In a letter sent to 22 automakers on Tuesday, the National Highway Traffic Safety Administration (NHTSA) warned that federal law preempts the newly-enforced Data Access Law in Massachusetts and laid out safety concerns if the state law is followed.
According to NHTSA, the Data Access Law conflicts with the National Traffic and Motor Vehicle Safety Act (Safety Act) because it requires open remote access to vehicle telematics with “the ability to send commands.” Doing so, NHTSA wrote, opens the door for “manipulation of systems on a vehicle, including safety-critical functions such as steering, acceleration, or braking, as well as equipment required by Federal Motor Vehicle Safety Standards (FMVSS) such as air bags and electronic stability control.”
“A malicious actor here or abroad could utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently,” NHTSA wrote.
“Vehicle crashes, injuries, or deaths are foreseeable outcomes of such a situation. Vehicle manufacturers appear to recognize that vehicles with the open remote access telematics required by the Data Access Law would contain a safety defect. Federal law does not allow a manufacturer to sell vehicles that it knows contain a safety defect.”
NHTSA has previously let its concerns be known to the Massachusetts District Court as part of the ongoing lawsuit against the state Attorney General’s Office by the Alliance for Automotive Innovation (Auto Innovators). The letter was filed as part of the case in court on Tuesday.
Auto Innovators argues that OEMs can’t safely and consistently comply with the legislation. The alliance told RDN on Tuesday that it couldn’t comment on pending litigation.
Attorney General Andrea Campbell has previously written in court documents that, “The Alliance does not have standing, and it does not have a cause of action. Furthermore, there is not even the slightest conflict between the Data Access Law and federal law. NHTSA’s vehicle safety standards simply do not cover the cybersecurity issues upon which the Alliance rests its preemption case.”
On Wednesday, on behalf of AG Campbell’s office, First Assistant Pat Moore told Repairer Driven News, “The National Highway Traffic Safety Administration declined the opportunity to express — and prove — its concerns at trial, choosing to weigh in only by letter two years later. We look forward to NHTSA’s explanation of precisely what has changed, and we will then evaluate our next steps.”
On May 31, U.S. District Judge Douglas P. Woodlock denied issuing an emergency temporary restraining order (TRO) requested by Auto Innovators to stall enforcement of the law. Enforcement began June 1 after Campbell terminated a non-enforcement stipulation followed by the former AG since the law was passed in 2020.
Woodlock said monetary damages to the alliance’s members can be a basis for preemption but erred on the side of Campbell’s interpretation of the statute calling hers a more reasonable reading.
NHTSA states in its letter to automakers that it is aware some manufacturers have said they intend to disable vehicle telematics, presumably to avoid Data Access Law compliance, but that route would have adverse impacts on safety as well.
“For example, telematics-based safety features could facilitate better emergency response in the event of a vehicle crash. Telematics data can also be an important source of information for safety oversight and field performance monitoring by the authorities and vehicle manufacturers.
“NHTSA often utilizes telematics data in its investigations, and the inability to obtain these data from vehicles with this capability undermines the agency’s ability to fully examine safety-related issues. In addition, some vehicle manufacturers have the ability to fix safety problems by remedying recalls through vehicle telematics, which will be lost if those systems are disabled. Manufacturers should assess the impacts of any planned actions on roadway safety comprehensively.”
Featured image credit: designer491/iStock