Skip to the content

US legalises deeper access to car computers

But AAAA doesn’t consider it necessary or desirable Down Under

DMCA ruling
DMCA ruling

The United States Government has amended the Digital Millennium Copyright Act (DMCA) to allow owners of passenger cars, commercial vehicles and agricultural machinery to legally modify onboard computer software, providing these changes do not result in the breach of any Department of Transport or Environmental Protection Agency regulations.

Exempt from the ruling are telematics or entertainment systems, which are the most logical access point for malicious hackers to remotely gain access to and control over a vehicle’s systems. Tampering of these systems could compromise any in-built security mechanisms.

However part of the new ruling is to allow “good-faith testing” by, for example, safety and cyber-security researchers to seek out glitches and vulnerabilities.

In theory, this “good-faith testing” would hasten the development of fixes because it broadens the base of research resources beyond the R&D departments of vehicle manufacturers and adds a layer of independent, impartial research.

Previously this type of work – such as the IT whizz-kids who famously took remote control of a Jeep Cherokee and drove it into a ditch with a journalist behind the wheel earlier this year, prompting the manufacturer to scramble out a security patch – occupied a legal grey area.

A number of automotive companies and industry bodies, plus the Department of Transport, Environmental Protection Agency and California Air Resources Board, raised objections to the DMCA amendment.

They cited concerns about the potential publicity of security flaws before manufacturers had opportunity to address them, public health and safety, the logistical limitations of reversing problems caused by uncontrolled software changes and the likely compromise of emissions control, safety and security systems.

A screenshot of Auto Digital Master ECU software
ECU software

Australian Automotive Aftermarket Association (AAAA) executive director Stuart Charity told SightGlass News that this type of legislation was unlikely to happen Down Under and doubted motor vehicles were covered by any local equivalent to the DMCA.

“I think the [United States] Right to Repair Coalition got involved to make sure the car companies can’t prevent access to the ECU and so-on,” he said.

Stuart Charity
Stuart Charity

“We’re not embracing with open arms the opportunity for people to start tinkering with vehicle software or changing vehicle parameters because that could impact safety or environmental compliance of the vehicle.

“What we do need to make sure of is that qualified repairers, government agencies or other authorised people have the opportunity to interrogate and reprogram the ECU for installation purposes, to integrate new components.”

Mr Charity recognised the market for engine performance tuning and supported it provided vehicles maintain their compliance and the work is done by qualified people who know what they are doing, but thought the new US legislation goes a bit too far.

“I think we need to be careful as you don’t want to be allowing  car owners to do it at home in their garage,” he said.

“We believe car owners have a right to choose who repairs their vehicle and what parts are fitted on it and that they should be able to fit minor accessories to their vehicles but they are pretty sophisticated beasts these days and I wouldn’t be advocating for car owners to be going in and reprogramming their own vehicle, it could be a recipe for disaster.”

Mr Charity had recently returned from the US and said the Right to Repair agreement was going well, will all carmakers other than Tesla complying.

“Tesla are resisting sharing vehicle information but they’re disrupting the whole model of the car industry,” he quipped.