In one of the coolest and more outrageous repair stories in quite some time, three white-hat hackers helped a regional rail company in southwest Poland unbrick a train that had been artificially rendered inoperable by the train’s manufacturer after an independent maintenance company worked on it. The train’s manufacturer is now threatening to sue the hackers who were hired by the independent repair company to fix it.
After breaking trains simply because an independent repair shop had worked on them, NEWAG is now demanding that trains fixed by hackers be removed from service.
The EU is in a constant struggle for its direction. Discounting it as a lost cause only allows malicious actors free reign. On the one hand, EU regulators take on tech monopolies, like forcing Microsoft to un-bundle Windows and Edge/Bing. And european courts have repeatedly struck down legislation that would allow for indiscriminate data retention.
On the other hand, the EU politicians are currently trying to sneak through a law that would force browsers to accept state-issued root certificates, allowing them to spy on and alter any and all internet communication, basically upending the trust-based system that keeps the internet secure currently. This law is part of the eIDAS initiative.
And I’m sure that with the new, EU-driven right to repair initiative, the train manufacturer will be forced to back down soon too.
The right to repair proposal will sure have a list of exemptions, not to hurt the feelings of big commercial conglomerates.
Interesting, this needs some reading
Here is a link detailing the issues concerning root certificates in the eIDAS legislation, as it currently written and about to be voted on: https://www.theregister.com/2023/11/08/europe_eidas_browser/
Thanks! I stumbled across the Mozilla blog on it, too
https://blog.mozilla.org/netpolicy/2021/11/04/mozilla-publishes-position-paper-on-the-eu-digital-identity-framework/