A landmark right-to-repair law in Massachusetts is great for car owners. The US government argues it’s also great for hackers.
I’m with the view that if I own the car, I own all the telemetry the car generates. Feds need to find the solution with that principle in mind.
deleted by creator
Text of the article:
The Commonwealth of Massachusetts has become the unlikely vanguard of the movement to give car owners the right to repair their own vehicles. Now the US federal government is threatening to get in the way.
This week, the National Highway Traffic Safety Administration, the US vehicle safety regulator, warned automakers not to comply with nearly three-year-old state law that requires them to share vehicle data with owners and independent auto repair shops. In a letter, a lawyer for the government argued that giving customers and repairers access to the vehicle systems demanded by Massachusetts could also make them available to hackers, who could then access steering, acceleration, braking, or electronics systems.
The conflict dates to 2020, when Massachusetts voters overwhelmingly approved a ballot measure granting them the right to repair their cars. The Alliance for Automotive Innovation, a trade association representing global auto manufacturers, filed a suit to prevent the law from going into effect. It argued that the law was preempted by federal vehicle safety rules—in other words, not the sort of thing Massachusetts voters could decide—and created safety risks by opening up its vehicles to manipulation. The federal judge overseeing the lawsuit has yet to decide on the case, and the federal government had stayed mum on it until this month.
So now the right-to-repair movement faces another setback. Massachusetts says its law is good for car consumers. The federal government says it’s bad for car safety.
What does the new twist in this right-to-repair case mean for the state’s car owners, repairers, and dealers? At this point, confusion. “Massachusetts consumers don’t know their rights because of how long this is taking,” says Tommy Hickey, who leads the Massachusetts Right to Repair Coalition (and now a Maine group trying to pass a similar law there.) Meanwhile, new car owners in Massachusetts who have lost access to some safety and comfort features as a result of the legal fight have been left in the lurch.
On June 1, the Massachusetts attorney general defied the legal logjam and began distributing paperwork to new car buyers informing them of their rights to access all the mechanical data created by their cars to help them diagnose, maintain, and repair their vehicles. In a statement, Massachusetts first assistant attorney general, Pat Moore, questioned why the federal government chose to weigh in on the issue now. (NHTSA did not respond to questions about the timing of the letter.)
The federal government’s stance in Massachusetts appears to conflict with its general views on the right to repair. In 2021, President Joe Biden ordered the Federal Trade Commission to create new rules making it harder for manufacturers to limit who can fix the devices they create.
Amid competing letters, statements, and legal paperwork there’s a fundamental question, one that Massachusetts tried to find the answer to: Who owns the reams of data created by today’s increasingly software- and computer-chip-enabled vehicles?
For decades, those advocating for the right to repair—that is, the idea that once you buy a product, you get to decide how to fix it—held up the auto industry as one that was doing it right. Car repair has long been the domain of the at-home tinkerer. As a result, independent auto repair shops and aftermarket parts manufacturers have made billions of dollars tuning and fixing vehicles.
Featured Video
Former NASA Astronaut Breaks Down a Rocket Launch Most Popular
What the Truck, Elon? Gear What the Truck, Elon? Lauren Goode A Shady Chinese Firm’s Encryption Chips Got Inside the Navy and NASA Security A Shady Chinese Firm’s Encryption Chips Got Inside the Navy and NASA Andy Greenberg Please Click This Link About Black Mirror's 'Joan Is Awful' Episode Culture Please Click This Link About Black Mirror's 'Joan Is Awful' Episode Amit Katwala The 17 Best (and Worst) Mattresses You Can Buy Online Gear The 17 Best (and Worst) Mattresses You Can Buy Online Martin Cizmar
In 2012, Massachusetts voters became the first to bring the concept into the modern age by requiring automakers to add an onboard port that allowed anyone with a cheap tool to access a car’s data. The law led to a nationwide agreement, where automakers guaranteed independent repairers and owners would have access to the tools and software given to their own franchised dealerships.
But since then, the auto business has shifted online, and almost every new car these days comes with a telematics system that collects data on its operation—including how fast it’s moving, where it’s going, how hard its driver is braking, and whether everything in the car is working correctly. This data can be transmitted wirelessly, and some automakers no longer build the onboard port into their vehicles, arguing they don’t need it anymore.
Owners and repair shops worry that the auto industry will use such advances to cut off access to the information needed to diagnose and fix vehicles, instead directing repair business to their own franchise dealerships. In Massachusetts, 75 percent of voters decided that the new technology, and the potential loopholes it created, called for a new law and passed the ballot measure approving the updated right to repair.
“Everything that your car does—all of the data it generates and all of the functions it has after you buy it—that belongs to you,” says Nathan Proctor, who heads up the Right to Repair campaign at the US Public Interest Research Group, an advocacy organization. “Automakers should not get to tether you to their services.” He called the ongoing fight in Massachusetts “very frustrating.”
But the auto industry—and now, the US Department of Transportation—has said it believes giving wider access to car data is actually dangerous. In the lawsuit filed by the Alliance for Automotive Innovation in 2020, the industry argued that the Massachusetts law required them to create an open data platform too quickly, creating security risks.
Josh Siegel, an assistant professor of engineering at Michigan State University who studies connected-car security, says the automakers might be right—to a point. The Massachusetts law gave the industry about a year to build an open data platform, likely not enough time to create a safe system. “Open telemetry systems that are slapped together can allow unauthorized access and control,” he says.
But the federal government’s current stance argues that open systems aren’t just dangerous if they’re badly built. It argues they’re inherently dangerous—and Siegel doesn’t think that’s true. He says it is possible for everyone—right-to-repair advocates, vehicle safety and cybersecurity experts, manufacturers—to get together to build a data-sharing system. One standard, created for the entire US and not just one state, should be “designed with the public and manufacturers’ needs in mind and with care and attention paid to security from the start,” he says.
Beyond the legal and policy wranglings, the conflict between the state, the auto industry, and the federal government has had strange practical fallout in Massachusetts. In 2021, Kia and Subaru decided to cut off access to their telematics systems for new car buyers living in the state. The carmakers said they made the move to avoid breaking the law: They argued that because the open data platform the law required didn’t yet exist, the only way to comply was to limit access to their telematics systems altogether.
As a result, Massachusetts car buyers investing in the latest and greatest aren’t able to access Subaru’s Starlink service, including emergency roadside assistance and remote start, or Kia Connect, which includes stolen vehicle recovery and remote climate control.
The situation has frustrated state Subaru and Kia owners—and doesn’t look set to change soon. This week’s NHTSA letter cautioned automakers not to go the Subaru and Kia route and disable their telematics systems in Massachusetts, citing safety features that “could facilitate better emergency response in the event of a vehicle crash.” But in a statement, Subaru spokesperson Dominick Infante says the automaker wasn’t changing its stance. “Compliance with the Massachusetts Data Law is impossible for any automaker,” he says. “Subaru stands by its commitment to consumer choice when it comes to repairing vehicles.”
A Kia spokesperson declined to comment and referred WIRED to its trade group, the Alliance for Automotive Innovation, which in turn declined to comment on ongoing litigation. Now everyone will wait for the Massachusetts judge to have the last say on the law approved by state voters—and the future of automotive repair in Massachusetts, the US, and beyond.
It’s beyond silly to hide behind “safety” to disallow independent right to repair. If they’re actually worried the USgov can institute a licensing procedure as to who is qualified to work on such systems if need be. Why must the manufacturer be the only one trusted with this system, other than for monopolistic profiteering putposes?
I recall the last time we let car manufacturers play the “security by obscurity” card it was defeated by a paper clip and a screwdriver