Massachusetts Votes on Expanding Access To Car Data, 'Could Set the National Standard' (wired.com) 34
On Tuesday Massachusetts will vote on expanding the state's right-to-repair law to include more access to car data, in an initiated state statute known as "Question 1."
Wired reports: The measure is meant to address how data sharing will work as cars start to suck in and share more wireless data. The Coalition for Safe and Secure Data, backed by giant automakers, is urging state residents to vote No, arguing that easier access to this data poses security risks.
At the core of the issue is the not-insignificant question of what expanded access to wireless car data might look like and how secure that is. It's not just a question of who can repair a car and access the data, but who owns the data in the first place. The answer could ripple across the industry for years to come, which is why both sides of Question 1 have poured millions of dollars into the fight. And because the U.S. has been slower to address these issues in federal legislation, Question 1 could have impact beyond Massachusetts state lines. Ultimately, the measure "could set the national standard for cars," according to Kyle Wiens, the founder of California-based iFixit and a vocal right-to-repair advocate...
If a majority of Massachusetts residents vote Yes on Question 1 this fall, carmakers would have to install standardized, open data-sharing platforms on any cars with telematics systems starting with model year 2022. "Owners of motor vehicles with telematics systems would get access to mechanical data through a mobile device application," the ballot summary reads...
Early polling suggests the state of Massachusetts will vote overwhelmingly in favor Question 1...
"Hopefully this means we have an open-standard development process," Wiens tells Wired, "with all cars in the U.S. using the same standard, and a new world of innovation around mobile apps."
Wired reports: The measure is meant to address how data sharing will work as cars start to suck in and share more wireless data. The Coalition for Safe and Secure Data, backed by giant automakers, is urging state residents to vote No, arguing that easier access to this data poses security risks.
At the core of the issue is the not-insignificant question of what expanded access to wireless car data might look like and how secure that is. It's not just a question of who can repair a car and access the data, but who owns the data in the first place. The answer could ripple across the industry for years to come, which is why both sides of Question 1 have poured millions of dollars into the fight. And because the U.S. has been slower to address these issues in federal legislation, Question 1 could have impact beyond Massachusetts state lines. Ultimately, the measure "could set the national standard for cars," according to Kyle Wiens, the founder of California-based iFixit and a vocal right-to-repair advocate...
If a majority of Massachusetts residents vote Yes on Question 1 this fall, carmakers would have to install standardized, open data-sharing platforms on any cars with telematics systems starting with model year 2022. "Owners of motor vehicles with telematics systems would get access to mechanical data through a mobile device application," the ballot summary reads...
Early polling suggests the state of Massachusetts will vote overwhelmingly in favor Question 1...
"Hopefully this means we have an open-standard development process," Wiens tells Wired, "with all cars in the U.S. using the same standard, and a new world of innovation around mobile apps."
Isn't it one way? (Score:2)
At the core of the issue is the not-insignificant question of what expanded access to wireless car data might look like and how secure that is.
Someone correct me, but isn't the data stream coming from the vehicle to whomever a one-way channel? It's only sending, not receiving, data? Assuming it is a one-way channel, how difficult would it be to make it bi-directional?
Re: (Score:2)
My car receives OTA software updates, so it must be bidirectional.
Re: (Score:1)
My car receives OTA software updates, so it must be bidirectional.
Bullshit.
There are lots of examples of one way traffic. Satellite TV, for example. IP multicast, is another. You don't need bidirectional traffic for OTA software updates. It makes it a lot easier and more efficient, but it's not required.
Re:Isn't it one way? (Score:4, Insightful)
Bullshit.
Perhaps you should switch to decaf.
There are lots of examples of one way traffic.
Indeed there are.
But we already know that these systems send diagnostic data upstream.
They can also receive updates coming downstream.
Ergo, the channel is bi-directional.
Re: (Score:2)
these systems send diagnostic data upstream.
Yeah, but that's not the original statement. Look up, and you see "they can receive updates, thus must be bi-directional". I'm merely pointing out that such a conclusion is unfounded.
Re: (Score:2)
They use LTE not satellite.
Re: (Score:2)
Okay, fine. But isn't it still one way? By that I mean the system is set up to only send its data via LTE, not get anything back?
I'm not trying to be obtuse, I'm just trying to understand why the issue of security would come up if data is only being sent, not received. If someone could plug a standard connector into a port to download their car's data, and the channel is only one way, there shouldn't be a security issue. The system should be designed to only give, not receive.
Or am I missing something ob
Re: (Score:3)
I'm just trying to understand why the issue of security would come up if data is only being sent, not received.
Because the data being sent contains a precise record of everywhere the the vehicle was and how it was driven. It contains the places you stopped to purchase drugs, alcohol, or sex. It contains the places you stopped to attend church, a support group, a political gathering, or to receive specialized medical care. It contains information on exactly how fast you were driving, for how long, and can be used to identify a variety of traffic violations you have committed. It contains data about what radio station
Re: (Score:2)
I would hope that granting access to the data stream generated by the vehicle would require some sort of positive authorization by the owner of the vehicle.
I would hope so too, but I don't think that's currently the case. Because AFAIK during the purchasing of a new vehicle there's nothing in the paperwork that gives the customer a choice of allowing or denying data access for the car company, the dealership, and who knows who else. And there's certainly no "off" switch that the buyer can throw to stop the car from ratting him or her out.
This is yet another case of 'you paid for it but you don't really own it'. Renting is the new 'owning' - get used to it.
Re: (Score:1)
> Okay, fine. But isn't it still one way?
If you want to be pedantic, I doubt LTE is true one-way. They probably have packet ACKs being sent back etc.
Global Positioning and Satellite Radio truly are one-way though. The sender doesn't care if you received the signal or if it was corrupt, etc. It just continually broadcasts and the receiver is responsible for processing whatever they get - no ACKs, no confirmations, no 2-way authentication.
Re: (Score:2)
>But isn't it still one way?
Nope. I can run a web browser on the screen of my car.
I can request or retard updates by selecting options on the screen.
The vendor will message me if there's a problem detected needing a trip to the service center.
Data is going both ways. Since it's IP-over-LTE, it couldn't be any other way.
If I read it right, the bill would let me see the reporting data too. That should be a thing.
"with all cars in the U.S." (Score:2, Interesting)
Some clarification needed.
1) What if the same car will drive over to Canada.
2) What if a car from Canada will drive over border to US.
3) What if a car was made in Germany - will the same standards apply?
4) Or in China or Russia?
5) Are U.S. lawmakers okay approving the same government access for US cars driving in said China or Russa?
Re: (Score:2)
1) What if the same car will drive over to Canada.
2) What if a car from Canada will drive over border to US.
Pay for the full NA extended warranty or you may face data roaming fees as high as ".002 dollars per KB."
Re: (Score:3)
"with all new cars sold in the US"
Re: (Score:2)
I would imagine it would only apply to cars *SOLD* in the US.
It would not apply to foreign purchased cars temporarily being driven in the US (eg canadians taking a vacation), and probably wouldn't apple to unofficial imports of foreign sold cars.
For german cars, you may find that only the US model includes this feature and cars sold elsewhere don't, or the manufacturer may find it's easier to just produce one standard model. This is already common, for instance some countries have more stringent safety or
You should hear the fud against this (Score:3, Insightful)
"It reduces security and safety" like that data stream is secure by virtue of being obscure
"No one needs that data to fix your car" sure...let's poke around some electronics without knowing what they're doing
And more of the same.
Why do cars need to be on the internet? (Score:2)
Re: (Score:2)
Just keep that air cooled VW in the slow lane and let people pass.
Replacing the antenna with a dummy load is not exactly hard.
Re: Why do cars need to be on the internet? (Score:3)
Because we do not have adequate privacy laws. This stuff should all be opt-in.
What we really need is a Constitutional Amendment that clarifies privacy rights in the digital age.
Re: (Score:2)
What we really need is a Constitutional Amendment that clarifies privacy rights in the digital age.
Sure - because the Constitution is still taken seriously and the rights and protections it grants are consistently and vigorously protected and enforced. Where have you been the past few decades, and especially the past few years?
Re: (Score:3)
Given your comment and your sig, I can only assume that you are Marvin the Paranoid Android. The world's not perfect, but that's no reason to toss your hands up and declare attempts to improve the world to be pointless exercises.
Re: (Score:2)
this whole idea of "connected cars" feels creepy to me what point does it serve other than giving more data to be mined by advertisers?
I have serious concerns about how data from connected cars may be abused and exploited (sold to thirds parties, handed over to law enforcement without a warrant, etc,) but there is an abundance valid and worthwhile reasons for having connected cars.
Defect tracking: I would expect the data is constantly filtered for annommolies. Data from most, if not every, unit sold of a particular model would speed up defect tracking, reporting, and in theory, solutions. Example: If one catches fire while being driven in
Re: (Score:2)
The state can regulate what cars are allowed to be sold and registered within their state. Many states have differing rules for vehicles already.
What they can't do is restrict cars sold and registered in other states from being driven into their state.
There is already a patchwork of rules and regulations between states and between countries, but they generally aren't conflicting. Some jurisdictions have stricter rules (eg emissions regulations in california) but there is nothing to stop vehicles complying w
Re: (Score:2)
Let the states deal with the things that states should be allowed to deal with... parks, recreation, and tourism. That the States have as much power as they do is absurd in the first place.
Something needs to balance out the power of the Federal government. Just ask the folks in Oregon how they feel about about unidentifiable federal officers behaving like terrorists, kidnapping citizens and tossing them into unmarked vehicles. The feds have too MUCH power, not too little.
Re:DMCA says no, so no... (Score:4, Informative)
People have been able to mod cars for as long as cars have existed, do modded cars routinely blow up?
A lawsuit against a car manufacturer where the vehicle owner's modification is what rendered the car unsafe would be thrown out. The manufacturer isn't responsible for after market modifications. Many unmodified cars also fail in ways that are potentially dangerous, often this can be due to a lack of maintenance - which the manufacture is also not responsible for.
This is nothing to do with safety, and everything to do with profit and control.
Cars can become dangerous due to lack of maintenance too... If maintenance can only be conducted by the main dealers the cost will be higher, which will result in people being more likely to avoid costly maintenance of their vehicles. This could also result in dangerous situations.
The right to repair is just that, the right to mod your vehicle is only a small part of it. Very few people modify their vehicles, and generally those who do are car enthusiasts who have a reasonable level of understanding what they're doing. Many mods are also not safety critical, for instance adding an aftermarket bluetooth kit or upgrading the speakers.
Most people simply want a choice of where they can repair their vehicle, the same choice that they have always had. The ability to take your car to a local independent repair shop benefits everyone - it keeps people in work, and the competition keeps dealer prices down too. If you drive all the independent shops out of business, maintenance costs will rise significantly.
People living in locations which don't have official dealers would also be in trouble. If nowhere else can service your car, what can you do?
We can already tell (Score:1)
Buy a Motorcycle or a Scooter, or a Bike (Score:2)
Why a Yes vote is important (Score:3)
Massachusetts has a right to repair law that guarantees access to essential repair data through the wired diagnostic port. That law has acted as the model for similar laws in other states. Carmakers are trying to circumvent the intent of the law by shifting toward using wireless data connections instead, which were not foreseen by the law and not covered, allowing them to reestablish a monopoly on repair of upcoming cars.
Question 1 will ensure that independent repair shops have access to the data they need to continue to repair cars. It does NOT require that independent shops get access to location data, nor to telematics commands that allow the car to be remotely operated. The massive advertising campaign against Question 1 is being funded by car companies; it is a hugely misleading lie that is trying to discredit the proposed law by raising privacy concerns about data that the companies will not be required to disclose.
Readers in Massachusetts: if you have not already voted and plan to vote on election day, vote Yes on Question 1. It's the right thing to do.
Re: (Score:2)
I believe Shirley has it right. Vendor lockdown wearing Sheep's Clothing of individual privacy concerns, with hypothetical future data dumps providing info for domestic abusers or something like that.
Re: (Score:2)
Readers in Massachusetts: if you have not already voted and plan to vote on election day, vote Yes on Question 1. It's the right thing to do.
And while you're at it, vote Yes on Question 2, which implements a ranked choice voting system for all elections other than the President. It's supported by everyone except Republicans, who have successfully gamed the two-party system.