U.S. auto safety regulators have given the green light to automakers to comply with a Massachusetts State Auto Repair Law, which requires them to share vehicle data with independent repair shops. This decision marks a reversal in their stance, as they had previously expressed concerns about the potential cybersecurity risks associated with such data sharing.
The Massachusetts law, approved by voters in 2020, aims to grant independent repair shops access to diagnostic data that newer cars can transmit directly to dealers and manufacturers. This move was intended to provide consumers with the option to seek repairs outside of traditional dealerships, promoting competition and potentially lowering repair costs.
The National Highway Traffic Safety Administration (NHTSA), which initially opposed the law, has now clarified its position. They state that automakers can safely share diagnostic data with independent shops using short-range wireless technology. However, they caution against using long-range wireless signals, as these could potentially open up opportunities for hackers to send dangerous commands to vehicles in motion. This nuanced approach acknowledges the importance of balancing consumer choice with cybersecurity concerns.
Previously, NHTSA had advised 22 major automakers not to comply with the Massachusetts law, citing concerns about the manipulation of critical safety functions and the potential for remote vehicle operation by malicious hackers.
In response to discussions with Massachusetts, NHTSA’s latest statement indicates that the state has addressed their concerns by proposing a “short-range wireless compliance approach, implemented appropriately.” The agency emphasizes that longer-range wireless technologies would indeed pose cybersecurity risks.
The Massachusetts attorney general’s office has welcomed NHTSA’s clarification, stating that it appreciates the acknowledgment that the state law is not preempted by federal law. Automakers are now required to comply with this law, with NHTSA suggesting that they be given a “reasonable period of time” to implement the necessary technology.
The Alliance for Automotive Innovation, representing major automakers, had previously voiced concerns that the state law might force them to remove crucial cybersecurity protections from their vehicles but declined to comment on this recent development.
Senators Elizabeth Warren and Ed Markey, both Democrats from Massachusetts, had criticized NHTSA’s initial opposition to the law. However, they now view the decision to enforce the law as a positive step that will “ease burdens and lower costs for Massachusetts drivers.”
Behind the scenes, the White House competition council played a role in facilitating this resolution, according to a senior administration official. This decision highlights the ongoing challenge of balancing consumer rights with cybersecurity considerations in the ever-evolving automotive industry.
Source: Reuters
