Ballot proposal compromises driver privacy and undercuts vehicle cybersecurity

BOSTON, MA – September 4, 2019 – A proposed 2020 ballot question certified today by Massachusetts Attorney General Maura Healey would make personal driving data available to third parties with no safeguards to protect driver’s private information or physical safety. The potential question, one of 12 ballot questions certified by the Attorney General, is framed by supporters, including national auto repair chains and auto-parts dealers, as an “update” to an existing vehicle repair law, but would instead expose personal data, including real-time vehicle location and driving habits, to an unlimited number of third parties.

“This proposal is a threat to the consumer privacy and cybersecurity of Massachusetts drivers. It risks making personal data readily available to third-party groups and creates no safeguards for how third-parties store and protect your information,” said Conor Yunits, spokesperson for the Coalition for Safe and Secure Data. “Given the world we live in now, we should be finding ways to keep personal information safe, not exposing it to added risk.”

A group largely funded by third party aftermarket auto-parts dealers submitted the proposed ballot question, dubbed 19-06: “The Initiative Law to Enhance, Update and Protect the 2013 Motor Vehicle Right to Repair Law,” in an effort to access personal driving data that is not necessary to repair cars, and was specifically excluded from a prior law and a national memorandum of understanding because of the risks it poses to consumer privacy and cybersecurity.

“This ballot proposal is not about who can fix your car; it is about how many companies and people have remote access to your driving habits, patterns and location in real-time,” Yunits said. “Automakers already provide all information needed to repair and diagnose a vehicle today and will continue to in the future.”

Under the existing law, consumers decide who can access their personal driving data, and how and when they can see it. Any independent local repair shop can access vehicle data when a car is in the shop for service, and there are numerous plug-in devices on the market to give third parties access if a consumer so chooses. The law already requires that if information needed to diagnose or repair vehicles is only accessible wirelessly and is shared with dealer repair shops, then that information also must be shared with independent repair shops.

The ballot question certified by the Attorney General today does nothing to improve consumer repair options, but only creates significant privacy and personal safety risks.

The proposal has no controls to prevent third parties like insurance companies and advertisers from gaining unlimited, real-time, remote access to driver’s personal driving information. With this type of access, third parties can monitor individuals while they are driving, and when they stop, from remote locations. The proposal would also grant third parties the ability to proactively send information into personal vehicles.

In the hands of the wrong person, this real-time, remote access could be used to track, lock/unlock or even shut vehicles off.

The aftermarket auto-parts dealers have until early December to collect more than 81,000 signatures from Massachusetts voters before the proposal can take the next step toward the 2020 ballot.

For media inquiries, please contact Conor Yunits at [email protected].