The U.S. Senate is a famously deliberative – and often slow-moving – institution, a fact I came to know well during my more than two decades of service in the upper chamber of Congress. Of course, the slower, intentional nature of the Senate more often than not results in purposeful, well-thought-out legislation. But sometimes Congress can take too long to act, and state legislatures have to move to fill gaps when federal action gridlocks.
That’s why while leaders in Washington have failed to address the growing support for “right-to-repair” – laws that would make it easier for Americans to repair their own devices – the movement has caught fire in state capitals across the country. Last year New York, California, and Minnesota put their own right-to-repair bill into effect, and as legislative sessions around the country kicked off across the country in January, a growing number of state lawmakers are preparing to introduce similar measures.
Many of these initiatives do exactly what they’re supposed to do – provide consumers with better access and more options to repair their devices by allowing third-party repair shops to fix them. That’s a goal that everyone can get behind, and state legislators are right to fight for their constituents. However, the devil is in the details. So while most lawmakers have taken the time to draft and pass responsible right-to-repair legislation, some officials are putting Americans in danger by ignoring questions about how these bills will affect consumers’ private data and sensitive information.
Our phones, tablets, and other devices store Americans’ private data. Today, consumers keep banking information, Social Security numbers, and health data all at the touch of a button. That means when Americans bring their devices into a store to be fixed, they’re putting their trust in repair technicians to protect their private data and keep their sensitive information safe. Device manufacturers and authorized repair providers take that seriously, and they stick to strict privacy and security standards that protect consumers’ data.
Unfortunately, not all third-party repair shops follow those same standards. Over the years, reports have found that third-party repair stores consistently put Americans’ privacy at risk by accessing their private data. In fact, a 2022 study found that nearly half of third-party repair technicians accessed sensitive information totally unrelated to the repair. These privacy violations, which disproportionately affected women, included financial and health data, contacts, and photos.
Recommended
Similarly, because many third-party repair stores don’t use genuine parts when fixing devices, right-to-repair legislation can open consumers up to cybersecurity threats. Inauthentic parts can allow bad actors to bypass security features, and watchdog groups have discovered parts put into devices by third-party repair stores that are capable of tracking keyboard strokes, installing malware, and even taking screenshots of a user’s phone. Additionally, some experts have expressed concern that without proper cybersecurity protections, right-to-repair legislation could spike crime rates by encouraging a black market for stolen and inauthentic parts.
Some particularly flawed right-to-repair bills, written so they apply retroactively to devices produced and sold several years ago, present even more problems. These initiatives threaten to saddle consumers with expensive repairs for outdated devices, and they encourage third-party repair shops to use unauthorized parts to cut costs. Those materials can damage products, leaving consumers on the hook for poor – or even dangerous – repair work.
Privacy, cybersecurity, and consumer safety should be a top priority for elected officials across the country. But despite these serious concerns, some states, such as Minnesota have pushed right-to-repair legislation that incorporates these vulnerabilities as features and poses serious risks to consumers. Thankfully, other states recognize the mistakes baked into these proposals and take on approaches that avoid them. For instance, New York’s right-to-repair legislation was drafted to guarantee consumers will have greater access to transparent, quality repairs while also protecting their safety, security, and privacy. These protections were strengthened as the bill went through the legislative process, and the final product helped ensure consumers’ privacy and cybersecurity were not put at risk. It’s critical that more states follow that example.
Responsible right-to-repair bills can empower Americans to repair their own devices, and that is a worthwhile goal lawmakers in statehouses around the country should pursue. However, our elected leaders shouldn’t put consumers in danger with overly broad, reckless legislation. Lawmakers have a duty to protect consumers – and that means prioritizing Americans’ safety when considering the right to repair personal electronic devices.