The right to repair should be protected. We shouldn’t have to open ourselves to security risks while doing so.
As the House chair of a committee that oversees business regulation in Maine, I feel it is my responsibility to share some important concerns about Question 4, the right to repair referendum. While the idea of the right to repair is a good one, it already exists, in practice, for independent repair shops. We must carefully consider the potential impact and security implications of elements of Question 4.
First, let’s acknowledge some significant progress in the right-to-repair arena. In July, major organizations representing independent auto repair shops and automakers reached a groundbreaking agreement to share the same data accessible by dealerships with independent shops. This pact secures consumer choice and gives independent repair shops access to the same diagnostic and repair information as authorized dealers. This agreement addresses many concerns raised by supporters of right to repair without the need for a referendum.
The pact also builds upon commitments made in a 2014 memorandum of understanding, covering access to diagnostic and repair information, vehicle systems, tools and training for third-party providers. It’s designed to keep up with technological advancements and maintain fairness among all repairers.
Question 4 introduces some worrisome elements. It suggests creating an independent entity within the state government and a standardized access platform, which hasn’t been seen before in the industry. This standardized platform would allow remote access by third parties. This raises significant cybersecurity concerns, as it creates an attractive target for criminals or hostile actors.
This independent entity, as described, would be responsible for managing “cyber-secure access to motor vehicle-generated data.” Given the complexity of modern computer systems, cyberattacks are not a matter of if but when.
Furthermore, Question 4 would shift liability from manufacturers to the independent entity and, ultimately, to the people of Maine. If vulnerabilities are exploited, leading to physical harm or financial loss, the state would bear the responsibility. This contradicts the National Highway Traffic Safety Administration’s cybersecurity best practices, which emphasize that manufacturers should control access to vehicle systems.
We have viable alternatives to Question 4 that offer solutions that protect consumer rights while addressing security concerns more effectively. We should explore these alternatives before moving forward with a referendum that could pose significant risks to both consumer safety and our national security.
While the right to repair is a crucial issue, the referendum in November raises legitimate concerns about security, liability and the creation of that independent entity, the likes of which does not yet exist in our current government, as well as that standardized access platform. Let’s consider alternative approaches that strike a better balance between consumer rights and the safeguarding our state’s security and interests. Maine deserves a solution that ensures both the right to repair and the protection of our citizens and critical infrastructure.
In conclusion, Question 4 is a poorly written policy and the language alone may put the state right into litigation. The legislation it would enact resembles the legislation that passed in Massachusetts and that legislation has been in litigation since. That is not what we need in Maine. Please join me in opposing Question 4 in November.