This week, EFF joined with several prominent right-to-repair groups to file an amicus brief in the United States District Court of Massachusetts defending the state’s recent right-to-repair law. This law, which gives users and independent repair shops access to critical information about the cars they drive and service, passed by ballot initiative with an overwhelming 74.9% majority.
Almost immediately, automakers asked to delay the law. In November, the Alliance for Automotive Innovation, a group that includes Honda, Ford, General Motors, Toyota, and other major carmakers, sued the state over the law. The suit claims that allowing people to have access to the information generated by their own cars poses serious security risks.
This argument is nonsense, and we have no problem joining our fellow repair advocates—iFixit, The Repair Association, US PIRG, SecuRepairs.org, and Founder/Director of the Brooklyn Law Incubator and Policy Clinic Professor Jonathan Askin—in saying so.
Access Is Not a Threat
The Massachusetts law requires vehicles with a telematics platform—software that collects and transmits diagnostic information about your car—to install an open data platform. The Alliance for Automotive Innovation argues that the law makes it “impossible” to comply with both the state’s data access rules and federal standards.
Nonsense. Companies in many industries must balance data access and cybersecurity rules, including for electronic health records, credit reporting, and telephone call records. In all cases, regulators have recognized the importance of giving consumers access to their own information as well as the need to protect even the most sensitive information.
In fact, in cases such as the Equifax breach, consumer access to information was key to fighting fraud, the main consequence of the data breach. Locking consumers out of accessing their own information does nothing to decrease cybersecurity risks.
Secrecy Is Not Security
Automakers are also arguing that restricting access to telematics data is necessary if carmakers are to protect against malicious intrusions.
Cybersecurity experts strongly disagree. “Security through obscurity”—systems that rely primarily on secrecy of certain information to prevent illicit access or use—simply does not work. It offers no real deterrent to would-be thieves, and it can give engineers a false sense of safety that can stop them from putting real protections in place.
Furthermore, there is no evidence that expanding access to telematics data would change much about the security of information. In fact, independent repair shops aren't any more or less likely than authorized shops to leak or misuse data, according to a recent report from the Federal Trade Commission. This should not be accepted as an excuse for carmakers to further restrict competition in the repair market.
The Right to Repair Enhances Consumer Protection and Competition
Throughout the debate over the Massachusetts ballot initiative, the automotive industry has resorted to scare tactics to stop this law. But the people of Massachusetts didn’t fall for the industry’s version of reality, and we urge the court not to either.
The right to repair gives consumers more control over the things they own. It also supports a healthier marketplace, as it allows smaller and independent repair shops to offer their services—participation that clearly lowers prices and raises quality.
Time and time again, people have made it clear that they want the right to repair their cars. They’ve made that clear at the ballot box, as in Massachusetts, as well as in statehouses across the country.
That’s why EFF continues to stand behind the right to repair: If you bought it, you own it. It’s your right to fix it yourself or to take it to the repair shop of your choosing. Manufacturers want the benefits that come with locking consumers into a relationship with their companies long after a sale. But their efforts to stop the right to repair stands against a healthy marketplace, consumer protection, and common sense.