Beyond Convenience: The Hidden Dangers of Right-to-Repair

In recent state legislative sessions across the United States, a concerning trend has emerged as policymakers persist in promoting so-called right-to-repair legislation. These initiatives pose significant risks and unintended consequences for constituents, affecting their daily lives and raising security concerns. The access granted to device design and sensitive information along with device data by such bills can have far-reaching implications. Signed into law as part of the state’s omnibus bill on May 24, the Digital Fair Repair Act (SF 1598) in Minnesota is no different and is a prime example that will have serious effects on consumer privacy, safety, and commerce in the North Star state.

While some past bills signed into law in other states such as New York have taken these concerns into consideration and provided a more balanced approach, Minnesota has yet to consider the impact, both intended and unintended, on the innovation economy in the state and the access it grants to state actors.

If you damaged your phone today, you could go to an authorized and certified vendor with the training and necessary knowledge to ensure it is adequately repaired. If passed, Minnesota’s bill would enable unauthorized repair shops to service any customer device using Original Equipment Manufacturers (OEMs) or aftermarket parts, but without informing the customer as to which was used for a repair.

Opening repairs to anyone may sound like a good way to give consumers additional choices in where to repair their devices. But in practice, SF 1598 adds a layer of heightened risk of privacy intrusions for consumers, increasing the likelihood that their most valuable information could end up in the hands of unvetted vendors who can access personal data, copy it, and even share it on the dark web. The bill would also devalue the contracts of authorized repair partners throughout the state, many of which are small businesses and some of Minnesota’s largest companies.

Additionally, the bill could be interpreted to apply retroactively to devices produced and sold years ago. This saddles consumers and manufacturers with costly repair requirements for devices, which may not have been designed for untrained repair or limited access to parts, tools, and outdated software.

The direction of Minnesota’s Digital Fair Repair Act would also result in government mandates as to how businesses are able to operate and who they can collaborate with. Mandating commerce between private organizations has the potential to lead to undesirable consequences of government imposing mandatory collaboration and actions through government intervention undermining the principle of individual freedom in business operations within the state. In a time of potential economic turmoil, it’s more important than ever to ensure businesses can do what is best for them, rather than force obligatory collaboration and action via government overreach.

In the past, I’ve discussed how right-to-repair legislation might sound pro-consumer, but the lasting cybersecurity and economic implications of these efforts are likely to be detrimental and extremely complicated. The devices consumers use daily are user-friendly by nature and are also gateways into our most private information. A 2022 study found that almost half of repair technicians accessed data not related to the repair. Combining these intrusions with increased threats of malware and spyware on the rise across industries creates an even bigger privacy risk for Minnesotans.  

Removing safeguards on personal tech repairs would expose a wide range of sensitive information, including financial and health data, contacts, photos, and geolocation data. Allowing external parties access to the device ecosystem could enable tampering, making them vulnerable to malicious actors, malware, and spyware. Moreover, it would grant global access to crucial documentation, tools, and parts, including those by adversaries.

As the debates around the right-to-repair continue to make waves in the states, it is essential that legislators prioritize consumers and the economy. Without a balanced approach that weighs choice against the pro-consumer values of privacy and security, Minnesota legislators and other states’ elected leaders are placing consumers' data and safety at risk. Privacy by design and a strong economy is vital to the United States' competitiveness in the digital industry, and state legislators have an essential role to play in protecting this foundation.

Shane Tews is a Nonresident Senior Fellow at the American Enterprise Institute (AEI).