A controversial bill in Colorado that would have eliminated some rehabilitation protections in the state has failed. The bill was the goal of right to make lawyers, who saw it as a harbinger of how tech companies could try to undo the broader reform law in the United States.
Colorado Rehabilitation Act 2024, the Consumer’s Right to Repair Digital Electronic Equipmentcame into effect in January 2026 and ensures access to the tools and documentation needed for people to repair and modify digital electronic devices such as phones, computers and Wi-Fi routers. new bill, SB26-090it would have provided an exception to that modification protection for “critical infrastructure,” a loosely defined term that modification advocates worried could be applied to almost any technology.
SB26-090 was introduced during Colorado Senate Hearing on April 2 and supported by lobbying efforts from companies such as Cisco and IBM. It passed the hearing unanimously. Bill then to pass in the Colorado Senate on April 16. On Monday evening, the bill was debated for a long, delayed hearing in the Colorado House, Civilian, Military and Veterans Affairs Committee. Hundreds of supporters and opponents made public comments. Ultimately, the bill was rejected in a 7 to 4 vote and classified as an indefinite postponement.
Danny Katz, executive director of local consumer advocacy group CoPIRG, says the fight was a group effort. Speaking against the bill were a group of rehabilitation advocates from organizations such as series, repair.org, iFixit, Consumer Reportsand local businesses and environmental groups like Blue Star Recyclers, Recycle Colorado, Colorado landscapeand GreenLatinos.
“While we were making progress in withdrawing at the same time, we were still losing,” Katz wrote in an email to WIRED after the hearing. “So, we didn’t take anything for granted, and I believe the incredible testimony from a variety of cybersecurity experts, businesses, repair advocates, purveyors, and people who want the freedom to fix their stuff made a big difference.”
Supporters of the bill, backed by companies like Cisco, had cited potential cybersecurity risks as their motivation for changing the language of the law. If companies were required to make repair tools available to anyone, the theory says, what’s to stop bad actors from using those tools to change critical engineering technology like Internet routers? Blocking those tools, they said, would make them inaccessible to hackers who could exploit them. Advocates of the bill argued that companies should be allowed to keep their secrets if it ensures security, though that argument is beginning to fall apart with little scrutiny.
At one point in the hearing, Democrat Chad Clifford, Colorado state representative and vice chairman of the House committee who was also the main sponsor of the bill, pointed out what appeared to be a reference to Cloudflare’s public use. a wall of lava lamps support random internet encryption, citing the need for sensitive systems to be untraceable in order to be secure.
“I don’t know why anyone has to have lava lamps on the wall to keep the Chinese out of the internet, but it’s what they came up with that worked,” Clifford said. “How they do it, I believe they should keep it a secret, even in Colorado.”
The problem with that argument, as cyber security experts pointed out during the hearing, is that most hacking is not done through third parties or by isolating individual machines. These are remote hacks, where the attacker makes changes in real time, and the people defending have to make changes on the fly without worrying about getting approval from the hardware company.
