Right to repair laws have now been passed in 26 US states, forcing companies, in general, to make tools, manuals and spare parts available for purchase at reasonable rates to third party repair shops. While the main focus of articles on these laws have focused on mobile phone repair and farming equipment it in fact touches on many industries. The non-partisan activist site repair.org lists seven industries that they and other right-to-repair activists have identified as being a focus of the various legislations.
These industries have also, understandably, been pushing back on these laws. One expert has even claimed that they actually make consumers less safe, more open to cyber attacks and instead only feeds lawyer fees and class-action lawsuits. The claim goes that this is making products actually more expensive and more dangerous.
In a recent opinion piece published in “The Hill,” Peter J. Pitts, founder of the Center for Medicine in the Public Interest, and a former FDA Associate Commissioner writes that “Just like other devices we rely on, medical devices can improve our quality of life — so long as they are maintained to work properly. When they are not — or not maintained or serviced in line with FDA approval — there can be huge health care and cybersecurity risks.”
Throughout the piece, the author cites only a single paper as the main basis for his concerns. That paper, a recent FDA discussion paper Pitts paraphrases as saying “the first step in advancing medical device cybersecurity is to limit and ensure that those who control repairs and maintenance of these highly sophisticated pieces of health care technology are regulated FDA manufacturers.”
This is highly misleading however, since the FDA discussion paper mentions nothing regarding right to repair laws directly in the entirety of the document, and is instead focused on questions and thoughts that should be considered for discussion at an upcoming meeting. In fact, it often cites the availability of proper materials, training, and cooperation of original equipment manufactures (OEMs) as necessary in the system.
As stated in the discussion paper, which, again, is also the only source cited in the opinion piece, “All stakeholders can contribute, ensure the software is correctly implemented, and that the device works as intended.” At one point the paper even points out the positive aspects of having repairs done outside of the manufacturers’ sight lines stating that, “Servicing entities are well positioned to help identify cybersecurity vulnerabilities and exploits early, sometimes even before the OEM becomes aware.”
There is much to be written about right to repair laws, but we believe that any discussion should be fact and truth based. Mislabeling and misrepresenting a crucial governmental body such as the Food and Drug Administration is at best dishonest and borders on unethical.