John Deere's repair fake-out
Last week, a seeming miracle came to pass: John Deere, the Big Ag monopolist thatâââalong with Appleâââhas led the Axis of Evil that killed, delayed and sabotaged dozens of Right to Repair laws, sued for peace, announcing a Memorandum of Understanding with the American Farm Bureau Federation to make it easier for farmers to fix their own tractors:
https://www.fb.org/files/AFBF_John_Deere_MOU.pdf
This is a move thatâs both badly needed and long overdue. Deere abuses copyright law to force farmers to pay for official repairsâââeven when the farmer does the repair. Thatâs possible thanks to a practice called VIN locking, in which engine parts come with DRM that prevents the tractor from recognizing them until they pay hundreds of dollars for a John Deere technician to come to their farm and type an unlock code into the tractorâs console:
https://doctorow.medium.com/about-those-kill-switched-ukrainian-tractors-bc93f471b9c8
Like all DRM, VIN locks are covered by Section 1201 of the Digital Millennium Copyright Act (DMCA), a 1998 law that criminalizes distributing tools to bypass âaccess controls,â even if you do so for a lawful purpose (say, to fix your own tractor using a part you paid for). Violations of DMCA 1201 carry a penalty of 5 years in prison and a $500k fineâââfor a first offense.
This means that Deere owners are locked into using Deere for repairs, which also means that if Deere decides something isnât broken, a farmer canât get it fixed. This is very bad news indeed, because John Deere tractors are just computers in a fancy, mobile case, and John Deere is incredibly bad at digital security:
https://pluralistic.net/2021/04/23/reputation-laundry/#deere-john
Thatâs scary stuff, because John Deere is a monopolist, and a successful attack on the always-connected, networked tractors and other equipment it supplies to the worldâs farmers could endanger the global food supply.
Deere doesnât want to make insecure tractors, but it also doesnât want to be embarrassed by security researchers who point out that its security is defective. Because security researchers have to bypass Deere tractorsâ locks to probe their security, Deere can leverage DMCA1201 into a veto over who gets to warn the public about the mistakes it made.
Itâs not just security researchers that Deere gets to gag: the company uses its repair monopoly to threaten farmers who complain about its business practices, holding their million-dollar farm equipment hostage to their silence:
https://pluralistic.net/2022/05/31/dealers-choice/#be-a-shame-if-something-were-to-happen-to-it
This all adds up to what Jay Freeman calls âfelony contempt of business model,â an abuse of copyright law that allows a monopolistic corporation to reach beyond its own walls and impose its will on it customers, critics and competitors:
https://locusmag.com/2020/09/cory-doctorow-ip/
If Deere was finally suing for peace in the Repair Wars, well, that was wonderful news indeedâââas I said, a seeming miracle.
Butâââlike all miraclesâââit was too good to be true.
The MOU that Deere and the Farm Bureau signed is full of poison pills, gotchas, fine-print and mendacity, as Lauren Goode documents in her Wired article, âRight-to-Repair Advocates Question John Deereâs New Promisesâ:
https://www.wired.com/story/right-to-repair-advocates-question-john-deeres-new-promises/
For starters, the MOU makes the Farm Bureau promise to end its advocacy for state Right to Repair bills, which would create a repair system governed by democratically accountable laws, not corporate fiat. Clearly, Deere has seen the writing on the wall, after the passage in 2002 of Right to Repair laws in New York and Colorado:
https://www.eff.org/deeplinks/2022/06/when-drm-comes-your-wheelchair
These two bills broke the corporate anti-repair coalitionâs winning streak, which saw dozens of state R2R bills defeated:
https://pluralistic.net/2021/05/26/nixing-the-fix/#r2r
Deereâs deal-with-the-devil is a cynical ploy to brake R2Râs momentum and ensure that any repairs are carried out on Deereâs terms. Now, about those termsâŚ
Deereâs deal offers independent repair shops access to diagnostic tools and parts âon fair and reasonable terms,â a murky phrase that can mean whatever Deere decides it means. Crucially, the deal is silent on whether Deere will supply the tools needed to activate VIN locks, meaning that farmers will still be at Deereâs mercy when they effect their own repairs.
Whatâs more, the deal itself isnât legally binding, and Deere can cancel it at any time. Once you dig past the headline, the Deereâs Damascene conversion to repair advocacy starts to look awfully superficialâââand deceptive.
One person who wasnât fooled is sick.codes, the hacker who has done the most important work on reverse-engineering Deereâs computer systems, culminating in last summerâs live, on-stage hack of a John Deere tractor at Defcon:
https://pluralistic.net/2022/08/15/deere-in-headlights/#doh-a-deere
Shortly after the announcement, Sick.codes tweeted how the fine-print in the MOU would have prevented him from doing the work heâs already done (including âa direct stab at me lolâ):
https://twitter.com/sickcodes/status/1612484935495057409
As with other instances of monopolistic, corporate copyfraudâââlike, say, the deceptive Open Gaming Licenseâââthe John Deere capitulation is really a bid to take away your rights, dressed up as a gift of more rights:
https://mostlysignssomeportents.tumblr.com/post/706163316598407168/good-riddance-to-the-open-gaming-license
[Image ID: Hieronymus Bosch's painting, 'The Conjurer.' The Conjuror's shell-game table holds a small John Deere tractor that the audience of yokels gawps at. One yokel is wearing a John Deere hat. The conjurer is holding a wrench.]
