from Hacker News

Mazda slaps developer with cease-and-desist for DIY smart home integration

by heshiebee on 10/23/23, 8:18 PM with 188 comments

  • by mirkules on 10/23/23, 10:09 PM

    I've worked for a large OEM, dealing with a large Japanese megacorp that is not Mazda for about two years (actually Mazda was one of our customers too, but I didn't get to work with them directly). This does not amaze me anymore.

    We spent months agonizing over an interior temperature sensor, which was only used to display the information to the user on a smartphone app. We built both the hardware and software, and it was offered as an add-on at the dealerships. After months of negotiations, after the hardware was already built and the packages assembles, they decided temperature sensors were too inaccurate (+/- 5 degrees F) to use, and that it could present a legal liability. Again, this was nothing else but displaying the information on the app - and the user could then make a decision whether to remote start the car to cool it or heat it (no automatic process took place either).

    This was at the height of "unintended accelerator" issue in Toyotas, so everyone was walking on egg shells playing it ultra safe to not invite any more lawsuits.

    What surprises me is that this culture of "playing it safe" remained to this day, some 10 years later (but maybe it shouldn't).

  • by gnabgib on 10/23/23, 9:18 PM

    This has been discussed a couple of times: "Removal of Mazda Connected Services integration" (270 points, 78 comments, 10 days ago)[0], "Mazda's DMCA takedown kills a hobbyist's smart car API tool" (83 points, 27 comments, 6 days ago)[1] - the first being the original blog post on Home Assistant, the second referencing that blog post, maybe adding more content and this article referencing both sources (but adding little)

    [0]: https://news.ycombinator.com/item?id=37874220 [1]: https://news.ycombinator.com/item?id=37921584

  • by madrox on 10/23/23, 9:12 PM

    I can only imagine Mazda's stake in this is that the OSS project is doing something that Mazda would like to monetize. Otherwise why limit a project that's making people fell better about their car purchase?

    The worst thing to happen to home automation was companies trying to lock customers into their ecosystem without greater interoperability.

  • by otikik on 10/23/23, 9:19 PM

    I am now pissed that I have a Mazda. Mission accomplished, legal team, you undid all the efforts of the engineering and marketing departments in one single action.

  • by tommek4077 on 10/23/23, 10:32 PM

    Just dont put your name on projects like this. Had to learn myself the hard way 15 years ago. Just do it, fly under the radar, stay pseudonymous, go the hacker way.

  • by j1elo on 10/23/23, 10:56 PM

    How can they really stop this development?

    I mean, if I were the author, had put my effort and time into solving my own itch and released it as FOSS, only to receive a Cease and Desist, my itch would still probably be there, but GitHub would probably comply and close the repo.

    So I'd just cease, desist, and my project would suddenly appear again in some other Git server. Surely, without my name on it, and hosted from whatever country seeming less likely to follow up on similar requests.

  • by Tabular-Iceberg on 10/23/23, 9:31 PM

    DMCA? Does Mazda think we're going to start downloading cars because of this?

  • by activescott on 10/23/23, 10:26 PM

    I just happen to read about DMCA exemptions legalities recently (which I submitted at https://news.ycombinator.com/item?id=37961007). Turns out that exemptions to DMCA are recommended every three years. I noticed one especially relevant to this one under the section category of "Proposed New or Expanded Exemptions":

    > Proposed Class 7: Computer Programs— Vehicle Operational Data > MEMA petitions for a new exemption to ‘‘access, store, and share vehicle operational data, including diagnostic and telematics data’’ from ‘‘a lawfully acquired motorized land vehicle or marine vessel such as a personal automobile or boat, commercial vehicle or vessel, or mechanized agricultural vehicle or vessel.’’ 182 The petition limits circumvention to ‘‘lawful vehicle owners and lessees, or those acting on their behalf.’’ > The Office encourages proponents to develop the legal and factual administrative record in their initial submissions, including describing with specificity the relevant TPMs and whether their presence is adversely affecting noninfringing uses, whether eligible users may access such data through alternate channels that do not require circumvention, and the legal basis for concluding that the proposed uses are likely to be noninfringing. In general, the Office seeks comment on whether the proposed exemption should be adopted, including any proposed regulatory language.

    - From Page 14, of October 19, 2023 – Notice of Proposed Rulemaking at https://www.govinfo.gov/content/pkg/FR-2023-10-19/pdf/2023-2...

    The US Copyright Office goes on to say *they want feedback on this potential exemption*:

    > The Office encourages proponents to develop the legal and factual administrative record in their initial submissions, including describing with specificity the relevant TPMs and whether their presence is adversely affecting noninfringing uses, whether eligible users may access such data through alternate channels that do not require circumvention, and the legal basis for concluding that the proposed uses are likely to be noninfringing. In general, the Office seeks comment on whether the proposed exemption should be adopted, including any proposed regulatory language.

    Note that final sentence!

  • by matheusmoreira on 10/24/23, 2:46 AM

    > It's unclear what legal basis Mazda has to order a DMCA takedown

    There's probably none. They're probably just leveraging the high costs of a legal defense to bully individuals into submission. Corporations have armies of lawyers and can afford to spend years fighting in court, this guy can't. The threat of lawsuits is equivalent to a threat to set his money on fire.

    Check out their "justifications":

    > The automaker argued that Rothweiler's work contained code that violated its copyrights; used its "proprietary API information" to create more code

    Seriously doubt that. It's not like they gave this guy access to their source code or internal documents.

    > and that the integrations provided functionality identical to what currently exists in Mazda's own mobile apps

    Not protected by copyright.

  • by lfmunoz4 on 10/23/23, 10:20 PM

    Things like this just make me think, if you write code and aren't making money no point in hosting it in US. I.e, just put it on Gitee

  • by teeray on 10/23/23, 10:14 PM

    Hopefully this triggers a Streisand Effect of this code appearing everywhere. Something like “this JPG is also a git repo”

  • by sebazzz on 10/24/23, 3:58 PM

  • by kazinator on 10/24/23, 5:13 AM

    > GitHub (where the software was hosted)

    I.e. actually GitHub took the stuff down, not Mazda.

    Self-host your shit for Pete's sake.

  • by xbar on 10/23/23, 10:09 PM

    The marketplace for autos is still broad enough for me to purchase a car that meets my needs.

    No Mazda does.

  • by lovemenot on 10/23/23, 10:57 PM

    I suspect this decision would have been almost a no-brainer for Mazda execs in Japan.

    Japanese culture tends to white-list permitted activities.

    The API was designed for a purpose other than what this developer used it for. Therefore his code is proscribed.

  • by daft_pink on 10/23/23, 9:46 PM

    I would never purchase a Mazda after this.

  • by senorrib on 10/24/23, 1:22 AM

    Man, this enrages me so much. But I'm glad I live in a third world country where access to legal defense is relatively cheap. Here I would just tell them to piss off and get on with my life.

  • by supergeek133 on 10/24/23, 2:15 PM

    I run a rather large API program for an Residential IoT manufacturer.

    We have multiple systems, some with a public API some not.

    The biggest problem is simply support. We'd LOVE to have more public ability to interact but I simply can't support every independent developer out there.

    Also, people agree to a legal terms of service to get access BUT don't always follow it (e.g., data storage agreements, use case agreements, etc).

    Coming at it from Mazda's POV, it could be that but it also could very well be the monetization aspect.

  • by walterbell on 10/23/23, 9:13 PM

    Cue TV commercial from Mazda competitors: Own The Road with shots of winding scenic roads, auto dashboard and tripped-out Home Assistant dashboard.

      Many manufacturers appear to be OK with especially resourceful owners optimizing their cars in this way. Home Assistant's integration library features at least six automakers, including BMW and Volvo, while Tesla recently published details of its new, official, open API for third-party developers to employ.

  • by iamsaitam on 10/25/23, 9:43 AM

    The judicial system is utterly broken when by using it, intimidation from a wealthier party is enough to achieve their wanted outcome. Perhaps we shouldn't allow people that have no (realistic) means to defend themselves from being sued. Of course this would be ridiculous and open up a myriad of abuses. OTOH what we have now is a tipped scale towards wealth, where justice loses its meaning.

  • by hanszarkov on 10/23/23, 10:17 PM

    I'm one engineer that won't be buying a Mazda

  • by not_your_mentat on 10/24/23, 1:47 PM

    Wasn't the "prioritary API" but resolved in Oracle vs Google? I was under the impression that an API is like a phone book and a you cannot copyright a collection of phone numbers. How is the API claim legally defensible?

  • by jms703 on 10/23/23, 11:14 PM

    I'm in the market for a new car and I'm deciding between Mazda, Acura, and Toyota. I'm quite curious to see how these other manufacturers are treating developers.

  • by razodactyl on 10/25/23, 9:05 PM

  • by quantum_state on 10/23/23, 11:41 PM

    The car maker can void some warranty but it has no right to do what it did. The car is the property of its owner who can do whatever with it.

  • by jonoc on 10/23/23, 9:06 PM

    "Even if I believe that what I'm doing is morally correct and legally protected, legal processes still have a financial cost. I can't afford to take on that financial risk for something that I do in my spare time to help others." - this is very logical and exactly what I would have done but it still makes me very sad that this is the way the world works right now :(

  • by 0xbadcafebee on 10/23/23, 9:18 PM

    > Mazda has invested tremendous time and resources to develop confidential and proprietary information including computer code used by company. Recently certain Mazda Information, including proprietary API information, was used to create code and information posted to GitHub.com identified in repository of bdr99 ([private]). This repository contains code developed in python (https://github.com/bdr99/pymazda) and javascript (https://github.com/bdr99/node-mymazda), and appears to have been uploaded and used to create computer code associated with home-assistant.io and mobile applications. MNAO analyzed some of the code and determined that the code provides functionality same as what is currently in Apple App Store and Google Play App Store. We are requesting immediate removal of code from Github, brd99.

    Since when is an API call proprietary information? Can they even claim a DMCA against it? That's like claiming DMCA for telling someone how to flick a light switch.

  • by a2xd94 on 10/23/23, 9:56 PM

    Hey loyal Mazda fan,

    That money you could be making, yeah we don't like you getting it instead of us, so cough it up! Also, while we're at it, cool idea...thanks for the work! Here's nice thankful lawsuit for your hard work. We'll go ahead and privately fork that repo and totally not rip your functionality off and somehow manage to mess it up while overcharging for it! :)

    Worst regards, thx for the moneys and screw you,

    Mazda