–Chris Mohr, President, SIIA; Paul Lekas, SVP, Global Public Policy & Government Affairs, SIIA

Today, the House Judiciary Committee’s IP Subcommittee held a hearing on “right to repair” – the concept that purchasers of vehicles, electronic devices, and other products should have the ability to repair and make changes to those products without invalidating manufacturer warranties and in some cases by requiring manufacturers to make data and tools available to consumers and repair shops.

Our members are in the business of information, and much of that information is sold as a service through many different devices and different ecosystems. Those ecosystems are protected by intellectual property statutes that prevent unauthorized and harmful uses of those platforms. For example, section 1201 of the Digital Millennium Copyright Act (DMCA) has spawned a huge investment in the distribution of software and other literary works online by preventing businesses from forming around piracy tools. As information has become increasingly sold as a service, changes in technology have changed the relationship between consumers and their devices and a digital market for all kinds of works has exploded—exactly as Congress intended.

Against the tremendous success of the DMCA in promoting the dissemination of online works, we are skeptical of the need for any additional legislation around “right to repair.”  The case for it has simply not been made. We note that when the FTC examined this issue, it found that “the assertion of IP rights does not appear to be a significant impediment to independent repair.”  Even in the most famous example, only 2% of tractor repairs run into an IP-based problem.  And both auto and cell phone manufacturers have entered MOUs that deal with these issues. While individual anecdotes may seem compelling and have convinced some state legislatures, the policy case for risking the backbone of a massively successful ecosystem non-existent.

Importantly, piracy risks are not the only ones implicated by the right to repair movement. When Massachusetts voters approved a ballot initiative to require automobile manufacturers to provide open remote access to vehicle “telematics” data to customers and repair shops, the National Highway Traffic Safety Administration (NHTSA) felt the safety and security concerns of the law were sufficiently significant that it contacted automotive manufacturers to urge them not to comply. As NHTSA explained, the open access required by the Massachusetts law would “allow[] for the manipulation of systems on a vehicle, including safety-critical functions such as steering, acceleration, or braking, as well as … air bags and electronic stability control.” NHTSA expressed concern that “[a] malicious actor here or abroad could utilize such open access to remotely command vehicles to operate dangerously, including attaching multiple vehicles concurrently. Vehicle crashes, injuries, or deaths are foreseeable outcomes of such as situation.”

The kinds of safety and security concerns raised by NHTSA are not limited to the automotive sector. The business of information can thrive only if its users believe that their data is being handled well.  Indeed, ill-designed right-to-repair legislation could have a significant impact on the safety of personal data in consumer electronic devices and undermine critical cybersecurity protections built into the software and hardware of consumer devices. What too many of the right to repair proposals demonstrate is a lack of awareness of how opening access to manufactured products will create exposure that undermines cybersecurity and privacy.

Finally, some have homed in on right to repair as part of a larger effort around competition.   As this argument goes, restrictions on third-party repair serve only to entrench the manufacturers. This position ignores the essential investment that manufacturers have made to ensure the safety and security of data used in their products. Part of what makes products valuable to users is how those products ensure the safety and security of their data and come equipped with software that mitigates the risk of a cybersecurity breach.  Existing competition law is more than capable of dealing with the minority of situations in which this claimed “right” is implicated.