This week on my podcast, I read my Medium column, "About Those Killswitched Ukrainian Tractors," in which I am a bit of a buzzkill about that feel-good story of a Ukrainian John Deere dealership bricking $5m worth of tractors stolen by Russian looters:
In case you missed the underlying story, here's a quick recap. Russian looters, abetted by the Russian military, stole $5m worth of tractors and combines from a Deere dealership in Melitopol, Ukraine. The dealership was able to use the tractors' own electronics to track them to Chechnya - and they were able to send out a self-destruct code that bricked the tractors, rendering them inoperable.
A *lot* of people sent me this story. It's a perfect cyberpunk nugget! But despite the superficial appeal of this electronically delivered comeuppance to Russian looters, this isn't a feel-good story. The underlying lesson here is: "Anyone who can pressure, hack, or convince John Deere can brick any Deere tractor, anywhere."
Who might do such a thing? Well, possibly Russia, whose militarized hacker teams honed their tactics by successfully effecting remote takeovers critical Ukrainian infrastructure. The same kill-switch that Ukraine used to take down some petty Russian looters could be used by Russian hackers to attack the entire Ukrainian agriculture sector:
Which raises the question: why are there kill-switches in Deere tractors? This is a good question to ask about *any* kill-switch. As a sf writer, I just *hate* those sci-fi movies where someone accidentally hits the self-destruct button on the bridge of a spaceship. I always think, "You know, I'm no aerospace engineer, but wouldn't this be a better spaceship if it wasn't designed to explode?"
The kill-switches in Deere tractors weren't designed to thwart Russian looters - they were designed to thwart *American farmers.* Deere's industrial strategy takes its cues from other industries - mobile phones, cars, med-tech, etc: they use tech to lock in their customers, harvest and sell their data, and extract fees from them.
In Deere's case, this started with a data-play: as a top Deere exec boasted to me at a conference some years ago, the company uses the sensors on farmers' tractors to build a centimeter-accurate grid of soil humidity and density. The locks on Deere tractors prevent farmers from accessing this data directly - rather, they are reliant on whatever plans Deere cooks up.
Originally, Deere denied farmers this data, except through their preferred seed partner Monsanto (now Bayer). Deere sold the data - and the farmers - to Monsanto, and farmers who wanted to practice precision agriculture needed to do so with Monsanto seed. Today, Deere allows farmers to download their data from an online portal, but that could change again.
I'm not surprised to learn that Deere has stopped selling farmers to Bayer, because - as that executive boasted to me - the real money in ag data is in aggregating global soil condition data, from *all* Deere customers, and selling it to the finance sector to inform commodity futures trades. Deere sells farmers' data to people making bets against the farmers.
Remember this the next time you hear, "If you're not paying for the product, you're the product." Deere doesn't give away ad-supported tractors. Farmers pay six- and seven-figure sums for Deere equipment - and they're still the product. The thing that determines whether a company can treat you like "product" isn't whether you're paying - it's whether they can get away with it.
Deere can get away with it. Having merged with or acquired so many rivals, they have market power - that is, monopoly power. What's more, the law is on their side. Specifically, they benefit from Section 1201 of the Digital Millennium Copyright Act (DMCA), which bans breaking DRM and makes trafficking in DRM-breaking tools a 5-year prison-sentence felony.
This law - and related laws, like the Computer Fraud and Abuse Act, as well as contract law, trade secrecy, patents, etc - gave rise to a practice called VIN-locking. VIN-locking started in the automotive industry (VIN stands for Vehicle Identification Number), and it's the main battle in the right to repair (R2R) fight.
These VIN-locks are protected by the DMCA. Providing a tool to bypass them, which would allow independent mechanics to swap in the part and then initialize it, carries a potential prison sentence of 5 years and a $500K fine for a first offense. Thus, the act of fixing a car without manufacturer authorization becomes a crime.
Farmers have been doing their own repairs since time immemorial - that's why even Roman farmhouse foundations have spaces for forges and workshops. When you're at the end of a country road and the storm is on the horizon, you have to get the crops in, and you can't wait for a mechanic or technician to come and fix the tools you depend on.
Deere owes its business to farmers' tractor modifications and repairs. It once sent field engineers out to farms across America to report back on farmers' innovations, which it then patented (ugh, I know) and incorporated in its future tractors:
Worse, Deere actually told the US Copyright Office that farmers *don't own their tractors* - they *can't*, because the software in the tractor is only *licensed*, not *sold*, so they have to abide by the tractors' terms of service.
Medtronic makes the workhorse PB840 ventilator, a two decade old product that is widely found in hospitals around the world. Hospital technicians - like farmers - have a long tradition of fixing their own equipment, for much the same reason. When the ventilator breaks, you need to fix it so you can save someone's life, rather than waiting around for a Medtronic technician to show up and charge hundreds of dollars for a service call.
But Medtronic also practices VIN-locking, which means that the simplest, most common repairs - cannibalizing a working part out of a busted ventilator to keep another one going - are no longer possible without breaking the DMCA. That's exactly what hospital med-techs did during lockdown, when demand for ventilators spiked just as Medtronic grounded all its technicians.
This was only possible thanks to a brave, anonymous ex-Medtronic employee, who built illegal circumvention tools inside improvised housings (clock radios, guitar pedals, etc) and mailed them to technicians around the world:
We don't know his name, because the EU's laws - Article 6 of the EUCD - also ban trafficking in circumvention devices.
Whenever right to repair bills come up at the state level, VIN-locking companies team up to defeat them. The ringleader of these anti-repair conspiracies is always Apple, who claimed that letting you fix your phone would lead to your battery exploding and *blowing your face off*.
These safety claims are repeated by car manufacturers. For example, during the Massachusetts R2R ballot initiative campaign, Big Car ran ads warning that they had built so much spyware into your cars that allowing third party access would lead to you being *stalked and murdered*:
The automotive sector's claims about defending your security would be more credible if they were better at it.
It's hard to take seriously a company's claims that it - not you - understands your security needs when its cars can be hijacked over the internet, allowing randos to steer, break and accelerate your vehicle.
Kill-switches and VIN-locking go hand-in-hand and they're both security nightmares. In the automotive context, VIN-locking is key to the subprime car lending industry, where trillions of dollars' worth of loans are backed up with ignition immobilizers to make it easier to repo cars when the owner misses a payment.
Owners of subprime cars often miss payments, because the subprime loans are designed for default, offered to people who can't afford them, on deceptive terms, with balloon payments and penalties that allow a dealer to repo and re-sell the same car several times over.
Dealer kill-switches are a very expedient way to settle disputes over payments. If you claim to be caught up and dealer disagrees, they can just brick your car until you write a check. These kill-switches can be fully autonomous, too: if your lease prohibits you from leaving the county, you will find yourself stranded if you cross the county line.
Among other ghastly outcomes, this has led to families being stranded beyond cellular range after going for a walk in the woods, not realizing that they'd crossed out of the county.
But the real problems come when the dealers' own security is compromised. As I often say, no language on Earth contains the phrase "as secure as the IT at a used-car lot." When the dealer gets hacked, every car they've sold gets bricked:
Deere likes to claim that it plays a vital role in the world's food security because a compromise of its equipment could lead to large-scale ag disruptions. It's half-right: breaking Deere's security *is* a nightmare scenario for global food production - but, alas, Deere has *very bad security*.
Not only is Deere's software riddled with amateur vulnerabilities, the company hasn't submitted any bugs to the CVE database, suggesting that its demonstrably incorrect claims of being capable guardians of the world's food security are actually sincere:
Like car companies, Deere argues that its security duties make independent repair a nonstarter due to the risks this would pose. This is a common argument of companies that use kill-switches and VIN-locks to extract monopoly rents from their customers. It's a claim Medtronic often makes, despite its own terrible security:
VIN-locking does resolve some risk. It makes stolen goods a little less valuable to thieves and it makes it harder for third parties to introduce malicious code to devices. But VIN-locking and kill-switching *introduce* much graver risks than they offset: the risk that third parties will brick all devices, and the inability of third parties to *fix* incompetent code.
You know who understands this? Ukrainian farmers. They lead the world in exporting illegal, alternative firmware for John Deere tractors, which farmers all over the world install to get around Deere's VIN-locking and other odious practices.
We are all living in increasingly unstable times. It's time to put an end to VIN-locking and kill-switching, and start designing our vital systems - phones, cars, medical implants and equipment, and tractors - to be resilient and robust in the face of supply chain breakdowns and hostile takeovers.
Here's the podcast episode:
And here's a direct link to the MP3 (hosting courtesy of the Internet Archive; they'll host your stuff for free, forever):
And here's the RSS for my podcast:
@pluralistic It's also times to create neighborhood repair centers where we share machines like lathes and kilns that are generally too big, resource intensive, or dangerous for most homes. Bonus points for locally sourced and stored electrons and water to drive the machines.
Mamot.fr est un serveur Mastodon francophone, géré par La Quadrature du Net.