The US National Highway Traffic Safety Administration (NHTSA) has issued a letter agreeing with a solution it believes would allow repairers access to vehicle repair data in a manner complying with Massachusetts state law and US federal law.
In June 2023, the administration wrote to 22 vehicle manufacturers, saying they should not comply with the Massachusetts Data Access Law’s requirement for open and remote access to vehicle telematics transmitted over the internet because it was pre-empted by the federal Safety Act due to concerns regarding a vehicle’s critical safety systems.
However, in a new letter addressed to the Massachusetts Attorney General’s office, the NHTSA said it understands that, according to the Attorney General, using short-range wireless protocols such as Bluetooth would allow vehicle manufacturers to comply with the Data Access Law in a manner that would not be pre-empted.
“Limiting the geographical range of access would significantly reduce the risk that malicious actors could exploit vulnerabilities at scale to access multiple vehicles, including, importantly, when vehicles are driven on a roadway. Such a short-range wireless compliance approach, implemented appropriately, therefore would not be pre-empted,” the NHTSA said.
The Administration sought confirmation that such a solution would comply with the Massachusetts Data Access Law.
It also noted that this solution is not currently available, and that vehicle manufacturers may require a reasonable period of time to securely develop, test, and implement the technology.
However, the US Public Interest Research Group (PIRG) said the proposed solution leaves a disparity between how dealerships and local mechanics can access repair data.
“When you buy a car, any data it generates should belong to you,” said Nathan Proctor, Senior Director of the PIRG’s Right to Repair Campaign.
Proctor called for a “frank conversation” about the future of internet-connected cars to ensure privacy, safety, and the right to repair is respected. “NHTSA’s latest letter could be the start of that conversation,” he added. “For example, it admits that the security problems in cars are not created by independent repair access; if there are security issues with car data, they are already there.
Proctor said the Campaign strongly supports the goals the NHTSA puts forward (to protect repair choice and maintain safety), but as it stands, the Administration has achieved neither goal. “Instead, it has allowed a proliferation of serious safety and monopolisation issues to continue without meaningful resistance. Let’s hope this new letter signals a change in approach,” he said. “We don’t plan to stop our work until cars not only are safe, but also enjoy the full slate of right to repair protections.”