if you're not going to support, if you're walking away from it, here's what you need to do right. To make it right with your customers. To make it right with you know the community, whether that's open sourcing the software, whether it's designating a third party to come in and continue maintenance and upkeep as you walk away.

Speaker 2: 41:56

As I look at it now, you know if you're a company deciding. You know smart product, dumb product. You know what do we design and you know what do we want to do. There's really nothing on the don't make it smart side of the scales. Right, the don't make it smart side of the scales right. I mean you can make a smart product, have recurring revenue via monthly subscriptions have a whole bunch of cool smart features that are going to make it more saleable to the public, and then, on the no side, there's nothing. You can brick it in six months. If it doesn't work out, you have no obligation to your customers, you can just walk away from it. So why not make it smart With a more balanced approach?

Speaker 2: 42:37

They might say, well, listen, okay, we want to make this toaster a smart toaster, but if we make it a smart toaster, we're going to need to do X, y and Z. We're going to need to support the software for eight years. We're going to need to have a, you know, clean handoff after we end support to a third party or make it open source. You know, make the software open source, we're going to have to continue providing, you know, parts and diagnostic software and updates for, you know, this period of time. And so now, okay, now we're looking at, you know, I don't know, maybe we'll just make it dumb, you know? Or yeah, we'll make it smart, but we'll understand what our obligations are. We have rights to walk away from it, but we have responsibilities too, and right now that there is no, that that conversation doesn protected communities are protected. Governments are protected from the downside of just companies just walking away from themselves.

Speaker 1: 43:39

It doesn't seem like an unreasonable conversation. It doesn't. It should be simple.

Speaker 2: 43:46

Look at every industry, look at every industry that we rely on. Look at the aviation industry, right, and all the regulations you know. Or the automotive industry, all the regulations that we have had to implement over the decades to make those safe, reliable, high quality, you know, to protect consumers, to protect the public. And so we've seen this movie before. What's changed, I think, is just the rate of change and evolution, and you know just the way that technology and the Internet and now AI, are just accelerating that. Yeah, and that's really challenging for, you know, for any organization, any government. You know, again, the policy conversations tend to happen a lot more slowly, but the change is happening really quickly.

Speaker 1: 44:36

Yeah, it is, and it's not going to stop. So this is why it's I mean, it's so important. We're so thankful for people who are passionate like you and all the other folks at Security Ledger. What you're doing at SURF it incredibly important. So the more people, the more voices we have, the more experts on this, the better, and um like, we thank you for your passion and all the time that you give to all of these industries.

Speaker 2: 44:59

It it matters to a lot more people then well, let me let me throw it back to you and say I'm really thankful for the auto care association and all you all have done to support right to repair, not not only with automobiles. But you know, the efforts that you have made I think have had spillover effects outside of the automotive industry. So I'll throw that back to you and say thanks for your work.

Speaker 1: 45:20

It's a historical time for sure, and it will continue.

Speaker 2: 45:23

Yeah, huge changes going on and and you know changes beget these types of conversations, you know. You know where you have people who are saying, hey, we need to put some guardrails in here and we need to kind of protect people, protect consumers and protect the environment.

Speaker 1: 45:43

And that's what's happening, yeah, yeah. So, paul, where can folks find you if they want to connect with you? They want to subscribe to you social media. I want to make sure everybody has a chance to see some of the work that you're doing and also get involved.

Speaker 2: 45:58

OK, if you're a security professional cybersecurity professional, information security professional, IT professional check out secure repairs dot org. I got my URL right there on my name and join us. I got my URL right there on my name and join us. Add your name to our list and we will reach out to you if we've got hearings happening in your state and you can, you can help out both on the auto repair side and electronics repair as well. So if you're an IT cyber policy, secure, the secure, resilient future foundation, secure dash resilient dot org is where you should go. And if you want to follow the right to repair conversation, fight to repairnews isa sub stack that I help edit and we'll send. We do like a weekly news newsletter that just provides all the links to cool right to repair stories that are happening around and we do some original reporting and podcasting as well.

Speaker 1: 47:07

The sub stack is phenomenal, if I might say so. So please, please, please, subscribe. It's definitely worth the time. Paul, thank you so much for taking the time to be here.

Speaker 2: 47:17

Stacey, I really, really appreciate it and look forward to coming back. And hey, man, we get repair act. I'll come back and do a little end zone dance here with you. Happy to do that, let's do it Fingers crossed.

Speaker 1: 47:42

Absolutely, but call your representative, call your senator, let's get this done. Autocare OnAir is a production of the AutoCare Association dedicated to advancing the auto care industry and supporting professionals like you. To learn more about the association and its initiatives, visit autocareorg.