MA Ballot Question 1 - You lose
Discover more from Ignorantia Peritorum
MA Ballot Question 1 - You lose
Initially published on LinkedIn
There is a lot of confusion (and even more ads!) about MA ballot question 1 (Motor Vehicle Mechanical Data), which concerns open access to vehicle telematics data. Most people have no idea what telematics are is, or why industries would line up on both sides of the issue to the tune of roughly $40M.
My assessment is that no who wins this ballot, the consumer loses.
Background
The ballot question appears to revolve around MA Bill H.3757, commonly known as Massachusetts' "Right to Repair" bill. This bill began its life as a 2012 general election ballot question, which required auto manufacturers "to allow vehicle owners and independent repair facilities in Massachusetts to have access to the same vehicle diagnostic and repair information ... [as] dealers and authorized repair facilities." Modern vehicles have significant software and processing power, and it is possible to use obfuscation and cryptography to restrict who can access their diagnostic data. Independent repair facilities wanted access to this data so that the consumer would not be locked in to using the dealer for vehicle repairs.
The loophole
Buried within the text of HR.3757 is a sneaky loophole, item (2)(f):
…nothing in this chapter shall apply to telematics services or any other remote or information service, diagnostic or otherwise, delivered to or derived from the vehicle by mobile communications
In case there is confusion, the bill elaborates that telematics services include (but are not limited to)
automatic airbag deployment and crash notification ... and any other service integrating vehicle location technology and wireless communications.
In other words, your car can record a wide variety of information about its use, and relay the information (typically wirelessly) back to the manufacturer. Unfortunately, such telematics data can correlate with extremely private information about your life. Location history, for example, can be used to identify where you live and work, your friends, your religious or political interests, and possibly even your medical concerns.
Follow the money
Telematics data can be extremely valuable! For example, Bloomberg ran a piece in March on John Deere tractor telematics, which may transmit all types of planting data (moisture, nitrogen levels in soil, seed placement) back to the manufacturer, and could be sold to third parties … even those who sell products to the very farmers who supposedly own the tractor. Indeed, the tractor owners themselves may not actually have access to this telematics data, which could be easily encrypted in transit against the manufacturer's secret key.
Car telematics data could be even more valuable, potentially revealing a consumer's shopping preferences, driving habits, or even mood (are you constantly jamming the brake?) - all of which can be effectively monetized by advertisers, insurers, and the like.
The Battle
So, what exactly is going on here?
The NO camp
The auto manufacturers thus appear to have a vested financial interest in both collecting privacy-intrusive telematics data and keeping it inaccessible to others. It is thus not surprising that Steve McElhinney (as part of a coalition to vote no on the measure) categorizes the bill as a "data grab by third parties". The NO camp also argues about the privacy implications of making this potentially private data accessible to a wide variety of third parties. With their reasoning, you could imagine a malicious independent garage slurping up your telematics data at your next repair, and turning around to sell it for profit elsewhere (or maybe even to you).
Unfortunately, the reality is that no computer system can ever be fully secure. Indeed, there have been a number of spectacular attacks on vehicle telematics systems, including a cool demo by Charlie Miller and Chris Valasek to remotely control a 2015 Jeep Cherokee. As such, I think that it is foolish to rely on the auto manufacturers ability to maintain complete control over this sensitive data.
The YES camp
Proponents of the initiative suggest (without clear substantiation) that auto manufacturers are increasingly moving diagnostic information into telematics as a means of circumventing the 2012 law. They thus claim that access to this data is necessary for proper third-party repair your vehicle.
Another argument (that they do not appear to mention) is that opening the this data to third party may reduce the incentive for manufacturers to add even more privacy leaking telematics in your car. An open standard could also open telematics data to scrutiny, from both researchers and politicians, and may ultimately benefit the broader public.
Ownership
In the olden days, you gained full control over a product when you purchased it. These days, software and ubiquitous network connectivity enable manufacturers to maintain control over their product well after your purchase. At the same time, most of our products, including cars and smartphones, have increasing numbers of useful sensors built in that can also leak very lucrative information.
MA Ballot question one addresses the question of which companies should be able to access your potentially private car data - the manufacturers alone or those you authorize. However, most consumers do not really understand the significance of releasing telematics data (any more than signing a draconian liability waiver).
In effect, both sides side-step the main concern :
Who owns your data?