Am I being a bit naive to think that this has more to do with public safety? In theory, there is some increased level of regulation/review of the car and medical device manufacturers that limits the risk these repairs aren’t done to an appropriate standard? You can make a trade-off between standard of repair and price for your iPhone that only impacts the device, but cars and medical devices not properly repaired could impact a life.
You’ve used a grey argument. Apple themselves have argued that one of the reasons they have to limit repair is for public safety (someone could have a battery explode if they pierce it, for example), whereas we could also argue the other side: that if someone modifies their own medical device and gets hurt because of it that they legally only hurt themselves because they had the right to make that choice.
IMO it comes down to this: do we advocate for laws that give companies the ability to decide what is right/safe for the public, or do we advocate for laws that reflect trust in the individual?
> IMO it comes down to this: do we advocate for laws that give companies the ability to decide what is right/safe for the public, or do we advocate for laws that reflect trust in the individual?
This is a really great way to put it, and it applies broadly to so many fundamental disagreements in the tech world.
I firmly believe it’s better to trust the individual—so I think users should be able to sideload iOS apps (only if they want to) and install their own root certificates. Others think individuals can’t be trusted, and so we should let tech companies dictate what is safe for everyone else.
I agree that individuals should control their own devices.
I also agree with Apple's implicit claim that if iOS users could sideload apps, millions of idiot iOS users would get their devices owned after they followed some "follow these seven steps to get free $POPULAR_MOBILE_GAME tokens!" guide they found on the web, making the platform less trustworthy overall.
Apple makes a good argument that buying an iPhone is also buying, in a sense, a remote managed security service for the device at the same time. The net effect of this is that millions of people now have devices mostly free of the most egregious malware (and it's limited to just spyware, delivered via the App Store). For most users, this is a better state of affairs (at least in peacetime, or outside of China/Vietnam/Russia/etc).
and yet, despite occasional problems, the same hasn't happened in the Android sphere with sideloading. Problems? Sure... but not "ZOMG MILLIONS!"
"Apple makes a good argument" Their argument doesn't give near enough excuses for their mafia level racket to shake down businesses of protection money. "Pay us or Joey will break your kneecaps. Its for your own protection."
> and yet, despite occasional problems, the same hasn't happened in the Android sphere with sideloading. Problems? Sure... but not "ZOMG MILLIONS!"
Millions of Android devices have malware problems, yes. I might even agree with a claim that it is ZOMG millions.
Estimates claim that as far back as 2016, a million new Android devices were being infected with malware per month. The current figures are estimated by AV vendors at 4-7 million infections per month.
It's only a good argument if you assume that Apple is fundamentally interested in consumer security. It isn't. Apple is fundamentally interested in control. Security, however Apple defines it, is a chosen means to the extent that is fulfills the company's primary goal.
That's not to say that Apple should behave like a charitable force. A company's goals and decisions are its own prerogative. But as we've seen with the revelations of the Epic trial, the Darth Vader-style rule changes, updates that interfere with the basic operation of the device, etc., you're not just buying into a remotely managed system like a remote desktop at a colocation center. You're buying into the blackbox of Apple's present and future business decisions whether that suits your needs or not.
Should security no longer justify the cost to Apple, they'll contort the meaning of the word to suit their ends just like Tim Cook has done to the word "equal" during his congressional hearing.
You can't downgrade/upgrade the OS to a specific version of an update after a fortnight or thereabouts. That's an artificial constraint applied by Apple. It's not even possible to do so offline with iTunes even if one has the IPSWs. If you check the /r/jailbreak subreddit, talented coders have to hack the SEP and build complicated, low-level-interacting software like futurestore in order to perform a semi-successful downgrade/upgrade.
However, if you install an update to try it out, or because you didn't realize that it would e.g. break 32bit support, you can never downgrade again (unless you happen to be within a two-week-ish period.)
Your first paragraph contradicts the second and third paragraphs! If you believe that individuals should control their own devices, why are you in favor of Apple retaining control of every iPhone it sells? Pick one!
I didn't claim to be in favor of Apple retaining control of every iPhone they sell. Please re-read my comment.
My claim is that for most users of iPhones, the situation of Apple being in control of their device, rather than themselves, results in a better outcome for that user (and is oftentimes explicitly preferred by that user as a result, and is reflected in their purchase of an iPhone).
In fact, Apple delegates control of an iPhone's userspace execution environment to any iPhone owner who wants it: they will give you a signing cert for use in xcode to run any app you want on your own device (no developer subscription necessary). This is how AltStore works, and allows AltStore users to run emulator apps on the iPhones they own.
> My claim is that for most users of iPhones, the situation of Apple being in control of their device, rather than themselves, results in a better outcome for that user (and is oftentimes explicitly preferred by that user as a result, and is reflected in their purchase of an iPhone).
Okay, but that comes out to the same thing, since I can't buy an iPhone which isn't Apple managed. If Apple offered a choice, that would be one thing—but they don't.
> In fact, Apple delegates control of an iPhone's execution environment to any iPhone owner who wants it: they will give you a signing cert for use in xcode to run any app you want on your own device.
What they give you is the ability to sign up to three apps at a time, all of which expire after seven days. It's not useful for anything but testing.
Plus, you're stuck in the App Store sandbox. You can't downgrade to an earlier operating system, you can't inspect the HTTPS traffic being sent out of your phone, and you can't even run anything that uses a JIT.
> What they give you is the ability to sign up to three apps at a time, all of which expire after seven days. It's not useful for anything but testing.
And if they decide to they can flip a switch on their server to disable your account and stop “your” apps from launching.
> Okay, but that comes out to the same thing, since I can't buy an iPhone which isn't Apple managed. If Apple offered a choice, that would be one thing—but they don't.
Well, you know this state of affairs well now, so when you buy an iPhone you willingly opt in to these remote management restrictions. There are lots of smartphones you can buy without such cryptographic boot restrictions.
Many people willingly choose iPhones (even given these constraints), and would prefer a remote party manage their device's security.
Apple's argument is a legitimate one, and you should be able to operate in the market in this fashion. Nobody's forced to buy an iPhone if they don't like how the bootloader is configured or the App Store is run.
> Many people willingly choose iPhones (even given these constraints), and would prefer a remote party manage their device's security.
I mean, but you're making a big assumption there! I buy iPhones in spite of those restrictions, because the only other options have worse processors and cameras, and because most of the people I know use iMessage.
I'd pay double the cost of a normal iPhone for a Security Research Device, if they were available to the general public.
Absolutely when it comes to tech. It's fairly inconsequential sideloading something to your phone.
Medical devices I think should need a someone well versed to work on it.
With cars, the current model most states in the US have is a good middle ground. You can do whatever you want to your car, but it needs to pass a safety inspection every 2 years to drive it legally.
The inspections in my state are fairly comprehensive. Airbags, seat belts, headlight brightness, and structural stability of the frame to name a few.
It also helps the US has a strong car culture with tons of experienced DIY-ers, which I imagine helps.
I think we should just have some pretty clear literature that if you modify a device, the manufacturer is not responsible for any injuries it might cause you.
Modify a dishwasher and now it fills your kitchen with soap bubbles? Modify a CPAP machine and get killed by it? Not the manufacturer's fault.
By passing a right to repair on medical devices you also open up the aftermarket for repairs. Would you like to be handed a medical device by your insurance company that has been repaired by an untrained person that considers himself to be a handyman? Or be put in a scanner that was repaired by a service engineer from a broker that is cutting corners to win in the competing market.
Without clear quality and regulatory control there must be an objective method to discern between personal repairs and non-personal ones.
Disclaimer: didn't read the actual right to repair being passed in detail. Not sure if it does discern already.
But if the insurance company doesn't want to be liable for it it would require a certified and/or bonded tech. In the US cars don't even require this to be stringent.
You don't need any schooling to become ASC Certified mechanic, just take a test, no limiting factors for how often you need to recertify, or if you fail it so many times you need to school/train. At least in Canada you need to go to school, and then be a journeyman for a number of years before you can actually be a mechanic.
To really fix it we need a non-profit group to be in charge of the certification, preferably one who can be held accountable for failure due to their certification. My removing the incentive for profit we make it so the Medical industry won't try to control it, the insurance industry to mitigate their requirements, and government from trying to have political agendas pushed.
I have more that I would love to put in here but my employer has opinions that might differ from mine, and can be directly involved with some things that the law can impact.
> In the US cars don't even require this to be stringent. You don't need any schooling to become ASC Certified mechanic, just take a test, no limiting factors for how often you need to recertify, or if you fail it so many times you need to school/train.
There's no legal requirement in the US federally, or in any state I'm aware of, to have any certifications for general automotive repair. The EPA does require it for working on air conditioning systems, though. [0] However, many employers do require certification and/or will assist in getting the certifications. Some of the smaller shops are more likely to have mechanics without certifications or with expired certifications (I believe ASE certs are five years). ASE does require hands on experience for their certifications in addition to the test, though. [1]
The BLS also describes this, probably better than I do. [2]
IANAL or even a law-enthusiast, but surely we already have case law on this if nothing else? You can't sue the car company if you remove the breaks in your car... right?
> I think we should just have some pretty clear literature that if you modify a device, the manufacturer is not responsible for any injuries it might cause you.
That's not nearly nuanced enough. Manufacturers should still be responsible unless they can prove you caused the failure. We currently require this standard for something as simple warranty coverage, we ought to require it for something as severe as death.
For reference, see “It’s clear you caused water damage because the water damage sticker changed colour. Warranty claim denied” from not too long ago. Spoiler: It was regular moisture from being in the pants pocket during a warm day.
> With cars, the current model most states in the US have is a good middle ground. You can do whatever you want to your car, but it needs to pass a safety inspection every 2 years to drive it legally.
Only 4 US states have biannual safety inspections. Another 11 have annual inspections. The other 35 states + DC do not have safety inspections.
If one thinks that self driving cars are scary. Imagine having Look ma! I improved the autopilot in my Tesla!! driving on public roads or being sold 2nd hand.
Car SW that can control the vehicle motion goes through very rigorous ISO processes, it's not something you just casually tinker with as an individual. Given its hard to visually inspect, one needs a way to understand if a car has been modified or not. This article also on the front page here yesterday explains the complexity and cost of integration verification https://spectrum.ieee.org/cars-that-think/transportation/adv...
Enabling serious third party aftermarket companies that have gone through same level of certification, nothing against that, but individuals, not so sure.
There's an additional wrinkle for cars that make them unlike other devices, which is that they drive on public roads. I can't drive on a public road without a license, and neither should software.
But if little Johnny wants to drive his Tesla around a private racetrack with homespun Autopilot software, by all means! It's hardly the weirdest hobby, and who knows—maybe he'll grow up and form a startup that uses modified Tesla's to transport products in large warehouses. That's how innovation happens.
I see where you are coming from but right now, if autopilot kills someone, then Tesla are on the hook for it (ok, there may be grey areas but ultimately, they made it so that has to point back to them in a big way when it comes to court cases). However, if I jailbreak my autopilot and kill someone, it's me that has to face the music!
I don't see the harm in scaling the jailbreak hoops you need to jump through.
For example, if I wanted to safely jailbreak my iPhone, there is nothing stopping Apple having an official app that you need to get a special key from Apple for. Maybe a phone call or something, or an email to support. It would come with a caveat that says your jailbroken phone forfeits any warranty claims. Fair enough.
When you are talking about jailbreaking a Tesla, there could be other layers. Like, for example, you have to go to a Tesla dealer where they explain the legal and support ramifications and whatnot. Then you sign a bit of paper with witnesses. Then they send you out a usb dongle in the post after a few days etc. Maybe, though with the Tesla, there would be limits. Like, you can't get the source code, or you are only able to to X things with it.
You get the idea... there could potentially be a scale for stuff like this.
I'm just chucking stuff out there, this isn't a realistic example so please put your pitch forks away :)
> IMO it comes down to this: do we advocate for laws that give companies the ability to decide what is right/safe for the public, or do we advocate for laws that reflect trust in the individual?
In the US, I think, some companies sell weapons and nobody seems to care if people can hurt themselves with them.
The comparison is more appropriate than you maybe even intended. Cars are considered weapons (e.g. driving at someone is assault with a deadly weapon), and cars are very dangerous in general and kill lots of people (and not just the drivers!). Yet, we still want right-to-repair on cars.
we HAVE right to repair on cars, and we've had it for decades. it's why the OBD-II port is standardized and mandated. it's why you can buy tools built only by the auto manufacturers for working on their own cars. it's why auto manufacturers are required to sell every part and every tool to end customers for at least 10 years after a model year is no longer manufactured. it's why third-party replacement parts are available AT ALL.
people forget all this. this is the same thing people want for farm vehicles and personal electronics.
we got it done for cars and trucks in the late 1980s. I don't understand why it's so hard to get lawmakers on the side of the customer --their constituents-- today.
> that if someone modifies their own medical device and gets hurt because of it that they legally only hurt themselves because they had the right to make that choice.
Well, while this applies to medical devices, worth noting this doesn't apply to cars, for which safety inspections have existed in many states for quite a while.
While Apple has made that argument, their devices are not primarily intended to support life, and the vast majority of failures due to bad repairs don't kill people.
And often with medical devices, they may often be supporting the life of someone other than the original purchaser and sole maintainer.
These laws obligate the manufacturer to release maintenance and repair manuals, like the ones they provide to the authorized service centers; and ban all litigation related to someone providing unauthorized services, etc...
Depending on the law, it may also require more documentation, ban on total lockdown of devices and obligation to sell spare parts(but you often can buy genuine spare parts through service centers)
Right to fix also doesn't cover warranties, as you will loose your warranty when doing it yourself.
For cars or medical equipment - that's clearly political influence, masquerading as "public safety".
There's nothing stopping me from modifying my car to be very dangerous right now, without even affecting my warranty. The difference - I cannot install a third party keyfob, because the protocol is locked down.
The kind of medical equipment that hospitals require, already comes with multi-decade support. And your CPAP device can be serviced by someone without manufacturer specific training(that costs a fortune, for little practical value).
> Right to fix also doesn't cover warranties, as you will loose your warranty when doing it yourself.
The Magnussen-Moss warranty act of 1975 states (IANAL) that a repair cannot void the warranty unless the manufacturer can prove that your repair caused the damage in question.
This is correct. Those "warranty void if broken" stickers are only worth as much as they mislead people into not bothering to push for warranty claims. (and if it's on something that's not a "consumer good")
Louis Rossman gave an example which I believe really happened. A surgery chair that cost tens of thousands of dollars needed a new riser motor. Just an electric motor to move the chair up and down. But the company that makes the electric motor had an agreement with the chair manufacturer not to sell replacement parts. So the only recourse instead of replacing a $500 motor is to replace an entire surgery chair for tens of thousands of dollars.
Given the cost of medical care in this country I think it would be a very good thing if that agreement not to sell parts was against the law. Surely an electric motor to raise a chair up and down could be replaced with the correct part without compromising anyone’s safety.
although in this specific case in example, if the country you're talking about are the US, having access to the $500 motor only means wider profit margins for the hostpital, not necessarily lower bills for hospitalized people.
Perhaps, but it’s clear we must both lower costs (fix repair laws) and provide free medical care for everyone. So fixing repair is one important step towards an end goal of health care for everyone.
Regulating the quality of repair is a separate issue from sourcing parts. The hospital and their insurance company will be well inclined to make sure that repairs are done properly, but we should let the people who own the chair (and some oversight board) decide policy for those repairs, not equipment manufacturers who have a vested interest in selling new equipment.
This assumes that the first party seller is competent, motivated and capable of using their first party documents to good effect performing repairs. Consider the Apple Genius bar for an easy counter example.
edit: may have misinterpreted what you wrote. Nobody should have to have amateurs perform repairs, whether they are first party or not.
Nobody should be forced to use an amateur, certainly. I'm saying that if you can't afford a professional repair, you want the amateur to have access to the best information available, whether that person is you or someone else.
This is the wrong place to regulate that. If buildings need to adhere to certain fire safety requirements, you have a law that says people modifying the property need to follow those requirements. You don't make a law that says only the original builder of the house is allowed to repair the house.
Public Safety is never a reason to oppose Right to Repair, to the extent there are safety concerns they can be elevated with out needing to curb independent or self repair
That said, Safety is red herring that the industries use to justify their anti-consumer actions with zero actual data to back their position.
The Record are cars is clear and estiblished people self repair and use independant repair all the time to fix mechnical safety systems like breaks with no systemic issues or damage to public safety
For medical devices I have yet to see any data the independent repair causes any harm, in fact I believe the the US Government has a study that states Independent Repair of Medical Equipment is critical to maintaining the US Health System, so in the case of Health Care prohibitions on independent repair may CAUSE public health issues by taking critical equipment out of service waiting on "authorized" repair or parts
