Voters in Massachusetts last November voted for expanded access to proprietary vehicle data so independent shops could repair newer cars. Carmakers want to protect their proprietary data. They don’t want technicians outside of their pool of dealers cracking them open. Now GM and Stellantis have teamed in court to fight against allowing independents access to their technology.
GM and Stellantis have teamed to sue over the “Right to Repair” law
Executives and experts have taken the stand in Boston District Court to testify. Carmakers formed the Alliance for Automotive Innovation to fight the legislation. After it passed they sued the state’s “Right to Repair” law. Though first voted into law in 2013 it greatly expanded with this latest vote.
Manufacturers claim that expensive developments and resources were spent to create a lot of the systems in new cars. They don’t want to give access to competitors through this new law meant to address repair shops. Manufacturers go so far as to limit warranties and access to certain parts to help protect the technology.
Manufacturers would have to degrade cybersecurity controls to allow access for independent shops
In a brief to the court, the Alliance made arguments against giving unlimited access to vehicle information and diagnostics. They said it will “make serious cyberattacks much more likely and deadly than the attacks on the pipelines and meat processors currently in the news.” The manufacturers would supposedly have to degrade cybersecurity controls to allow access for independent repair shops.
A lot of the testimony is being conducted behind closed doors. This is due to the proprietary information being revealed according to Reuters. GM’s vice president of global security Kevin Tierney, testified earlier this week. In a statement, he said Massachusetts’ law’s “requirements run directly counter to GM’s cybersecurity approach, and would seriously compromise vehicle safety and emissions controls.”
How are the state’s lawyers defending the law?
Lawyers for the state say the measure allows car companies to create a standardized system. A third party would be assigned to authorize access by qualified, certified repair shops. Based on their oversight diagnostic system info could be disseminated. It would be similar to how locksmiths are authorized with complicated technical key information.
But security experts for the car companies say “no way.” Putting technical vehicle information for 300 million vehicles in one central location would be extremely risky. One expert pointed out this would “become the focal point of every hacker, every ransomware hacker, every vehicle thief and crime syndicate in the world.”
The Alliance went on to argue that there was no way a third party could provide the security necessary to keep so much data safe.