FOR IMMEDIATE RELEASE
Boston, MA — November 9, 2025 — Secure Repairs, a coalition of more than 400 cybersecurity professionals advocating for the right to repair, has joined leading organizations in filing an amicus brief urging the U.S. Court of Appeals for the First Circuit to affirm a February, 2025 ruling by a district court judge that rejected efforts by the auto industry to declare Massachusetts’s 2020 Right-to-Repair law a violation of federal authority.
The brief, filed on September 24th, 2025 and signed by iFixIt, Repair.org, The U.S. PIRG Education Fund Inc., Securepairs.org, Professor Jonathan Askin and The FULU Foundation is in support of the Massachusetts Attorney General in ALLIANCE FOR AUTOMOTIVE INNOVATION, v. ANDREA JOY CAMPBELL, ATTORNEY GENERAL
FOR THE COMMONWEALTH OF MASSACHUSETTS before the U.S. Court of Appeals for the First Circuit. The brief asks the Appeals Court to affirm a February Federal District Court ruling that holds that Massachusetts’s 2020 R2R law is not preempted by the Motor Vehicle Safety Act and instead fits alongside federal vehicle safety and cybersecurity rules.
The lawsuit in question was filed in December, 2020 by the auto industry group The Alliance for Automotive Innovation shortly after Massachusetts voters overwhelmingly approved a ballot measure that sought to expand of the state’s existing automotive right to repair law to give vehicle owners and independent repair shops access to wireless telematics data needed to assist with maintaining and repairing vehicles.
Among the key points made in the amicus brief is that there is not security in obscurity and that automakers’ argument that by restricting access to telematic and diagnostic data they enhance vehicle cybersecurity and safety is not backed by facts.
And, as Secure Repairs members have noted in testimony at both the state and federal level: the automakers’ position conflicts with mainstream information security practices that emphasize the importance of transparency.
Despite the auto industry’s “black box” approach to software design, real-world car hacks are common and do not rely on access to the data covered by the Massachusetts automotive right to repair law – data that is critical for vehicle repairs. In fact, shutting owners and independent repair pros out doesn’t meaningfully reduce cyber risks but does allow vulnerabilities to linger.
Events in recent years underscore that automakers’ eagerness to restrict access to maintenance and repair data has not benefitted vehicular cybersecurity. Incidents such as the remote hack of a Jeep Cherokee by researchers Charlie Miller and Chris Valasek, as well as more recent exposure of such as those targeting Kias and a wide range of other vehicles.
The brief also makes the case that granting access to data and promoting safety are not diametrically opposed. In fact, existing federal and state regulations already require both strong security and consumer access to data including laws governing electronic health records, credit reporting, and telephone call records. In each, federal rules mandate authentication, auditing, and controls without locking consumers out of their own data. The same balance can be struck for vehicle telematics, the brief states.
In the end, a strong right to repair preserves a longstanding right of owners to maintain what they bought and own; it checks aftermarket monopolies (e.g., firmware locks, VIN-binding, part serialization), lowers prices, improves service availability/turnaround, stimulates innovation (user-led fixes/mods), supports small repair businesses, and reduces waste. Massachusetts voters strongly backed the 2020 measure with nearly three quarters of voters (74%) voting in favor of the ballot measure. The past five years have seen similar laws are spreading nationwide—underscoring the stakes if preemption were accepted.
Secure Repairs is honored to have been a contributor to to the amicus brief. “Repair restrictions aren’t just a consumer issue — they’re a cybersecurity issue,” said Paul Roberts, the founder of Secure Repairs. “When manufacturers lock down repair tools and information, they make it harder for users and independent professionals to fix vulnerabilities, maintain devices, and keep systems secure. We need repair policies that make technology safer, not more fragile.”
Secure Repairs’ participation in the amicus brief builds on its ongoing advocacy for public policy that recognizes repair as a cornerstone of cybersecurity. Founded in 2018, the group brings together information security professionals, academics, and technologists who recognize that transparency and access to repair information are essential to protecting users and systems alike. Secure Repairs has supported legislative and regulatory efforts across the United States to balance manufacturers’ interests with the public’s right to maintain, repair, and secure their own technology.
“Secure Repairs’ mission has always been to connect the dots between right to repair and cybersecurity,” Roberts said. “The same principles that make software secure — openness, testing, and transparency — also make repair safe and reliable. This brief makes that case clearly.”
For more information on Secure Repairs’ advocacy and to read the full amicus brief, visit securepairs.org.
About Secure Repairs
Secure Repairs is a coalition of information security professionals, researchers, and technologists advocating for policies that recognize repair as fundamental to cybersecurity and consumer protection. Founded by journalist and security researcher Paul Roberts, the organization works to advance secure, transparent, and sustainable technology repair practices.
Media Contact:
Paul Roberts, Founder
Secure Repairs
[email protected]