The Hacker Mind Podcast: The Right To Repair

Robert Vamosi
February 10, 2021
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

How do the current DMCA laws impact those who hack digital devices? And why doesn’t our basic right to repair our devices extend into the digital world?

To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, has founded securepairs.org, a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation.

In this episode of The Hacker Mind, Paul talks about the consequences of not paying enough attention today.

Listen to EP 14: The Right to Repair


Vamosi: in this time of COVID-19, apart from staying healthy, one of my biggest concerns is what if some appliance I need decides after ten years of near constant use to fail on me. In normal times I’d call a repair person, then wait until he or she could show up and fix my appliance. But now, I don’t want extra people in my house, so I’ll look it up on Google, right?

So my dishwasher wasn’t draining. Turns out there’s a filter on the kitchen sink, not the dishwasher, that when it gets clogged keeps the dishwasher from draining properly. A few minutes on Google, a pair of needle nose pliers and I’m good. Then, just last week, my washing machine wasn’t draining. So I got to thinking, what if there’s a filter on it, and what if, like the dishwasher it too got gunked up. Sure enough, there’s a trapdoor on the front of the washer, that, if you open it up, not only does it release all the water in the drum, but it also exposes the filter that you need to clean periodically. No need for a repair person.

But what if there was some kind of special screw on that trapdoor so the only way I could fix it, even if I knew what the fix should be, was to schedule an appointment with a technician, who, in reality, would use a proprietary screwdriver, open the trap door, drain the water and filter, and then charge me a hundred bucks or so. What if the right to repair something that you own was denied simply because a manufacturer decided it could do that? 

In a moment I’ll talk with someone who is leading the Right to Repair movement in the United States and discuss how current laws impact those who hack digital devices. As Stuart Brand said back in 1984 “information wants to be free.” So should analyzing a device’s firmware for security flaws be considered illegal? Or should our right to repair our own devices extend into the digital world?

[Music}

Welcome to The Hacker Mind, an original podcast from ForAllSecure. It’s about challenging our expectations about people who hack for a living. 

Want to Learn More About Fuzz Testing?

Tune in to FuzzCon TV to get the latest fuzzing takes directly from industry experts.

Watch EP 01 See TV Guide

I’m Robert Vamosi and in this episode I’m talking about our right to repair, how some high tech companies might want to limit that right, and how there’s a group of information security professionals who are volunteering their free time to fight for those rights in local legislation.

[Music]

So before we get into the topic, I should probably disclose upfront that my guest, Paul Roberts,  and I go back, way back -- almost two decades. Back then Paul was writing infosec stories for IDG and I was doing the same at ZDNet. So he was like my competition. We’ve long since left those jobs and have over the years formed a good friendship. And, sometimes, as we did back in the beginning, we see a trend early one and then write about it. For example,  at the time was writing by book on IoT Security, When Gadgets Betray Us, Paul was off creating The Security Ledger, a news site dedicated to IoT security, a site where he remains Editor in Chief today, runs a Boston-area security of things meetup, and maintains his own great infosec podcast called the Security Ledger podcast. Recently Paul has also been quietly working on something else. He’s created an organization of infosec volunteers to help advance the cause of The Right to Repair movement. This might still seem like a lot of effort for something so niche. It’s not. Play it out across a few decades and you start to see the type of trouble we’ll be in if we don’t start educating our legislators now, if current trends are allowed to just continue.

Roberts:  The issues that surround right to repair are just huge. And, and they mean they have tremendous importance to all of us and kind of the world that we're going to be inhabiting 10 or 20 or 30 years hence, and and the core issue is really are we the owners of our things or are we merely tenants. Richard Forno, in his testimony in Maryland, which Stanford republished on their blog called it, you know, kind of the the company town business model, you know that that many of these device makers are adopting where, you know, we're gonna lock you into this, you know like, the company towns used to lock in the employees you know by owning their home and their store they bought stuff in, you know, we're gonna lock you into these ecosystems, where we dictate to you how you use a device, and also kind of extract, you know, money and information from you are both, over, over the life of this, of this product, you know, increase the cost of ownership by constraining things like maintenance and repair, and so on. And if we don't really, you know, kind of formalize this basic property right that we all kind of take for granted. You know things, things can really go sideways for us. 

Vamosi: Paul offers a few scenarios, some mitigated by current legislation.

Roberts:  I like to say, you know, it's crazy to think about it, but the technology exists today already, that if automakers wanted to prevent you from changing a tire on your own car, they absolutely could they could put, you know, RF RF chips in, you know, manufacturer approved tires that would need to authenticate to the car operating system before the car would drive with a new tire. And if you didn't put on the, you know, manufacturer approved tire. It would say, Oh, I'm sorry I don't recognize that tire, you know I can't drive. People think that that's crazy because of course we all think of changing a tire is just gonna be on a car you might have to change a tire or call AAA to change your tire. Right. But if Toyota wanted to say like no, you can't change your tire, it's way too dangerous that car could fall off the jack and kill you. And you can't have AAA change your tire because those guys are all criminals and child molesters, you've got to use, you know, our Authorized Service Center. To change your tire, they could use technology to enforce that that business model. And oh hey sorry you know what we've only got a handful of these guys and you're gonna have to wait three hours for they're gonna get to you on the roadside because they're really busy, sorry. But you have no other choice. That's, that's a dystopian future that is technologically is already possible. It doesn't exist, partially because of the Massachusetts right to repair law prevents that type of, of, you know, system from from existence.

Vamosi: But laws granting access to your cars’ information don’t necessarily apply to your trucks.

Roberts:  But it easily could it arguably does in the agricultural sector, you know we're again farmers are basically over the barrel to Caterpillar and John Deere to do even minor maintenance there was a gentleman who who testified in Maryland a farmer, obviously, you know, kind of large scale farmer who testified who said that he spent $150,000 last year in service fees to John Deere for his equipment. This is a huge income stream for them, and it is usurious, and it is monopolistic, and it is, you know, anti social. But the tech the ability the technology to do it is already here and upon us. So we, if we don't, if we don't, as a society, stand up and say, Nope. You know this is not the type of dystopian future we want to live in.

Vamosi: And we’ve seen this movie before. Literally, we can go to Netflix and watch a world where Archibald Harry Tuttle surreptitiously fixes things, because it’s right and it keeps the order, even though it’s expressly against the law.

Roberts:  I think of Terry Gilliam's Brazil  and the rebel air conditioner repairman kind of rappelling around and fixing stuff. It's kind of that future. And I just think these laws are absolutely critical to making sure that that's not the future that we're living in. 

Vamosi: So perhaps we got a little ahead of ourselves, what exactly is Right to Repair?

Roberts:  The right to repair movement is a global grassroots movement of owners really of individuals who who own things whether those things are tractors and combine harvesters or smartphones or automobiles, to basically legally assert a right that has really been understood as part of common law for centuries, which is the right of property owners to do what they want with their own property that once you buy something and it belongs to you. It's yours to control and do with as you wish, you want to buy a brand new car, drive it home and disassemble it on your front yard. You can do that. It's your car. And similarly with a toaster or a smartphone or anything else, your property is yours to do with as you want. And of course repair has always been paramount among those rights you know if something breaks and you own it. Not only should you be able to fix it but you know historically it's kind of been on you to fix it one way or the other either fix it yourself or find someone to fix it for you and keep it alive and keep it. Keep it functioning and extend its useful life for as long as you possibly can. And obviously, obviously this is something you know we talk about the United States our proud history as a nation of, you know, farmers and and upstarts and, you know, truth the Yankees, and repair was very much a part of that in fact there's a great book repair revolution, I don't know if you've read it. That, by John Waxman and Elizabeth Knight, that actually talks goes back and both those authors, talk about the kind of history of repair in America and elsewhere. And. And so, this has always been a very kind of core right for individuals for property owners. And it's only recently within the last maybe 30 years, 40 years that it has started to come under siege. Initially, with the passage of the Digital Millennium Copyright Act which was a law that was focused on piracy of music and video games and films.

Vamosi: The Digital Millennium Copyright Act (DMCA), passed in 1998, fortunately was not written in stone. Every three years the US Library of Congress is tasked with reviewing section 1201 of the DMCA. In recent years these exemptions have walked back some strict interpretations of the law and has since provided some straightforward guidance on hacking, stating that “good-faith security research” on a “lawfully acquired” device or “with the authorization of the owner or operator” is exempt if it doesn’t violate any applicable law. In 2018, the last review year,  breaking encryption in a product in order to repair it was deemed to be legal as well, however, this activity is restricted to restoring the device in question to its original specifications. In April of 2021, the Library of Congress will again review new exemption requests. Progress, perhaps, but it’s not entirely the same thing as what Right to Repair is striving for, hence the need for continued vigilance.

Roberts: The Digital Millennium Copyright Act has since kind of taken on a new life as a all purpose tool for extending, you know, basically criminalizing a whole bunch of behaviors that previously were not criminal. And also, For makers of any kind of software because software was ultimately just you know included under the DMCA along with, you know, music and artistic creation. You know, extending control over anything containing software and making it basically illegal to tamper with or modify that that's being, you know, kind of broadly interpreted by companies like John Deere and others. Apple to to basically say, you know, you may own the phone, but you're licensing the software and therefore we get to control how you, what you do with that phone

Vamosi: So the tractor example is just crazy. Farmers invest hundreds of thousands of dollars into their tractors and harvesters. If they break down, out in the field, the only recourse today is to call a certified technician, who often only needs to punch in a code to reactivate the largely computerized machine. But arranging for that technician can take days, and that down time can cost hundreds or even thousands of dollars in lost production. Mind you that for many years, farmers would just open the hood, take out a wrench, fix something, and then get back to plowing their fields before the rains come. Now apply that strategy of arranging for a qualified technician to come and fix every technology we have in our pockets. Every Apple device, every LG or Samsung device as well. That just doesn’t scale. 

Roberts: The right to repair movement is a global grassroots effort to, to really write into law, like no, you know, it kind of here, that there is a right to repair that if you own a device that, you know, a person, if, if there are basically. Let's talk about digital right to repair if there are tools or diagnostic codes these days you know software tools diagnostic codes access keys that are needed to service and maintain and upkeep that that device that thing that the maker of it needs to provide you with it as the owner, so that you can continue to serve. And that's really kind of in a nutshell what we're asking. It's just that basic right of saying it's ours, we if we, if there's software on it and we need specific tools to manage and maintain it. Then make those please make those available to us as the owners don't basically cordon them off for your licensed authorized repair people are your own employees to us but deny us access to.

Vamosi: Another example is our increasingly computerized automobiles. It used to be that if you got an error code on your dashboard, your only recourse was to take your car to the authorized dealership to interpret the code and get it fixed. You couldn’t for example just take your computerized car to your local mechanic, since he or she wouldn’t be able to access the error codes. The codes are proprietary. Fortunately, Massachusetts passed a law granting access to key data and that law was enough to affect the entire country.

Roberts:  In the case of automobiles there, there is a de facto, not de jury but de facto right to repair in the United States only because the enlightened residents of the state of Massachusetts where I live in 2012 passed by an overwhelming majority a ballot measure that created that legal right to repair automobiles and basically said that that dealerships automakers cannot deny access to the tools diagnostic tools error codes, you know, maintenance codes. You know manuals and documentation to the owners of the vehicle or their agents in other words independent repair people. So, it prevented them from saying well if you're not if you're one of our dealers, or you're one of our authorized repair people you can have all these tools but if you're not, then you can, and it basically said, Nope, can't do that. You got to make all that data available in a standard format. And obviously they chose the OBD onboard diagnostic port under the dashboard as the medium to transmit that data, so it needs to be available via that port in standard format so that basically anybody can read it. And that was a that was a watermark, a milestone. It's, it was became law in 2013, Massachusetts legislature modified it a little bit before they actually put it onto the books. However, since then, it that's it, there's no federal equivalent of that law so lawmakers in DC did not take up the torch and say, Aha, yes, you know, laboratory of democracy Massachusetts is out in front of this but let's take it and modify it and make it federal and no other state has passed it in part because the automakers subsequent to the passage of that law. Basically relented and said, Okay, well we'll, we'll sign in a memorandum of understanding to recognize the Massachusetts law in other states as well rather than having to contend with complying with many different versions of this, because there were other versions pending at the time. And so that Massachusetts law has become a de facto national law, because the automakers have chosen to recognize it nationally as, as they can. I mean, it wouldn't make any sense to be like oh Massachusetts against the state, but in Connecticut, you can. And in some sense with the internet, it would be impossible as well because people in Massachusetts would just share the information, you know, via the Internet, and it would be available anyway

Vamosi: And Massachusetts recently updated its law so that third party telematics companies can also benefit.

Roberts: In November, once again, overwhelmingly in fact 75% or 77%. To 23% I think approved an expansion of that 2013 law to include vehicle telematics systems so maintenance, repair data sent wirelessly via telematics systems as well. And that was another huge milestone for right to repair.
[music]

Vamosi: So huge wins for automobiles, but other industries are not as lucky. in the absence of a federal right to repair law, it’s up to each individual state to mandate what is possible and what is not. That means there’s a lot of fractured laws being proposed, specific to the needs of one state but not necessarily intended for another. 

Roberts:  In the United States there are, this year already, 14 different state-level Right to Repair laws being proposed. So in committee, being considered being debated. We expect that there are going to be more than 20, again this year there were more than 20. Last year, 20 states that had these laws. And I think there were something like 18 and 2019. And then, you know, obviously COVID knocked everything kind of off. Everything went off on the shelf with COVID as legislators were struggling to just deal with responding to the pandemic. So when you look across those states, there are a real variety of flavors that these right to repair laws take on some of them, notably in Hawaii, single out in either a bill or part of, you know, either a standalone bill or part of another bill medical device repair, as, as one of the things that they are you know legislating. Others are specific to they're a bunch like Nebraska and Florida, and South Carolina that are specific just to agricultural equipment, so you know they're kind of carved out you know it's forget about cell phones and smartphones with this focus on the farmers they're having a lot of trouble with these Caterpillar and john deere heavy equipment, so they're just focused on agricultural piece of it. And then there are others that are more Omnibus that are, you know, digital devices, could be conceivably smart home devices, smartphones. Could be. 

Vamosi: Consider that medical devices are life critical, certainly, and for years the FDA made it so that hospitals and other organizations could not even update their underlying Operating Systems with the latest patch, otherwise the device would be out of compliance. The FDA has since changed that rule, but we’re still a long way from providing the type of information that would be useful with right to repair.

Roberts:  It could be medical devices, potentially, depending on the wording of the law in Massachusetts where I am. The legislation that was being considered last year carved out medical devices and medical devices were explicitly not were exempted from the device for their right to repair law. And so, I think there are probably states where, where that is the case as well. And that's not because of the need because I think the need is great. I think it's more just bowing to the reality that in a state like Massachusetts medical device makers have a tremendous amount of political clout, and are very well employed a lot of people, and are very well thought of in Beacon Hill. And, you know, you got to pick your pick your battles and I think the people backing Right to Repair, Massachusetts just said, we can get these people off our back and carve it out, and will do. So, so there is a great need there but not every right to repair bill goes there

Vamosi: Often when there’s a limitation, smart people get really creative. Given the control that medical device manufacturers have, and the FDA as well, when COVID hit something had to give. There was a noticeable shortage of ventilators, or rather there were ventilators, but not all of them were up and operational. That’s when something called Project BioMed came into being.

Roberts:  So if you remember back in the spring with the first wave of the COVID pandemic, which we thought was a disaster at the time but in fact has turned out to be merely a swell. A gentle swell in the actual storm. There was but but one thing that was happening back in the spring was there was a real shortage of ventilators and respiratory equipment for hospitals, they were overwhelmed with patients they didn't have enough of these ventilators respirators to keep people who are very old COVID alive. And one of the problems that emerged was that many of these ventilators had that there was, you know, the hospitals themselves, didn't have access to the information they needed to repair these, these ventilators, and that the technicians the authorized technicians for the device maker were obviously there weren't that many of them they were in very short supply and they were being overwhelmed, as hospitals pulled these things out of storage and tried to get them up and running and they weren't you know, I mean, you could imagine that takes some doing. And there just weren't enough of them, is one of the things about closed repair ecosystems OEMs talk about it in terms of like well it'll be very high quality and our technicians are expertly trained, but often it's really about scarcity you know it's, you know, the. They're trying they maintain only enough, as they think they need, and in crises like this, you very quickly realize that there aren't nearly enough.

Vamosi: So this idea of only having key technicians service and repair, that works in normal times. But when there’s a crises, the model falls part quickly. And people’s lives are at stake.

Roberts:  And so, Kyle Wiens and the folks that IFixIt. And some other groups, basically got together and decided to crowdsource this problem, and where you don't know is that there's kind of an underground of people who do have medic medical technicians who service and repair this equipment, who for years have been sharing things like schematics and service manuals. And, and, and other tools software tools in, you know, you news groups and user groups, kind of, you know, closed groups of technicians and, but it was very you know it was kind of Hey, does anybody have the service manual for this particular you know respirator by, you know, whatever the manufacturer and so yeah I've got that, you know, I'll, I'll message you directly. It was all very kind of informal and also not, not, you know, indexable not easily navigable. So basically it a couple tacks who, who kind of passed Kyle, the contents of their hard drive, basically like I've got tons of stuff here it is. And I know where to get other stuff and Kyle and the folks from I fix it, as well as a cadra of of librarians and archivists, who are who are really specialized in cataloging information. We're technology people, we're actually literally you know librarians and archivists by training but they all kind of came together online and stood up Project BioMed which is the largest now the largest repository of service manuals and software and other information about medical devices, not just respirators respirators was the was the kind of impetus for this but of course, when they got going. It was, it was all manner of medical devices. And that prior to that the biggest site had been this this site that a guy in Africa maintains, I can't remember the name of the site, it was like one guy, and he had this website, and he had, you know, hit a lot, hit a lot on it. You know, for this particular purpose. But I tried to interview him actually and he, he just, he did not want his name, he did not want any visibility at all. And, and so they they stood it up, and I think ordinarily that would have been that would have gotten them some some some lawyer letters from medical device manufacturers, you know, the Philips of the world and, and Siemens and so on. But in the context of a COVID pandemic. I think they rightly said you know this isn't a fight we want to.

Vamosi: So, right to repair goes way beyond just people able to fix a cracked iPhone Screen. It can affect whether people live or die. It’s the basic hacker idea that information should be free and accessible so more people can learn about and perhaps improve these systems. 

Roberts:  And so that was a. And, you know, again, you hear this at hearings on right to repair laws you know the service manuals and schematics you know are not not copyrightable material you know this is not intellectual property, it's just a schematic for how your, you know, how your circuit boards are put together. It's just a list of parts and part numbers you know it's not you know some differentiating you your creation. So, so yeah so that's what happened. And, you know, again, I think it was a it was one of the many kind of blessings in some ways of COVID that it really highlighted that issue that that repair is not just about, you know, again, you are fixing a cracked iPhone screen that it is literally a life and death matter. You know, hospitals and doctors offices, need to be able to service this equipment sometimes urgently. The best way to make sure that that happens and, and, and effectively is of course to have a large and diverse ecosystem of people out there who have the knowledge and information to be able to service these devices. The way to not have it happen is to have that knowledge be locked away, have a very small overtaxed population of, you know, authorized repair people who may or may not be able to get to you in time. So it was a good, I think it was a good use case for what right to repair is all about.

Vamosi: As a result of Project BioMed, there may be some lasting good as a result.

Roberts:  And I know that there has been some federal legislation proposed as well about medical repair and access to repair information for hospitals and health care providers. Because the reality is that hospitals and I live in, you know, Boston, obviously we have many, many hospitals, um, you know what you've seen in the last 30 or 40 years as hospitals, go from having people who they employed who they kept on staff just to do you know servicing and maintenance of their medical equipment, which again you know going back 40 years was mostly mechanical to products that are like the John Deere tractors are locked down with digital rights management software. And, you know, OEMs who really are in a position to say, you know, either. You know, shipped your 12,000 pound MRI machine to Germany, and we'll take care of it here, or pay us, you know, fill in the blank for our technician to come, you know, with the tool to punch in the access code to be able to actually service it. And we're gonna we're gonna tell you what, what we're gonna charge, you know this is no longer something that you have any negotiating power over and. And so it's a big problem for hospitals it's become a very big either the servicing itself or in some cases they're just charging exorbitant fees for access to the service manuals service manuals are online and subscription based and subscription prices have been going up and up and up and up. As this is just monopolistic behavior right. We can charge whatever we want. And you'll pay. So that's been a big problem and it's a big cost center for hospitals, they don't talk a lot about it, but it is, and it's something that, you know, getting a robust right to repair would would take care of.


Vamosi: So there’s a need for smart technology people to fight this fight. And I remember Paul once leaving Black Hat early so he fly home and testify before a town council. But Paul can’t fly all over the country and testify when needed. So he started an organization called SecuRepairs.org, and it’s designed with a goal of having infosec people in all 50 states who can volunteer their time to educate the politicians in their area and help shape constructive legislation.


Roberts:  We've got some great so secure repairs I founded in 2019. And it is a group volunteer group of around 200 information technology and information security professionals who support a digital right to repair. And the idea behind the group was basically I was talking with Nathan Proctor who's the head of us Berg's national right to repair campaign. And he invited me to a couple hearings, one in New Hampshire one in Massachusetts of right to repair laws, and I basically realized pretty quickly that you know cybersecurity was kind of the point of the spear for groups like the CTA, and a ham the American home appliance manufacturers lobbyists you know the various kind of industry and technology lobbies that were doing battle to defeat right to repair laws.

Vamosi: I want to restate the verb “educate”. With infosec, there’s a lot of Fear, Uncertainty, and Doubt or FUD within government. And sometimes this ignorance of what’s possible and what’s not can is a powerful weapon used by lobbyists against good legislation.


Roberts:  They're using cybersecurity as a way to basically scare lawmakers away from retro pair laws, you know, cyber is kind of a four letter word and, you know, it most legislatures. The folks considering these are generally not technologist by training. And if you just merely mentioned the word hacker, they're going to run away screaming, so they found that to be a very effective argument to use this these laws by providing you know diagnostic data diagnostic codes you know you're opening the doors to hackers they're going to be able to hack into your phone and your car and your smart home and we don't want to do that. And I because I've been writing about cybersecurity for 20 years recognize that this was a diss the same types of fallacious arguments that we heard Microsoft using back in the, in the 1990s, you know, kind of security through obscurity, we just don't let security researchers look at our software then we won't have any problems. and that and that there was no you know there was no there there, that these were empty arguments and that we and, and most security professionals recognized that they were empty arguments. But the security community as a whole, didn't have a voice right we, you know, you might be able to get somebody with kind of a technical background did testify in favor of right to repair laws but there was no. There was no face or voice for the infosec community to say these are these are empty arguments, there is no cyber risk to repair, and in fact, you know, sharing this information making this information available in all likelihood will increase the cybersecurity of this internet of things that we're all that we're all entering into. 

Vamosi: So Paul, using his reporter’s sense for a good story here, sprang into action. 

Roberts:  So I basically was like, Well, you know, I can run a website, and I've got a pretty good Rolodex of information security people, my LinkedIn and my, you know, my smartphone that I can, that I can call up and get them to sign on to this and so that's what I did. And we've been, I really looked at it and the other, the other problem was that these hearings again 20 pieces of legislation this year or next last year and probably similar this year, we had hearings happening all over the country. And so I want I almost looked at it as like a speaker bureau like Wouldn't it be great if I could find an infosec pro in Montana, or, you know, Washington state or, Connecticut, who could, you know, take an afternoon off, just go in and sit in the hearing rooms pre COVID sit in the hearing room, and just be a face here and say listen here are my bona fides. There's nothing you know that what these lobbyists and PR people are telling you is just completely false. 

Vamosi: And in a short amount of time, Paul attracted infosec’s A-List of rock star talent to start going to bat for this effort all across the country.

Roberts:  And so that's, that's kind of how it works and and amazingly, because, you know, who knows when you start something whether it. I mean, we've seen that happen, you know, Tara Wheeler gave amazing testimony in Washington State a year ago this month. About in favor of their right to repair law, you know, we had Gary McGraw go to the FTC's Nix the Fix seminar, which I think is maybe the only good thing that happened during the Trump administration down in Washington DC and we had Gary McGraw, who was able to sit on a panel there and really kind of, you know, be a voice of reason around repair in that context, Bruce Schneier and others who have who we've been able to get to talk to legislature lead legislators briefed them on cybersecurity, and it has just been, it's been great. So, so that's it and this year we're, you know we're ramping up again. I testified at hearings in Washington State last week in Maryland, this week in favor right to repair laws there. And we've gotten some of our members Richard Forno from, who's from the University of Maryland, wrote a really great submitted really great testimony in the Maryland case. So, you know, we're just trying to, to get the word out. We want to encourage other information security professionals to join us and to pick up the flag and carry forward the charge for right to repair. I merged that re and so secure repairs.org and there's a link to join us.

Vamosi: You don’t have to be on infosec’s A-List. Anyone can volunteer. And the more credible security individuals that can do this, the more informed our legislatures will be, and the more enlightened their resulting legislation will be.

Roberts:  You don't have to list your name, many of the people who are supporters of ours are not listed on the site because they work for companies that, you know, might do work with some of the companies who are on the other side of this argument but they're their supporters anyway and, and, and, you know, often can help us out with expert input or, you know, helping us to understand certain issues so there are many ways to be involved, even if you're not a public face of secure repairs. So go to the website, click on join us. Add your name, let us know if you want to be publicly listed or not. And, and we'll basically reach out to you. You know, again, often there are hearings happening around you that you that it's good to be aware of and, and if there are we'll say hey you know there's a hearing in your state, it's next week, you know, do you think you could show up or do you think you could go to this website and just submit written testimony or something like that. So, yeah, if you're if you're an infosec or infotech guy or girl. I mean, let me do that one again. If you're an infosec or infotech professional. And, and this sounds like the type of thing that matters to you. Go to secure repairs. org and join us

Vamosi: I’d like to thank Paul Roberts for this episode. You can check out Paul’s infosec reporting at The Security Ledger dot com, and subscribe to his podcast of the same name on Spotify and other podcast platforms.

This podcast is brought to you, commercial free by ForAllSecure.

For The Hacker Mind, I remain yet another Archibald "Harry" Tuttle wannabe Robert Vamosi.

Share this post

How about some Mayhem in your inbox?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem