John Deere’s repair fake-out

So many strings attached.

Cory Doctorow

--

Hieronymus Bosch’s painting, ‘The Conjurer.’ The Conjuror’s shell-game table holds a small John Deere tractor that the audience of yokels gawps at. One yokel is wearing a John Deere hat. The conjurer is holding a wrench.

Last week, a seeming miracle came to pass: John Deere, the Big Ag monopolist that — along with Apple — has led the Axis of Evil that killed, delayed and sabotaged dozens of Right to Repair laws, sued for peace, announcing a Memorandum of Understanding with the American Farm Bureau Federation to make it easier for farmers to fix their own tractors:

https://www.fb.org/files/AFBF_John_Deere_MOU.pdf

This is a move that’s both badly needed and long overdue. Deere abuses copyright law to force farmers to pay for official repairs — even when the farmer does the repair. That’s possible thanks to a practice called VIN locking, in which engine parts come with DRM that prevents the tractor from recognizing them until they pay hundreds of dollars for a John Deere technician to come to their farm and type an unlock code into the tractor’s console:

https://doctorow.medium.com/about-those-kill-switched-ukrainian-tractors-bc93f471b9c8

Like all DRM, VIN locks are covered by Section 1201 of the Digital Millennium Copyright Act (DMCA), a 1998 law that criminalizes distributing tools to bypass “access controls,” even if you do so for a lawful purpose (say, to fix your own tractor using a part you paid for). Violations of DMCA 1201 carry a penalty of 5 years in prison and a $500k fine — for a first offense.

This means that Deere owners are locked into using Deere for repairs, which also means that if Deere decides something isn’t broken, a farmer can’t get it fixed. This is very bad news indeed, because John Deere tractors are just computers in a fancy, mobile case, and John Deere is incredibly bad at digital security:

https://pluralistic.net/2021/04/23/reputation-laundry/#deere-john

That’s scary stuff, because John Deere is a monopolist, and a successful attack on the always-connected, networked tractors and other equipment it supplies to the world’s farmers could endanger the global food supply.

Deere doesn’t want to make insecure tractors, but it also doesn’t want to be embarrassed by security researchers who point out that its security is defective. Because security researchers have to bypass Deere tractors’ locks to probe their security, Deere…

--

--