Consumer Advocacy Group Demands Driving Data Be Controlled by Drivers
Fair warning, my bias rests firmly in the right-to-repair camp, so I can’t pretend not to favor GAVDA here and won’t bother to try. But that doesn’t mean there aren’t lingering issues that need to be addressed or room for compromise. We also don’t know what we don’t know.
For example, the Alliance for Automotive Innovation warned Congress “a ballot initiative being pushed by outside parties in the Commonwealth of Massachusetts would force motor vehicle manufacturers to allow outside parties to be granted real-time, bi-directional access to vehicle data,” suggesting that the arrangement runs the risk of widespread cybersecurity issues — comparing it to the current pandemic.
This seems like a valid concern on its surface, if not slightly hyperbolic. Yet I’m not an expert in such matters, despite spending hours upon hours reading about them. However, if the risks truly were as dire as the AAI claims, one would assume the obvious solution would be not to harvest the data in the first place — but that would interfere with the automotive and tech industries’ long-term scheme.
“Vehicle manufacturers in North American and Europe continue to raise the ‘boogeyman’ of cybersecurity to intimidate legislators and regulators on the issue of access to vehicle data by vehicle owners,” Greg Scott, executive director of GAVDA, said in a statement to Automotive News. “The manufacturers know, and GAVDA members know, that vehicle owner access to vehicle data can and is being accomplished in a cybersecure manner and that the manufacturers’ actual goal is the commercialization of vehicle data to enhance their bottom lines at the expense of competition and consumer protection.”
Bingo. But does that mean opening up the data to third parties is a good idea?
That’s largely down to who has access. If your local repair shop is trustworthy and scrubs sensitive information between visits, then the danger is probably no greater than leaving it to be stored at the manufacturer’s data center. But if it’s irresponsible, then you may have just opened yourself up to unnecessary risk.
According to the law being proposed in Massachusetts, any vehicle sold within the state that transmits data back to the manufacturer after 2022 will be legally obligated to have a standardized, open-access data platform equipped. This will allow third parties and customers to have more direct control over their vehicles, which the Alliance for Automotive Innovation claims creates an unnecessary vulnerability. But it’s not supposed to be a data buffet. Owners would have direct access to all mechanical information amassed via a mobile application and could then authorize repair facilities (or whoever else) access for diagnostic purposes.
Under the proposed law, automakers would not be allowed to require authorization before vehicle owners, independent repair facilities or dealerships could access the data stored in the vehicle’s on-board diagnostic system, according to the bill’s text.
The alliance, which represents most major automakers in the U.S., argues the ballot initiative poses “cybersecurity, personal safety and privacy risks to the owner of the vehicle” and endangers others on the nation’s roadways.
“Simply put, while manufacturers remain committed to allowing consumers to decide where to take their vehicle for repair and maintenance needs, there is no scenario in which real-time, remote access by third parties would be necessary to diagnose or repair a vehicle,” the alliance said in the letter.
The official position of the Global Alliance for Vehicle Data Access is that customers are technically the ones creating and giving manufacturers permission to access the data (even if it’s not stated formally). As such, it “strongly supports the bidirectional, real-time control of motor vehicle data by motor vehicle owners.”
Meanwhile, the government (which nobody seems overly fond of these days) seems to be more in line with the AAI. NHTSA Deputy Administrator James Owens previously noted that 3rd parties need to be able to service automobiles, but essentially told Congress the Massachusetts bill was dangerous. Having watched the right-to-repair movement struggle over the last few years, I’ve no faith that the legislative branch will side against corporations on behalf of consumers and small business owners. However, I cannot state that the AAI’s cybersecurity claims are without merit — though I don’t actually believe they’ll be substantially more responsible in handling the data. This one is kind of a crummy situation in general where the consumer starts out with their privacy and DIY abilities already being whittled away.
[Image: CAT SCAPE/Shutterstock]