The Alliance for Automotive Innovation (AAI) has asked a federal judge to compel testimony from the Auto Care Association (ACA) in AAI’s legal challenge of vehicle data access legislation approved by Massachusetts voters two years ago.
Specifically, AAI wants ACA to explain the “curious differences” between the Massachusetts law and a similar “right to repair” ballot initiative launched in August in Maine. Those differences show that the drafters of the Maine initiative recognize that the Massachusetts law is flawed, AAI said in a brief filed Tuesday afternoon.
ACA should be compelled to testify because evidence shows that the organization “stands at the crossroads” of both efforts, and should have relevant information, AAI said.
“The two laws would share many of the same problematic features—including such things as requiring the dangerous standardization of authorization to access sensitive vehicle data, cutting original equipment manufacturers (‘OEMs’) out of the process of securing their vehicles, and otherwise introducing significant cybersecurity threats,” AAI said. “But there are several curious differences between the two. These changes raise a reasonable inference that the sponsors of the Data Access Law consciously took a different, though still highly problematic, approach in crafting their latest state-ballot initiative.”
“There is every reason to believe that the changes made to the Data Access Law’s language to craft the Maine ballot initiative were not mere happenstance. There also is every reason to believe that ACA would have relevant information on the rationale for those changes,” it said.
AAI has asked U.S. District Court Judge Douglas Woodlock to approve subpoenas compelling ACA to testify on the matter.
An ACA spokesperson told Repairer Driven News that it will review AAI’s request before responding.
Under a schedule submitted by both parties and approved Tuesday by Woodlock, Massachusetts Attorney General Maura Healey will have until Dec. 6 to file any opposition to the requested discovery. AAI will then have until Dec. 13 to respond.
The disputed Massachusetts legislation, an expansion of the state’s earlier right-to-repair law, requires OEMs to equip every vehicle sold in that state that uses a telematics system with “an inter-operable, standardized and open access platform.” Approved in November 2020, the law was to have taken effect with the 2022 model year.
AAI immediately challenged the law in U.S. District Court for the District of Massachusetts, arguing that the law would require OEMs to violate federal regulations, and that the deadline could not be met. Healey agreed not to enforce the law while the legal challenge plays out.
The evidence AAI is now seeking “goes to the principal matter before the Court: whether OEMs can comply with the Data Access Law’s requirements while satisfying their federal safety and emissions obligations,” AAI wrote.
The Alliance is focused on four critical areas where drafters of the Maine initiative omitted or modified language in the Massachusetts Data Access Law, which it says suggests that the backers of the law “now recognize it is problematic,” contrary to the positions Healey has taken in defending the law.
One of those differences, a provision in the Maine initiative that directs the Maine attorney general to “designate an independent entity” to administer the authorization system for access to vehicle on-board diagnostic systems, is absent from the Massachusetts law, AAI said. That alone gives the court reason to invalidate the law, it said.
“[T]he Data Access Law is conspicuously (and dangerously) silent on that issue: Section 2 of the Data Access Law requires the ‘standardized’ ‘authorization system for access to vehicle networks and their on-board diagnostic systems’ to be ‘administered by an entity unaffiliated with a manufacturer,’ but does not provide any mechanism to establish that ‘unaffiliated,’ third-party entity,” AAI said.
That issue alone “provides a basis for the Court to invalidate the Data Access Law on preemption grounds without having to reach some of the more fact-intensive issues in the case,” the Alliance said.
“There is simply no dispute that: (1) there currently exists no way for automakers to provide the standardized access Section 2 requires without their involvement, (2) no third-party entity exists that can fill this role, (3) the automakers cannot fund or create such an entity without violating Section 2’s ‘unaffiliated’ language, (4) the Data Access Law does not provide a mechanism for the creation of such a third-party entity, and (5) neither ACA nor any other industry stakeholders unaffiliated with the automakers have stepped in to fill this void,” the brief states.
The Maine initiative also “identifies specific (theoretical) standards that the Attorney-General-designated independent entity should adopt to ensure appropriate security,” another element missing from the Data Access Law, AAI said.
Two other changes, the omission of two “problematic” phrases, also suggest that the Maine drafters recognized significant flaws in the Massachusetts law, it said.
In its brief, AAI contends that ACA supported the Massachusetts legislation, and is pushing the Maine initiative, as a way to “gain leverage over automakers.” It said its contention was confirmed by a Nov. 16 article in Aftermarket Matters Weekly in which a senior vice president of ACA said, “‘[W]e want to continue our momentum and put pressure on the OEMs, because they have no incentive to come to the table, right now.'”
“Accordingly, Auto Innovators expects that ACA will have relevant information regarding the Maine ballot initiative, including the reasons for the differences between the statutory language proposed in that initiative and the Data Access Law,” AAI said.
“Likewise, given ACA’s decision to shift its efforts to Maine, Auto Innovators expects that ACA will have relevant information bearing on the impossibility of compliance with the Massachusetts statute—including any efforts (or lack thereof) to establish the ‘entity unaffiliated with a manufacturer’ and ‘standardized’ authorization system that the Data Access Law requires, as well as efforts to develop the purported means of compliance with the Data Access law that the Attorney General has proposed in this action. Auto Innovators’ proposed discovery would cover these limited topics.”
Proponents of the law have argued that it is needed to protect independent repairers’ access to the OEM data needed for vehicle maintenance and repair. Opponents have argued that that access is already protected under the 2014 Memorandum of Understanding (MOU) between the OEMs and the aftermarket.
AAI has maintained that the new data law would seriously hamper efforts by OEMs to keep vehicle data and vehicle systems safe, and warned that “access to that data, and to the secured vehicle systems that generate that data, could, in the wrong hands, spell disaster.”
In an October filing with the court, General Motors, one of the two OEMs chosen by AAI to represent the industry, said the telematics data sought “has very little to do with the diagnosis, maintenance, or repair of vehicles.”
“GM’s telematics service, OnStar, only transmits and receives repair data to (a) provide firmware-over-the-air updates (FOTA), whereby GM provides software updates to vehicle owners, free-of-charge; and (b) send diagnostic reports with information about the status of key vehicle systems, such as airbag, antilock braking, engine, emissions, and stability control systems, if the owners choose. Neither of these services affect vehicle owners’ ability to choose independent service providers to service their vehicles,” Kevin Tierney, vice president of global cybersecurity at GM, wrote.
Featured image by Baris-Ozer/iStock