Insurance companies should get behind Right to Repair. We've so far waited three months and have an $11,0000 price tag to the insurance company on a minor collision that bent our car's front fascia and broke a sensor -- no frame or metal damage. I would have happily repaired on my own if possible just to avoid being without the car for so long. If only I could get those parts and have a decent service manual.
Insurance companies will just follow the money like they do in (USA) healthcare. Expensive repairs create a world where there are two kind of people, those who are insured, and those who aren't. A high cost of repair guarantees you _really_ don't want to be in the latter group, so you'll pay whatever is asked to be in the first part. On their end, the insurance companies will use their weight to negotiate much lower prices on parts and service, increasing their margins.
Insurance companies (of any kind) are not incentivized to find the cheapest service. Anything they pay out is passed on via premiums. Indeed, the more expensive service is better because a 2% profit on $1000 makes them 10x more profit than 2% profit on $100.
There’s some competition here in that a marketplace of insurance companies can compete on the premiums so there can be downward pressure, sometimes. But for things that impact all insurance companies like this equally, then insurance companies would also be opposed because more expensive repairs = more money in their pocket.
That’s why you see things like medical insurance not being aligned with lowering medical costs.
The facts in your post are wrong. Insurance companies establish rigorous processes to steer repairs to the low cost provider and push that provider to make only necessary repairs. Policy holders might go along with it and might not, same as other insurance scenarios.
> That’s why you see things like medical insurance not being aligned with lowering medical costs
Health insurance companies are lambasted all the time for denying coverage for certain procedures or medicines or requiring prior authorizations to prove it is medically necessary or evidence based treatment.
> would have happily repaired on my own if possible
I actually did that once. The claims adjuster was pretty surprised at the request, and she confirmed multiple times that I really wanted them to pay out less money (parts but no labor). Then she was like, "Well, I don't know why you'd want to, but it's your decision, so OK."
The reason: someone stole my stereo and, in the process, they destroyed several pieces of the dashboard. The insurance didn't cover my (aftermarket) stereo, just the dashboard.
I was going to install a replacement stereo myself. I had installed the other one (that was stolen), so I already knew how to do it, and I knew that stereo installation requires removing the same dashboard parts. If I'd let insurance pay a shop to do it, I would have needed to have them install the parts, then take it home and remove the same parts, install the stereo, and then put them back. Buying parts at the dealer is less work and takes less time.
They were probably surprised because the insurance company would have paid the fair market rate for the replacement (parts & labor based on various quotes), regardless of if a professional did the work, if you DIYed it, or even if you never decided to repair it.
You likely talked yourself out of additional money.
Wouldn't an insurance company naturally want to avoid the additional liability of personal, unlicensed repairs? What if someone improperly repairs the brakes on their own car and they fail on the road, causing a collision?
People work on their own cars and have done so for at least a hundred years. Using technical means to prevent people from doing their own repairs, or from hiring someone of their choice to do the repair, is a relatively new thing.
I'm curious as to what make/model is damaged -- I self-repair all my cars and have no issues with access to parts and service manuals. Ebay is full of suppliers and mechanics operating a black market on these things.
How will right to repair speed up your particular repair, though? If a part is back-ordered, it's still going to be back-ordered even with right to repair.
Said differently, what is blocking you from doing the repair today? Is it just that the sensor needs coding to the car or calibration?
Back in 2013/2014, my Jeep was rear-ended. Some of the body panels were back-ordered, so the repair took 2 months longer than expected. Even if I was could have done the body repair, I couldn't have purchased the parts.
Likewise, a co-worker had his airbags stolen last year and it was many months until Acura had replacements available.
I think insurance companies are also salivating at having access to detailed driving data so they have more reasons to deny claims and raise rates. I'm not sure they want to jeopardize that by getting on automakers' bad side.
I guess it depends on the state. A friend recently was hit and had their car only slightly damaged. They went to insurance car shops that insurance recommended, but they all declined to fix the car. They ended up getting paid out and fixed it themselves since they're already skilled with maintaining vehicles, and they pocketed the rest.
Exactly. The infotainment bullshit should be in zero way connected to the actual operation of the vehicle. There is zero reason why the laggy, nonsensical software that controls my radio should control my engine. Someone correct me if I am wrong, please.
It's not as simple. For example, look at the distance sensors used for parking and the data coming from them over the CAN bus.
That bus needs to be able to (at least indirectly) reach the brakes so that automatic emergency braking can take their measurements as inputs. And that bus needs to be able to reach the audio system to provide audible feedback to the driver when parking, and also mute the radio. Ergo, you have a bus that reaches both brakes and radio. Now, you might want to prevent the radio firmware from sending data to the brakes over that bus, but physically you have to have a connection between them, as we don't really want to make many separate buses for reasons of complexity, cost and maintenance; moving from a separate end-to-end wire for each specific purpose towards a shared bus was a great improvement.
Without all that being connected how else would they use the built-in lte to send back all of the data about you from the car? Car companies cant be missing out on selling customer data too.
There really isn't any reason why your infotainment system can't be separate from core functioning control. It's just cheaper for the manufacturer to slap it all in one platform with the added advantage of huge profit margins on getting it fixed when something simple fails.
Nice in theory but almost impossible in practice, unless you start installing two copies of many things, one for safety-critical purposes and one for infotainment purposes.
I fail to see the problem. Ditch the bullshit or at least corral it into a corner where it can't fuck with anything vital to vehicle operation and safety. ABS systems (for example) worked swimmingly decades before the first net-connected infotainment system was theorized.
Tesla already does this. You can reboot the user screen while driving the car. Everything works but the only negative thing I've noticed is that you get no indication of turn signals working (they're flashing).
Current cybersecurity standards enforced in the automotive industry will probably completely kill the possibility of after-market car parts and the usage of used parts in cars.
I say this as someone working in this field that has asked a couple of people doing work in this exact direction. I point blank asked them if this will happen, and they just shrugged their shoulders and said... yeah, kinda'.
From the article: "federal regulators claim that malevolent third parties could "utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently."
Which really means auto makers built a terribly insecure system and hope to hide the fact behind security as obscurity? If so, that's the real problem. The vulnerabilities described should not be there in the first place.
It's not about security by obscurity. A better analogy would be the fight over "tivoization". In safety-critical and highly-regulated systems like automotive and health care, there's a meaningful regulatory interest in ensuring that the devices as sold and authorized to be on the road (or in patients' hospital rooms) don't get modified in dangerous ways. That means that the software and firmware running on each of the dozens of ECUs in a vehicle is part of the (regulated) functional safety spec of the system. There are real, meaningful technical challenges to overcome if you want to meet both the goal of ensuring that dangerous and malicious software can't run in safety-critical domains, and the goal of allowing users to modify their vehicles as they see fit.
I'm speaking as one of the authors of the Uptane standard for secure software updates in vehicles, and as a life-long proponent of user freedom and open access to the computers we buy. There are possible solutions here, but they are not easy.
It's an open secret in the industry that the CAN bus is not authenticated. If you connect, you can read the data on the bus and inject the data on bus.
But, that does require physical access to the car and hooking to the wires. Nobody complains that if you hook to the buses on a PC you can own it.
Now they have this security concept where every ECU on the car will have their own private key in their own secure enclave. You need that key to put authenticated data on bus and it can only be updated by the OEM's.
The authenticated bus infra will probably not protect against remote attacks ( since if you own the ECU SW you have the cert and you will still be able to publish signed messages) but will kill ability to change HW.
I really would not like to kill our ability to fix our vehicles but I feel this is the thing that is going to happen.
> Which really means auto makers built a terribly insecure system and hope to hide the fact behind security as obscurity?
Yes
(I've reverse engineered the security system on an ABS controller for the top selling vehicle of a major auto manufacturer. It is atrocious. I'm pretty confident the whole reason it exists is so that they can claim they have one to use the DMCA to stop third party tools from interacting with it.)
It's an ongoing battle. Giants such as the FTC are able and willing to fight these battles. Other large orgs such as SEMA are also pushing back, for both the right to repair and the right to modify. Additionally, OEMs don't want us to realize how they are putting themselves on top of a slippery slope. If we look at the NACS example, when one or two break away from a 'gentleman's alliance' it quickly creates a domino effect.
If I ever have to choose between security and freedom, I'd pick freedom all the way, every time. But usually this is a false dichotomy and you can in fact have both, despite claims to the contrary.
I also work in the industry and tend to agree. Right now if you get an official replacement ECU on a secured CAN network the device comes from the OEM already set up with the matching SecOC (AES-128) key that the OEM recorded in their backend database at time of manufacturing.
like this; an ECU is an ECU. match unit to make and model.
gap the ECU from remote modifications. an ECU doesnt require keys, they are not part of the required properties of an ECU.
There should really be some kind of airgap between internet connected entertainment systems and "mission-critical" aspects such as brake/drive by wire, steering input, etc.
It seems incredibly short sighted to give your radio access to drive the car into a median.
There are quite a few parts on modern cars already that you cannot just replace on your own car with either a new or used replacement because before they will work, they require a "relearning" procedure that only the dealership computers can initiate and those computers have to be online, connected to the automaker's mothership when they do it.
So basically DRM on car repair/parts is already a thing.
> For now, Massachusetts’ law is tied up by lobbying and legal fisticuffs.
It’s depressing that the will of the people that passed this ballot measure can get pre-empted like this. Before it passes? Sure. But afterward you’re just disenfranchising the voters.
Direct democracy is a threat to order, the unwashed masses know nothing, they're protecting us.
I think the saddest part is there probably isn't an auto manufacturer that isn't a participant in the lobbying campaign against bills like this. I can't even vote with my wallet in this situation.
At this point I'm hoping I'll be able to buy an electric kit car that can satisfy my minimal needs in the near future so I don't have to deal with modern vehicles and their shithead manufacturers.
Direct democracy is easier to buy than representative democracies for two reasons: first, voters have other things to do with their time than become experts on every bit of law that comes before them. And second, they don’t have the ongoing interest in rule-making, implementation & enforcement an interested legislator does.
Reading the book Street Level Bureaucrats was eye-opening for me on why seemingly “common-sense” solutions like Direct Democracy end up either just not working or having the opposite of the intended effect. Laws are less like writing software for a computer and more like designing processes for a team writing software.
State governments pretty regularly ignore citizen initiatives if they don't like it. Our state voted to decriminalize weed and our republican governor filibustered it for the remaining 4 years he was in office and even the democrat governor who replaced him took her sweet time.
Right now if you look it up, GOP state governments are working hard to kill the ability for citizens to enact initiatives that could allow them to implement things they want that the state representatives do not want.
The car keys should probably contain the master private key , and the mechanic could use that to authorize third-party components and modifications to the car.
There is no simple and secure technical reason car makers can't do this, they just want to fight it because they make tons of money off making fragile cars, charging exorbitant fees at their dealers service department and for parts, and they see MA's Right to Repair bill as a threat to their revenue stream and how much they can extract from customers while providing no value back to them.
Why can't the owner set up their own private key when the car is purchased or transfer ownership? It's the owner that needs it protection from unauthorized use and not the manufacturer.
The federal agency is NHTSA. The lawyer there who signed the letter about it being a federal crime is Kerry E. Kolodziej.
Kolodziej also works at Mayer Brown, the same law firm that fought in court against the Massachusetts law on behalf of Alliance for Automotive Innovation.
It is believed the NHTSA letter to automakers was a veiled attempt to circumvent the court battle. It fits squarely into the BS category, subcategory Monumental. Tagged with Regulatory Capture.
There's some interesting context missing from the explanation too, which is that apparently the feds were consulted years ago and they said "it's fine."
The Massachusetts Right to Repair Coalition's response to the NHTSA letter:
On behalf of two million voters and thousands of independent auto repair shops across Massachusetts, we are outraged by the unsolicited, unwarranted, and counterproductive letter from NHTSA that conflicts with the Department of Justice's statement submitted two years ago in federal court stating that there was no federal preemption. NHTSA's letter is irresponsible, having been transmitted without any new evidence and after the conclusion of the federal trial, despite having been asked by the judge to participate in the court proceeding and declining. NHTSA's letter fails to acknowledge the evidence and testimony presented at the trial that demonstrated the viability and security of an open access platform. This is yet another delay tactic the manufacturers are using to thwart the will of their customers, Massachusetts voters who voted 75-25 in favor of their right to get their car repaired where they choose. The FTC, the Biden Administration, and many members of Congress have all come out in support of Right To Repair.
Right to repair os starting to reach a boil. The car companies have lost. The combat has changed and they're well on their back foot. The sooner they realize this, the less painful it will be for them. Legal loopholes and dirty tactics will only get them so far now.
Readit News
Are there really people out there who wouldn’t otherwise buy insurance, but they choose to do so only because the cost of repairs is too high?
There’s some competition here in that a marketplace of insurance companies can compete on the premiums so there can be downward pressure, sometimes. But for things that impact all insurance companies like this equally, then insurance companies would also be opposed because more expensive repairs = more money in their pocket.
That’s why you see things like medical insurance not being aligned with lowering medical costs.
Health insurance companies are lambasted all the time for denying coverage for certain procedures or medicines or requiring prior authorizations to prove it is medically necessary or evidence based treatment.
I actually did that once. The claims adjuster was pretty surprised at the request, and she confirmed multiple times that I really wanted them to pay out less money (parts but no labor). Then she was like, "Well, I don't know why you'd want to, but it's your decision, so OK."
The reason: someone stole my stereo and, in the process, they destroyed several pieces of the dashboard. The insurance didn't cover my (aftermarket) stereo, just the dashboard.
I was going to install a replacement stereo myself. I had installed the other one (that was stolen), so I already knew how to do it, and I knew that stereo installation requires removing the same dashboard parts. If I'd let insurance pay a shop to do it, I would have needed to have them install the parts, then take it home and remove the same parts, install the stereo, and then put them back. Buying parts at the dealer is less work and takes less time.
You likely talked yourself out of additional money.
Said differently, what is blocking you from doing the repair today? Is it just that the sensor needs coding to the car or calibration?
Back in 2013/2014, my Jeep was rear-ended. Some of the body panels were back-ordered, so the repair took 2 months longer than expected. Even if I was could have done the body repair, I couldn't have purchased the parts.
Likewise, a co-worker had his airbags stolen last year and it was many months until Acura had replacements available.
We have categories of write off, so if insurance has paid out it affects the future value of the car.
This would be a category D [0], which makes a big difference on resell.
0: https://www.rac.co.uk/drive/advice/know-how/what-is-a-catego...
That bus needs to be able to (at least indirectly) reach the brakes so that automatic emergency braking can take their measurements as inputs. And that bus needs to be able to reach the audio system to provide audible feedback to the driver when parking, and also mute the radio. Ergo, you have a bus that reaches both brakes and radio. Now, you might want to prevent the radio firmware from sending data to the brakes over that bus, but physically you have to have a connection between them, as we don't really want to make many separate buses for reasons of complexity, cost and maintenance; moving from a separate end-to-end wire for each specific purpose towards a shared bus was a great improvement.
I say this as someone working in this field that has asked a couple of people doing work in this exact direction. I point blank asked them if this will happen, and they just shrugged their shoulders and said... yeah, kinda'.
Which really means auto makers built a terribly insecure system and hope to hide the fact behind security as obscurity? If so, that's the real problem. The vulnerabilities described should not be there in the first place.
I'm speaking as one of the authors of the Uptane standard for secure software updates in vehicles, and as a life-long proponent of user freedom and open access to the computers we buy. There are possible solutions here, but they are not easy.
But, that does require physical access to the car and hooking to the wires. Nobody complains that if you hook to the buses on a PC you can own it.
Now they have this security concept where every ECU on the car will have their own private key in their own secure enclave. You need that key to put authenticated data on bus and it can only be updated by the OEM's.
The authenticated bus infra will probably not protect against remote attacks ( since if you own the ECU SW you have the cert and you will still be able to publish signed messages) but will kill ability to change HW.
I really would not like to kill our ability to fix our vehicles but I feel this is the thing that is going to happen.
Yes
(I've reverse engineered the security system on an ABS controller for the top selling vehicle of a major auto manufacturer. It is atrocious. I'm pretty confident the whole reason it exists is so that they can claim they have one to use the DMCA to stop third party tools from interacting with it.)
https://www.ftc.gov/system/files/documents/reports/nixing-fi...
https://www.sema.org/news-media/enews/2023/28/right-repair-a...
But how would this work with a 3rd party ECU?
So far this has eluded public consciousness, but I expect it will hit the users hard at some point in the near future.
It seems incredibly short sighted to give your radio access to drive the car into a median.
So basically DRM on car repair/parts is already a thing.
It’s depressing that the will of the people that passed this ballot measure can get pre-empted like this. Before it passes? Sure. But afterward you’re just disenfranchising the voters.
I think the saddest part is there probably isn't an auto manufacturer that isn't a participant in the lobbying campaign against bills like this. I can't even vote with my wallet in this situation.
At this point I'm hoping I'll be able to buy an electric kit car that can satisfy my minimal needs in the near future so I don't have to deal with modern vehicles and their shithead manufacturers.
Reading the book Street Level Bureaucrats was eye-opening for me on why seemingly “common-sense” solutions like Direct Democracy end up either just not working or having the opposite of the intended effect. Laws are less like writing software for a computer and more like designing processes for a team writing software.
Right now if you look it up, GOP state governments are working hard to kill the ability for citizens to enact initiatives that could allow them to implement things they want that the state representatives do not want.
The federal agency is NHTSA. The lawyer there who signed the letter about it being a federal crime is Kerry E. Kolodziej.
Kolodziej also works at Mayer Brown, the same law firm that fought in court against the Massachusetts law on behalf of Alliance for Automotive Innovation.
It is believed the NHTSA letter to automakers was a veiled attempt to circumvent the court battle. It fits squarely into the BS category, subcategory Monumental. Tagged with Regulatory Capture.
There's some interesting context missing from the explanation too, which is that apparently the feds were consulted years ago and they said "it's fine."
The Massachusetts Right to Repair Coalition's response to the NHTSA letter:
On behalf of two million voters and thousands of independent auto repair shops across Massachusetts, we are outraged by the unsolicited, unwarranted, and counterproductive letter from NHTSA that conflicts with the Department of Justice's statement submitted two years ago in federal court stating that there was no federal preemption. NHTSA's letter is irresponsible, having been transmitted without any new evidence and after the conclusion of the federal trial, despite having been asked by the judge to participate in the court proceeding and declining. NHTSA's letter fails to acknowledge the evidence and testimony presented at the trial that demonstrated the viability and security of an open access platform. This is yet another delay tactic the manufacturers are using to thwart the will of their customers, Massachusetts voters who voted 75-25 in favor of their right to get their car repaired where they choose. The FTC, the Biden Administration, and many members of Congress have all come out in support of Right To Repair.