back to article iFixit wants you to be legally able to break software locks to repair gizmos. Unsurprisingly, manufacturers are less keen

Repairs specialist iFixit has urged the US Copyright Office to add exemptions to the Digital Millennium Copyright Act that would allow individuals to legally circumvent digital restrictions in the process of repairing hardware. Exemptions to Section 1201 – the relevant bit – are renewed every three years, and are carved out by …

  1. anothercynic Silver badge

    100% behind iFixit

    iFixit has allowed me to fix and upgrade various 'non-upgradeable' items in the past. Long may it continue!

    1. Zippy´s Sausage Factory

      Re: 100% behind iFixit

      I'll second that, iFixit are amazing. More power (and virtual beer) to them, I say!

      1. Dwarf

        Re: 100% behind iFixit

        Same here great service and good tools. It is best to listen to their advice when it says go shallow with the opener when cracking the case open though. I found that out the hard way on the first iPhone 8. Cost me a new screen as I put a small nick in a cable :-(

        I'm about 9 devices in now. A back glass / chassis replacement on an iPhone X and an iPad 2 near full teardown just to do its battery are the hardest ones so far. Just take your time, watch the cables and get an extra replacement screen seal kit.

        ReplaceBase are also worth a look if you are in the UK, sometimes quicker and a good alternative if iFixit are out of stock.

  2. mark l 2 Silver badge

    "The entertainment industry similarly expressed its unhappiness with the proposal, claiming allowing the legal circumvention of TPMs would facilitate piracy"

    Piracy will still happen even with this digital locks in place, the current gen of consoles might be secure as of today, but history has shown that eventually they all have vulnerability which can be used to run unsigned code. And I have no doubt before they reach EOL this will happen to the XBOX and PS5.

    1. Wade Burchette

      When something is not working and, in fact, has never worked, the logical thing to do is to stop doing that.

      "The entertainment industry similarly expressed its unhappiness with the proposal, claiming allowing the legal circumvention of TPMs would facilitate piracy."

      So, has anything you've done actually prevented copyright infringement? I will answer for you, no. Everything you do will not stop copyright infringement. The better course of action is to make easier and cheaper for people to get your content. And, make it is easier for people to do what they want for their own personal use with their own legally obtained content. This would require them to stop fragmenting the streaming market. You cannot stop copyright infringement. But you can eliminate the incentive a large number people have for doing it.

  3. Anonymous Coward
    Anonymous Coward

    Land of the free? Hahahaha

    1. Richard Jones 1

      Oh, I don't know, the land of the free to be robbed, stiffed and done down certainly

    2. Version 1.0 Silver badge

      Land of the fee (FTFY).

      I'm so pleased that God has an exemption to our human Copyright Act concepts, can you imagine having some affliction or infection, and the doctors telling you that they will be cursed if they help you get better?

      1. My other car WAS an IAV Stryker

        Even DNA is open source: with the right tools, anyone can read your personal source code from a suitable sample. Copy (duplicate) it -- just the code -- too. Works for other organisms, although the language may differ.

        (Duplicating the entire wetware created FROM a complete copy of source code is another matter entirely.)

        1. Adelio

          Yes, but havn't companies tried to patent DNA sequences, totally wrong and should NOT be allowed.

  4. Neil Barnes Silver badge

    We're seeing more secure boot techniques across the board, on all general-purpose computers

    This is a significant point. If I can't boot the operating system I want on a general purpose computer, it's broken by design and goes back.

    While there is certainly a valid argument for a secure boot, it should *always* be possible to replace that with something else.

  5. Anonymous Coward
    Anonymous Coward


    IMHO It is more than possible that if it finally becomes legal to allow full access of purchaser's of hardware and software for repair purposes that it will reveal copywrite infringement by the very manufacturers of the kit protected under DMCA.

    Since Autodesk and their patent upon using using the standard logical operation XOR to make a onscreen cursor blink, the legal protections have IMHO always been against rather than for consumers and IMHO were often protecting technology that was already in the public domain and not novel.

    IMHO hardware and software companies have managed to claim ownership of technology and methods they did not develop and I would not be surprised if they have been using DMCA to hide their own unpunished abuses.

    DRM and DMCA were always against the consumer's reasonable use of what they had paid for, the piracy = theft argument was always a lie and the privacy invasions associated with DRM were always going to happen because the laws said that perfectly legal and paying consumers own nothing, not even their own right to privacy.

  6. Anonymous Coward
    Anonymous Coward

    unlock the bootloader

    I also think that all Android devices must be allowed to have the bootloader unlocked after they stop receiving security updates

    (Motorola is pretty good about this)

    1. Anonymous Coward
      Anonymous Coward

      Re: unlock the bootloader

      They must be allowed to have the bootloader unlocked at any time from purchase onwards.

  7. Roland6 Silver badge

    Shame the UK isn't still part of the EU...

    This is one area where acting as a single significant economic block can make things happen, even if TPTB in the US drag their feet...

  8. BGatez

    As ALWAYS Apple, GFYS and all copycats

  9. bartsmit

    Vote with your feet

    Alternatives to the usual suspects are available:

    I had the screen go blank after a drop, loaded the official youtube, grabbed the supplied screwdriver and fixed it in under ten minutes with a contact clean.

    1. rvt

      Re: Vote with your feet

      I very much like the fair phone and I love the concept. But it’s not water proof and it runs Android. Now I don’t mind Android to much, but I do not trust play services from google.

      To get a phone working, without any hassle without p,any services is just not possible. I would need to jump through to many hoops to get an experience on a daily base that is without frustration.

      1. bartsmit

        Re: Vote with your feet

        Don't like Google - don't use it:

  10. Anonymous Coward
    Anonymous Coward

    Environmental repair tax

    Companies that make irreparable products should pay extra tax*

    Or, add an environment tax at the POS.

    The more serviceable the product, the lower the tax.

    * If they pay tax at all.

    1. Adelio

      Re: Environmental repair tax

      Oh, no, but think of the company profits!

      1. DavidRa

        Re: Environmental repair tax

        I am thinking of the company profits, and how good they'll look when not needlessly extracted from the pockets of the customers.

    2. bazza Silver badge

      Re: Environmental repair tax

      Assuming that they do pay tax in the first place, if making irreperable products makes them more profitable then they will be paying extra tax!

      The EU brought in the concept of some sort of disposal tax on car manufacturers, but it wasn't done particularly well. They gave no allowances for historical performance. For example, Aston Martin had the amazing record of 80% of the cars it had ever made were still on the road, but still got swept up in the disposal tax regime despite not ever really having contributed to the size of the scrap heap.

      They also screwed up how manufacturers tackled emissions limits; one of the reason why diesel is so much of a problem is because they let the manufacturers put in cheap emission control systems that were guaranteed to degrade within 100,000 miles (gummed up EGRs, clogged inlets, etc). Of course, this wasn't helped by some manufacturers also cheated emissions tests. Anyway, the technology chosen resulted in the eventual renovation costs being passed on to the motorist, which of course very rarely gets spent. When it gets too bad, the car is often scrapped even though the rest of it is basically totally sound.

      The EU should have mandated that the manufacturer had to guarantee emissions performance for, say, 15 years. Yes that might have resulted in the purchase price being ramped to reflect the cost of that, but then that would have put diesel into its proper context.

  11. bazza Silver badge

    Medical Devices

    There are some conflicts here. A manufacturer isn't allowed to ship a device that varies from the as-approved build spec. So it passed medical approvals with this RAM, such and such a software configuration, a specific patch level on the OS, etc.

    This is what causes a lot of trouble with software vulnerabilities. Whilst there may well be a load of security patches available for the OS on a device, they cannot be installed unless a whole lot of very expensive testing is performed to revalidate the device to maintain its approval for use.

    So if a third party gains the right to repair a device, and they're allowed to choose whatever RAM or other componentry they want to effect a repair without compromising the device's approval for use, the FDA and similar bodies will have to relax the rules that apply to the manufacturers too. The problem is that FDA rules are there for a very good reason, even if some of the end result is stupid (eg networked devices getting malware).

    1. Anonymous Coward
      Anonymous Coward

      Re: Medical Devices

      Medical devices are very expensive so much so that the argument that it would cost too much doesn't really ring true.

      As to validated standards, being compliant is within their remit they should have maintained them but they chose not to because is would cost money out of their own pocket doesn't really say the right thing about priorities.

      If I was the FDA I would address this by either requiring yearly updates and validations with the bill going to all to the walk away manufacturers rather than the hospitals, or to move away from a purchasing model so medical equipment is rented instead and the monthly cost includes updates and associated compliance testing.

      1. bazza Silver badge

        Re: Medical Devices

        Standards Set Price

        A large part of the cost is related to the manpower needed to demonstrate compliance. There's plenty of competition which, ordinarily, would cause price drops, but all the competitors are bound to comply with the same standards. That's what mandatory standards do - they effectively set a minimum price.

        The price of re-compliance testing for software updates could be built in up-front, but if we're talking about keeping up with MS's update rate that'd be 12 times per year. That would make the instrument price unaffordable. And I doubt there's enough engineers on the planet to keep up with that.

        The Customer Always Pays

        It doesn't matter how you structure the ownership model, the end consumer always has to pay otherwise the instrument will never come into existence in the first place.

        Removing the Need for Updates

        There are things that could be done. Using Windows (especially), Linux (less so) is really cheaping out. They're mainstream OSes, and so malware targeted at mainstream applications also hits medical instruments. Using a non-mainstream OS instead - e.g. QNX, or INTEGRITY - would be a way of delivering an instrument from the factory that probably won't become the victim of malware. Of course, I'm not saying that QNX or INTEGRITY are truly bullet proof against flaws (even though those and others are actually pretty good), but they're less likely to become the victim of a drive-by malware download that's looking for Windows (or, maybe less likely, Linux) on x86's.

        The cost of that would be a one-time up front cost for the manufacturer - more expensive, harder to find developers - but the end result would be better all round.

        Can the Standards be Changed to Reduce Cost?

        You're right in pointing out that the answer lies in the FDA. There have to be standards for this kind of market, because otherwise patients will end up getting hurt. This is why the standards set such a high bar, and why the standards are there in the first place. And the standards have to cover the whole thing - design, test, build, shipping, repair, operation, maintenance, etc. Anyone in that whole chain of enterprise taking non-standard short cuts is effectively taking on personal and / or corporate liability. Sure, the risk is perhaps low, but the consequence is very high (potential death of a patient and extensive jail time for negligence).

        I think that it would be sensible for the FDA to mandate a OS stack - perhaps INTEGRITY, maybe QNX, or several. They would be somewhat reluctant to do so I think, because that would then be significant inteference in the market; perhaps there could be measures put in place to ensure that the officially fixed market wasn't exploited. I can't see the FDA permitting repair and maintenence by anyone other than a fully qualified, fully approved outfit who has the cooperation of the manufacturer. I can see the FDA mandating that manufacturers do collaborate with independents. I can also see them mandating use of open standards by manufacturers, and also requiring manufacturers to freely issue specifications for components complying to those standards (e.g. for RAM, or storage, etc).

        It would be something of a gamble for the FDA; the costs to the manufacturer would go up, and so would the purchase price. The gamble then is that revised standards do actually lead to a reduced cost of ownership for the end customer (patients) without impacting on safety.

        Medical CPU?

        Another option that the FDA could pursue to reduce the impact of malware would be to sponsor a "Medical CPU". It would be possible for an ISA to be developed specifically for medical instrumentation. It could even be based on some existing ISA - e.g. x86 but byte swapped.

        The goal would be to have a CPU family for medical instruments that are found only in medical instruments. A lot of existing OSes and software could be recompiled for that CPU family. The point is that by being binary incompatible with any software compiled for any mainstream general use CPU, malware is unlikely to come visiting. Ok, so things like Javascript and other non-binary executables would have to be considered or banned. Assuming that the CPU's don't have to be the last word in computational performance (they generally don't), the cost could actually be quite low.

        We already see something a little like this: some SSD manufacturers have gone to the expense of having their own Risc-V devices fabbed. It's rapidly becoming more and more affordable for a company to have its own tailored CPU for its products; I think the medical industry as a whole could bear that cost too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like