Cybersecurity Is No Excuse to Limit Repair: Repair Roundup Week of September 4

Cybersecurity Is No Excuse to Limit Repair: Repair Roundup Week of September 4

After a six-year delay, the National Highway Traffic Safety Administration (NHTSA) published final guidance on cybersecurity in vehicles, urging automakers not to allow security concerns to hinder owner-authorized repair and service.

Each week, we bring you the top repair news from around the world, curated by the folks over at the Fight to Repair blog.

Big News

Federal Cyber Guidelines Urge Automakers to Support Right to Repair

Complaining about an overbearing, inefficient, and intrusive government is almost a national pastime in the U.S. After all, we’re a nation that went to war over taxes and has long cultivated the image of the “rugged individual” set against an intrusive and oppressive government. 

The truth of our modern times, however, is that government indifference is a much bigger problem for Americans than government intrusion, whether that be the growing problem of wealth inequality, or federal agencies’ and courts’ four-decade-long indifference to enforcing federal anti-trust laws designed to prevent monopolies and anti-competitive practices. All that government hemming and hawing (or just yawning) has real consequences for families, communities, consumers, and businesses. 

A man uses a telematics system in a car
“Telematics” means all the data your car sends to and from its manufacturer. It lets you use onboard GPS and also sends repair and maintenance data back to the manufacturer. Car manufacturers are fighting hard in Massachusetts to keep that data out of owners’ and independent repair techs’ hands. Image CC by 2.0 via Ertico on Flickr.

A great example of the consequences is on exhibit in Massachusetts, where an automotive industry consortium, the Alliance for Automotive Innovation, sued in 2020 to block the implementation of Question 1, a ballot measure that expanded Massachusetts’ automobile right to repair law to give vehicle owners and independent mechanics access to repair and maintenance data sent wirelessly over vehicle telematics systems. Question 1 passed in November 2020, winning just shy of 75% of the vote—despite a multi-million dollar campaign by automakers to defeat it. 

What automakers couldn’t achieve at the ballot box, they have tried to win in the courts, challenging the ballot measure by arguing that Massachusetts was pre-empting federal cybersecurity and safety regulations for vehicles with its expanded right to repair law. By obliging Massachusetts’ demand for owners’ and independent repair pros’ access to telematics data, they argue, automakers would be forced to ignore the federal government’s demand for safe and cyber-secure vehicles. 

Uncle Sam: Mum on Auto Cyber

That’s a good argument but, as it turned out, flawed. For one thing: the federal regulations in question don’t exist. That’s right: federal lawmakers never got around to drafting laws addressing the cybersecurity of vehicles—despite ample evidence of the existence of serious cybersecurity risks in connected cars. 

The NHTSA is the same group that does crash tests like this.

What the federal government did have was a draft of non-binding and voluntary guidance to the automotive industry for improving motor vehicle cybersecurity, published in 2016 by the National Highway and Traffic Safety Administration (NHTSA). And those guidelines were vague about how vehicle makers should balance access and security, saying only that automakers “should provide strong vehicle cybersecurity protections that do not unduly restrict access by authorized alternative third-party repair services.” Automakers read that “authorized alternative” language as a reference to their authorized service providers, not owners and independent repair shops. Independent repair providers saw things otherwise, and a federal judge in Massachusetts was left to divine the truth, with little help from federal officials. 

Cyber No Excuse to Limit Right to Repair

On Thursday, however, the picture got a lot clearer after NHTSA released final guidelines for automakers that make an unequivocal call to balance cybersecurity with support owner and owner-authorized repair. As reported by Repairer Driven News, the new guidelines, Cybersecurity Best Practices for the Safety of Modern Vehicles, makes clear that both cybersecurity and repairability should be priorities for automakers, and that repairability should include independent repairers authorized by the vehicle owner as well as the manufacturer. 

“The automotive industry should provide strong vehicle cybersecurity protections that do not unduly restrict access by alternative third-party repair services authorized by the vehicle owner,” the document states. “NHTSA recognizes the balance between third-party serviceability and cybersecurity is not necessarily easy to achieve. However, cybersecurity should not become a reason to justify limiting serviceability. Similarly, serviceability should not limit strong cybersecurity controls.”

Cybersecurity should not become a reason to justify limiting serviceability.

Cybersecurity Best Practices for the Safety of Modern Vehicles,
National Highway and Traffic Safety Administration

Uncertain Future, but Immediate Impact

Like its predecessor, the updated guidelines are non-binding, which means they don’t compel automakers to do or change anything. But they may have one immediate effect that does help consumers: tipping the scales in favor of Massachusetts Question 1, which is still undecided after a string of delays by U.S. District Court Judge Douglas P. Woodlock, who is hearing the case. At a hearing last week, Judge Woodlock gave the parties a final opportunity to present “further submissions” related to “two major outstanding issues” raised by the case: the proper interpretation of the language of the legislation approved by voters in 2020, and what steps, if any, the parties have taken to implement the law’s requirements. 

The finalized federal guidance, calling out the need to promote owner-authorized repair, is almost certain to be cited by Massachusetts Attorney General Maura Healey’s office, which is defending the law, as one more argument supporting the legality of Question 1.  Stay tuned for more on this! 

Device Page

Car and Truck

Repair manuals and support for 4-wheeled passenger and cargo vehicles.

View Device

Other News

A Smartphone that Lasts a Decade? Yes, It’s Possible.

What would a smartphone look like if it could last for 10 years?

It’s a question that most of us have not had the luxury of pondering. That’s because many smartphones are designed to be replaced every two or three years. And Apple, Samsung, and other handset makers unveil new models—along with big marketing campaigns—each year, encouraging us to upgrade.

But bear with me and fantasize for a moment. (New York Times)

EU Regulators Want 5 Years of Smartphone Parts, Much Better Batteries

European Commission regulators have suggested that smartphones and tablets sold there offer 15 different kinds of spare parts for at least five years, as part of a broad effort to lessen their environmental impact.

draft regulation of “ecodesign requirements for mobile phones, cordless phones, and slate tablets” posted on August 31 notes that phones and tablets are “often replaced prematurely by users” and are “not sufficiently used or recycled” (i.e., junk-drawer-ed) at the end of their life. The cost is the energy and new materials mined from the earth for new phones, and unrecycled materials sitting in homes. Extending the lives of smartphones by five years—from their current typical two- to three-year lives—would be like taking 5 million cars off the road, according to the Commission’s findings. (Ars Technica)

Fixfest 2022 Announced: September 30th through October 2nd in Brussels

Repairers from different countries will soon be welcome in Brussels. From 30 September to 2 October, Fixfest, an international gathering of volunteer repairers and tinkerers, activists, policy-makers, thinkers, educators and companies will be held there. The third international edition of Fixfest is being organized by The Restart Project, in close collaboration with Right to Repair Europe and the Belgian organizations Repair Together and Repair & Share.

? Tickets are free but limited. So be quick if you want to visit Fixfest. (Repair Café)

Right to Repair a Growing Issue in Quebec Election

The Quebec division of the Automobile Industries Association (AIA) of Canada issued a statement this week outlining its concerns. The division represents more than 6,500 businesses in the industry, from repair shops to banner head offices. Almost 91,000 people work in the province’s automotive aftermarket.

“Unlike other Canadian provinces, Quebec does not manufacture vehicles but rather specializes in the aftermarket sector, which covers maintenance and repair, as well as the distribution and sale of parts,” the statement said.

It noted challenges that need to be overcome to ensure vehicle safety and the importance of preparing for the arrival of electric vehicles. At the top of the list was right to repair. Data collected by vehicles are transmitted to the manufacturer, which then limits what independent repair shops can get and how many can access the data.

“Without access to this data, independent auto repair shops cannot fix a vehicle,” the statement said, adding that this results in higher consumer costs.

The group wants to see legislative changes to give vehicle owners free and complete access to data generated while driving, along with the option of sharing access with the shop of their choice, the statement added. (Auto Service World)

You Paid for Your Tech but You Don’t Really Own It

If you buy something simple like a hammer, the manufacturer has little say over what you do with it and no way to enforce any of its rules. What you’re purchasing when you buy a phone, a laptop, or even a TV, is something that can run the company that made its software. How much of an issue this is varies from company to company. The important thing to note is that you don’t own the software the device is running—you’re just being allowed to use it. The terms around that can change at any time, and the company that owns the software can also withdraw its permission at will.

If your purely mechanical lawnmower breaks, you can go to a hardware store and choose from a selection of parts. There may be various parts that work with your lawnmower, allowing you to balance cost and quality before purchasing the one that’s right for you and carrying on with the repair. With an iPhone, things aren’t that simple. If you don’t buy Apple’s official parts, your phone’s functionality might be reduced. The off-brand part you purchased could be identical to an official Apple part in almost every way, but if your phone does not believe it came from an official source, Apple will punish you for it. (Review Geek)

The Case for Being ‘Climate Positive’ by Design

Becoming climate positive by designing low-carbon living and working spaces and equipment—known as “sufficiency” in the scientific discourse—is just as important as other measures such as the impact of renewable energy and energy efficiency. These preventative measures, however, are almost never considered in IAM climate scenarios. That is one reason why these scenarios require a large amount of negative emissions.

Key elements of climate positive by design include enabling public transit, eliminating programmed obsolescence in equipment, prioritizing multi-family homes over single-family buildings, and moving to a four-day work week. This metric is not (French) focused on behavioral changes at the individual level but rather on systems changes at the community and larger level. (

Can ‘Right to Repair’ Create Large-Scale Entrepreneurship and Gig Employment?

Charcha 2022, the flagship livelihoods summit by The/Nudge Forum brought together various stakeholders across the development sector on the 4th of August at the India Habitat Centre for a day of conversations and networking to achieve resilient livelihoods in India. Conversations revolved around four themes: skill development, entrepreneurship, rural development, state capacity, and governance.

The ‘Right to Repair’ session at Charcha 2022 hosted eminent speakers Ajai Chowdhry and Smt Nidhi Khare. The Right to Repair is proposed legislation that gives a boost to livelihoods in the electronics and white goods sector. Speakers discussed the potential of this idea to create large-scale entrepreneurship and gig employment for repair technicians, kickstart a spares manufacturing ecosystem and deliver outsized economic, environmental, and social returns. (

Repair Reads: Dignity in a Digital Age

Congressman Ro Khanna offers a revolutionary roadmap to facing America’s digital divide, offering greater economic prosperity to all. In Khanna’s vision, “just as people can move to technology, technology can move to people. People need not be compelled to move from one place to another to reap the benefits offered by technological progress” (from the foreword by Amartya Sen, Nobel Laureate in Economics). (Simon and Schuster)

Score indice de réparabilité
The proposed EU smartphone repairabiilty rating system is based on the French system, which requires manufacturers to display a score like this at the point of sale.

Explained: The EU’s New Proposal for Rating Smartphone Repairability

Lawmakers in the EU are pushing for regulations that would enable regular consumers to use their smartphones, tablets, and other personal devices for a longer period of time. For example, the EU is proposing to sign a proposal into law that would require smartphone brands to ensure that for each new device that they introduce to the market, they have to ensure at least 15 different parts are readily available to service centers as well as repair shops, for a period of at least 5 years.

The EU is also working on proposed legislation that would make smartphone brands commit to at least 5 years of consistent and on-time software updates. Both of these pieces of legislation are a great way to deal with planned obsolescence a practice in which tech companies often downgrade the performance of their existing phones using software updates or by simply not providing key components that would be essential to repair a device. Companies like Apple and Samsung have often been accused of indulging in these practices as a matter of policy. (