mobile-menu-icon
GM Authority

GM Can’t Comply With Massachusetts Right To Repair Law

GM has told a federal judge that it is unable to comply with a recently updated right-to-repair law in Massachusetts as the law poses a safety and cybersecurity risk, sets an impossible timeline for compliance, and conflicts with a number of federal laws.

For those readers who may have missed it, Massachusetts voters voiced overwhelming approval in November of 2020 in support of a ballot measure updating the state’s so-called right to repair law. The law expands access to data related to vehicle maintenance and repair, and would require automakers give owners and independent repair shops access to real-time mechanical data and telematics.

Now, however, per a recent report from Automotive News, GM is pushing back on the amended law, arguing that it cannot safely implement the law’s requirements and stating that it has not taken steps towards compliance. In a brief filed last week, GM’s vice president of global security, Kevin Tierney, argued that the law’s requirement of a third-party entity to control the security for vehicle access creates an unacceptable cybersecurity risk by allowing a “single attack surface across all OEMs,” adding that the amended law does not actually expand Massachusetts voters’ right to repair.

GM rival Stellantis filed a separate brief last week which argues similar outcomes as those outlined by GM. Both GM and Stellantis are part of the Alliance for Automotive Innovation, which is currently engaged in an ongoing lawsuit with Massachusetts Attorney General Maura Healey.

In the Stellantis brief, Stellantis head of global product cybersecurity for North American Engineering, Stephen McKnight, argued that the amended law was inconsistent with federal safety obligations, and that the law itself exhibited inconsistencies over the standardization of authorization systems and the creation of third-party management entities.

Meanwhile, Subaru and Kia have disabled telematics systems in 2022 and newer vehicles registered in Massachusetts as a means of avoiding potential issues with compliance as the legal battle continues.

Subscribe to GM Authority for more GM politics news, GM legal news, and around-the-clock GM news coverage.

Jonathan is an automotive journalist based out of Southern California. He loves anything and everything on four wheels.

Subscribe to GM Authority

For around-the-clock GM news coverage

We'll send you one email per day with the latest GM news. It's totally free.

Comments

  1. Kia and Subaru can but the big 3 can’t do it. Afraid there will be so much competition gm might have to lower labor rates?

    Reply
    1. Subaru and Kia just disable the features- like the car goes back to the 1990s- remote start:
      Via carscoops:
      “The data collection covered by StarLink includes collision notification, remote ignition start, remote door lock/unlock, stolen vehicle location, enhanced roadside assistance, maintenance notifications, vehicle health reports, and diagnostic reports. And while these can all be helpful under the right circumstances, aside from all the downsides that come with locking that away from independent mechanics, if the wrong people get their hands on that kind of data, which is constantly being recorded, it could be problematic to say the least.”

      Saw a bunch of other local news articles about it too

      Reply
      1. This seems like a major red flag. Who has access to this data? How many employees have access to it? How secure is this information? Is any of it personally identifiable? I find it interesting how we somehow captured dangerous data that can be super serious if the wrong hands get ahold of it, but we never had this conversation as a society if we wanted vehicles that collected all of this information.

        We need better consumer protection laws.

        Reply
    2. Kia and Subaru didn’t fix anything, they just turned the feature off. GM is saying 3rd party access to telematics via Onstar creates too much security risk for themselves and customer vehicles. The portion of the law in regard to telematics has nothing to do with right to repair. Any shop can plug in a laptop in person and watch vehicle diagnostics in real time without access to over the air telematics.

      Reply
      1. You mean the Onstar that they just made mandatory in many of their vehicles.

        No wonder they don’t want to turn it off. It’s a moneymaker for them.

        Reply
  2. With electric cars coming of age you can’t just let anyone get access to a cars computer. You will need all these things working. The manufactures should make the hardware to scan available to shops on lease or rent bases. Going forward with Electric only dealers will be able to fix most of the cars and trucks.

    It won’t be hard for someone to take control of bunch of vehicles if the security is just open to everyone.

    Reply
  3. Why can’t GM show this much backbone with the Feds regarding CAFE rules and EV’s?

    Reply
    1. What’s your problem with CAFE rules?
      Since CAFE was signed into law in 1975, the standards have reduced American oil consumption by 25%, or approximately 5 million barrels a day since then. The new CAFE standards for model year 2024-26 will reduce fuel use by more than 200 billion gallons through 2050, as compared to continuing under the old standards. You will be able to breathe better or do you hate that also?

      Reply
      1. Dont know who Ketchup is. It is a condiment.
        “Racism”..prejudice, discrimination, or antagonism directed against a person or people on the basis of their membership in a particular racial or ethnic group, typically one that is a minority or marginalized.
        “a program to combat racism”.
        Wind turbines kill far fewer birds than other hazards
        Estimated number of birds killed by hazards in the US each year (millions)
        Wind turbines, 2020
        1.17
        Wind turbines, 2050*
        2.22
        Communication towers
        5
        Automobiles
        60
        Pesticides
        67
        Buildings
        100
        Cats
        365
        You really should go back to school and learn something.

        Reply
        1. This is how you sound: “hey I’m smarter than you, look what I can do! Look what I know!”. You obviously don’t know, otherwise you wouldn’t have diverted your answer to answer a question that wasn’t asked. No one was talking about wind turbines.

          You’re not better than anyone else. Get over yourself.

          Reply
          1. So what do you think Andrew was saying when he mentioned wind energy and killing of animals? I’m not better than anyone else except you. Stick it where the sun don’t shine.

            Reply
    2. The auto industry is famous for whining that regs are “impossible to meet” yet their competitors just got in with it and outcompeted American auto manufacturers. So today we have the Malibu struggling to compete with Accord, Camry and Altima.
      The rules have given us performance that was impossible for the street in the 70s and 80s coupled with better economy and safety not to mention engines that easily outlast the metal sold in the old days.
      The auto industry just wanted to sit on its fat ass and do nothing because whining was cheaper than working.

      Reply
  4. The right to repair laws did not stop Apple or Google from complying to allow users to repair their phones. Arguably phones are at least as big a cybersecurity threat as the software in cars.
    Yes, in theory malware that allows control of the vehicle could be introduced yet phones often have access to bank accounts and investments.
    I would also note that aircraft have even a greater risk if we are discussing service access to control computers.

    Reply
  5. With systems like ONSTAR* aboard all GM vehicles, this access could compromise total security of the vehicle. Government entities are famous for using GM vehicles.

    The “average” in CAFE allows a 6.2 Camaro on the lot between a Spark and a Bolt. If you want more mpg, let up on the throttle a bit.

    Reply
  6. Wow alot of ppl who don’t know about these systems. There’s no PII to third party shops.

    The OEM “cartel” has long wanted to put things on a subscription basis so they can corner the consumer even more. Yet all to often they increase security to only have it broken by 3rd party tool mfrs in the name of repairing vehicles by honest shops.

    I am a mobile mechanic that troubleshoots these systems day in and day out where these cars can’t get into dealers because of the one to two month wait so the customer calls me, I go to their driveway or a safe place to them and work on their vehicle as in computer systems, keys, diagnostics I don’t do wheel bearing repair in a driveway.

    Now if I see something unsafe that needs to be fixed a let the customer know, document it and if they ask me to fix I generally refer them to a reputable licensed, insured & bonded shop as I like diagnosing.

    I PAY for my own training which I attend in my time off work at times closing the business which costs on average $5k between training, hotel & travel in addition to webinar training.

    Insurance is expensive even though there’s no claims.

    The OEMs are afraid of to much competition as look at what Elon Musk has did to the industry in such a short amount of time which had he not we’d still be waiting on the slow ARSE auto cartel to make advancements in technology.

    Reply
  7. Maybe, just maybe if car manufacturers built a vehicle that wasn’t a piece of crap, and way expensive crap at that….and didn’t charge people their first born, an arm and leg….folks would have the dealership work on their vehicles.
    You’ll get no sympathy from me.

    Reply

Leave a comment

Cancel