HR 4006 Introduced

Fair Repair Act

Last month, Rep Morelle (D,NY) introduced HR 4006, the Fair Repair Act. The bill would establish a requirement for original equipment manufacturers to make available “documentation, parts, and tools, inclusive of any updates to information or embedded software” for the purpose of diagnosis, maintenance or repair of equipment sold or used in the United States. It would also make the Federal Trade Commission the agency responsible for enforcement of the requirement.

Definitions

Section 5 of the bill provides the definitions for twelve key terms used in the legislation. Terms of interest here include:

• Authorized repair provider,

• Digital electronic equipment,

• Documentation,

• Embedded software,

• Firmware,

• Independent repair provider,

• Part, and

• Tools.

General Requirement

Section 2(a) of the bill provides that an original equipment manufacturer (OEM) would be required to provide documentation, parts, and tools (including information updates and updated embedded software) used for diagnosis, maintenance or repair “in a timely manner and on fair and reasonable terms”.

For equipment with a wholesale price of more than $100 and for which an express warranty has been provided, §2(b) specifically requires OEM to provide that support at “an equitable price and convenience of delivery”.

Section 4(1) specifically requires OEM, for “equipment that contains an electronic security lock or other security-related function”, to provide “any special documentation, tools, and parts needed to disable the lock or function, and to reset it when disabled in the course of diagnosis, maintenance, or repair of the equipment.”

Limitations

Section 4(2) acknowledges the right of OEM to protect their trade secrets, “except as necessary to provide documentation, parts, and tools on fair and reasonable terms.

Section 4(3) acknowledges the importance of terms of agreement with authorized repair providers, “except that any provision in such terms that purports to waive, avoid, restrict or limit an OEM's obligations to comply with this Act shall be void and unenforceable.”

Section 4(4) specifically exempts “a motor vehicle manufacturer, a manufacturer of motor vehicle equipment, or a motor vehicle dealer, acting in that capacity.”

Section 4(5) specifically exempts “a manufacturer of a medical device”.

Moving Forward

Neither Morelle or his sole cosponsor {Rep Khanna (D,CA)} are members of the House Energy and Commerce Committee to which this bill was assigned for consideration. Generally, this means that the Committee is unlikely to consider this bill. If the bill were to be considered in Committee, it would almost certainly draw significant opposition from Republicans supporting manufacturers, and from some Democrats for privacy issues. There may not be enough votes to move the bill forward because of that opposition.

Commentary

This bill addresses an issue of some importance, but I think that more works needs to be done on the concept.

There is one particular piece that deserves specific attention, the provision concerning security measures. If this were included in a bill written by some law-and-order Republican, I would suspect that §4(1) was specifically included to provide police with a way to get around encryption on computers and communication devices. Limitations need to be put into place to ensure that this is not a tool to get around self-incrimination protections. I would suggest the following addition to §4(1):

(1) SECURITY-RELATED FUNCTIONS NOT EXCLUDED.—For equipment that contains an electronic security lock or other security-related function, the original equipment manufacturer shall make available to the owner and to independent repair providers, on fair and reasonable terms, any special documentation, tools, and parts needed to disable the lock or function, and to reset it when disabled in the course of diagnosis, maintenance, or repair of the equipment. Such documentation, tools, and parts may be made available to owners and independent repair facilities through appropriate secure data release systems.

(A) Independent repair providers may only provide the security bypass services described in (1) upon specific written authorization by the device owner or the legal guardian thereof,

(B) Law enforcement personnel are forbidden from requesting the security bypass services described in (1) without an order from an appropriate court of jurisdiction.