21 Sep Pres. Jonathan Cartu Publishes – Massachusetts has been pummeled by ads about Question 1….
Massachusetts voters are being asked this November to not only weigh whether to expand the state’s “Right to Repair” law, which gives independent mechanics access to a car’s diagnostic codes, but seemingly which dystopian future they most want to avoid.
Fueled by a multimillion-dollar battle between car companies like General Motors and aftermarket chains like AutoZone, the 30-second spots pummeling local airwaves offer what experts say are inflated versions of the ballot question’s potential impact.
Those dueling caricatures, they say, are propped up in part by the initiative’s sometimes broad language and the challenge for lay voters to grasp the intricacies of vehicle cybersecurity. Even the state’s leading advocacy group against domestic violence has bristled at the opponents’ use of a survivor’s experience to “polarize a particular issue.”
“All the arguments I’ve heard — pro and con — are fairly accurate, but they’re being exaggerated,” said Raymond Albert, an Assumption University professor and director of the Worcester school’s cybersecurity program. “They’re trying to sway the populace’s opinion and take advantage of the fact they don’t understand the underlying issue.”
Question 1 asks voters to return to a debate they considered eight years ago: Giving local repair shops access to the data from a car’s computer system. The 2012 question that voters approved, and the Legislature tweaked, allowed independent repair shops to plug into a car to help diagnose problems and effectively gave owners more choices of where to get their cars fixed.
Now, a coalition that includes aftermarket businesses — think AutoZone and O’Reilly Auto Parts — has so far raised $9.2 million as part of the campaign asking voters to also open access to the mechanical data transmitted wirelessly from a car, known as telematics. That system, often found in late-model cars, monitors and remits real-time readings on the vehicle back to the manufacturer.
Should the question pass, manufacturers would be required to equip vehicles starting with 2022 models with an open access platform for that data. Owners could then retrieve the mechanical readings through an undefined mobile app, and grant a local repair shop access to help in repairs.
One TV spot the Massachusetts Right to Repair Coalition has run posits a future where, without allowing that broader access, dealerships would have “no competition” in repairing vehicles. Yet, even its leaders acknowledge the dire situation it warns of could be a decade away, while opponents say it’s a wildly misleading characterization of the auto repair market, where owners would still have choices for finding fixes.
But the debate has bled well beyond questions of who gets to repair your rattling muffler, and into a complicated world of data privacy and how best to protect it.
The Coalition for Safe and Secure Data, backed by nearly $26 million in contributions from General Motors, Toyota, and other automakers, has mounted a furious opposition campaign, pouring $9 million so far into advertising and media, including a commercial featuring a local shop owner claiming that “anyone could get your personal data.”
Others have offered more specific, and sinister, situations, including insinuating that the garage codes to your home could be at risk.
The commercial cites a warning from the Federal Trade Commission, but it’s from a FTC press release from 2018 — well before the ballot question was proposed. The release advised owners to wipe their personal data — such as any stored garage codes — from their car before selling it or donating it, and does not cite any “Right to Repair” proposal.
Another ad, featuring the woman alone at night in the parking garage, tells viewers that “domestic violence advocates” say predators could use your car’s data to track their victim’s location.
That claim, however, is from testimony the California Coalition Against Sexual Assault submitted on failed legislation in that state from 2014. The California bill, while similar in allowing access to a car’s data, specifically included geolocation information, which the Massachusetts proposal does not.
In an official voter guide the state is sending to millions of voters, the Coalition for Safe and Secure Data cites a line from January testimony submitted to lawmakers by Jane Doe Inc., a Massachusetts domestic violence survivor advocacy group, raising concerns about GPS data being accessed. The coalition said that such groups “urge you to vote NO.”
But Jane Doe’s leadership, acknowledging automotive cybersecurity is not its expertise, said its thinking on the issue has since “evolved,” and that it has not taken a definitive stance on the question.
“Whether or not this initiative passes, those concerns still exist,” Hema Sarang-Sieminski, the group’s policy director, said of a survivor’s vehicle data falling into the wrong hands. “There’s a discomfort for us in having the experience of survivors being highlighted in the way the commercial does.”
Conor Yunits, a spokesman for the coalition, said the concerns it raises in its ads are valid. While the ballot question specifies that it’s mechanical data to which owners will have access, it would allow for data “related to” the diagnosis, repair, or maintenance of cars — a phrase, Yunits argued, that could open a door to debate of whether location or other personal data could help in diagnosing a car’s problems.
“Our concern is not what local repair shops do with this information. It’s this platform that this law would create,” Yunits said. “There’s nothing in there about cybersecurity . . . It’s a single open data platform accessible by an app, and there’s not one app that exists now.”
How much jeopardy a person’s data could face should the question pass, however, ranges even among cybersecurity experts.
Bryan Reimer, a research scientist in the MIT Center for Transportation and Logistics, warned that the question’s wording could be an “accelerant” for fraud within a highly complicated telematics system. “Cars are not as case-hardened as they should be,” Reimer said. “The more you open [access], the more vulnerabilities there are.”
The National Highway Traffic Safety Administration, too, has said it has broad concerns that…