Three years ago, Massachusetts voters affirmed that car owners should be able to get their cars repaired anywhere they want. A 2020 ballot question, which passed with 75 percent of the vote, updated the 2012 “Right to Repair” law to include telematics, which refers to vehicle data transmitted wirelessly. Such data can help auto repair shops diagnose and fix problems — but only if they can access it.
The intent of “Right to Repair” laws is to force carmakers to give vehicle data not only to their affiliated dealerships but also to independent repair shops, so that consumers can choose where to get their car serviced. The telematics ballot question was pitched as a way to update that law as technology evolved, since today’s cars have more wireless features. For example, wireless technology can tell a dealership when a car’s brakes are failing, let a driver start a car remotely, or automatically call 911 after a crash.
Advertisement
In recent years, manufacturers of everything from cell phones to tractors have sought to box out third-party repairers, by refusing to share data or spare parts. The right-to-repair campaign reflected the widespread consumer backlash against such restrictions, which stifle competition and may even lead to extra waste when it’s easier to junk old devices than fix them.
But the Massachusetts law remains in limbo due to litigation and the federal government’s cybersecurity concerns.
Despite that, the will of the voters is clear. The best way forward would be if the Legislature can find a way to rewrite the law to address cybersecurity fears while keeping the basic policy intact.
After the 2020 election, a coalition of auto manufacturers sued to block the ballot question from going into effect, and it remains tied up in court. Attorney General Andrea Campbell began enforcing the law June 1, 2023, despite the ongoing litigation. But on June 13, the National Highway Traffic Safety Administration wrote a letter, filed in the US District Court case, forbidding car manufacturers from complying.
Advertisement
NHTSA’s assistant chief counsel for litigation and enforcement, Kerry Kolodziej, wrote that open access to vehicle telematics, with the ability to remotely send commands to a car, creates a safety hazard, since a hacker could potentially manipulate vehicle systems like steering or brakes. “A malicious actor here or abroad could utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently,” Kolodziej wrote. “Vehicle crashes, injuries, or deaths are foreseeable outcomes of such a situation.” The letter said any system with open telematics would be considered to have a safety defect and could not be sold under federal law.
Massachusetts’ US Senators Elizabeth Warren and Ed Markey wrote to Transportation Secretary Pete Buttigieg and NHTSA’s deputy administrator asking them to reverse that decision. “NHTSA sent the June 13 letter with no warning, circumventing the legal process, contradicting a judicial order, undermining Massachusetts voters, harming competition and hurting consumers, and causing unnecessary confusion by raising this novel view two weeks after enforcement of the law began,” the senators wrote.
Campbell’s office voiced similar concerns, with First Assistant Attorney General Pat Moore saying the federal agency “declined the opportunity to express, and prove, its concerns at trial, choosing to weigh in only by letter two years later.” “We look forward to NHTSA’s explanation of precisely what has changed, and we will then evaluate our next steps,” Moore said in a prepared statement.
Advertisement
The Alliance for Automotive Innovation, the car manufacturers’ coalition that sued, declined to comment.
Tommy Hickey, a lobbyist and spokesperson for the Right to Repair Coalition, which represents the repair shops that sponsored the ballot question, said there should not be cybersecurity concerns since the ballot question’s language requires that data be transmitted securely. And, Hickey said, car manufacturers already collect this data and give it to dealerships, so giving ownership of the data to consumers does not create an additional safety hazard.
The current situation is not serving consumers. The Globe reported that Subaru and Kia both turned off their telematics systems in Massachusetts, disabling popular features like the ability to start or track a car remotely.
The one organization that might be able to break the stalemate is the state Legislature. As State Senator Michael Moore, who co-chairs the Joint Committee on Advanced Information Technology, the Internet, and Cybersecurity, pointed out, NHTSA said the current law conflicts with federal law, but left the door open for a rewrite. “While I understand the NHTSA’s cybersecurity concerns, Bay Staters overwhelmingly voted to approve this ballot measure — it is now on the Massachusetts legislature to amend the legislation to ensure the will of the people can be enacted in the Bay State in a safe and secure manner,” Moore said.
Moore said lawmakers are consulting House and Senate counsel and considering ways to amend the law. “Given that it’s only been a few days since we received word of the NHTSA’s direction, the process of finding amendments to make this law acceptable to federal authorities is still very fluid,” Moore said, but added, “We will explore all available options to make sure Bay Staters get the results they voted for.”
Advertisement
That’s a goal worth pursuing.
Editorials represent the views of the Boston Globe Editorial Board. Follow us on Twitter at @GlobeOpinion.
