The “right to repair” movement has gained considerable traction, advocating for greater access to the parts and information needed to fix various products, including vehicles. However, in the automotive industry, concerns have been raised about whether independent repair shops truly lack the necessary resources. This article delves into the debate surrounding H.R. 906, a bill that proponents claim will empower independent repair shops, but critics argue goes far beyond repair, raising significant issues related to data privacy, cybersecurity, and vehicle safety.
Advocates for right to repair legislation often suggest that independent automotive repair shops are at a disadvantage, lacking access to essential parts and data for vehicle repairs. This argument, however, overlooks crucial developments in the automotive industry. A landmark 2014 Memorandum of Understanding, endorsed by right to repair advocates and auto manufacturers, addressed these very concerns. This commitment was further solidified by a 2023 industry pledge emphasizing the ongoing collaboration between automakers and independent repairers. Currently, the information required for vehicle repairs is readily accessible from every auto and truck manufacturer through established channels.
H.R. 906, despite being presented as a “right to repair” bill, extends its reach far beyond the scope of vehicle repair. Instead, it mandates that auto and heavy-duty truck manufacturers furnish “aftermarket parts manufacturers” with the data necessary to produce compatible aftermarket parts – components not originally manufactured by the vehicle producer. Furthermore, the legislation grants unrestricted, bidirectional remote access to consumer vehicle data to third parties, sparking serious apprehension about privacy, cybersecurity, and the safety of vehicles on the road. Notably, H.R. 906 specifically targets vehicles, leaving other sectors like farm equipment and mobile phones unregulated. The core issue is that H.R. 906 deviates significantly from the principle of facilitating vehicle repair, instead introducing substantial risks to consumer privacy, vehicle security, and overall safety.
Delving Deeper into H.R. 906: Beyond Repair to Data Access
The expansive nature of H.R. 906 becomes evident upon closer examination of its provisions. The bill compels vehicle manufacturers to provide third-party entities with remote, bidirectional access to all vehicle-generated data “without restrictions or limitations.” This sweeping mandate encompasses all vehicle data, including information unrelated to vehicle servicing, creating significant vulnerabilities.
It’s important to recognize that a well-established system already exists to ensure independent repairers have access to the information they need. The National Automotive Service Task Force (NASTF) serves as a longstanding formal platform where automakers provide service information, tool details, and training data to independent repair professionals. This information is also commercially available through various private companies, ensuring broad access to repair resources.
The potential safety ramifications of unrestricted access to vehicle telematics have been flagged by the National Highway Traffic Safety Administration (NHTSA). NHTSA emphasized “significant safety concerns” associated with open access, warning that, “Open access to vehicle manufacturers’ telematics offerings with the ability to remotely send commands allows for manipulation of systems on a vehicle, including safety-critical functions such as steering, acceleration, or braking… A malicious actor here or abroad could utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently.” The National Automobile Dealers Association (NADA) reinforced NHTSA’s safety warnings in a letter to the House Energy and Commerce Committee.
Adding another layer of complexity, the Department of Commerce has issued an advance notice of proposed rulemaking to evaluate potential vulnerabilities in vehicle technology and address national security risks, particularly those linked to connected vehicles and Chinese-manufactured technology. This highlights the broader national security implications of vehicle data access.
Key Concerns with H.R. 906
Several critical issues underscore the problematic nature of H.R. 906:
- Undermining Intellectual Property: H.R. 906 unfairly advantages aftermarket companies by compelling auto and truck manufacturers to provide proprietary information necessary for producing “compatible aftermarket parts.” This effectively transfers automakers’ intellectual property, potentially enabling the reverse engineering of genuine auto and truck parts, including safety-critical components.
- GAO Report Validates Existing Access: A recent report from the Government Accountability Office (GAO) contradicts the premise that repair information is inaccessible. The GAO found that all eight automakers interviewed confirmed they provide independent repair shops with “equal access to the information, data, and tools needed for repairs, and will continue to do so” under fair and reasonable conditions. The independent repair sector is thriving, currently handling over 70% of non-warranty repairs, with the Auto Care Association reporting a 43% revenue growth from 2014 to 2022. This data suggests that current access is sufficient.
- Creating New Risks to Privacy, Security, and Safety: H.R. 906 mandates the unconditional release of all “vehicle-generated” data, potentially including sensitive personal information, to any individual designated by the vehicle owner. This broad data access creates significant privacy, data security, and vehicle safety risks, making vehicles vulnerable to malicious actors and data breaches.
Conclusion: Reconsidering Support for H.R. 906
Despite bipartisan concerns raised within the House Subcommittee on Innovation, Data and Commerce, H.R. 906 was reported out of subcommittee on Nov. 2. Industry stakeholders, including NADA, have voiced strong opposition to this legislation through a coalition letter highlighting its fundamental flaws.
Members of Congress are strongly encouraged to oppose H.R. 906. The bill’s overreach extends far beyond the stated goal of facilitating car repair, introducing unacceptable risks to consumer privacy, vehicle security, and public safety while undermining intellectual property rights and ignoring existing solutions for repair information access.
