NHTSA Instructs Automakers to Ignore Massachusetts Data Access Law

The ability for independent shops to access repair information and the On Board Diagnostics (OBD) of your vehicle is an important issue. Right now, there isn’t a federally mandated requirement to make access to those important tools available to your favorite local shop. It’s simply because of an agreement among the OEMs to adopt the Massachusetts Right to Repair law requirements across all 50 states. That means, for example, that your local auto repair shop can buy the same Ford Integrated Diagnostic System (IDS) and its Rotunda branded Vehicle Communication Module (VCM) interface along with other OEM specialized tools that your local dealer has access to and allows that independent shop to make the same diagnostics, repairs, and even coding your PCM if you need a new one. They don’t have to make it cheap or timely (and trust us, it’s usually neither), but at least that shop can get those tools.

Unfortunately, without that Right to Repair being a national law nor mandate, automakers don’t have to supply these tools and can revoke that access at any time. They are also not required to make modern telematics available to those same shops and that’s what the Massachusetts Data Access Law sets to correct. The law itself was passed by the citizens of Massachusetts during an election and the law was Question One on the ballot and overwhelmingly passed with a 74.87 percent for and only 25.03 percent against it. Afterwards, the Alliance for Automotive Innovation (AAI, a group that represents General Motors, Toyota, Volkswagen, and other OEMs) filed a lawsuit against the new law and it has been in limbo since as then Massachusetts Attorney General Maura Healey said she wouldn’t enforce the law until it was decided in federal court. The lawsuit was originally set to begin on June 14, 2021

Now, the current Massachusetts Attorney General, Andrea Joy Campbell, said she would start enforcing the law after a Temporary Restraining Order (TRO) by the AAI was denied. In their suit, the AAI warned that the Data Access Law would require automakers “to remove essential cybersecurity protections from their vehicles.” However, that TRO denial came on the condition that the Attorney General would not retroactively impose the penalty provisions of the Data Access Law and that the parties “agree to advise the Court of any litigation commenced after June 1st. “. Now, the AAI has another big backer to go against the Data Access Law in the NHTSA.

In a letter to automakers on Tuesday, according to Reuters, the NHTSA stated that OEMs did not need to comply with the Massachusetts law and only comply with federally mandated safety laws. According to the letter, the NHTSA said that the Data Access Law “could utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently” and that “open access to vehicle manufacturers’ telematics offerings with the ability to remotely send commands allows for manipulation of systems on a vehicle, including safety-critical functions such as steering, acceleration, or braking.”

We’ve reached out to Massachusetts Attorney General Andrea Joy Campbell for comments on the NHTSA letter and what data that independent shops were really missing from not having access to telematics. She had not responded by the time of publication, but did tell Reuters that, “Consumers and independent repair shops deserve to know whether they will receive access to vehicle repair data in the manner provided by the law.”