Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A controversial bill in Colorado that would have repealed some of the state’s correctional protections has failed. The bill was the target The right to repair Advocates, who saw it as an indicator of how tech companies might try to roll back broader reform legislation in the United States.
Colorado Historic Reform Act of 2024, Consumer right to repair digital electronic equipmentcame into effect in January 2026 and guarantees access to the tools and documentation people need to modify and repair digital electronic devices such as phones, computers and Wi-Fi routers. The new draft law, SB26-090would have carved out an exception to these reform protections for “critical infrastructure,” a loosely defined term that reform advocates fear could apply to almost any technology.
Introduced SB26-090 In Colorado Senate hearing on April 2 and supported by lobbying efforts from companies such as Cisco and IBM. That session passed unanimously. Invoice then Pass In the Colorado Senate on April 16. On Monday evening, the bill was debated in a long and late hearing in the Colorado House of Representatives’ State, Civil, Military and Veterans Affairs Committee. Dozens of supporters and critics made public comments. Finally, the bill was rejected by a vote of 7 to 4 and classified as postponed indefinitely.
Danny Katz, executive director of local consumer advocacy group CoPIRG, says the fight has been a team effort. A group of reform advocates from organizations such as pile, Repair.org, iFixit, Consumer ReportsLocal businesses and environmental groups e.g Blue Star Recycling, Colorado Recycling, Colorado Environmentand Green Latinos.
“While we were making progress in reducing momentum, we were still losing,” Katz wrote in an email to WIRED after the hearing. “So, we didn’t take anything for granted, and I think the amazing testimony from a wide range of cybersecurity experts, businesses, repair advocates, recyclers, and people who want the freedom to fix their stuff has made a big difference.”
Supporters of the bill, backed by companies like Cisco, had cited the potential for cybersecurity risks as their motivation for changing the language of the law. The theory goes that if companies are required to make repair tools available to anyone, what’s to stop bad actors from using those tools to reverse engineer critical technology like Internet routers? They assumed that blocking these tools would make them less available to hackers who might misuse them. Supporters of the bill said companies should be allowed to keep their secrets if they ensure security, although that argument begins to fall apart with little scrutiny.
At one point in the hearing, Democrat Chad Clifford, a Colorado state representative and vice chairman of the House committee who was also a lead sponsor of the bill, made what appeared to be a reference to Cloudflare’s very public use of Lava wall lamps to help encrypt the Internet at random, citing this as an example of why sensitive systems need to be obfuscated to be secure.
“I don’t know why anyone would have to put lava lamps on the wall to keep the Chinese from getting into the network, but that’s what they came up with and it worked,” Clifford said. “How they do it, I think they should be able to keep it a secret, even in Colorado.”
The problem with this argument, as cybersecurity experts pointed out during the hearing, is that the vast majority of hacks are not carried out via spare parts or by disassembling individual devices. They are remote hacks, where the attacker makes changes in real time, and the defending people have to make changes quickly without worrying about getting permission from the company that makes the equipment.