John Deere's repair fake-out
Last week, a seeming miracle came to pass: John Deere, the Big Ag monopolist thatāāāalong with Appleāāāhas led the Axis of Evil that killed, delayed and sabotaged dozens of Right to Repair laws, sued for peace, announcing a Memorandum of Understanding with the American Farm Bureau Federation to make it easier for farmers to fix their own tractors:
https://www.fb.org/files/AFBF_John_Deere_MOU.pdf
This is a move thatās both badly needed and long overdue. Deere abuses copyright law to force farmers to pay for official repairsāāāeven when the farmer does the repair. Thatās possible thanks to a practice called VIN locking, in which engine parts come with DRM that prevents the tractor from recognizing them until they pay hundreds of dollars for a John Deere technician to come to their farm and type an unlock code into the tractorās console:
https://doctorow.medium.com/about-those-kill-switched-ukrainian-tractors-bc93f471b9c8
Like all DRM, VIN locks are covered by Section 1201 of the Digital Millennium Copyright Act (DMCA), a 1998 law that criminalizes distributing tools to bypass āaccess controls,ā even if you do so for a lawful purpose (say, to fix your own tractor using a part you paid for). Violations of DMCA 1201 carry a penalty of 5 years in prison and a $500k fineāāāfor a first offense.
This means that Deere owners are locked into using Deere for repairs, which also means that if Deere decides something isnāt broken, a farmer canāt get it fixed. This is very bad news indeed, because John Deere tractors are just computers in a fancy, mobile case, and John Deere is incredibly bad at digital security:
https://pluralistic.net/2021/04/23/reputation-laundry/#deere-john
Thatās scary stuff, because John Deere is a monopolist, and a successful attack on the always-connected, networked tractors and other equipment it supplies to the worldās farmers could endanger the global food supply.
Deere doesnāt want to make insecure tractors, but it also doesnāt want to be embarrassed by security researchers who point out that its security is defective. Because security researchers have to bypass Deere tractorsā locks to probe their security, Deere can leverage DMCA1201 into a veto over who gets to warn the public about the mistakes it made.
Itās not just security researchers that Deere gets to gag: the company uses its repair monopoly to threaten farmers who complain about its business practices, holding their million-dollar farm equipment hostage to their silence:
https://pluralistic.net/2022/05/31/dealers-choice/#be-a-shame-if-something-were-to-happen-to-it
This all adds up to what Jay Freeman calls āfelony contempt of business model,ā an abuse of copyright law that allows a monopolistic corporation to reach beyond its own walls and impose its will on it customers, critics and competitors:
https://locusmag.com/2020/09/cory-doctorow-ip/
If Deere was finally suing for peace in the Repair Wars, well, that was wonderful news indeedāāāas I said, a seeming miracle.
Butāāālike all miraclesāāāit was too good to be true.
The MOU that Deere and the Farm Bureau signed is full of poison pills, gotchas, fine-print and mendacity, as Lauren Goode documents in her Wired article, āRight-to-Repair Advocates Question John Deereās New Promisesā:
https://www.wired.com/story/right-to-repair-advocates-question-john-deeres-new-promises/
For starters, the MOU makes the Farm Bureau promise to end its advocacy for state Right to Repair bills, which would create a repair system governed by democratically accountable laws, not corporate fiat. Clearly, Deere has seen the writing on the wall, after the passage in 2002 of Right to Repair laws in New York and Colorado:
https://www.eff.org/deeplinks/2022/06/when-drm-comes-your-wheelchair
These two bills broke the corporate anti-repair coalitionās winning streak, which saw dozens of state R2R bills defeated:
https://pluralistic.net/2021/05/26/nixing-the-fix/#r2r
Deereās deal-with-the-devil is a cynical ploy to brake R2Rās momentum and ensure that any repairs are carried out on Deereās terms. Now, about those termsā¦
Deereās deal offers independent repair shops access to diagnostic tools and parts āon fair and reasonable terms,ā a murky phrase that can mean whatever Deere decides it means. Crucially, the deal is silent on whether Deere will supply the tools needed to activate VIN locks, meaning that farmers will still be at Deereās mercy when they effect their own repairs.
Whatās more, the deal itself isnāt legally binding, and Deere can cancel it at any time. Once you dig past the headline, the Deereās Damascene conversion to repair advocacy starts to look awfully superficialāāāand deceptive.
One person who wasnāt fooled is sick.codes, the hacker who has done the most important work on reverse-engineering Deereās computer systems, culminating in last summerās live, on-stage hack of a John Deere tractor at Defcon:
https://pluralistic.net/2022/08/15/deere-in-headlights/#doh-a-deere
Shortly after the announcement, Sick.codes tweeted how the fine-print in the MOU would have prevented him from doing the work heās already done (including āa direct stab at me lolā):
https://twitter.com/sickcodes/status/1612484935495057409
As with other instances of monopolistic, corporate copyfraudāāālike, say, the deceptive Open Gaming Licenseāāāthe John Deere capitulation is really a bid to take away your rights, dressed up as a gift of more rights:
https://mostlysignssomeportents.tumblr.com/post/706163316598407168/good-riddance-to-the-open-gaming-license
[Image ID: Hieronymus Bosch's painting, 'The Conjurer.' The Conjuror's shell-game table holds a small John Deere tractor that the audience of yokels gawps at. One yokel is wearing a John Deere hat. The conjurer is holding a wrench.]