Similarly, by refusing to supply replacement parts outside of their authorized repair networks, right to repair advocates assert that manufacturers increase the dangers associated with independent repair. According to Gordon-Byrne, consumers often want original parts but cannot get them and therefore turn to substitutes where the quality is variable.[1] Furthermore, manufacturers could control the risks associated with repairs by including warnings in their repair manuals about ways to mitigate the dangers of particular repairs and making the manuals available to individuals and independent repair shops.
The failure to label 18650 cells serves as a prime example of a manufacturer practice that increases the safety risks of independent repair. As noted in Section IV.C., all 18650 cells have the same dimensions, but they can have different chemistries. Replacing one 18650 with another cell of the same size but different chemistry could result in a thermal runaway event. This risk could be significantly reduced if the chemistry of an 18650 appeared on its label and manufacturers identified the particular 18650 chemistries used in their devices.[2] Indeed, such disclosure would impose an arguably minimal burden on manufacturers and would likely serve a valuable purpose.
Manufacturers also assert that repair restrictions protect consumers from cybersecurity risks. Microsoft explained that consumers face significant risks when they provide a device containing sensitive personal information to an independent repair shop because the device may contain a user’s pictures, sensitive documents, financial records, emails, passwords, and personal contacts.[3] Similarly, CompTIA explained that many manufacturers’ remote diagnostic tools provide access to the entire device, including software, data, and other files. Providing diagnostic access to individuals or independent repair shops, according to CompTIA, may enable a repairer to identify consumer specific information such as how often a device is used, when the device is used, IP addresses, and other information, which could then be commingled with personally identifiable information.[4]
Furthermore, Microsoft noted that individuals and independent repair shops that conduct repairs could compromise the embedded hardware security technology that manufacturers use to protect user data and ensure that device integrity is maintained during boot up.[5] NAM explained that individuals and independent repair shops can introduce new security risks by inadvertently disabling key hardware security features or preventing firmware or software from accepting or installing updates.[6] AHAM similarly noted that “[s]ervicing a “smart” appliance may require accessing the appliance’s electronic hardware circuitry, including chip-sets, firmware, security key pairings and/or proprietary technical configurations…. Tampering, whether intentional or unintentional, in this area can result in leaving the appliance vulnerable to
30
