This article originally appeared in The Boston Globe by Hiawatha Bray.
Do we really need another Right to Repair law? That’s what the backers of Question 1 on the November ballot think. But is this the right law?
Question 1 would require carmakers to explicitly provide independent repair shops and mechanics with remote access to the sophisticated computerized diagnostics built into new autos these days.
The initiative is aimed at rectifying a loophole in the original Right To Repair measure, passed eight years ago, which required automakers to sell to independent repair shops in Massachusetts the same digital diagnostic tools and software they provide to their own dealerships.
Now, drive a Ford or a Toyota or a Mercedes into pretty much any repair shop, not just here in Massachusetts but across the country, and a mechanic can plug into the vehicle and talk to all of its onboard computers.
But the carmakers stopped short of providing those mechanics with remote access to the data your car can transmit wirelessly, a huge convenience for vehicle owners, who don’t have to first drive to the repair shop to have a problem diagnosed. A large and growing number of vehicles are capable of this — GM cars equipped with the company’s OnStar system, for instance.Get Business Headlines in your inboxAn afternoon recap of the days most important business news, delivered weekdays.Sign Up
“This is like an end run around the intent of the original law,” said Bob Denley, a car mechanic in Lee who backs Question 1.
Both sides have pitched the ballot question in apocalyptic terms: The independent repair shops say they will go out of business without it; lobbyists for the auto companies warn that passage would make it easier for sexual predators and other undesirables to get access to personal information from your vehicle.
But a fascinating video produced for automotive regulators in the European Union shows what’s really at stake.
A couple driving through the French countryside notices that a tire is going flat. Like many late-model vehicles, this car announces the bad news on a dashboard video screen. But we also see an icon that lets the passenger instantly phone a nearby repair shop, and then tap another to instantly relay the relevant information.
Miles away, the mechanic says, “Ah, I see you drive a Ford Mondeo equipped with Michelin tires, size 255 70R18. Yes, we’ve got them in stock. Come on by.” Or words to that effect.
There was no need to pull over and squint at the nearly illegible code numbers stamped on the tire. The car itself told the mechanic what was wrong, so he could be ready with exactly the right tire.
In the video, the driver is happy with the new tire and adds the repair shop to a list of favorites stored in the car’s computer. Next time something goes wrong, guess which garage is going to pop up on the screen first?
So this isn’t merely about getting access to the data needed for repairs. It’s about getting access to new customers. Without remote access to car data, the independent shops will be at a severe competitive disadvantage.
Say the brakes on your Toyota are getting worn. Toyota’s telematics system could notice it before you do. That day, you get an e-mail warning you of the problem and offering a discount on brake service at your nearest Toyota dealer. That’s bad news for the independents.
So their US-based trade group, the Auto Care Association, wants the industry to adopt a system called SVI, or the Secure Vehicle Interface. SVI would be a data communications technology built into all cars, giving owners full access to their data, which they could easily relay to repair shops of their choosing.
SVI is designed to snatch control of a vehicle’s telematics from the carmaker to a network run by an independent company. Manufacturers would connect their telematics systems to the network, but would have no say over how it is run.
Question 1 basically makes SVI mandatory in Massachusetts. If it passes, making the change in just one state will cost so much that the carmakers might just adopt the standard nationwide.
Car companies prefer a different approach that works a lot like SVI, but keeps each manufacturer in control of the data from its vehicles. Mechanics’ shops could get access to the telematics data, but only on the manufacturers’ terms.
It’s easy to see why repair shops favor Question 1. But should we?
Bryan Reimer, a research scientist in transportation and logistics at the Massachusetts Institute of Technology, is not a fan. “The way it’s written, the cybersecurity issues here are nuts,” he said.
For one thing, should we connect every car on the road to a single network? A July letter to Massachusetts lawmakers from the National Highway Traffic Safety Administration warned that the scheme is inherently risky because it creates a single point of failure. If a hacker manages to compromise the Ford telematics network, he’d only be able to sabotage Fords. Hack a unified SVI system, and the attacker could sabotage cars of every make and model.
Maybe this problem can be solved. But it will take time. And the car industry won’t have any if Question 1 passes.
It would take effect with the 2022 models, which go on sale in a year or so. All the engineering for 2022 cars was finished long ago, Reimer said. Carmakers worldwide will have just a few months to tear their telematics software apart and make it SVI-compatible. A rush job like that could easily add new bugs that might cause cars to malfunction or security flaws that could make vehicles easier to hack.
“The timeline this bill calls for is ludicrous,” Reimer said. He added that if he were a carmaker and Question 1 passed, “I’m just not selling model 2022 cars in the state of Massachusetts.”
Suddenly, I’m almost glad I can’t afford a new car.