In 2013, long before there was a national campaign pressuring Big Tech to make it easier for people to fix their smartphones, Massachusetts passed a law explicitly giving consumers the right to repair their cars. Now, that right is under threat. A pending federal lawsuit could decide its fate — and in so doing, transform the auto repair landscape at a time when cars increasingly resemble giant computers.
The lawsuit in question, Alliance for Automotive Innovation v. Maura Healey, concerns a ballot measure Bay State voters overwhelmingly approved in 2020. That so-called Data Access Law requires that automakers grant car owners and independent repair shops access to vehicle “telematics,” data that cars transmit wirelessly to the manufacturer. Proponents of the law say giving owners control over this data will help level the playing field for auto repair as the computerization and electrification of cars create new challenges for independent shops. Not doing so could give manufacturers a competitive advantage over repair, one that consumer advocates fear will lead to fewer options, higher prices, and ultimately, cars getting junked faster.
That’s a problem not just for drivers’ pocketbooks, but for the climate. Manufacturing cars generates considerable emissions — and will generate even more as automakers continue to scale up electric vehicle manufacturing, which is particularly carbon intensive due the energy required to make the battery. In order to reap the full climate benefits of these vehicles, consumers need to drive them as long as possible. To do so, they need access to convenient, affordable repair options.
While the law was hailed a major victory for the right-to-repair movement when it passed at the ballot box, automakers — represented by an industry group called the Alliance for Automotive Innovation — immediately sued the state to block its implementation. The two sides have been duking it out in federal court ever since, with the judge overseeing the case delaying his ruling for more than a year. Nobody knows when a final determination will be made or which side will prevail. But for automakers and the auto repair business alike, the stakes are high.
“We’re at a juncture in the road,” Paul Roberts, founder of securepairs.org and editor of the Fight to Repair newsletter, told Grist. “We’re in the position of seeing independent auto repair go the way of TV and camera repair. Which is, they don’t exist anymore.”
Today’s independent auto repair industry owes its existence in large part to the auto right-to-repair law that Massachusetts passed in 2013. That law granted independent mechanics access to the same diagnostic and repair information manufacturers provide to their franchised dealerships through a standard in-car port also used for vehicle emissions testing. But it explicitly excluded telematic data.
That’s becoming a problem as cars become more computerized. Today, many auto parts contain chips that monitor their state of health and communicate with the rest of the vehicle; without the ability to wirelessly send commands to those parts, independent auto shops are finding themselves unable to diagnose problems and perform repairs. At the same time, newer cars will often beam data on their state of health directly back to the manufacturer. That manufacturer can then send the vehicle owner updates when it’s time for routine maintenance — along with a suggestion that they go to their nearest franchised dealership to get the job done.
“If my battery’s low, if I need an oil change, if my headlights or taillights are out … this is all diagnostic information that’s being transmitted back to manufacturers,” said Tom Tucker, the senior director for state affairs at the Auto Care Association, which represents the nationwide independent auto repair industry. “They’re then transmitting that information to franchised dealerships, which are then contacting the consumer. That’s great for industry, but it puts independents at a competitive disadvantage.”
The 2020 Data Access Law sought to remove manufacturers’ advantage by requiring that automakers make any mechanical data emanating from a car directly accessible to the owner and independent repair shops through a standard, open-access platform.
Tucker’s organization, which helped craft the ballot initiative, hoped that automakers and the repair industry would eventually come to a national agreement over telematic data sharing, which is what happened after Massachusetts passed its first auto right-to-repair law in 2013.
Instead, automakers took the state’s attorney general to court to challenge the validity of the ballot initiative, claiming that making this data more accessible would degrade vehicle cybersecurity. By giving car owners and independent repair shops access to telematics, carmakers claim, the Data Access Law runs afoul of federal safety regulations and the federal Motor Vehicle Safety Act. Carmakers also claim the law conflicts with the Clean Air Act, because it could make it easier for a car owner to disable emissions control systems on an engine.
Former Massachusetts Attorney General Maura Healey (who took over as governor of the state in January) believes this is a load of malarkey. For the Data Access Law to conflict with federal laws, automakers must prove that there is no possible way both sets of laws can be met — which they haven’t done, Healey argues. In fact, an October 2021 investigation by her office found that one member of the Alliance for Automotive Innovation, Subaru, was already using a stopgap measure to comply with the 2020 law — disabling all telematics systems in model year 2022 cars sold in Massachusetts, thereby ensuring that franchised dealerships and the manufacturer don’t have access to any information that independent shops lack. Subaru did so without violating any motor vehicle safety standards or the Clean Air Act. Further investigation revealed that carmaker Kia implemented a similar policy.
The Alliance’s argument that increasing access to telematic data makes hacking more likely rests on the notion that secrecy is the best way to keep systems secure. But many cybersecurity experts believe this premise — known as “security by obscurity” — is fundamentally flawed, says Kit Walsh, a senior staff attorney at the Electronic Frontier Foundation, a digital rights advocacy organization. When data systems data are kept secret from the public, Walsh says, “you don’t get the benefit of people smarter than you looking at them and finding vulnerabilities that you don’t find yourself.” Roberts of securepairs.org agrees, describing security by obscurity as a “false premise.”
“We’re seeing connected vehicle hacks left right and center,” Roberts said, citing a recently discovered bug in Sirius XM telematics systems that allowed hackers to remotely hijack cars from several major brands. “What does that say about [automakers’] process for vetting the security systems? It doesn’t say good things.”
The Alliance for Automotive Innovation and the state of Massachusetts presented their arguments at a trial in July 2021. While U.S. District Judge Douglas Woodlock was initially expected to issue a decision on the case shortly thereafter, he has repeatedly delayed his ruling for reasons ranging from new evidence to scheduling complications to potentially relevant Supreme Court rulings. Walsh suspects Woodlock is proceeding cautiously in order to “insulate himself for the inevitable appeal” from whichever side loses. Roberts agrees.
“I think he’s very mindful of the fact that this decision is not gonna be the end of the road,” Roberts said.
As the legal battle over car data rages on in Massachusetts, other states are weighing similar measures to safeguard independent auto repair. In Maine, a nearly identical vehicle telematics ballot measure is currently taking shape and tentatively slated to be put before voters later this year. And carmakers are already gearing up to fight it.
In response to a request for comment, the Alliance for Automotive Innovation shared a memo with Grist calling the Maine ballot initiative a “monetizable data grab from national aftermarket parts manufacturers” that creates a “clear cybersecurity risk.” The memo goes on to assert that neither the increased connectivity of cars nor the transition to electric vehicles will undermine the availability of repair data for independents.
But some mechanics who work on EVs feel differently. That emissions testing port that repair professionals are supposed to be able to use to access diagnostic and repair data? Most Teslas lack it, says Rich Benoit, who co-founded the Tesla-focused repair business Electrified Garage. Even when Teslas do have the port, Benoit says, “there is no useful information whatsoever” an independent mechanic can retrieve from it. “Which is why 99 percent of Teslas go back to Tesla for repair,” Benoit said.
The result, Benoit says, is Tesla owners are often quoted steep prices to replace batteries that might be fixable for much cheaper. Replacing those batteries early significantly reduces the environmental benefits of EVs, since mining the metals inside them generates pollution and carbon emissions. Tesla dismantled its public relations department in 2019 and no longer responds to journalists’ requests for comment.
Benoit sees Tesla’s success in controlling vehicle data and its repair ecosystem as a bellwether of what’s coming for car owners more broadly if the Data Access Law is struck down in court.
“If that’s the case, at this point, all new cars are gonna have to go back to the dealership,” Benoit told Grist. “With dealerships there’s no competition, they set prices, and they can kind of do whatever they want.”