🎉 Right to repair is preserved! 🎉

A house committee in the Colorado legislature voted 7 to 4 to "postpone indefinitely" the SB26-090 bill that would have rolled back the hard-fought right, had it passed.

A coalition of experts from around the state, the country, and the world testified that the vague definition of "critical infrastructure" left open the possibility that manufacturers could have classified virtually any tech product under that category, which would then have exempted it from R2R unless the attorney general weighed in.

I'm so grateful to everyone who jumped in with almost no advance notice, and testified forcefully that the bill was bad and the arguments underpinning the bill's rationale were complete bullshit.

We won a victory, folks. Against huge industry lobbying efforts, we won the day. Activism mattered and made a difference tonight!

#RightToRepair #COpolitics #cybersecurity #ElectMoreHackers

RE: https://infosec.exchange/@threatresearch/116387050505018174

Current update on SB26-090 (Colorado's misguided "wrong to repair" bill):

After spending a bunch of the senate session on Tuesday in debate over a bunch of amendments, the bill is tentatively on the calendar for tomorrow, again, to have its third reading in the senate.

Please keep up the pressure - Coloradans and the rest of the country rely on being able to fix broken things in order to protect them from cyberattack. The repair is not the problem here.

https://leg.colorado.gov/agenda/floor/202604162

https://leg.colorado.gov/bills/sb26-090

#COpolitics #Boulder #legislation #RightToRepair #SB26090 #Colorado #CriticalInfrastructure #activism #engagement #TechPollicy #policy #ElectMoreHackers #InfoSec #malware #cybersecurity

🚨 Current update on the Colorado bill (SB26-090) that would rescind "right to repair" for "critical infrastructure" 🚨

Please share widely.

The bill is currently scheduled for "third reading (final passage)" in the Colorado senate for Monday, April 13, first thing in the morning. If you have delayed until now doing something, this is your moment to act. You do not need to be a Colorado, or even a US resident, to speak up!

https://leg.colorado.gov/agenda/floor/202604132

Paul Roberts (secure-resilient.org) is putting together a list of people willing to be signatories to a letter opposing this bill. Please reach out to him if you want to sign on to that letter.

Wayne Seltzer, who runs the Boulder U-fix-it Clinic, shared a link to this petition/letter to legislators: https://actionnetwork.org/letters/support-your-right-to-repair-in-colorado

Danny Katz of CO PIRG is running a petition drive to send messages to the legislature. Petition link: https://pirg.org/colorado/take-action/tell-your-senator-protect-colorados-right-to-repair-law/

Finally, and this is important, rep. Brianna Titone (the author of the original 2024 right to repair bill) informed me that some of the advocates for right to repair who have been writing to legislators have been threatening or offensive in their language they used in their messages. This is unhelpful and will not persuade lawmakers to change their minds, so please try to encourage others to remember that these legislators -- who are on the fence -- can be persuaded, and are not (necessarily) inherently evil or corrupt, and just lack understanding.Talk/write to them with that frame of mind.

Thank you!

https://leg.colorado.gov/bills/SB26-090

#COpolitics #Boulder #legislation #RightToRepair #SB26090 #Colorado #CriticalInfrastructure #activism #engagement #TechPollicy #policy #ElectMoreHackers #InfoSec #malware #cybersecurity

RE: https://infosec.exchange/@patrickcmiller/116162934900485808

#Colorado is running a bill this session, titled SB26-051 (leg.colorado.gov/bills/SB26-051), which will require "general computing platforms" (laptops and phones) to build a form of locally-stored age attestation into the onboarding process for a new user on the device. The data about the user would then be categorized into one of three age brackets, stored locally, and then passed to various apps/platforms/social media at registration time.

In the bill's committee hearing last week, I and several other people told the bill sponsors that we understand the problem you're trying to solve, but that this is a terrible way to solve it. Many speakers offered to help advise the bill authors on implementing a less fragile, more secure, less susceptible system, but they wouldn't budge. Not a single committee member voted no on a motion to advance the bill to the "committee of the whole" - i.e., the full legislature for a final vote.

The only hope now is for people to reach out to legislators to ask them to vote no on the final bill draft. Otherwise, we're going to get stuck with a really dumb bill that gets signed into law on a "but...think of the children!" appeal, with no hope of being implemented properly.

It's notable that this Apple system would not satisfy the requirements the bill sets up.

#COpolitics #ElectMoreHackers #ageAttestation #childsafety #onlinesafety

Last night I attended the #Boulder BVSD school district's District Accountability Committee meeting. I am the representative to my kids' high school at the DAC, that advises the school board on policy matters. It's a commitment I made to staying involved in local school operations, regardless of the outcome of the election last year.

The DAC is considering updates to policies surrounding the searches of and interrogations of students on school grounds. The DAC policy subcommittee made several positive changes that strengthen the protections this policy gives to students, who under these kind of circumstances are obviously in a power-imbalance situation.

But there was one change that I couldn't abide, and when I brought it up, it started a nearly hourlong debate in which many other DAC representatives chimed in with their own concerns.

The change was to give schools the permission to search students' mobile devices and laptops. It was a one-line insertion into an existing policy that gives school officials permission to search student lockers.

I made the point that phones/laptops often contain highly sensitive, personal information that falls outside the scope of any legitimate investigation, and that the language was overbroad and failed to take into account the need for student data privacy and limiting the scope of the search, and raises significant civil rights issues.

Another DAC member raised the issue that the policy seems to lay the responsibility for students maintaining the security of their devices on the students, even when an adult has access to those devices, which seemed weirdly out of sync.

Yet another DAC member was concerned that there was no guidance about how such searches would be conducted, and under what circumstances. Doesn't changing a policy like this lead to potential 'fishing expeditions' on specious evidence or even just allegations of misbehavior without evidence?

In the end, the DAC thought this policy would sail through and be passed along to the BVSD board for their approval next week. I think the policy needs significant rework and there's no way the board should pass it in its current form. I will speak at the school board meeting next week to get that point across, because the way it looks right now, I would not want my name connected to this policy.

#COpolitics #BVSD #SchoolBoard #policy #electmorehackers #4thAmendment #PolicyHackers #education #USPol

The Aspen Tech Policy Hub is organizing some training in how hackers can engage in tech policy by learning how to speak and write effectively to communicate with lawmakers. They're calling it "The Cyber Civil Defense Policy Training Series"

The first one starts next Tuesday.

Sign up for one, or all three, here: https://aspenpolicyacademy.org/short-courses#cybersecurityseries

#ElectMoreHackers #TechPolicy #Policy #engage #engagement #fightforthefuture #AspenTech #AspenTechPolicyHub

My local Colorado assembly representative, Junie Joseph, went to the #DNC this week to represent our state as an elector and delegate for Kamala Harris. I had given her a stack of stickers to hand out to fellow delegates and attendees. I did not expect that she would write about it in her newsletter and send me pictures!

#ElectMoreHackers

Greetings, hacker family. Today, the Elect More Hackers project launched its updated website and is initiating the process of registering as a 501(c)4 nonprofit for political organizing and advocacy purposes.

(Are you a lawyer who is willing to help with this? We can't pay you right now, but we'd still love your help!)

I'm @andrewbrandt and decided to spearhead this project after my experience running for office in 2023. I was not successful in my campaign to run for a local school board here in Colorado, but the experience taught me two things: I made a lot of allies and friends -- more than 25,000 people voted for me in that election -- and people really want their elected officials to listen to them, and to respond to the myriad issues that we all face.

Everywhere I go, I still run into people who recognize me, thank me for having run and tell me that they voted for me. ❤️ Thank you!

When I ran, I put my experience as a journalist and information security analyst front and center of my campaign. In schools (as everywhere else), the accelerating volume of challenges posed by the internet and modern technology has outpaced the ability of more traditional political actors to address them.

I made the idea of electing hackers central to my campaign. Voters were surprisingly receptive to this idea. Even I had no idea how valuable that background is when nobody else in politics knows how to answer questions about the risks of generative AI, or how cybercriminals operate.

I also made it a priority to show up and participate in local events - caucuses with my neighbors; door-knocking and flyer distribution; public comment to the school board, city council, and state assembly; collecting petition signatures; making calls; writing postcards.

And now I'm using what I learned to encourage others in my field to get out there to run for office and be their whole, authentic selves doing it. I hope you'll take up the challenge yourself, or encourage that one person you know who's super politically interested (but has never run for anything, or even considered it) to toss their hat in the ring.

Because you can't win if you don't play, and right now, at this point in history, none of us can afford to sit back and hope someone else will take care of our problems for us. Most of the people in power today already haven't (and some have made things demonstrably worse).

It's time for us to lift up the best hackers among our number -- and we are LEGION -- and start bringing up a new progressive, tech-savvy, and enthusiastic team downballot to give everyone someone to cheer for.

Because yes, it's entirely possible that you may be the person who rolls that snowball down the hill and begins a landslide.

I hope you'll join us for the ride. It's going to be wild. 🖖

#COpolitics #Boulder #ElectMoreHackers #USPol #politics #grassroots #campaign