Kia, Subaru Disable Useful Car Features, Blames Mass. Right To Repair Law
from the underhanded-gibberish dept
In late 2020, Massachusetts lawmakers (with overwhelming public support) passed an expansion of the state's "right to repair" law. The original law was the first in the nation to be passed in 2013. The update dramatically improved it, requiring that, as of this year, all new telematics-equipped vehicles be accessible via a standardized, transparent platform that allows owners and third-party repair shops to access vehicle data via a mobile device. The goal: reduce repair monopolies, and make it cheaper and easier to get your vehicle repaired.
Of course major auto manufacturers didn't like this, so they set about trying to demonize the law with false claims and a $26 million ad campaign, including one ad falsely claiming the expansion would only really help sexual predators. Once the law passed (again, with the overwhelming support of voters) automakers sued to stop it, which has delayed its implementation. Simultaneously, they're pushing legislation that would delay the bill's launch date until 2025, giving them more time to kill it.
In the interim, companies like Kia and Subaru have started disabling useful features (like remote start), and blaming the law:
"Subaru disabled the telematics system and associated features on new cars registered in Massachusetts last year as part of a spat over a right-to-repair ballot measure approved, overwhelmingly, by the state’s voters in 2020. The measure, which has been held up in the courts, required automakers to give car owners and independent mechanics more access to data about the car’s internal systems.
But the “open data platform” envisioned by the law doesn’t exist yet, and automakers have filed suit to prevent the initiative from taking effect. So first Subaru and then Kia turned off their telematics systems on their newest cars in Massachusetts, irking drivers like the Ferrellis. “This was not to comply with the law—compliance with the law at this time is impossible—but rather to avoid violating it,” Dominick Infante, a spokesperson for Subaru, wrote in a statement. Kia did not respond to a request for comment."
Recall that the Massachusetts law needed to be expanded in the first place because automakers were behaving in predatory ways as they attempted to monopolize repair. That law is now on hold... and may never actually be implemented...because of the industry lawsuit. While complying with it may prove difficult given the archaic nature of many car systems (Wired finds an engineer willing to argue as much), completely disabling all telematics system seems performative. You're to assume that the same industry that falsely claimed the law would only be of benefit to sex pests, is genuinely worried about compliance and not, say, interested in finding creative ways to vilify the new law or gain leverage in the ongoing lawsuit aimed at killing it entirely.
Given the industry's track record of honesty so far on this subject, trusting that this truly was a purely technical consideration feels like a big ask.
In the interim this is only one of countless battles no going on around the country as consumers, farmers, medical professionals, and others fight back against obnoxious DRM, repair monopolies, and draconian crackdowns on independent repair. Three different federal right to repair legislative proposals were introduced this week alone, in addition to more than a dozen state proposals already introduced. At this point, for repair monopolists, the right to repair movement is a sort of finger trap puzzle in that the more they wriggle and clamp down on independent, affordable repair options, the bigger the movement gets.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: disabling features, massachusetts, remote start, right to repair, telematics
Companies: kia, subaru
Reader Comments
Subscribe: RSS
View by: Time | Thread
Why not sue the car companies?
If you are the owner of one of the vehicles that had the feature disabled, then file a lawsuit against them. The car was advertised and sold as actually having the feature. They then disabled it, that is a pecuniary loss. Let them be exposed to discovery and explain exactly why they can't provide it?
However, there are some reasons it can't be provided:
It is too insecure and they depended on security by obscurity, which is not real security;
Doing so would would expose that they had violated patent(s) or copyright(s); or
All three would expose them to liability.
[ link to this | view in thread ]
Great. I just bought a new Subaru.
[ link to this | view in thread ]
'Do you hate us yet? No? How about now?'
Ah yes, the classic 'Let's infuriate our customers by disabling features of our products and thereby providing even more justification for third-parties to be able to step in and fix our self-inflicted problems' gambit, that's sure to get the public which is already not happy with them on their side.
[ link to this | view in thread ]
When I first read the Kia/Subaru side of this story, my bullshit detector made a loud, unhappy noise, then exploded.
Even if (as is possible, perhaps even likely) the law is somehow poorly drafted, the only way you can possibly avoid breaking it is by shutting off useful features?
Not buying that for one second.
Also, the word games they're playing here are worthy of note. It's somehow both "impossible to comply with" the law, and necessary to take specific steps to "avoid violating" it?
If you're managing to "avoid violating" a law, then that's normally called "complying with it".
Being unnecessarily charitable, perhaps they're arguing that it's impossible to comply with one part of the law, but nonetheless necessary to take other steps to avoid breaking other parts of it.
The smouldering wreckage of my bullshit detector would beg to differ...
[ link to this | view in thread ]
I may be wrong but I think Europe has a right to repair law (introduced in 2010) that already forces this. As Kia and Subaru both sell in the EU market, they mush have already dome something similar to the requirements in Massachusetts?
All this posturing must be for the US market only so clearly BS.
[ link to this | view in thread ]
I already hate a car industry that's trying to turn cars into mobile platforms for anything and everything that has little or nothing to do with transporting us to and fro in basic safety. Now I have to hate specific car makers who make it clear they don't mind ripping us all off for the sake of their desired profit margin.
When will I be able to buy a car again that's... just a plain old basic car? (and isn't 20+ years old)
[ link to this | view in thread ]
Re:
It would be quite interesting if someone tried to get them to say specifically what part of the law made those features illegal because for the life of me I cannot think of a reason other than spite and trying to turn the public against the bill that would explain their actions here.
[ link to this | view in thread ]
I think the most charitable read of their public statements is also the most damning. To summarize the Kia/Subaru position on why they need to shut down telematics:
Our systems are wildly insecure. The telematic stream carries private information only useful for advertising in the same data stream as critical diagnostic data useful for determining faults. The telematic stream is two way and also capable of presenting a security for the car itself. Providing access to the telematic stream and a means to read that stream presents a severe risk to both private information of individuals (but its totally okay that we also use it for advertising), and the security of their vehicles (a risk which is already exists). Rather than change what data is collected, how it is transmitted, or how that data is secured, we will simply turn off the telematic stream entirely, something we have and will tell privacy-minded consumers is impossible.
That is the charitable read of their claims.
[ link to this | view in thread ]
Re:
That would explain their actions here so barring them actually explaining just what's so problematic with the law that they had to shut off those specific features that seems like a reasonable assumption.
[ link to this | view in thread ]
They're afraid of losing access to all of the data these new cars are pumping out.
[ link to this | view in thread ]
Never attribute to malice...
...that which is sufficiently explained by incompetence.
I think people here vastly underestimate the incompetence of software designers at car companies. They just barely get the comptuers working at all, without any real internal standards or architectual clarity. Simply put, they're half-competent hacks (of course there are some outliers, but not a lot).
It doesn't help that Big Tech sucks up most of the compentent programmers willing to work for big burecratic companies.
Te car companies CAN'T comply with the law because their software is so poorly engineered in the first place, not flexible enough to accomodate the law's requirements, and will take literally years of effort to make complaint with the law (I say "make compliant" rather than "fix" because if they ever do it, it'll be by more half-competent hacking).
Go read the court expert's report on the Prius software.
https://www.edn.com/toyotas-killer-firmware-bad-design-and-its-consequences/
(Yes, Tesla is an exception. Tesla is Big Tech and has competent software engineers. But they sell computers with wheels as a perihperal, not cars with a computer.)
[ link to this | view in thread ]
Re: Never attribute to malice...
The law requires that they make available the data that they collect and use. The car companies already know how to do this, because they are doing so for their own purposes. They only need to make available the definition of data that is transmitted from the car. They also need to define the messages that appear on various communication buses within the car, along with the mechanical, pin out and signalling specifications.
Also, if this would expose any security flaws, they need to be fixed because others can and have reverse engineered car systems. Obscurity is not a security techniques, but rather a head in the sand technique.
[ link to this | view in thread ]
Re: Why not sue the car companies?
In the EU perhaps.
In 'mercia, loss of advertised functionality due to an online firmware update tends to be the norm. Regardless as to what the law says. (Partially due to the fact that such lawsuits never happen anymore due to the mandatory and binding arbitration agreement and class action waiver that is in every product's TOS / EULA these days. These cases never make it to court.)
[ link to this | view in thread ]
Re: Never attribute to malice...
I fully believe the software is as shoddy as they claim. I fully believe they aren't willing to pay for top tier software engineers. I knew this when Toyota abandoned using carplay or android auto and teamed up with other car manufacturers who thought they could build a 'luxury' UI for pennies on the dollar.
The reason the software is the way it is right now is incompetence. incompetence in hardware design creating limitations on how secure the software can be, incompetence in software design either due to not having good staff or by managerial function mandates, or by inadequate development time. Or all 3. And incompetence in recognizing the serious threat all this poses years after a reporter had a car shut down on a bridge.
But their response to laws which would provide greater exposure to the issue reeks of malice. Its a recognition that their crow is now old and tough, and eating it now will mean a much worse time. The last thing a CEO wants is to have to eat that crow.
[ link to this | view in thread ]
Re: Re: Never attribute to malice...
You assume that they are competent enough to have documented or are able to document these things. It's perfectly possible to develop a pair of programs that communicate with each other without any documentation at all. The meaning of bits in messages could change with message type, length of data, date, time engine has been running, or almost any other arbitrary factor. Would it be good practice to do so? No, of course not. Is it sometimes done anyway? You can safely bet your last dollar that it is. All you need to do is add in that the programmer (or programmers) who did this and got the two programs correctly communicating (usually enough for the car company to be willing to live with the exceptions) to have left the company and become unavailable for this to become a black hole that the company can't document without completely redeveloping everything involved.
Companies shouldn't let this happen, but some don't guard against it, especially when their management doesn't understand software development, and some unscrupulous software developers do it deliberately. If only to guarantee their continued employment - and they stop caring when they leave.
[ link to this | view in thread ]
Re:
Never. You are a product who's sole reason for existence is to be packaged up and sold to soulless advertisers for big $$$$$. So shut up and give us your info like the good little object that you are. - Kia, Subaru
On a more serious note, the fact that this is happening in multiple industries at scale should show you why your and society's lack of attentiveness and eternal vigilance was a bad thing.
In capitalism, the market always chooses the most profitable course of action. If that means you and the rest of society gets degraded into nothing more than a bunch of objects to be sold off to the highest bidder, then that is what will happen. Unless you make it a guaranteed loss that the market cannot write off or recoup in someway.
The response here is predictable. These companies are angry that Massachusetts decided to take away their monopoly by imposing costs on it and so the companies involved now wish to try and punish the people in Massachusetts as a result. Also, notice that these companies outright claimed that the people in Massachusetts shouldn't even have the choice to make this decision for themselves. Again, their whole goal is profiting off of selling personal info, and the people in D.C. are far easier to bribe into allowing it than trying to bribe the legislators of 50 states. In the eyes of capitalism, democracy is how much money you have to spend and nothing else. See also Citizen's United.
[ link to this | view in thread ]
Re:
Wouldn't turning off all this data be of more help to sexual predators?
[ link to this | view in thread ]
Re: Re: Re: Never attribute to malice...
Several things say the data is probably documented.
1) The embedded system programmers are unlikely to be the data capture and analysis programmers.
2) The diagnostic tools sold to their dealers are almost certainly produced by application programmers, if not an external contractor.
[ link to this | view in thread ]
You sold me a car with the promise of feature X, you now have removed that feature.
Bait and switch?
[ link to this | view in thread ]
Re:
this is so funny.
SO they have full access to a Car from remote and can do anything they wish TO your car.
Reminds me of a person in germany Found out the same about his New car, and contacted person threw Social media to test something.
An Aussie, acknowledged him. They tested His access from germany to the persons SAME car. in Australia. He had basic control over most of the car. WONDERFUL.(NOT)
Do think about how they get access. YOU are paying for that access. You have a transponder in your car. I wonder if this works with LoJack.
[ link to this | view in thread ]
So, in theory, they cannot remotely fuck up the cars any further? Might be a win in disguise.
[ link to this | view in thread ]
Re:
Also known as the Sony Playstation Gambit.
[ link to this | view in thread ]
Re: Re: Why not sue the car companies?
Sony settled the case about the PS3 OtherOS feature rather than go to court, so a case about car companies disabling features stands a very good chance of going the same way.
[ link to this | view in thread ]
Re: Re: Re: Why not sue the car companies?
The PS3 EULA doesn't include a binding arbitration clause nor a class action waiver. Of course they would settle. Also that settlement occurred in 2016, 6 years after the incident that prompted it. A decade is more than enough time for most companies to get the message. Guess what? Sony did get the message in time for the PS4.
[ link to this | view in thread ]
Re:
"I think the most charitable read of their public statements is also the most damning."
Or to summarize, when Kia and Subaru faced revolutionary new tech rather than try to adapt it to further the interest of their customers they used it to further their own interests...and now when the law demands they open up their toolbox they're finding out they shot themselves in the crotch and have to dial back the functionality of the cars lest some asshat hacker land the vehicles a reputation of the worse sort.
Subaru has always been top notch with a hitherto secured title as the car most likely to please owners. This, guys, is how you snatch defeat from the jaws of victory.
I think we're all due some very hard lessons in why it's a good thing to keep corporations in a permanent state of fear.
[ link to this | view in thread ]
Re: Never attribute to malice...
"I think people here vastly underestimate the incompetence of software designers at car companies."
No, I think most people here are all too aware that large companies will invariably retain the lowest bidder with a good spiel.
"Te car companies CAN'T comply with the law because their software is so poorly engineered in the first place, not flexible enough to accomodate the law's requirements, and will take literally years of effort to make complaint with the law (I say "make compliant" rather than "fix" because if they ever do it, it'll be by more half-competent hacking)."
And it strikes me, again, how this mindset is not only endemic of larger companies but inevitable. To fix or prevent this shit we really need to do one of two things - reduce the profit motive to the point where every company making it into the big leagues won't suddenly abandon all the advantages building its brand for the sake of cutting production and development costs...or make sure every company over a certain size lives in perpetual fear or putting a foot wrong.
I really don't like bringing up the chinese model...but every time their corporations start becoming big enough and cocky enough to impact the nation as a whole, crackdowns happen and the responsible people are shlepped away in chains as warnings unto others.
Of course there's that state and corporation as one mess to consider where leeway is given according to political credibility...but at this point, when looking at the US, I'm not seeing much difference in form of corruption between the two.
Surely we can do better than this?
[ link to this | view in thread ]
Re: Re: Never attribute to malice...
"The last thing a CEO wants is to have to eat that crow."
Naturally. Every CEO knows they're in the hot seat for 3 to 5 years. That's not enough time to rebuild the business. And certainly won't help their CV unless they've specifically been hired to fix what is deeply broken.
None of the decisionmakers will ever have to face the consequences of their policies. They'll do the bare minimum, harvest the rewards and bonuses of having made the company drag in a few extra cents of payout on the stock for that fiscal year, then leave before the slapdash fixes they put in place give way. CEO's migrating through companies is like playing one of those card games where the last participant to hold the joker loses.
So facing the issue of their company having possibly cut the throat of the golden goose upon which they relied to make a living they'll always try to stall, delay, and lobby for legislative relief rather than fixing their problems.
Welcome to the end game of capitalism. Fast start, roaring mid stretch, ends with a burning tire rolling out of the wreckage.
Honestly, at this point I'm starting to think the only way we can have sustainable free markets is if the threat of regular canings in the town square keeps the top executives honest.
[ link to this | view in thread ]
Question...
Why on gods green earth does remote start require a link to a computer system outside of the car?
Recalls the story about the rental car that killed itself & refused to restart until they had it towed partially down the mountain so they could get signal again to allow it to start
TAC wonders if part of the reason they pulled this stunt is because if they have to divulge exactly how much data they are gathering & profiting from car buyers might demand punishment.
[ link to this | view in thread ]
Re:
It seems pretty straightforward to me.
"all new telematics-equipped vehicles be accessible via a standardized, transparent platform that allows owners and third-party repair shops to access vehicle data via a mobile device."
'But the “open data platform” envisioned by the law doesn’t exist yet'.
So until such a platform is developed and put into place (something that I could imagine taking years and millions of dollars) their choices are: 1) stop selling vehicles in Massachusetts entirely or 2) disable all telematics on Massachusetts vehicles. I doubt it would even be worth the time and money to develop that platform for just MA, so unless other states join this effort, I'd predict this will be a permanent state of affairs there.
[ link to this | view in thread ]