Earlier California proposal defeated after strong opposition from domestic violence groups, NAACP

BOSTON, MA – JULY 30, 2020 – The regularly scheduled Massachusetts legislative session will officially end tomorrow, July 31, with the Legislature taking no action on Question 1 or more than a dozen nearly identical bills filed in the House and Senate. Massachusetts will become the second state, after California, to take no legislative action on vehicle data proposals that raise significant risk for drivers and vehicle owners. Question 1, which expands on a similar proposal that was rejected by the California legislature six years ago, will now be put to voters on November 3.

“A less intrusive version of Question 1 failed in California because it was considered unnecessary and risky. That risk is now significantly magnified in Massachusetts under the proposed language in Question 1, and it is still completely unnecessary,” said Conor Yunits, spokesperson for the No on 1 campaign. “Whether this question passes or fails, consumers will still be able to get their cars fixed wherever they want. But if this question passes, the personal vehicle and driving information of Massachusetts drivers will be open to more tracking and more hacking.”

The California bill, defeated in 2014, was similar in ideology but less expansive than what has been proposed in Massachusetts.

For example, the California proposal clearly defined what vehicle information would be covered under the law, while the Massachusetts proposal was left intentionally broad, covering any information “related to the diagnosis, repair or maintenance of the vehicle,” a phrase so vague that it could encompass virtually any information, especially GPS location data. Additionally, the California proposal included strict language regarding the resale or release of vehicle information to third parties – language that is noticeably absent from Massachusetts Question 1.

Perhaps most disturbing, while the California proposal focused on information being transmitted from the vehicle, Massachusetts Question 1 explicitly allows third parties to “send commands” to vehicles, creating untold cybersecurity risks that have been flagged by data privacy experts and federal safety agencies.

Even without these more expansive measures included in Massachusetts Question 1, the California proposal generated strong opposition from a variety of voices, including domestic violence advocates and the NAACP. In testifying against the proposal, the California Coalition Against Sexual Assault wrote that the proposal would allow:

“…people to access very detailed information, including how, when and where a person drives. From this information, a third party, such as a sexual predator, could stalk and/or harm victims by exploiting insecure transmissions of vehicle information.”

The California State Conference of the NAACP had broader concerns about tracking and redlining, writing in its testimony:

“Such electronic surveillance reveals types of information, such as what a person does repeatedly, what he or she does not do, and what he or she does ensemble. A third party who knows all of a consumer’s travel can deduce whether he is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups-and not just one such fact about a consumer, but all such facts. Granting third parties access to geo-location data or telematic system data, the third party can precisely record a consumer’s every movement, and hence can reveal completely private destinations, like trips into neighborhoods that the third party service provider has red lined.”

Question 1 does not include any safeguards that address the concerns outlined above, nor does it make any mention or any provision for the protection of personal safety or cybersecurity. Despite the protestations of former police officers on the payroll of the aftermarket industry, a growing consensus of independent experts believes Question 1 carries enormous security risk.

Massachusetts should follow California’s lead. Privacy advocates, cybersecurity experts, and domestic violence advocacy groups and vote NO on Question 1.