 So, we have a great panel to start for you guys today, something that we're probably all really concerned about and want to talk a lot about. The talk is called Brazil Redux, circulating tech-enabled dystopia with the right to repair. So, please give a big hand to these guys for coming here today, and let me hand it over to Paul. All right. Hey everybody, thanks for showing up early. My name is Paul Roberts. I'm the founder of Secure Repairs, which is a group of information security, information technology professionals who support the right to repair. And we're here today to talk about right to repair. And the first thing I want to do is to clarify why the title of the talk is Brazil, because Brazil is something that actually, the movie Brazil, something that sort of has a lot of tie-ins with our talk. So, I'm going to play a clip from the 1980 film, 1985 film, Brazil. There are plenty of people in central services who'd love to get their hands on Harry Tubman. Are you telling me that this is illegal? Well, yes and no. Especially only central service operators are supposed to touch the stuff. Would you hold this please? But nowadays, with all the new rules and regulations, they can't get these in staff anymore. So, they've tried to turn a blind eye. As long as I'm careful, mind you, they could prove that I've been working on their equipment. Well, that's a pipe with a different color. Wouldn't it be simpler to work for central services? Couldn't stand the paperwork. Listen, this whole system of yours could be on fire and I couldn't even turn on a kitchen tap without filling out a 27 B-stroke 6 bloody paperwork. I suppose one has to expect a certain amount. Why? I came into this game for the action. Go anywhere, travel light, get in, get out, wherever there's trouble, a man alone. Now they've got the whole country section off. Can't make a move without a form. Okay. So, Brazil is a movie about a dystopian future in which central services, a repair organization run by the state basically controls everything. And if you want to get your, in this case, air conditioner repaired, you have to go through central services. Harry Tuttle is kind of a rogue repairman who like repels down the sides of buildings and swoops into people's apartments to do rogue repairs. And the whole movie kind of hinges on trying to catch Harry Tuttle and a whole bunch of stuff that happened as a result of the state trying to arrest him and stop him for doing what he's doing. So, the big picture of this panel is to talk about how Brazil is our current, our present is a lot closer to the future imagined in Brazil than you might think. And we've got an amazing panel here to talk about that. The goals of the panel to get you informed as a community. I think the DEF CON community is really important in this struggle to get you engaged in this problem because some of you might kind of know a little bit about right to repair, but you're going to know a lot more by the time we're done. And hopefully to get you involved because we need people involved to get this done as a society and as an economy. And so what I'd like to do, sorry, is fool around with PowerPoint and make you watch me. No, what I'd like to do is first of all introduce our panel. And I'm sorry, my window skills are terrible at this point. Here we go. So, why don't we do that? So, if I can just figure out, yeah, there we go. Sorry. I'm going to go down the, I'm going to go down our table and let each of them introduce themselves to you and say hello. And then we've got some discussing to do. I'll start with you, Corinne. Hi, I'm Corinne McSherry and I'm the legal director at the Electronic Frontier Foundation. I'm Kyle Wiens and I started iFixit. I've been involved with Right Your Prayer for a good while now. I'm Lewis Rossman. I have a repair shop in New York City that is component level repair on Apple products and I have a YouTube channel where I make an enemy of lobbyists professionally. My name is Joe Grand also known as Kingpin and I'm a hardware hacker and this is definitely the most serious panel I've ever been on. But very important as well. So thanks for being here. I'm really excited to have all of them and I'm very thankful that they took time away from their busy lives to come and talk to you about this. So I think to start, probably a good place to start would be with the problem and so why do we need to have this talk? Why is there even a question about our right to repair stuff because we own it, right? And I thought to start, I just sort of toss that to Corinne because I think you're the lawyer on the panel and you're the best suited to talk to us about this. If I have a thing like, let's say I'm an Xbox owner, PlayStation owner and some discreet component on my Xbox or PlayStation breaks, why can't I just repair it? What's standing in my way? Why is that a legal issue? Let me count the ways. Okay. So let me say first that this is the conversation where like, I'm really sorry that the lawyers are showing up. You know if the lawyers are showing up, it's probably not good. Probably not. And when it comes to repair, that is very, very true. So do you want to have my slides or should I just... Sure. Sorry. Sorry. But I'll just, I'll get started. So the key problem is that if there's software in your thing, in your device, in your refrigerator, in your car, in anything that makes it smart also makes it copyrighted work. That software is going to be a copyrighted work very likely and with copyright comes problems. So yeah. So if software then copyright. Okay. So what are the different problems? Do the next one. Yeah. So copyright comes with restrictions. The reason you have a copyright is you can then license the work and it gives you a lot of control over how that work is used, how that software is used. Now there's limits on that like fair use and a lot of other limits. It's not unlimited unlike what many copyright owners think, but still it comes with restrictions. So it's a practical matter that looks like problems for repair. So the first thing is end user license agreements. So very often you will buy a device and again, by device, think car, think refrigerator, not just your phone, right? And you own the thing, but the software in it is licensed to you and somewhere along the line you're going to, something's going to pop up and you're going to agree to it because everyone does as everyone knows. No one will read it, but it will be a thing and it will have a limit. It will have all kinds of limits on how you can interact with the software in your device. Now, as a practical matter, people often ignore these rules and that's not the end of the world. But if you are a third party and you are helping somebody ignore those rules by providing some kind of interoperable service or something like that, well then they can sue you for interfering with that contract because that license agreement is a contract whether or not you read it. The law on this is terrible. So that's a problem and if you think those lawsuits won't happen, they already have happened. So that's a thing that chills everybody. So for example, this is sort of a classic example, but there's a million of them. So the Xbox ULIS says you can't modify it, e.g. through unauthorized repairs or unauthorized upgrades or downloads. So it's like we want to be in charge of how you use the thing. So that's problem one. Problem two, often that software is going to be locked down with some kind of DRL. I think people in this room are very familiar with this problem, but just quickly, at this point, they weren't 10 years ago and we started talking about it, but people know about it now. So if you've got lock on the software and you break it, which is often trivially easy to do, so you can get access to that software and mess with it, well then you have engaged in an active circumvention very likely. And if you tell people what you did, you have now trafficked. You engage in trafficking, both of those things are illegal under section 1201 of the DMCA, the Digital Millennium Copyright Act. So that's further limits. It doesn't matter if you're doing it for an otherwise lawful purpose to be clear. Reverse engineering for the most part is a fair use. It is protected, you're allowed to do it, but the DMCA will stop you, even if it's a very trivially easy lock to break. Okay, lastly, other, and this really is the most irritating thing, basic stuff. Maybe you just want to have access to a manual. Maybe somebody might like to take that manual and scan it and make it available online so people could use them or easily compare different manuals, just get access to it. You could just search and you can find the right thing that you need and not try to flip through. Maybe you don't have your manual. Who wants to do those very... Could be in person. Just one second, I'll just flip it through. So the manufacturers very often will claim those manuals are copyrighted and they have gone after people for posting them online. Or they'll claim that they have involved trade secrets. Now this isn't the manual that is made necessarily available to the consumer, but rather the manuals that they make available to their authorized repair people. They will say that is, even if they make it available to thousands of people, they will say it's still confidential business information because we only share it with them subject to an NDA. So I'm very sorry to have to be here, but I am glad to tell you that now I've told you the bad news, but there is good news and we will talk about that next. Thank you. There is good news indeed and the good news really is the right to repair movement and on the panel we have what I consider kind of the prime mover of the right to repair movement which is Kyle Wiens of iFixit who not only started iFixit which is of course just a huge and valuable resource for people who want to do repair but has also really helped promote right to repair laws in the states, not only actually in the states but actually in the EU as well. And so Kyle, I thought I'd toss it to you to kind of give us the TLDR on right to repair laws and what are they, what do they try and do and why are they important? That was great. Mind if I click through myself? Yeah, no, I'm sorry. So we have been working on this I've been tilting at this particular windmill for a while now. Fundamentally, we need to find a way to kind of reset expectations back to where things used to be and so that's why I started iFixit in the first place. We've built a open source repository of repair information with the goal of attempting to enable everybody to repair all their things. But there's a lot of problems with that. And so let me tell you about a buddy of mine Tim Hicks, who we really need to get here sometime. Tim would be awesome, but Tim is in Australia it's a bit of a walk to get here. Tim runs a very creatively named website called Tim's Laptop Repair Manuals and on it he posts service manuals from all kinds of different things and of course he gets he is facing the brunt of the issue that Corinne describes. So this is a leather that Toshiba sent him. They said, hey, on your website we can see that you're distributing by download copyright repair manuals that are proprietary to Toshiba. These are only available to Toshiba authorized service providers under strict confidentiality agreements. This is where I like, they're like, you are not a Toshiba authorized service provider. Okay, no duh. Thanks guys. So Tim, in response to this, Tim, he's just a kid running the website. He went ahead and took the manuals offline and we decided this cannot stand. This is ridiculous. And so we launched Operation Fix Toshiba and we crowdsourced. We went on and said hey guys, we need like $10,000 to buy one of every laptop that got taken offline. We were buying them used and then we disassembled all of them. We wrote new open source service manuals. We put them online and then in the process we decided we would make Toshiba a new logo. Which I think they were super thrilled about. So we're kind of, we're chipping away at this around the edges. There's a variety of challenges that we're running into. One problem that we see with all kinds of gizmos is you say, well why do you need the service manual? Because this stuff is crazy glued together. Anyone here have the original AirPods, raise your hand, bought the original AirPods. Okay, now keep your hand up if they still work. We got like one. Okay, very impressive. The guy who didn't use his AirPods very much. You're taking them out of the box. So these gizmos have, like the moment you glue in a battery to a device, you're like, you're attaching a death clock to it. It's absolutely insane. The way that we buy gadgets today is like if you bought cars and the tires were welded to the frame. It's like when the tires were out just buying a new car. No one will put up with that, but we put up with this for electronics. And it's not okay. So we, I started doing the, like we're just going to write our own repair manuals and we wrote lots of manuals. We were creating everything ourselves, created commons and our cameras and we just got really tired. We'd been doing it over and over. Our community has written 75,000 repair guides. We're going to keep going. We're not going to stop. But every year at CES, manufacturers introduce like 15,000 new gadgets. It's very hard to keep up. So we have to bring manufacturers into the ecosystem and then when you get into the world of embedded software, we need access to schematics. We need access. We need to be able to legally bypass DRM. So that's where we started working on right to repair legislation. We've gone to the powers that be and it turns out some of them agree with us, which is pretty cool. So we went to the Federal Trade Commission a couple of years ago and said, hey, what's the deal with those warranty voided for move stickers that we see everywhere? And I think we're all here. We like breaking rules and I've seen people walking around here with, you know, I void warranty t-shirts. Cool. But why is it voiding warranty if you disassemble a thing? It turns out I guess we could ask the lawyer. Is it legal? So go for it. Break the warranty. So it turns out there's a law that says it's perfectly fine to open stuff up and it does if you remove a sticker that says warranty voided for moved, it doesn't actually void the warranty. And the Federal Trade Commission has asked all of us, if you see those stickers to send them pictures to reportfraud.ftc.gov. So if you, I mean you're welcome to send it to the FTC directly. As a matter of fact, the FTC has launched they just reached a settlement with Weber Grills and Harley-Davidson where the terms of their warranty were explicitly banning people's right to tinker. And then what's crazy is just this week the state of Wisconsin where Harley-Davidson is built, the AG of Wisconsin is suing Harley-Davidson for screwing over their customers and voiding their warranties. This kind of hits home for me because my dad was actually a Harley-Davidson dealer so I know a little bit about this world and I think Harley-Davidson has it coming. So we're going beyond that and we're working on actual legislation that will enshrine the right to repair and I've been working on this with Lewis and Paul and Cran and we've all been you know, it has been a journey. We're up to the point where this year 25 different states introduced right to repair laws and I have here a little bit of a grid of where we're at. Nevada I don't think is on this, so someone was asking me last night where we're at with Nevada. Someone who lives here is welcome to get Nevada on the list. Yeah, we had it last year and then it died, it didn't get reintroduced this year. This is a slog, we're trying to do this in parallel across all of these, but the thing is all of you in the security research world knows, you try to attack on a number of different fronts, you really only need to get root once, right? We don't have to get it on all of these, we just need to win one of these things because what right to repair laws say is if you make a product and you're going to sell it in this state, you have to make service manuals available online for free, you have to sell parts online, you have to make the tools available online. Once one state passes this, we're going to get right to repair for the world. And fortunately we think we've got that in New York right now. So the New York state and this is, thanks in much part to Lewis who's been in New York on the ground going to Albany regularly, New York has passed the house, it has passed the Senate and it is sitting on the governor's desk waiting for her to sign it, we're hopeful she will sign it any day now. This is huge. The New York law applies to all products that have electronics in them that are not agriculture equipment, motor vehicle, a medical device and cost more than ten dollars. Home appliances. Home appliances, we didn't get home appliances included, we'll get that next time. But that's a pretty broad swath right, that's most of the things that we deal with that's satellite uplinks, that's a boat there's a large number of products that are included in this. So it will be very, very interesting to see how this goes and how we can take advantage of this. We're hopeful that we will see more states pass this. In addition to New York, we also, going back to this slide, we also got a electric wheelchair repair bill passed in Colorado this year and that one has been signed, so that's exciting. And that's really important, unfortunately we're at like exactly opposite a medical repair panel that's happening right now and there's some doctors talking and we were just before this panel we were talking about how like, if you have an electric wheelchair and you want to change the traction control settings, it's hidden behind the service password that they don't give the owners. And bypassing that service password do I need to consult a lawyer before I bypass the service password? Actually don't ask better. I'm telling you just do it. She'll have a more nuanced answer. Yeah. This is how to make Karen feel awkward. Perfect. So we're super jazz. I want to mention I know there's a lot of international folks this is an international movement. The European Parliament has been on board with this as well. So there's a lot of momentum happening but we still have a long way to go. I mean we are in a Brazil style dystopia now. We're trying to get to a world where maybe stickers like this are not the law of the land. I think these stickers are so insidious because they're like I mean all of us are here because we like breaking rules. Most people follow rules. And so when you have a rule that's on every device like people tend to follow it. I do repair workshops where we'll give a kid a tool and we'll say hey do you want to take apart this iPod? And they look at me like I'm crazy because the rules, their teachers, their parents everyone in society has been telling them don't take that thing apart. Where does that come from? Where does this desire to be sheeple and follow these rules? So getting rid of these stickers is going to be huge. I want to mention one other thing about John Deere and there's going to be a John Deere session at 5 o'clock today. Which track? This one. Okay, here at 5 o'clock today epic John Deere news. You have to be here. It will be much more technically in depth. It's going to be awesome. I have been kind of fighting John Deere for a while. They don't like me very much. Along with EFF and others we applied for an exemption to section 1201 to copyright. We applied for the ability for farmers to be able to legally fix tractors. And I wrote this article in Wired Magazine about how they were saying you don't really own your tractor. And then John Deere sent this letter to all their dealers telling them that I was a liar which was kind of awesome. And in it they said similar to a car or computer ownership of equipment does not include the right to copy, modify, or distribute software that is embedded in that equipment. For example, here is perfect. A purchaser may own a book but here she does not have a right to copy the book, to modify the book, or to distribute unauthorized copies to others. Do you want to comment on that? You totally do all those things. So I mean these people are living in a totally different world. They're like you buy a tractor and you don't own the software on the tractor. You have an implied right to operate the software. Like what? This is nonsense. So we need to take back our right to tinker. And that's what I'm super jazz excited to be here with everybody here today to talk about. Thank you, Kyle. Thanks. Hey, Paul. Yes, I just want to make a comment about this sort of like from the hacker world, you know, like what these kind of heavy handed tactics that we're seeing from mostly consumer product vendors, like this is not new for most of us, right? Like if you've ever found some sort of vulnerability and you've reported that to a company and they try to squelt you or they sue you or they threaten to sue you, this has been going on for 30, 40 years of people trying to enlighten companies about problems, right? So the thing that's important about this is it's not just sort of security related hackers. It's the mainstream everything. It's every company is going to take what one company's tactics are and say, oh, that works. We're going to do that also. We're going to prevent people from modifying something which ends up coming back to us because it's going to make it harder for us. And what you'll also mention is and as you'll see is like these lobbyists are basically going up anti right to repair saying kind of blaming the reason why we can't repair our stuff on security, which effectively is like, you know, giving us a bad name, right? Giving hackers a bad name, which we've also had to deal with forever. So none of these it's just they've gotten bigger and broader and most people believe them just like the sticker. Like I had no idea that you couldn't actually take the sticker off because people, which of course I do, but people, most people don't and if you have something that you've paid money for you would like to assume you own it, but then you see something like that. You're like, I don't want to avoid my warranty like that. I don't want to get in trouble. So yeah, we're kind of like pawns in this thing as the lobbyists and as these corporations are using us as researchers and us as end users to gain their kind of political advantage in their legal advantage, which is like total crap. Corinne. I just want to I would be remiss just the John Deere reference remind me of something that I meant to mention earlier that's also hopefully good news, which is so the John Deere, that whole letter came up in the context of us applying for exemptions from section 1201, the DMCA, which every three years you can go hat and hand to us and say, please, please, can I do this thing? And this is ridiculous. It's stupid. And we've been fighting that at EFF for 20 years and next month we have a hearing before the DC Court of Appeals in our challenge on behalf of Matt Green and Bunny Wang challenging that whole law and if we win, we at least get rid of that piece. So fingers crossed. That would be huge. Okay, so the question is why at DEF CON, and I think one of the reasons that I wanted to bring this to this conference is that cyber security actually figures pretty prominently in the debate both pro and con on right to repair. I found it secure repairs because I was told Nathan Proctor at U.S. Perg told me, listen, we're in these hearings with legislators on right to repair laws and what we're hearing from the opponents is cyber hackers. One lobbyist told Nebraska lawmakers that if you pass this right to repair law, Nebraska will become a mecca for hackers. They're going to move to this state just so they can hack stuff. And so I thought but that's not all. So cyber security is a big part of it. And I thought just to give you kind of a flavor of what we hear, Lewis has gone around to hearings all over the country. Kyle and I as well, Joe's testified on behalf of right to repair. Give you a sense or a flavor of the arguments that we hear from the other side. So if you don't mind we're going to just take a journey down the anti-right to repair rabbit hole here. Has anybody here ever seen a magtrometer explode? To point out it's interesting this whole discussion I think underscores the evolution in the notion of ownership that we're seeing in the economy right now. It used to be before software was embedded in these devices ownership was very cut and dried you owned it or you didn't. But now with software that has become a little bit more complicated and then another twist and I think this is true of a lot of the folks in this room. Now we have services. So the combination of hardware of software and services is an interesting mix and I think it does put some of these topics or issues into the area. Okay so the first idea is on the part of the OEMs ownership is complicated and by that they mean you actually don't own this stuff. You're licensing it. I mean you might own the hardware but you're licensing the software and therefore we still have a seat at the table. Really common. That was from the nixing the fix conference at the FTC ran, sorry in 2019. Here's the other argument which is that security and repairability are actually intention with each other. That if you want to make something repairable kind of by definition you're not going to make it secureable. Of course repair on third parties like enterprise customers and manufacturers can make security worse and not better for all of us and here's how. First is the loss of accountability for security. It's difficult to hold OEMs accountable for security of their products if we also legislate design changes that will negatively impact security. Second is the risk of backsliding the security progress that we've made information. So consumers have plenty of choices in the marketplace and they can choose some manufacturers that prioritize security and others that prioritize repairability. But there's no reason that legislation should mandate repairability and take away consumer choice between repairability and security. I wish this guy would show up to DEFCON. Cool to have him on our panel. That's Dr. Earl Crane who is a PhD and I think is like an adjunct professor or teaches somewhere but he was for this group called the Security Innovation Center that I think still exists. It was basically a lobbying front group I was an aster turf group of security experts who support I don't know what they call responsible repair or something like that. He showed up to a bunch of hearings including that FTC hearing but he's kind of that whole group's gone on the down low. Manufacturers tend to hire experts so they show up and do stuff like this and I think they realize that they're going to be on stage at DEFCON saying stupid shit like that and they quit. Yeah. So we had secure repairs at Gary McGraw on the same panel as Earl and that was great. Okay. Third idea. Just a whole bunch just a word salad of scary sounding cyber stuff. This is if you are changing out any component at the hardware level with another piece of hardware you're not able to provide the same level of assurance that something else didn't happen. So that's the first key piece of that. What does that mean? Right. The second one is there is a fundamental rule of security that the best security is that with a crypto algorithm that it's open to the public. It's open for good crypto algorithms are those that are open for the public and for inspection. What's not okay is when you open up the signing keys, the secrets inside and the challenge has been that in the repair conversation it has not been articulated enough. We haven't had enough of a security discussion in here to make clear what will be mandated to be released and where the overreach is. Okay. As you can tell, he kind of got lost in the woods here at the end of that because he was pretty far removed from what Right to Repair is about. The final one actually the final argument you hear a lot is this idea about source code and intellectual property. I'm sorry. My name is Daniel Carson and I represent Schmidt Equipment Incorporated. Our dealership represents John Deere construction equipment. However, to the extent that the owner has the right to lawfully repair his or her equipment John Deere recommends against unauthorized modification of the embedded software code providing access to the source code would not only undermine the manufacturer's innovation and intellectual property rights but also risk data privacy and allow unauthorized and illegal tampering illegal tampering of safety and emissions requirements for the equipment. Okay. So that's kind of a taste of what I think we're up against in the Right to Repair movement. And so I thought we'd start first of all with the person on the panel who is most involved in just the trenches of repair and that's Lewis who does this for a living. And I guess Lewis could you talk to some of the arguments that you heard there about this cybersecurity risk in repair and whether the work that you do as a repair professional really poses a cybersecurity risk to your customers or to the public. And I think that at every single one of these hearings is can you provide one single example. Repair is a $4 billion industry per year so surely you should be able to give one example of one time anything like this has happened. Usually they can but I can. So for instance when they say that independence may be able to hack into your data and do bad things I point out how in June of 2021 there was an article released on how somebody who had sent a phone to Apple wound up having their sex tape uploaded into their Facebook so it would look like they were uploading their own sex tape. That happened at Apple? Not at us. Or in 2019 when the Washington Post show that this one horny person at the genius bar was texting himself raunchy photos from that customer's phone. Happened at the genius bar not here. There are a number of examples of things like this happening and there's this idea that there's this magical human being that exists, this magic Soviet man that you get when you go to authorizer Paris and where they just magically screens out creeps and weirdos and anybody that's actually being as large as it is that you'd be able to find a single example of us doing something like that and yet you can't. Some of the other arguments that wind up getting used is just typically safety and security. So for instance in Massachusetts in 2020 there was a ballot initiative for right to repair for motor vehicles and they would have commercials where you'd have a woman in a parking lot always with the really scary blue fluorescent lights and there'd be some string music playing in the background and somebody walking very slowly behind her and then you'd have this, his hand shows up on the screen as if he's about to knock her out because if you're a mechanic is able to get an error code from your car apparently you're going to be sexually assaulted in a parking lot. There was another one where you'd have a man in a flannel shirt because that's how you know the guy's a creep walking up on somebody's garage really slowly, this flannel shirt getting slowly into focus so you could see all the green and the black in there and he's walking into her garage because that's what happens when you get access to an error code in a car. Has anybody seen this? Show of hands. That's because it doesn't exist, but Aham was telling people that if appliance technicians work on your devices in your home that a magnetometer which doesn't exist is going to explode. It's called a magnetron, it's in a microwave and they don't explode. The people that make these arguments don't even know what the names of the gear inside of them are. The scariest argument for me came from Catherine at the ESA in 2020 where she said that if this gets implemented the game will play the console, which is the level of knowledge that we're dealing with and at the end of the day the most frustrating part is listening to these arguments realizing you have 90 seconds to get your point across, they get their point across afterwards and you don't get to say anything. Actually one of my personal favorite was a person named Charlie Brown from CTA who represents Samsung. He showed up and said we have a network of authorized people to make sure that when you get your phone fixed you don't have tiktok installed on it. Three months ago on the budget series Samsung phones pre-installed tiktok whether you like it or not. So many of the things that they wind up accusing us of are not only things that they're doing but things that they're getting in trouble for and the news for doing and they never seem to face any sort of accountability or responsibility for it. If I make things up then I'm going to get a one star Yelp review, I'm going to get a charge back, my store is going to close. They get to make things up on a regular basis and make $100,000 to $400,000 a year to do it and for some reason people believe them. So those are some of the arguments that I hear and this is the one that actually got me started in this because I'm not a political professional or lobbyist or anything. One of the assembly people in New York State said that the Apple lobbyists had said that when I replace a fuse on a MacBook motherboard that what I've done is I've now converted it into a PC because I changed the fuse. And when I give it back to my customer I'm still letting them think it's a MacBook when in reality it's a PC. That's fraud and if you want to prevent fraud you won't let Lewis get access to that through this bill. I just stared at him, I'm trying my best not to just fume and curse him out because he's my assembly person and I don't want to get audit again. I was thinking about it, I said, why did you believe this horseshit? And he says nobody else came here to tell me otherwise. Now you did. And he actually signed and co-sponsored the bill right in front of me. And that got me to realize, you know, there are all these people that think there's no point to bothering, why would I call my assembly person or senator, why would I say anything and the reality is the reason these people win is nobody else shows up. Yeah, I mean one of the big things, which is the same lie that your car dealership tells you, right, is that their repair people are walking around in lab coats with PhDs and the corner garage are criminals and never do wells. But in fact, you get excellent quality from the corner garage more often than not and you get good quality from the authorized repair provider. And that's a great example of Apple talking about their authorized repair as if these people are all highly, highly vetted. And what we learned actually only through a lawsuit was that in fact Apple just outsources their device repair when you ship a device out to a company that actually outsourced it to a third company where these, you know, obviously not very well vetted employees stole images and posted them. Louis, I mean, maybe if you could just talk about the restrictions on your business for repair, like what are some of the hurdles that you need to get over? I know there's one just around you have parts that might, you might have to order from China, replacement screens, they might be original Apple parts, but they're getting seized at the border because they're being declared counterfeit and some of those types of things. Yeah, so one of the largest problems that I'm facing right now is let's just get by and show how many people have had a device, they plug it into charge it and it dies. Okay, common problems. Let's say you have a $3,000 device that does that. What would you guess the repair price for that is? Yeah, loud, any guesses? Close. It's about $1,500 to $1,700. And the chip that winds up dying is about $5 from Texas Instruments. Now, when that particular chip dies, you used to be able to just buy this chip. You could buy it from a Texas Instruments reseller or an interstellar reseller, go to Mouser, Digi-Key, Newark and spend $5 buy it and then bring it to any one of the Shmorgas Board of Repair shops, some charge $75, some charge $400, some charge $200, and they would all be competing in the market for your business. Now, what they do is they tell Texas Instruments, don't sell this basic chip to anybody but us. They'll take a chip that is a basic normal function, they'll modify it in one small way, like what address it communicates on, so now you can't buy the off-the-shelf chip and then they will make the chip that they slightly modify not available to anybody else. So what we will have to do is wait for donor boards to come from China, so what people will do is they will take these boards that are being thrown away because they're defective and that are about to get recycled and we will buy them. Now, five years ago, Apple started to get a little bit smart about that, so they started searching people as they're leaving the facility and they started shredding up all the devices that they throw away. So now, you can't buy a donor board to get that chip anymore. They have to sneak it out in their underwear. They'll be a wing, a breast, a thigh, it'll look like you'll get a little box of bits and pieces of board and you have to see if the chip is on there that you need to put it on the board to be able to fix it for a customer. And the people that are making this stuff available, I imagine, are not exactly doing it in the most legal of ways. So when I explain this to senators, I'll say I signed up to be a nerd, a device repair person. I wasn't trying to be Nicholas Cage's character from Lord of War, running guns all around the world but that's what it feels like. When you hear your supplier say the reason we're cutting these things up is because they have to sneak it out in their underwear before it comes to you. Obviously, the first thing I did is I dropped the donor board in front of me. I went to wash my hands. This is part of the process or let's say the schematic diagram that winds up getting taken from somebody when their computer is free and somebody walks in the room and plugs in USB and then sneaks out and then makes it available to all of us. I mean, you used to have repair manuals written on the back of the device. Now you can't get access to this even if you're an authorized repair center. So if I get authorized by any of these companies I still can't buy those chips. I still can't buy those manuals even if I'm willing to pay and go through all of their vetting process. Joe, you talked about that as well. I have the talk about that. Oh, I just wanted to comment on your thing about, you know, vendors trying to make off-the-shelf components inaccessible to small companies which just reminded me. And you might even have something to say about this. I'm working on a project right now so extracting raw NAND flash from a MacBook motherboard. We take it off. Standard footprint looks like any other regular type of memory device but it turns out that Apple has worked with Toshiba to actually change the pin-out in such a way that all of the available sockets and interfaces don't work with it. So there's stuff you can buy in China on AliExpress and different sockets that have pins coming up to touch on different pads of a standard chip. That doesn't work. So you have to manufacture or create all your own custom stuff just to read a pin-out. Functionally, it's exactly the same but they've changed that pin-out for no other reason I believe other than to make it impossible to get the parts other than from donor boards and for somebody like me to actually get the contents off to do something with it which I'd never even experienced that before. Have you seen that on other Macs? The most insidious part of this is that they don't actually even offer these services that they would be competing with you on so let's say that you'd be offering data recovery services and they make it impossible for you to do it. Warren Buffett walks in there and says, here's a hundred million dollars. Try to get my stuff and it's a basic problem. They say no. And they just make it hard so now it's like a big problem to help somebody with is now like a multi-month process. You have to buy donor boards and test it and build circuit boards to interface with other stuff and like it's almost a lot of times security we know is kind of how hard is something and is it worth the adversary from doing and I think a lot of these tactics are just as slow as down to be like it's not worth the effort so then they just kind of get their way with it. Yeah, I think some of this conversation is we're concerned about the repair monopoly and they're screwing over the independent repair shops to monopolize repairs. That's certainly what John Deere is doing. What I think Apple is doing is it's a flat out war on repair. They don't want this stuff fixed by anyone including Apple folks. It's a cycle of disposability. The airpods were never designed to be serviced by Apple or anyone else. They're designed, you buy it you use it for 18 months and then you go back and you hand them another hundred and seventy nine dollars. That's what they want. Repair laws are sort of silent on that. If you want to make a product like the iPods that are not repairable or serviceable knock yourself out. Presumably that would fall to consumers to sort of put pressure on manufacturers to... Consumers and Europe is working. France has rolled out a repairably label where rates products from zero to ten on how fixable it is. It's right next to the price and that's starting to have an impact. Joe, you talked a little bit about the concept of jailbreaking devices because I kind of this is sort of the future which is... I would love a future in which it's sort of like hey thanks for the hardware John Deere this is a really nice tractor. I'm now going to load my own OS on it. And my own services. I'm going to keep my data instead of sending them to your cloud to monetize. But great job on the tractor. Works great. So talk about this notion of just sort of jailbreaking and what role that might play in creating a more repairable ecosystem. Sure. I think from a general perspective, if you're not familiar with jailbreaking I kind of think about it as just bypassing controls of some system to give you access to other resources and those resources are already available but not to you. It's something where I think a lot of companies are implementing heavy security so they can rely on DMCA and rely on legal action but if you're buying a product why should you be able to gain access to all of the resources? John Deere tractor which you know 5 p.m. right? Stay tuned. It's sort of like if you can't modify your hardware do you actually own it? And it comes back to all of that so it really is breaking out of a sandbox or I thought about today in the shower it's not even a sandbox it's like a play pen they're trying to keep all the children inside and not letting you out to actually use their hardware. But I still cannot wrap my head around why that shouldn't be other than the fact that we know they want to you know really they want to make a lot of money and they don't want you to use their hardware so they want you to buy new stuff but you know it's just another way to make things difficult for us that is not necessary other than they want to make money and they want to maintain control of what people do with their stuff which is exactly why I think we're at DEF CON to have control of things and break things and make things do things that they weren't intended to and this is just another step in that process I mean this affects all different kinds of products we talk a lot about smartphones we talk a lot about laptops because those are just things that everybody uses but it's also home appliances, agricultural equipment heavy equipment can we just talk sort of are there companies, vendors, OEMs that are doing this right and are there OEMs who are maybe on the road to doing things right and are there OEMs who are totally lost in the woods on this Kyle, I think that's a good question for you Yeah, I mean the heroes are probably the startups the folks like Fairphone out of Netherlands has a super repairable modular phone then you have Framework with anyone Framework customers here you're awesome in the back Yeah, check out Framework laptop Framework is killer I love about Framework I mean amongst other things it's super modular, modular ports, everything else but you can, if you upgrade the laptop you take your board out of your old laptop put the new board in and then the board that you upgraded is a full-blown standalone PC you could 3D print a case and use it as another computer computers are modular, why the hell aren't we doing this all the time so you have startups paving the path but now as right to repair laws are starting to get passed we're going to see some companies come to us so far this year I fixed this launch partnerships with Microsoft with Google and with Samsung and Valve with the Steam Deck which is probably the most important one where we're distributing parts for them so we're starting to see movement but we have to get this from the French to mainstream and having some of these large manufacturers very grudgingly come on board and start to work with us is important Corinne, one of the things that companies are doing a lot now is things like putting little trademarks or logos on even really tiny parts so that they can to the point about counterfeit parts versus authentic parts and whatever, talk about how they're really trying to sort of frustrate the aftermarket ecosystem for parts around what you need to do repair and what the legal theory behind that is it's a long standing practice from the creative industries the traditional Hollywood copyright industries if you can't get it via copyright see what you can get via trademark the good thing about trademarks is they last forever as long as you maintain them as long as you're using the mark there's no term we know the copyright term is ridiculous anyway up to 90 years but trademark trademarks for 120 years now maybe I'm close to 120 so the idea is maybe copyright isn't completely helping us but if we put our trademark on every single little bitty thing then we can go after folks who might be providing an alternative but maybe are also using the mark or using the object in a way that we didn't authorize and then we can say okay well that is a trademark violation because we have the right to control the use of our mark and how it's used and so you can sort of use it downstream or you can go after people who are trying to resell those parts who have managed to break things apart and they want to sell it on eBay or whatever and go after them and say you're not an authorized seller of this good and they'll shut you down and the thing about it that is worth thinking about is because very often a lot of this doesn't happen like one to one but rather via platforms so if you're making parts available maybe you make it available on eBay they're not going to talk to you that's too much trouble they're just going to send a note to eBay and eBay will take it down or Etsy or whatever it's a way of bypassing actually trying to go after the individual directly you go after the platform who is much more vulnerable and less interested probably in defending any given seller than anyway because the seller is probably not giving them very much money they want to preserve their entire platform and they don't want to get any litigation so it's just better to take it down if you open an iPhone or if you look at I fixed its teardowns you'll see just about every part inside the iPhone has the Apple logo on it and I met some engineers who had worked on iPhone you know were out of their 7 year NDA and I was like why do you guys do that is there any engineering, is there any supply chain reason for that and then he said I have no idea why well I'll tell you the reason why is to make it difficult for people like Lewis and I to get parts across borders the presumption at US Customs is that you are guilty until proven innocent and you have to show that you have permission from the trademark holder to be moving that trademark across the border so when they put the Apple logo on a flex on the display, how does that limit you so let's say somebody buys an iPhone in China they take all the parts that legally purchased iPhone in China and then they sell them separately to someone in America that they will be seized because they'll say that all of those parts were counterfeit because it has an Apple logo on it and since you're not on the list of people that should be getting those parts then surely that must mean that it is counterfeit it's assumed to counterfeit unless you are on that particular list so even if I'm importing parts that are either whether they're used or they came from an actual device that somebody bought in that country that they're parting out for profit, you can't import them they have to find a way to grind the logo off of it and if they don't grind the logo off of it then you wind up getting in trouble this is a particular problem when you're talking about something like a display assembly where they grind the logo into the back of the case so that you're not able to actually import it so you usually wind up having to make the package so annoying that they just don't open it to see what the logo is and you'll see, you'll probably get packages like this where it's been taped over and has 10 or 20 layers of cardboard they'll be, my personal favorite was when they actually shipped me display assemblies what they did is they put it in so they put them inside of laptop coolers so these laptop coolers are little fans that you put onto the laptop they broke it, they broke the fan blades and they put my parts inside of it and they find all these ridiculously creative ways to get around customs and it's not that hard it's kind of like getting something past the TSA which is fairly simple Karin, how can they do that? why is customs and border protection why is customs and border protection in the business of helping Apple to suppress the total legal movement of aftermarket parts federal jobs program huh? actually, you'd be shocked how much federal money is and resources are spent policing IP when you think they should be doing something else and really you think Homeland Security, what does that have to do with it? Homeland Security is seizing websites I mean, they're involved in copyright infringement because they're under tremendous pressure from major IP owners to be engaging this kind of activity and, you know, they're responsive to that because what will happen is IP owners will come to them and say like you have no idea the piracy the fraud and the argument will be you are protecting consumers from getting counterfeit parts you're protecting consumers from accessing pirate sites not realizing that you're protected like that will be the idea you are protecting the security of Americans and I do think most of us when we think of Department of Homeland Security I think that's what they're doing with their time and also when we think of the Customs and Border enforcement, I mean, yeah, they are going to police counterfeits across border that's not a crazy thing for them to do it's just perhaps, you know gone a little too far maybe got a little too far, priorities and they, I mean Customs is a thing where as a big company you can pay Customs money to pay for their staff to do their enforcement it's very convenient if you have buckets of money okay, final question and I want to go to some questions from the audience and this, I think Joe Kyle Lewis probably good question for you how do we promote this not only, you know, right to repair so yes, right to repair laws get them passed but kind of what Kyle was talking about this idea and Joe that you talk about a lot of getting people to start thinking about their devices in a different way not being afraid to open them up not buying the lie like it's cheaper to just replace it and actually kind of start thinking about these as things that they own and things that they have the right and the ability to fix themselves or get a neighbor to fix or get Lewis to fix I mean I think you know what Lewis is doing and what Kyle is doing are sort of the main kind of things of getting people to realize oh you can fix stuff like I've, you know, ever since being a kid like most of us want to open stuff up and see how it works but not everybody does that most people buy a device they take it for granted and say oh some magical engineers created this thing it's perfect and not realizing they can open it up and of course when vendors are making things harder to open and they add all sorts of problems from a trademark perspective or anti-tamper mechanisms to make it you know self-destruct or delete something when you open it like there's all these things that prevent us from doing it but again it all comes down to profit and control I think really spreading the message to people of like look you can open stuff you can modify stuff you shouldn't have to go to Shenzhen to like find components that you can bring back you know if you've seen strange parts YouTube channel you know there's people repairing things and modifying things but it shouldn't be this difficult to do like Lewis shouldn't have to have people smuggle parts through it should be as accessible to us as it is to other people when I'm talking about I was there and if you've ever go if you ever can go to like the SEG market and Bunny Wang has written about this a lot and you go and it's floors and floors and floors of different components for different projects and the repair culture is a lot different there and the the access to information and information sharing is a lot different there and I kind of put it on myself I showed up I had like 90 minutes and I wanted to see could I find schematics for like an iPhone because I had heard you could do it and talking to different people at different booths or like talk to this person talk to this person I had my iPhone trying to translate because even the Chinese word for schematics is not schematic it's like you know visual drawing of something so I ended up going through and finding books of schematics that had you know confidential information blah blah but either somebody had taken those out of the factory or they reverse engineered the board but it shouldn't be that hard right and like I finally got them and I guess technically I'm going back to the U.S. but why like most people are not going to be able to do that so they're going to rely on Lewis and I fix it in other like I fix it shouldn't have to reverse engineer old Toshiba laptops to make their own manuals that's just ridiculous so the whole thing is just mind boggling but I think it all sort of boils down to why we're hackers in the first place and why we're here is to like educate people and push against corporations that are trying to do something you know to make the world a place that's better for them than it is for us Lewis, Carl, anything to add? I think it comes down to getting people personally invested in it you know this I think that there's two different types of activism there's the greater Thunberg type of activism with the How Dare You which results in more Ford F-350 diesels rolling coal on my electric car and I run through Pennsylvania than ever before and then there's the type where you try to get people personally invested so you know what part of what I tried to do on my YouTube channel is turn it into a little bit of performance are like Mr. Rogers or Bob Ross thing repair videos to YouTube I was looking for them myself and they would always be 90 seconds have techno music playing super fast very boring there's no you know there's no soul nothing fun about it so I would try to make these little 9 to 15 minute clips where it seems interesting we explain the entire concept in a way that a seventh grader could understand we would go through every single thing that we did we try to make it a little bit interesting talk about current events while we're doing it and also not leave anything out so when I say make it get people personally invested I mean also do it in a way that is profitable somebody who watches this stuff could start charging two or three hundred dollars for 15 minutes at their time to do that type of work themselves or they could use that to fix their own device and save a few thousand bucks and once you've saved somebody a thousand bucks they're personally invested or once you see once somebody is actually watching going this is kind of entertaining this is kind of cool and they watch a hundred of those videos and then I say by the way these may no longer exist because the company is taking away our ability to do that you've kind of personal investment you said that this is what is going to be taken away you're going to stop being able to enjoy this if this goes away so I think you have to get people as personally invested as humanly impossible and that starts by allowing them to save money allowing them to make money and allowing them to be entertained through sharing your passion and I think that that's something that is more going to be on the cultural side than the legal side like I do a lot for a right to repair on the legal side but at the end of the day a right to repairable gets released that says make things available Samsung tells Kyle we're going to give you two hundred thirteen dollar batteries welded to the screen like there's an element of malicious compliance that it's always going to be there and getting people personally invested in all of this so that companies like framework exist and are actually economically viable people want to buy that because they value repair ability to the point where they can actually make schematics available for their products and parts and everything else that's what's going to be what I think what moves this forward I think also that the amount of views on your channel sort of validates the fact that people want to fix their own stuff right it's like that's that's what the companies are afraid of because if they're going to lose money on their authorized dealerships or whatever it only proves the point that watch empty real estate was that or watch empty real estate well yeah okay of course so one of the things that we talk about a lot at EFF is sometimes you have a need to speak tech to power and what that means and it's kind of what I think Lois did to some extent like there are times at particularly the state level where what we need is for someone to comment testify or even just talk to their local assembly person which most people don't do and kind of don't want to do and I don't blame them I understand it's not that fun but sometimes that's really what's needed is for us to have a technologist on the ground who can go and just talk to their representative and say I'm going to tell you the truth because I know it and this is my profession and this is what I do and and it's actually amazing to me how responsive especially at the local level that folks can be because they want they don't hear from that many people and to be honest they hear also from some crazy people and then they hear from a bunch of really expensive corporate lobbyists who are really good at talking and despite the mumble mumble crazy that we heard earlier but actually they're pretty good at it and they give them money so speaking tech to power is actually a place where the people in this community can be really effective. Yeah I mean that's one thing that struck me in this whole process is how when you go in and talk to legislators you know they're definitely open to hearing your opinion but you also get a real sense of how much their day to day is occupied by lobbyist lawyers, PR people working on behalf of moneyed interests whether those are specific corporations, industry groups what have you like those people are there outside the john when they come out to like talk to them on their way back to their office they're there you know taking them out to lunch and that has an impact and you you know we have lives we have work we can't hang around state houses and lobby so we do need to work collectively. Yes Joe. I'm curious about something is there anybody in the audience that works at a product vendor you know somebody that's designing products and selling them so maybe doesn't have a you don't have to say if you have an opinion about right to repair but working from that side like actually as a consumer product vendor or anything yeah there's a couple so there's um there's there's something that came to mind so crowd supply is a is a website you know promoting open hardware development and crowdfunding and they have something called the proclamation of user rights that not only are they just going to take any project like say a Kickstarter might or Indiegogo they have a list of like certain things that protect user rights so you know I have it on here like curiosity and independence and association and longevity and transfer and discourse and privacy and security and if you're from those worlds of product development like you should take a look at that list of user rights and I think it's really interesting if besides talking to the lobbyist like working within the organization and saying look this is how products should be designed like we can still make a profit selling our product but if we follow these rules like framework and like some of the projects at Bunnywang are working on and you know there's all of these smaller projects but if if if this type of mindset can go into real company consumer design like that would be amazing and then it's sort of it's it's for the people right and like I think they crowd supply did a really good job of sort of explaining these different steps so even using that as a resource or like a starting point maybe I have no idea because I'm not in that world but maybe that's something that is worth trying to you know start something to say on this I think and I fix it we're doing a lot of that we do a lot of you know consulting and work with companies there's a lot of that we're starting to see the pendulum swing and so there's a lot of interest how do I design repairable products how do I design safe replaceable batteries what does it look like to set up a part supply chain we're at the beginning of that we need a lot more so as you are talking to your friends that work in engineering at these companies like this can be done right we can design repairable long-lasting hardware we just have to decide to do it we have to make the case to management and so that's what I spent a lot of my time doing is making the case that either the sustainability folks or the security folks or the engineers want helping them figure out how to make the case to management to actually shift business practice sort of like coming back around to how it was in the 70s and 80s where you would buy something you're schematic and you're at you know Apple the first Apple too had schematics and you buy prototype boards and it was the default and it was just the way everything was done at the beginning of the electronic zero we have lost our way now we have to argue our way back on to right in our path yes and legislate our way back okay are there questions from the audience for our panel oh great we'll start there front row green shirt I'm a father and I learned how to get curious by taking stuff apart my grandfather had like the audio tubes television and he taught me how to tear stuff apart and I took that on to my kids and they became curious about technology if I walk around at the schools I see consumers so consumers are being created instead of creators and I think as a community we have like we need to keep kids curious by taking stuff apart don't be afraid of technology because it helps them think about certain issues but it's also like we're saving the planet by allowing this to change as a community so if you can inspire someone do like classes on school help inspire others that really helps and those are the next generation of kids that might turn into engineers that then work in the companies and have that mindset not the closed mindset but the open mindset so that's hugely important exactly and there's like so many people required in the industry third row and then just move back that would be great that's the fourth row but ok hello I hope you can connect some dots here because the problems that right trip error seems to face you listed was like end user license agreements customs, DRM exclusivity agreements and legislation I've seen so far only seems to tackle maybe one of those is there any like what legislative solutions are we looking at especially like EULAs I want to make sure I understand the question so what legislative solutions are we seeing to the various legal impediments because the legislation I've seen so far that you've been advocating for only seems to say we need to make manuals available and things like that I'm not sure how that really solves some of the problems that we've had for so long especially with like EULAs where I shouldn't have to really agree to an EULA to receive it and use it so there's a couple things in play so you're quite right that the state right to a pair of laws they're great they don't do everything there's way more to be done but it's a start there is in fact go ahead sorry there is a long standing bill that's been in congress that was introduced by representative Zoe Lofgren that would change section 12.01 at least so that if you are circumventing if you're breaking the lock to make a fair use to do something that's otherwise lawful then it will be lawful and that would be tremendous unfortunately there's very very strong opposition to that but that would be tremendous we really need some solutions at the federal level unfortunately courts have over and over treated end user license agreements like regular negotiated contracts and treated them as equally binding to regularly negotiated contract and that's ridiculous and there's more and more folks who are talking about it but that's a thing that's also going to take some action at the state level because contract law is state law so yeah so there's that's why I'm actually mostly hopeful that we get rid of section 12.01 anyway in court rather than having to rely on congress because courts are slow congress is slower I would call on all of you if there's something that bothers you like I'm just a guy who decided I cared about repair and spent a while advocating for this Lewis started a YouTube channel we're just normal people we're just like the rest of you so if something bothers you if you want to take on the EULA issue it's a major major issue we need more people working on this there are not enough people in the public advocacy space working to counteract these highly paid corporate law and to the question on the right to repair laws it's a little bit it's not just about the repair manuals they also say that you have to provide access to diagnostic software and they also say that you need to provide tools to unlock digital locks for the purposes of doing repair so it isn't just oh well you'll get the manual but you're still screwed so they're more granular than that the state law is basically give or sell me the tool the federal law that we're working on is make it legal for me to whittle my own tool yeah I don't know where the mic guy is where's the mic guy I've got it here really interesting that you mentioned Harley Davidson because my motorcycle is in the shop right now because I tried to tune it and now they've refused to fix the motorcycle it's not even a warranty issue they won't even allow me to pay for a new thing or fix it they said oh you broke it so we'll no longer fix it how does how do I go about working with Harley Davidson or whatever to say you know you this is not legal or you know what are the laws that could protect me in the state of California don't go alone I think bring some muscle yeah I mean we need we need them to be sharing their diagnostic software so at least you've gotten even shot at what the dealership is going to do and that's where like the Massachusetts existing right to pay law and then the updated one that's currently being challenged in court that will help I visit apply the motorcycles I don't I think I think it does I believe it does yeah but that that's the right the right strategies at least to get you on an even keel with the dealership so that you can maybe use their tooling I would mention from a security perspective once we do have access to their tooling that's a whole nother attack service we can investigate so that's gonna be a lot of fun so expect expect as right to repair starts to become out there and companies are posting diagnostic software you may see someone I fix it soon that's gonna be interesting bites to look at yes no more security through obscurity yes okay go ahead mm-hmm mm-hmm just to recast the question so you can all hear he said yeah we're a hardware vendor and the product that we sell is regulated we have to have tamper proof mechanisms on the product in order to sell it what's here can take on that yeah I mean you know if you're following 5th 140 which basically is a checklist of things you need to do to be physically secure or be secure which is anti tamper mechanisms to prevent physical access maybe you know encryption of data and things and things like that I don't know you know from my perspective of being a hacker when I see a product that's 5th 140 compliant I say okay at least they've maybe tried to take some steps but I still am gonna try to hack it right yeah a lot of it security by obscurity a lot of it is checklists of things I think yeah if you're like on it because of those things are you now preventing right to repair in a way that you would prefer to enable that but you can't like I don't know right to repair laws really don't deal with design at all all they're saying if you're a hardware if you're a security vendor you've got an authorized repair provider who you send your gear to and you provide them with tools and information to do those repairs on your behalf all repair says nothing to do with how you design your product all saying is you need to make those tools available to your own to the customers themselves and to independent repair so that they can so they can be a better market for that service and whether it's FIPS compliant or not I think that right to repair laws are totally silent on that it but if you've got an authorized repair infrastructure you know system you know network they're saying you need to open that up I know Lewis saying Kyle did good work in the New York State right to repair law let's say we check that past the legislator and it's waiting for Hocal signature is there anything else holding that up no email Kathy Hochel the governor Kathy Hochel it's sitting on your desk she just needs to sign it indications are that she will but I think request you know like friendly suggestions or request that she sign it would be would be welcome yes but I can say we're actively working on it right the repair.org right to repair coalition working on this please join repair.org we met with the governor's staff this week and we're continuing that dialogue so we're hopeful you say well why hasn't she done it yet New York passed a thousand bills this year she has to sign all of them by hand so that takes some time I think we have time maybe for one more question yeah so hypothetically if members of the audience were let's say involved with some consortiums of hospitals that we're fighting against some particularly evil and litigious OEMs on right to repair how might they get more collaborative with those of you up at the on the panel and work together on some of these issues come up and talk to me after we're we're very interested we're working with hospitals we have medical focus right to repair test one thing by the way I want to mention since the other panel that's happening right now is talking about medical but when covid started we started collaborating with EFF and we said look there's all these service manuals for hospital equipment that should be out there bio meds are handing them around on hard drives and usb sticks to get the service manuals around can we just get those on the internet I talked to her I was like you know do you think you guys can can back us up if we stick our neck out a little bit on this yes and so we did it and so we launched the on I fix it we got 300 archivists and librarians that have been sent home during covid to help us comb through and we got 25,000 service manuals pds for everything from a ventilator to a CPAP machine to you know hospital equipment vital sign models you name it it's online fix it com it's all free it's all and so I would incur I hope that's a useful resource also if you're looking to do security research on these things the service man is a good place to start yes so hopefully that helps but yeah we're working actively with hospitals around the country and we'd love to talk do we have time for one more question or not yes over here over here yeah right but he's he's got his hand very high up thank you all for coming I was just curious there's a lot of talk about right there parent and Lewis Ross Rossman you're a hero mine I'm curious if you have any thoughts on focusing more on kind of removing these unelected bureaucrats like in customs like kind of reducing their powers focusing on that having Congress act on that in particular removing powers where they don't need to be I definitely wouldn't be opposed to it TSA while we're at it as well why not it's beautiful okay give a big hand to our panelists they did an amazing job and thanks all of you for coming and asking great questions