Feds OK Massachusetts Right to Repair Law So the State Can Finally Enforce It
The NHTSA previously opposed it for safety reasons, even telling automakers not to comply before this turnaround.
The feds are finally on board with Massachusetts and the state's right-to-repair law nearly three years after it was passed by voters.
After outright telling many major automakers to ignore the requirements due to inherit safety risks earlier this year, the National Highway Traffic Safety Administration has made an about-face. The regulatory body now says that automakers may begin adopting the requirements for Massachusetts' data access law. This paves the way for Massachusetts to begin enforcing it.
NHTSA originally pushed pause in June, which was 30 months after citizens overwhelmingly passed the referendum on a ballot vote. The enforcement, however, has been tied up in courts by coalitions like the Alliance for Automotive Innovation, a trade group whose members include automakers like BMW, Ferrari, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, and many others.
The argument, which was echoed by manufacturers that opposed the referendum, was that by opening up wireless telematics to all (including small independent repair shops), the revised law would create additional cybersecurity risks. Their reasoning was that attack vectors could be exploited by bad actors—something that the embedded systems within existing vehicles were not designed to thwart.
The feds then partially agreed, noting that the requirements in the data access law "pose[d] significant safety concerns" and instructed automakers not to comply.
"A malicious actor here or abroad could utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently," said NHTSA's Assistant Chief Counsel for Litigation and Enforcement, Kerry Kolodziej, in June. "Vehicle crashes, injuries, or deaths are foreseeable outcomes of such a situation."
Kolodziej's newly penned letter to the Massachusetts Attorney General, which can be read above, re-evaluates the cybersecurity risks related to wirelessly broadcasting telematics. It seems that NHTSA now believes there is very little risk for the telematics to be wirelessly broadcast "within close physical proximity to the vehicle" over short-range technologies like Bluetooth rather than broadly open the telematics up to a permanently networked connection, such as over the internet. This is effectively how the agency is permitting the state to move forward with enforcement.
The NHTSA previously said that the referendum also conflicted with the Federal Vehicle Safety Act. This conflict would then render the state's law unenforceable under the preemption clause. NHTSA's new clarification reneges on that position, meaning that the state is now free to begin enforcing it as planned.
"NHTSA strongly supports the right to repair," writes Kolodziej. "We are pleased to have worked with [the Massachusetts Attorney General] to identify a way that the Massachusetts Data Access Law may be successfully implemented—promoting consumers’ ability to choose independent or do-it-yourself repairs—without compromising safety."
Got a tip or question for the author? Contact them directly: rob@thedrive.com
