Amid mounting scrutiny into Big Data’s role in the modern economy, the movement to provide citizens with more control over their data is encroaching onto new territory, including into areas where extensive consumer data has traditionally not been held.
Recent developments in Massachusetts serve as a case in point. In November, Massachusetts voters overwhelmingly approved Question 1, an amendment to the state’s 2012 “right to repair” measure requiring vehicle manufacturers to make cars’ onboard diagnostic ports accessible to independent mechanics, not just affiliated dealerships. Under Question 1, wireless data from vehicles’ telematics systems must also be made available via a standardized open data platform starting in the model year 2022.
The amendment’s passage reflects the reality that innovation in automotive technology has made telematics much more critical to today’s vehicles. And as advocates have argued, owning a vehicle should also mean owning the data it generates. Consumers should have the freedom to choose where they take their vehicles to be repaired. Question 1’s passage makes that easier.
Drivers attempting DIY repairs at home could inadvertently jeopardize their own safety and that of others, with public roads turned into trial grounds for testing the effectiveness of their repairs
But the Massachusetts initiative could soon collide with another, far older law—that of unintended consequences. This well-intended measure may yet open Pandora’s box of complications including automaker liability, a heightened threat of cyber attacks, and a range of other public safety risks.
Lawyers may well find themselves the biggest winners. Say an independent repair shop makes a fix involving a vehicle’s software. Soon after, a software-related accident or malfunction ensues. Who is liable: the OEM that provided the underlying software or the repair shop that fixed it? How much legal exposure does the independent shop face if it didn’t tinker with but merely accessed a car’s telematics data? The answers to these questions aren’t spelled out in Question 1, despite millions of dollars and entire livelihoods being at stake.
Meanwhile, for all the advantages of open data, it doesn’t come without major risks. As cars grow increasingly connected, running on hundreds of millions of lines of code, they are also more vulnerable to cyber-attacks. Opening a vehicle platform could mean easier access for hacking safety-critical functions, including connected cars’ engines, steering wheels, and brakes.
This well-intended measure may yet open a Pandora’s box of complications including automaker liability, a heightened threat of cyber attacks, and a range of other public safety risks
No less troubling, there is nothing in Question 1 to prevent those without proper automotive training from altering vehicles’ electronic systems if they have access to telematics data. Drivers attempting DIY repairs at home could inadvertently jeopardize their own safety and that of others, with public roads turned into trial grounds for testing the effectiveness of their repairs. Because the code in a vehicle is engineered and integrated by software developers, car mechanics—let alone ordinary drivers—will not necessarily have the skill set or know how best to fix an issue without risking unintended harm on the roads.
In passing Question 1, Massachusetts voters have reaffirmed the importance of giving people more say over their own data. Now policymakers and industry stakeholders must respond to these public demands and formulate standardized, sensible rules that reflect the new automotive landscape, thereby protecting public safety, data rights, and the future of automotive innovation.