Biden Administration Tells Car Manufacturers to Ignore Right-to-Repair Law

Biden Administration Tells Car Manufacturers to Ignore Right-to-Repair Law

Gizmodo – Kevin Hurler - Wed, June 14, 2023 at 4:30 PM EDT

Original Article is Linked Below…

The right-to-repair movement has suffered a setback in Massachusetts this week. The Biden administration told car manufacturers not to comply with a state law that would allow independent auto shops and car owners the ability to fix their own vehicles.

Vice (Link Below…) first reported that the major concern the Biden administration’s National Highway Traffic Safety Administration has with the law, which is colloquially titled the Data Access Law, is hacking. To express these concerns, Kerry Kolodziej, from assistant chief counsel at the NHTSA, authored a letter (Linked Below…) ,dated yesterday, to the chief counsel of nearly two dozen major automotive manufacturers including BMW, Ferrari, Ford, and Hyundai. Kolodziej argues in the letter that since the law grants open access to a car’s telematics–which are used to wirelessly send commands to cars—a “malicious actor here or abroad” could remotely command a car. The outcomes, the NHSTA says, could be vehicle crashes, passenger injuries, or death.

“Open access to vehicle manufacturers’ telematics offerings with the ability to remotely send commands allows for manipulation of systems on a vehicle, including safety-critical functions such as steering, acceleration, or braking, as well as equipment required by Federal Motor Vehicle Safety Standards (FMVSS) such as air bags and electronic stability control,” Kolodziej wrote in the letter.

According to The Boston Globe, (Link Below…) the Data Access Law, which is more formally known as Chapter 93K, (Link Below…)was enacted after Massachusetts residents voted in favor of the law on a 2020 ballot. Massachusetts Attorney General Andrea Campbell announced in March that the law would move forward, with enforcement beginning June 1 of this year. For some time, the law was stuck in the District Court of Massachusetts after the Alliance for Automotive Innovation filed a lawsuit (Link Below…) to stop it. The letter also vaguely reminds these car manufacturers of their commitment to vehicle and passenger safety under the National Highway Traffic Safety Act—essentially instructing them to ignore Chapter 93K.

“Given the serious safety risks posed by the Data Access Law, taking action to open remote access to vehicles’ telematics units in accordance with that law, which requires communication pathways to vehicle control systems, would conflict with your obligations under the [National Highway Traffic] Safety Act,” Kolodziej wrote.

Likely to the chagrin of NHSTA, however, sometimes hacking can actually help repair vehicles. A hacker last August demonstrated a way to jailbreak John Deere tractors (Link Below…) that can reveal over 1.5 gigabytes of logs that dealers could use to assess problems with the tractor—logs that a layman would never even be able to see. Just a few months later in April, Colorado farmers won a landmark deal with John Deere, (Link Below…) which would require the agricultural hardware manufacturer to provide farmers in the state with manuals for its proprietary software and repair tools.

Link to Original Article…

Link to VICE

Link to Letter

https://www.documentcloud.org/documents/23846414-nhtsa-letter

Link to Boston Globe

Link to 93K

https://malegislature.gov/Laws/SessionLaws/Acts/2020/Chapter386

Link to 2020 Ballot

Link to filed a lawsuit

Link to A hacker last August demonstrated a way to jailbreak John Deere tractors

L:ink to Colorado farmers won a landmark deal with John Deere

It seems like it should be possible to design a car allowing owners a way to accomplish diy’er repairs (like bleeding brakes without needing expensive pro-level scan tool) while keeping hackers who’d like to hijack the car at bay. Or is there a fundamental reason both goals can’t be accomplished with the same car design?

What if the needed scan tool came with the car when you bought the car?

Interesting post :slight_smile:

2 Likes

I dunno, call me skeptical. Has anyone had their car hacked propelling them off the road or something? Is this a big issue? Wouldn’t it be possible to shield access without losing radio signals? Then the mechanic just removes the plug or shield to allow diagnostics. Just after reading how the government has purchased tons of personal information on the open market, for what purpose who knows. Already every time I drive someplace and pick up my phone, I’m asked if I am driving. So my phone knows where I am but hasn’t hacked me yet. Maybe there’s a little code in there that sends information back that the mechanic would be able to erase. Who knows? I just find it interesting that they would try to circumvent a state law, using scare tactics.

2 Likes

@Bing Did you notice the Year Stickers on the photo of the license plate at the top of this article. When I saw how skewed they were, I immediately thought of you… And I made sure to include the photo in the posting…

Reference for others who might not understand the joke…

I doubt most car buyers would be okay with paying an extra couple of thousand dollars :moneybag: for that scan tool which they probably won’t even know how to use and probably don’t even WANT to use it

2 Likes

Ok, you got me. That’s why I’m not a lawyer. Just don’t pay attention to the detail.

1 Like

We cant even get people to pull the dipstick to check their oil level!

4 Likes

Some cars don’t have dipsticks anymore. You check the oil by sitting in the driver seat and pressing a button. And I can’t even get people to do that!

4 Likes

I was talking about cars around a year ago with a neighbor and I suggested that she check the oil level occasionally and got an emphatic no. I suggested that she get her son to do it, and still no. She is a smart woman but checking your own fluid levels is not anything she cares to do.

Here’s my take on it- automakers are using every scare tactic in the book to try to get this squashed. There is absolutely no reason the two cannot be separated in a properly designed system. Secondly, the idea repair people could mine personal data from the telematics data stream is also bogus. Ignoring the obvious, why would any mechanic or repair station WANT this data, that can also be sanitized through the data portal using proprietary command codes to access the data. The whole thing is a smoke screen to generate fear and stop the process of making it easier to repair your car for non-manufacturer aligned repair shops or DIYers…

2 Likes

I haven’t had my car hacked, but…I have a 2015 Jeep Cherokee. Within a year after I bought it there was an item on the local evening news about some white hat hackers demonstrating how hacking a car would work (using a 2015 Jeep Cherokee - ouch!). They hacked into through a flaw in the infotainment system. Driving slowing through a parking lot, they showed a guy with a laptop in another car take over the Jeep, operating the HIVAC, braking, steering and all the other electronics while locking out the driver in the Jeep from any ability to retake control. They slowly drove it off the pavement down a grassy slope and stopped it. Shortly after that I received a recall notice and an update to the infotainment system. I don’t know about other newer cars, but mine gets a lot of updates via satellite, often when I’m asleep. This demonstrates the possible vulnerability of all cars to this type of thing. As soon as one fix is made, another vulnerability is discovered. This is why I’m very reluctant to welcome self-driving cars. It may not be likely, but one hacked car, turned in front of a semi hauling 2 trailers of propane on the freeway…

2 Likes

Maybe overstating the price a bit? … lol … After all a scan tool is mostly plastic and sand. There’s a big fixed initial-development cost of course. It’s an economy of scale thing. The more of them they produce, the less expensive they are. If they include one with every car, they’ll produce tens of thousands, econoboxes, hundreds of thousands. Even if the owner doesn’t want one, the price per scan tool would be much lower. For example I purchased a brand-new DVD player for $35 not too long ago. Besides the motors and moving parts, a DVD player has very complex software and hardware, probably more complex than scan tool. They can sell them for $35 and still make a profit b/c they sell a lot of them. The pro-level scan tools are expensive b/c they don’t sell very many. They have to up the price to make up the fixed development costs.

For a pro-level scan tool that only supports one make/model/year and that is delivered with every new car, $100 added to the price of the car would be my guess.

1 Like

When you turn the key off, that didn’t work? Given the ability to hack if true, seems like there can be a very effective and cheap over ride, like the switch.

1 Like

Remember the old JC Whitney Power Shut-Off Switch? Perhaps something like this, but modernized with some circuitry to keep power to the accessories, but would prevent starting of the engine. Yeah, it is far from fool-proof, but it would delay a theft and that might be all that’s needed.

That RED Band might also be a secondary circuit that requires it’s own Fob that would piggy back on your Main Fob. So, without both Fobs, the secondary layer would foil a hacker…

Hey, I’m just brain-storming… So, don’t shoot my ideas down, come up with better ideas…

tenor (1)

1 Like

Heh heh. I think I’ve got the electric version. It says off, acc, on, start. But I’m going to put the tin foil around it anyway. Gstq. Don’t flag me bro. Someone has been listening in on me. But that’s wthat we used to say in the kitchen in 1965 when the orders were overwhelming. Some took offense though.

1 Like

If I adjust my own tire pressures or replace my own MAF sensor(Mass Airflow) will I be fined or go to jail? :joy: :joy:

1 Like

So they’ll comply with right to repair, but they have made their vehicles wirelessly controllable and the method to control them must be made public oh no!!! All the records of all the keys which are tied to the VIN must be made public too, so anyone can get a key made with just a VIN!!! The keyless entry codes will all be made public too, attached to the VIN! We’ll be only a few months away from a hand held device that does keyless entry on all vehicles from the same company just by entering the VIN!

So right to repair must go away! Someone could wirelessly control a car and make it crash! If that doesnt’t happen, then the auto maker will post how to do it online and try to get people to do it so right to repair can be abolished!

Yeahhhh… Windows NT wasn’t too successful at controlling the US Navy ships either. The only way for a manufacturer to get into your vehicle is via an antenna. Unplugging the antenna cable after it is split to the telematics system doesn’t seem very challenging.

No, it wouldn’t. My car gets software updates when it’s in the garage, shut off. Other manufacturer’s cars may do the same. And of course, once you’re hacked, the switch wouldn’t work either.

1 Like

Mine does too. Just yesterday I got a notice on the display screen that an update was pending and it would take 25 minutes. I could do it then or delay it. The software suggested 2am the next morning and I went with that.

I used to get a notice that the Park Assist didn’t function properly. I don’t get that anymore. I still get these wavy lines that vary from yellow to red but now I get sounds when I get too close to an obstacle and when I’m within a couple of feet I get integer measurements of the distance in inches. It’s annoying. I haven’t decided whether I’m going to turn it off yet.