By on September 4, 2020

The Global Alliance for Vehicle Data Access (GAVDA) has issued a letter to automotive manufacturers around the world to request consumers be given direct access to the data generated by the vehicles they drive. While the group is comprised of organizations representing rental agencies, car sharing, independent vehicle repair shops that also want access to the information, it’s likewise backed by several consumer advocacy groups that worry customers and small businesses are being taken advantage of.

At the core of the letter is a refutation of claims made in a June 3rd memo the Alliance for Automotive Innovation (AAI) sent to Congress. That group is an assemblage of the world’s largest industry players with an aim to monetize driving data as quickly as possible. It just so happens that the duo are diametrically opposed to how the government should handle user information.

Fair warning, my bias rests firmly in the right-to-repair camp, so I can’t pretend not to favor GAVDA here and won’t bother to try. But that doesn’t mean there aren’t lingering issues that need to be addressed or room for compromise. We also don’t know what we don’t know.

For example, the Alliance for Automotive Innovation warned Congress “a ballot initiative being pushed by outside parties in the Commonwealth of Massachusetts would force motor vehicle manufacturers to allow outside parties to be granted real-time, bi-directional access to vehicle data,” suggesting that the arrangement runs the risk of widespread cybersecurity issues — comparing it to the current pandemic.

This seems like a valid concern on its surface, if not slightly hyperbolic. Yet I’m not an expert in such matters, despite spending hours upon hours reading about them. However, if the risks truly were as dire as the AAI claims, one would assume the obvious solution would be not to harvest the data in the first place — but that would interfere with the automotive and tech industries’ long-term scheme.

“Vehicle manufacturers in North American and Europe continue to raise the ‘boogeyman’ of cybersecurity to intimidate legislators and regulators on the issue of access to vehicle data by vehicle owners,” Greg Scott, executive director of GAVDA, said in a statement to Automotive News. “The manufacturers know, and GAVDA members know, that vehicle owner access to vehicle data can and is being accomplished in a cybersecure manner and that the manufacturers’ actual goal is the commercialization of vehicle data to enhance their bottom lines at the expense of competition and consumer protection.”

Bingo. But does that mean opening up the data to third parties is a good idea?

That’s largely down to who has access. If your local repair shop is trustworthy and scrubs sensitive information between visits, then the danger is probably no greater than leaving it to be stored at the manufacturer’s data center. But if it’s irresponsible, then you may have just opened yourself up to unnecessary risk.

According to the law being proposed in Massachusetts, any vehicle sold within the state that transmits data back to the manufacturer after 2022 will be legally obligated to have a standardized, open-access data platform equipped. This will allow third parties and customers to have more direct control over their vehicles, which the Alliance for Automotive Innovation claims creates an unnecessary vulnerability. But it’s not supposed to be a data buffet. Owners would have direct access to all mechanical information amassed via a mobile application and could then authorize repair facilities (or whoever else) access for diagnostic purposes.

From AN:

Under the proposed law, automakers would not be allowed to require authorization before vehicle owners, independent repair facilities or dealerships could access the data stored in the vehicle’s on-board diagnostic system, according to the bill’s text.

The alliance, which represents most major automakers in the U.S., argues the ballot initiative poses “cybersecurity, personal safety and privacy risks to the owner of the vehicle” and endangers others on the nation’s roadways.

“Simply put, while manufacturers remain committed to allowing consumers to decide where to take their vehicle for repair and maintenance needs, there is no scenario in which real-time, remote access by third parties would be necessary to diagnose or repair a vehicle,” the alliance said in the letter.

The official position of the Global Alliance for Vehicle Data Access is that customers are technically the ones creating and giving manufacturers permission to access the data (even if it’s not stated formally). As such, it “strongly supports the bidirectional, real-time control of motor vehicle data by motor vehicle owners.”

Meanwhile, the government (which nobody seems overly fond of these days) seems to be more in line with the AAI. NHTSA Deputy Administrator James Owens previously noted that 3rd parties need to be able to service automobiles, but essentially told Congress the Massachusetts bill was dangerous. Having watched the right-to-repair movement struggle over the last few years, I’ve no faith that the legislative branch will side against corporations on behalf of consumers and small business owners. However, I cannot state that the AAI’s cybersecurity claims are without merit — though I don’t actually believe they’ll be substantially more responsible in handling the data. This one is kind of a crummy situation in general where the consumer starts out with their privacy and DIY abilities already being whittled away.

[Image: CAT SCAPE/Shutterstock]

Get the latest TTAC e-Newsletter!

Recommended

8 Comments on “Consumer Advocacy Group Demands Driving Data Be Controlled by Drivers...”


  • avatar
    Chocolatedeath

    Well now, this should be good for about 150 plus responses.

  • avatar
    Land Ark

    I was wondering when this would show up here.

    The video linked at Jalopnik meant to scare people into voting against open access should (but probably won’t) totally backfire in their faces.
    In the ad, they insinuate that a stalker/rapist would know where you are and that you’re alone.

    The voting public should look at that and, rather than be terrified of a rapist, wonder why their car is transmitting such information in real time in the first place. Regardless of how securely something is stored, if a hacker wants it, they are going to get it. If that information is there, it is at risk of being exposed.

  • avatar

    Seems the data should be controlled by the vehicle owner. Give them a PIN when they buy the car they can decide who gets it. I would actually suggest it be two levels to avoid the location data being shared too much.
    As to the suggestion that this isn’t needed for repair shops, I know some VOLVO’s require a direct connection between the Volvo servers and the cars computer to change security settings etc. Right now that is covered under right to repair in Mass, but it they switch to over the air updates it’s not which is what this law is supposed to cover.

  • avatar
    2manycars

    Drive an older vehicle where there is no data to be controlled in the first place. Problem solved.

  • avatar
    turbo_awd

    Almost makes me happy my Stinger doesn’t have wifi.. less need to worry about it transmitting data back..

    • 0 avatar
      mcs

      ” less need to worry about it transmitting data back..”

      No problem. Millions of doorbell, security, dashboard, and traffic cams are doing just fine gathering data about you without the help of your car.

  • avatar
    anomaly149

    There are some good reasons to pause and really consider what you do with vehicle connectivity, and it’s mostly because the average age of a car on the road is around “the release date of Windows 7”. Extending the logic, around half of internet connected cars will be “Windows Vista SP2” or older. That’s a hard problem; one that doesn’t get easier when you have to figure out how to reasonably securely allow random third parties access to encryption keys.

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • ToolGuy: Static shock? Problem solved: https://neptunic.com/products/ sharksuits
  • Corey Lewis: Jaguar is bad about that. They’ll tell you it’s a Performance S with 310 horsepower, but not...
  • zerofoo: “and the lack of bullet trains and other public transportation alternatives is causing our freeways to...
  • sgeffe: As well as give you a static shock that could mess up your heart rhythm if you touched a metal piece of the...
  • ajla: How much furniture and appliances do you buy? I don’t think I’ve bought a big ticket item in the...

New Car Research

Get a Free Dealer Quote

Who We Are

  • Matthew Guy
  • Timothy Cain
  • Adam Tonge
  • Bozi Tatarevic
  • Chris Tonn
  • Corey Lewis
  • Mark Baruth
  • Ronnie Schreiber