It’s Time to Expand the Right to Repair to Digital Infrastructure

January 10, 2024
Farmers have been at the forefront of efforts to institute the right to greater choice over how their equipment is repaired. (Gareth Fuller/PA Wire via REUTERS)

Most associate the right to repair with common software-enabled household goods, such as cellphones, kitchen appliances or vehicles, and the ability to freely choose between an independent repair shop and the manufacturers’ authorized repair personnel. Except for tractors (farmers have been at the forefront of the battle to choose how their tractors are repaired), the right to repair has until recently been understood as largely a consumer goods issue.

That understanding changed in June 2022. At that time, a regional train company in Poland, Lower Silesian Railways, was unable to start several just-repaired trains. The train manufacturer in southwest Poland, Newag, had used software to render the trains inoperable after an independent maintenance company, Serwis Pojazdów Szynowych (SPS), performed the repairs.

According to the ethical white-hat hackers that SPS hired to examine the train software, Newag had inserted code to prevent a train from working if “it spent a certain number of days in an independent repair company’s maintenance center, and also prevented it from running if certain components had been replaced without a manufacturer-approved serial number.” Once the hackers removed these digital locks, the trains were once again operational. But Newag has threatened to sue the Polish hackers, known collectively as Dragon Sector.

That the right-to-repair debate now encompasses industrial goods such as trains should prompt critical reflection on how we build and operate digital infrastructure such as software-enabled transportation networks or utilities in smart cities. The Polish train case demonstrates how control over software enables control over physical devices. Newag’s digital locks allegedly enabled the company to not only surveil the trains’ location at independent repair shops, but also determine whether the trains would even be operational. For Canada, it’s an ideal time to learn from Poland as the federal government has promised right-to-repair legislation in 2024.

The first lesson is to address technological lock-in, a phenomenon in which cities must depend on an equipment vendor, possibly resulting in a lesser quality of service than promised. Poland’s train repair problem, which took several long trains out of service, meant passengers had to crowd onto shorter trains with reduced timetables. Imagine if a vendor providing a city’s smart energy grid suddenly hiked its repair fees or declined to make necessary repairs. A city could be left without water or electricity.

Second, policy makers need to clearly set out who is responsible for operating and repairing infrastructure, including in the case of a vendor’s bankruptcy, sale or change in business model. Relatedly, policy makers should guarantee flexibility for choosing manufacturer or independent contractor repairs.

An important element of this approach is restricting or outright prohibiting the use of digital locks that deter repair by qualified independent repairers. Bill C-244, An Act to Amend the Copyright Act, currently before the Senate in Canada, takes steps in this direction by proposing to make it generally easier to circumvent or bypass digital locks for “diagnosis, maintenance and repair” of a range of software-enabled products. Under this legislation, independent repairers would be able to fix software-enabled devices “without the fear of huge civil and criminal penalties for unauthorized circumvention,” write legal scholars Anthony Rosborough and Alissa Centivany.

Third, thought must be given to qualified independent repairers who also need to be able to legally circumvent or bypass digital locks when diagnosing and repairing digital infrastructure. That the Polish independent repair company needed help from hackers to unlock the digital locks to restart the trains underlines the need to address manufacturer-imposed locks. Canadian farmers have also used hackers to access the diagnostic and repair software of their tractors to make necessary fixes.

City officials or private operators of infrastructure must be able to choose qualified repair technicians. Without choice in repair, depending on the product and manufacturer, those operating the infrastructure may be at the mercy of manufacturers’ repair timetables and typically higher prices, as US farmers reported in a 2021 survey undertaken by the National Farmers Union.

Finally, governments at all levels must cultivate digital expertise among public-sector employees involved in procuring and regulating digital infrastructure, as my joint research with Blayne Haggart concludes. Studies of smart cities, for example, have found cities were often poorly equipped to evaluate the technologies that vendors were selling, as municipal IT staff lacked the capacity to assess the technologies under consideration. If city officials don’t fully appreciate the intellectual property and software licensing agreements accompanying elements of digital infrastructure, their municipalities are likely ill-prepared to set favourable conditions for repairing and governing digital infrastructure in the public interest.

The case of Poland’s inoperable trains, digitally locked at the manufacturer’s discretion, starkly highlights how issues of control and repair of software-enabled goods are no longer confined to the consumer sphere. These are broader issues affecting industrial goods and critical digital infrastructure. Debates over the right to repair need to consider how industrial goods might be included to protect the public interest.

The opinions expressed in this article/multimedia are those of the author(s) and do not necessarily reflect the views of CIGI or its Board of Directors.

About the Author

Natasha Tusikov is an associate professor of criminology in the Department of Social Science at York University and a visiting fellow with the School of Regulation and Global Governance (RegNet) at the Australian National University.