BOSTON (State House News Service) — Opponents of a proposed ballot question that would require vehicle manufacturers to allow repair shops to access digital information are running a "fear campaign" by alleging that the suggested law would create privacy risks, consultant and former Boston Police Commissioner Ed Davis said Wednesday.
The proposal, which would update a 2013 law by mandating that vehicle owners and independent repair shops can access telematic data often held by manufacturers, has prompted significant debate about cybersecurity.
A coalition formed to oppose the idea argues that current law provides sufficient access to automobile diagnostic information and that expanding the statute would expose personal data to hackers. The group plans to spend half a million dollars on an advertising campaign calling for voters to oppose the ballot question.
Davis, who launched his own security firm after retiring from the Boston Police Department and is a paid consultant for the Right to Repair group pushing the ballot question, said at a legislative briefing that those claims are unfounded.
"I know a little bit about this business, and I also know a fear campaign," Davis said. "That's what we're seeing here. When I drive down Route 93 and I see billboards with menacing-looking people with hoodies on talking about your security—that's inappropriate for what we're having here."
"If I buy a car and I drive out of the dealership, I don't want to be bound by chains to that dealership," Davis continued. "I want to be able to do what I do with my own car. This prohibits that (binding) from happening."
Since the "right to repair" law was approved in 2012 and implemented in 2013, supporters say, technology has evolved and automobiles have increasingly included digital features. They hope the update will ensure that manufacturers cannot prevent outside shops from accessing important information about their customers' vehicles.
Proponents are hoping to use the initiative petition process to trigger either a legislative change or a November ballot question. They want to expand the existing law to guarantee consumer or independent business access to telematic information exempted in the 2013 statute.
"When we agreed to that (exemption) as the olive branch with the manufacturers back in the original generation of this bill, telematics was in its infancy. It is no longer," said Glenn Wilder, whose family has owned the Wilder Brothers tire and repair shop in Scituate for 112 years. "Cars we're using right now have it in there right now. My fear moving forward is there's real-time information manufacturers are collecting through telematics that are not being shared with the independent repairers."
The Coalition for Safe and Secure Data, which opposes the ballot question, argued in response that existing law already allows access to diagnostic and repair telematic information and only exempts other information such as location data.
In a statement after Wednesday's briefing, CSSD spokesman Conor Yunits—whose group already launched its own advertising campaign—said "deep-pocketed groups have invested more than a million dollars into their misinformation campaign and indicated their clear intent to put this question in front of voters."
"So let’s be equally clear, remote access to driving habits and location in real-time is never necessary to diagnose or repair a vehicle," Yunits said. "Under this ill-conceived proposal, the personal data of Massachusetts drivers will be readily available to strangers, hackers, and criminals without any safeguards for protection. Our Coalition will continue to advocate for safe and secure data and work to defeat this dangerous ballot question."
Several speakers at the briefing hosted by right-to-repair reform supporters pushed back on allegations that opening up access to the information is dangerous. Brian Romansky, chief technology officer at Owl Cyber Defense, said the technology in question more securely manages credentials and rights than do most web platforms.
Retired U.S. Navy Rear Admiral Michael Brown, who previously served as director of cybersecurity coordination for the Department of Homeland Security and now works for Davis's company, agreed that the transmission of information can and must be done securely.
"The owner of the vehicle may want a certain part of the information, whereas, rightfully so, the manufacturer may not want to provide access to elements of its operating system, but from a repair standpoint, that information can and should be provided to independent users," Brown said. "You have control over how the information is accessed and you have control over who has access to that information."
Lawmakers have until May to act on the proposed "right-to-repair" update and other ballot questions for which supporters collected enough signatures. If the Legislature declines, campaigns can collect 13,374 signatures to force the question onto the November ballot.
The Joint Committee on Consumer Protection and Professional Licensure grilledadvocates from both sides of the issue in January.
Rep. Paul McMurtry, who hosted Wednesday's briefing and filed legislation mirroring the ballot question, told the News Service he is hopeful that fellow lawmakers will find consensus and avoid a statewide ballot question.
"I always feel better public policy is generated through the legislative process, so I'm going to remain optimistic that we're able to continue the conversation, like today's briefing, and educate my colleagues on this issue," he said. "I remain hopeful we can act on it before a ballot question is taken up."
by Chris Lisinski, State House News Service
(Photo: Getty Images)