Hey, there! Log in / Register
Question 1 isn't really about letting violent men stalk and rape women
By adamg on Wed, 09/16/2020 - 9:07am
WBUR explains Question 1 is about access to engine and mechanical data that newer cars store - not location data, despite claims by its opponents, who have put up that ad about how its passage will let sexual predators hunt you down in a deserted parking garage and then lock your car so they can have their way with you.
Free tagging:
Ad:
Support Universal Hub
Help keep Universal Hub going. If you like what we're up to and want to help out, please consider a (completely non-deductible) contribution.
Comments
If car manufacturers are that
If car manufacturers are that scared of hackers exploiting the wireless access to car computers, they should stop including it as a feature. Or allow the customer to opt in or out, which would be part of opening up the standard.
More to the point
A law should mandate opt in only with no hidden agreement in the paperwork you sign when you get the car.
There is no reason for any car to be sending data back to the manufacture or dealer without the car's owner active consent.
And irrespective, the idea that some local car dealer is able and willing to safeguard your personal data is laughable. These guys get hacked all the time. You think the "Rt. 1 automall" employs the brightest minds in data security?
This isn't about manufacturer's systems
Question 1 would require them to start from scratch, and create one single standardized open platform that connects to every vehicle and a single app.
Question 1 creates no safeguards for this platform or app. It has no language on who creates it, maintains it, pays for it or protects it, other than to say manufacturers cannot be involved with it.
The National Highway Traffic Safety Administration (NHTSA) wrote to MA legislators in July that is the exact wrong way to go:
Please explain
Why is all this okay when car dealers do it already?
After all, car dealers have this ... issue ... with trust as it is.
The existing law covers this
Any information necessary to diagnose and repair a vehicle that is only available through telematics and is made available to dealer repair shops MUST be made available to independent repair shops. That is specifically addressed and required by the existing law:
As you can see, telematics information NOT necessary to diagnose and repair a vehicle, such as navigation, are explicitly prohibited by existing law. Question 1 would change that.
This is good:
This is good:
The MA legislature shouldn't be in charge of determining security processes. There's no reason that the system can't be encrypted and only accessible to the vehicle owner. At this time, most vehicles are not encrypted and the only security is that it's annoying to figure out what message means what.
Despite that, there is a community of people that decodes the messages anyway. You can find tons of information posted on GitHub.
I haven't read through the whole question, so I haven't made up my mind, but "security by obscurity" is the absolute worst method.
This is just not true. It requires only
I'm not sure I like that particular requirement, but that does not require the underlying system to be rewritten from scratch, nor does it require a single app. A simple interface could access the important information and relay that to the user.
Personally, I think the mobile requirement is a bad idea. It's hard to hack things to do what you want, but it's relatively easy to hack things to not do what they are meant to do. I'm not worried about somebody gaining access to my car and driving it all around town, but DoS'ing it so there's lag in my control could still kill me. I'd prefer hardwired access in a clearly visible place.
The NHTSA's comment isn't wrong, but it's silly to deny people the ability to maintain their cars only so that auto manufactures can use security protocols that are less than the web browser you are currently using to view UHub.
I'm a software architect with
I'm a software architect with over twenty years of experience developing enterprise software, with many years in the financial sector and several researching malicious software. This is a ridiculous argument that a single standard is less safe and is patently false. You're talking about security by obscurity which is seldom a good strategy.
Most of the world runs on common standards, if you log into a website or pay with a credit card, use an atm etc. you're relying on a common standard. The mass adoption and openness is exactly why these standards are safer. When you have a group of 5 engineers writing proprietary software against thousands of malicious actors trying find flaws in it they're vastly outnumbered. An open and common standard levels that playing field as thousands of experts review and address flaws on a continuous basis. There is an incentive for everyone to find and fix flaws.
In a closed system you risk a company ignoring a fix to a known flaw due to the cost of implementation and patching it. Other times they don't want the bad PR that comes with acknowledging it in the first place. This is why we see so many data leaks uncovered by third parties, in many cases the companies knew about them for months but did nothing.
That's assuming the people at these car companies are concerned with or care about security in the first place. In the many many years I've spent working in the industry I can assure you this most product owners don't want to spend time on fixing security and tech debt at the cost of time lines shifting. There is constant and enormous pressure to cut corners. I can promise you That Ford or GM aren't going to delay the launch of thier new car because they're waiting on the software team to fix all their bugs.
From NHTSA: "Look, we tried
From NHTSA: "Look, we tried using a common national standard for roads, and look how dangerous driving turned out to be!"
Quite honestly the statement
Quite honestly the statement from the NHTSA is akin to your financial advisor recommending that you bury your life savings in a random spot in the woods rather than trusting a bank because it's public knowledge that banks store your money in vaults.
Connor Yuntis?
Connor - Would you please mind disclosing your lobbying ties to this question? Thanks.
I am the lead spokesperson for No on 1
That is in the very first sentence of my response post.
Identify which response post
Identify which response post you mean.
It's his top level post below
It's his top level post below this one.
I'm not sure I agree with the representation and analysis of the question, but he did state that he's here as an official spokesperson.
As others have pointed out
Who are also software engineers and architects, why are you making completely wrong and factually incorrect claims in your opposition? Why don't you answer any of the criticism and questions asked of you?
That's all I have been doing
I am responding to as many issues and questions as I can.
Hi Conor,
Hi Conor,
Can you please list where your funding comes from?
It is major automobile manufacturers, correct?
Thanks,
Concerned citizen
Vehicle wiresless systems are in no way secure
Some bean counter heard about 256 bit encryption and likely said "WOW. That's a lot of bits. Must be 256 better times 1 bit encryption.".
Vice has a great video of some guys hacking a Jeep as it's driving down a highway:
https://youtu.be/MK0SrxBC1xs
Other reports have also shown thieves exploiting RF keys:
https://youtu.be/zIveLwq0p5o
Pols thinking that they can deter, or even stop this by creating laws, are wasting tax payer money.
This is my final post on this topic. Question 1 opposition by vehicle manufacturers is dumb.
It's also about being able to
It's also about being able to fix other electronics such as computers and cell phones more easily. For example, Mac laptop batteries are designed not user replaceable, but with this new law, I believe they would be. So instead of having to send out your laptop and spending $300, Apple would have to redesign it so that you'd be able to buy a new battery and just pop it in yourself.
So instead
Of just not buying Apple products, we're going to voluntarily involve government force in the transaction?
Picture in this scenario
Picture in this scenario government as a body with arms and legs. It is simply pushing its arms open to keep space open for you and keep companies from encroaching on your rights.
I get the disdain for government control but in this case "government force in the transaction" is an emotional distortion.
An alternative way of looking at it
don't you think that a company's ability to control your use/repair of a product should end when they sell it to you?
Boycotts don't work against monopolies
We need to defend the right to repair or corporations will use government forces to eliminate it.
Vote YES on question 1.
Yes, that's exactly what we're going to do.
For smartphones you have three choices: Be submissive to Apple, be submissive to Google, or don't own a smartphone.
Boycotts don't work when there are no alternatives. They are monopolies.
Voting with your wallet is not a replacement for voting with a ballot.
Well
Google phones provide me the same services as the Apple phones, but for cheaper.
Apple is a business only because status consumerism is a thing.
You are not Google's customer
I have no love for either company. Google is "cheaper" because they are selling your personal data to everyone. You are not their customer, advertisers are.
Apple is a bit better about keeping personal data personal but in exchange they want full control over your device. They demand to be the gatekeeper and sole decider of what you can and can't do with your phone.
If the people writing the laws had any spine they'd prohibit Google from collecting data unchecked. Meanwhile, Apple should be prohibited from being the sole middleman between the phone and developers.
^ Exactly
You are google's product, not their customer.
Not exactly.
There is a third option that does exist, and takes owner privacy serious. Made by Purism.
https://puri.sm/products/librem-5/
"Librem 5" phone is popular with privacy enthusiasts. Supply can't keep up with the amount of sales that this phone is getting.
I've almost eliminated Apple and Google products from my life. Some sites, and services make it nearly impossible to get away from either one of them.
Not much of an option
I love the concept but that phone is not a viable option. It's not even shipping according to the website. It also won't work with Verizon (my carrier) and lacks a number of features. Since it won't run iOS or Android applications, it can't be used in place of any service which requires a smartphone app.
The quickest way to get phones like that to be mainstream is to support laws that regulate Apple and Google.
The Librem 5 phone is constantly on backorder
Owners do have them in-hand now, and they're being used. Going extreme privacy requires somewhat of a life change. You're right, many people won't do it. I've managed to wean many of my daily tasks off of Google. It's an ongoing effort.
but is there an app for that?
It's a nice idea.
But in the direction our society is heading, where you can't even get food at Herb's Burritos without installing the Herb's Burritos app, how will it work for a phone OS that isn't widely supported?
Bye bye Ma Bell!
I'm guessing you don't remember when you couldn't buy a phone or service from anyone but AT&T...
You can now. Hint: This isn't because there was a boycott.
I know my history
That's not analogous to this.
You couldn't buy a phone from
You couldn't buy a phone from AT&T either. You had to rent it.
That would be nice. But this
That would be nice. But this ballot question is very clearly about vehicle telematics systems, so it would not affect laptop batteries.
This particular ballot question is about cars
"Right to repair" as a general concept is about any sort of manufactured product and in general it is a good idea, but this ballot question (and for that matter the one from 2012 that is currently law) is specifically about motor vehicle diagnostic data.
Right - this is only about vehicle telematics systems
No other electronics are covered under Question 1. That is a completely separate issue.
Question 1 is NOT about Right to Repair. Right to Repair for vehicles is already law in Massachusetts, and has been since 2013.
Question 1 only covers vehicle telematics systems. It does not cover any other electronics.
Oh, bummer.
Oh, bummer.
I replaced the battery in my
I replaced the battery in my Mac. Micro Center in Cambridge sells them.
Do you have an older Mac? I
Do you have an older Mac? I replaced the one in mine from 2011 and it was like doing surgery: 25 steps to take the computer apart and 25 steps to put it back together, and I needed some specialized tools to do it.
That's one yes vote from here.
I was leaning toward "yes" anyhow, but that sort of fear-mongering by people who want me to vote "no" clinches it.
Blame your rep
The people already expressed their will on this issue several years ago.
The legislature should have fixed any issues with the law instead of kicking this back to Referendum2. But because they were too cowardly to do so, we are left with this campaign full of lies. What a disgrace. I can't believe we pay these people to write and pass laws.
Well, they hardly pass laws.
Well, they hardly pass laws. See this 2020 session with multiple bills just stuck in committee. They need lots of time to campaign, you know.
For what it's worth
The people behind Question 1 filed for a ballot question before their legislation even had a hearing.
They never had any intention of letting the legislature work through this.
And the ballot question should have been denied
on that basis alone.
Its the car makers software
How stupid do they think we are, that all these stalker resources are an integral part of maintaining our cars. If my safety is at risk, it is because of the car maker, not a local mechanic.
The funny thing that they don't put in the commercials is the black box aspect. If there is a crash, your car knows how fast it was going and what you were doing.
Again - this is not about the car maker's software
Per post above, this is about the open access platform that would be created by Question 1.
To be honest ...
I trust my local mechanic a hell of a lot more than the car dealer who lost my registration and lied about it.
Completely understand
And nothing in Question 1 would change your ability to get your car fixed by your local mechanic.
A NO vote on Question 1 keeps the Right to Repair law the same. The existing law already ensures that independent repair shops have access to all the information they need to diagnose and repair your vehicle.
Tell that to the BMW
dealer who wouldn’t allow my mechanic access to the computer on my 535. The HID articulating headlight that repeatedly died during the warranty suddenly needed to be replaced by a dealer only for $5,000 once warranty expired. They’re behaving like thugs. (BTW, didn’t Brockton used to have a politician named Yunits?)
Tell that to
BMW of America. Ever replaced a $5,000 headlight? Quite the experience.
The two campaigns have made
The two campaigns have made for a great point/counterpoint.
Point: It's your car, you should be able to decide who repairs it.
Counterpoint: Why would you want to be stalked and raped?
The stalker in the Ads
Should be played by Herb Chambers.
You can already decide who repairs your car
That is covered under the existing Massachusetts Right to Repair law, which has been settled in Massachusetts since 2013.
A NO vote on Question 1 makes no changes to the law.
you keep regurgitating this response
without fully understanding the issue, which is that car manufacturers are using a LOOPHOLE in the existing law to get around it, that being wireless information transfer and an app one must use to get that wirelessly transmitted information. The eight year old law you cite only deals with OBDII compliant vehicles that extract codes with a WIRED DEVICE you PLUG into the car under the dash. Since then companies have come up with this wireless bullshit and hold the keys to the apps to get that information.
If people are worried about getting their cars wirelessly hacked they should seek to BAN that technology altogether. There is absolutely no reason for it, other than skirting the current right-to-repair laws. To retrieve ANY info from a vehicle you SHOULD need access to the inside of the vehicle, meaning the keys from the owner whose property the vehicle is. The entire argument over the wireless transmission of this information is a problem created by manufacturers hell bent on keeping you at their mercy until the car is over 10 years old.
So NOT changing the exiting laws means all cars newer than say 2013 will be particularly hard to find an honest place to repair it at (hint: NO car dealership on the face of the planet operates honestly).
I have no skin in this game since the newest car I have ever owned was a 1997 model. Modern cars are rubbish. For all the advanced tech they offer, all the "safety" features and cameras and self-braking and lane assistance....aka making humans LAZIER and less aware of their surroundings...they cost a fortune to fix when some un-necessary system failure makes the entire thing inoperable or unable to get a safety inspection sticker.
On a much simpler base level a YES vote helps small independent business and a NO vote helps big corporations with trade groups and lobbyists paying for scare-mongering ads about rape and stalking when we are talking about NOX emissions readings from a fucking vehicle CPU.
The choice is pretty clear if you're not a capitalist bootlicker.
^^^^^This
Thank you, Marco, for pointing this out. The "No On 1" contingent wants us to believe that car manufacturers will continue to use the OBDII port for all information, despite the prevalence of wireless options now. A shift to wireless transmission of this type of data would exclude local shops from being able to diagnose problems.
That is why I'm voting Yes on 1.
Conor, if you had led with
Conor, if you had led with ads that made THAT argument, I'd be more willing to listen. When you scare people, or try to, you are going to get a fight or flight response. Unfortunately for you, it isn't always flight.
I like facts, I like data, I like references. A good argument lets me prove to myself you are right. A bad argument makes me not want to listen at all.
Stock ideas
Adam may I ask you be more thoughtful about what language like "have their way with you" implies, even if such people doing such things is not something you would ever support. It is reinforcing the sexualization of predation of women. Thanks
I thought about that
And then I watched the video again, and, really, it's pretty much that cliche: Young woman, alone, defenseless, in a deserted parking garage at night. Whoever's behind it is the one that should answer for it, and I'm not sure how I could write about it without pointing out what the ad explicitly says (which is nothing at all to do with "telematics").
Misplaced humor
n/t
I don't think it's funny at all
Did you watch the ad linked in the original post?
"Bro" culture
n/t
Thank you for taking time out
Thank you for taking time out of your busy schedule to serve as arbiter of the culture on these comment pages. I'm sure that we all have much to learn from you.
To be fair, the No on
To be fair, the No on Question 1 people are not singling out "violent men", but sexual predators of all genders.
Qanon 1?
Funny how a simple initiative about plugging a loophole in a car repair law got morphed into OMG STALKERS!
I keep waiting for an ad with children tied up in the basement of the local pizza joint, because Question 1!
It's not just about Massachusetts
The auto makers know that if this passes in Massachusetts, it basically opens up the technology for all car owners NATIONWIDE. They can't engineer the software to say "you're in MA so it's open to you" and stop it in the other 49 (and DC). Interstate commerce and all....
The original ballot measure on open access, it opened the door to all car owners to get the benefit of seeing the OBD codes to anyone with the scanning equipment.
If it were an innocuous measure, they would not be pouring $ millions into trying to defeat the bill.
Perhaps
But perhaps there are other ways to make that argument than with an offensive, lying ad.
The ad is based on testimony
From Domestic Violence and Sexual Assault prevention advocates in both California and Massachusetts.
Wow, then I guess the whole
Wow, then I guess the whole thing is completely beyond reproach--my bad.
The ad is stupid, and in poor taste
This is an attempt at fear mongering. Best thing to do is take down an add this dumb. Way to target less educated voters. Congratulations.
Response on Question 1
Here to respond as the spokesperson for No on 1/the Campaign for Safe and Secure Data, which, yes, is funded by automakers.
First, on the location data - it is absolutely included, and the best source for that information is the main group behind Question 1.
Question 1 requires the creation of a mobile app that links to an open access platform connected to all connected vehicles in Massachusetts (beginning with model year 2022).
The Auto Care Association, one of the lead funders of Question 1 and the group who has been pushing this idea nationally, has been presenting at trade shows and showing exactly what they want the app to look like. Their app includes location and behavior data. The Yes on 1 group is flat out lying when they say they do not want location data.
Second, on the risk of sexual assault/domestic violence. This is not about local repair shops. Again, Question 1 creates an open access platform that can be accessed through a mobile app. It will present an easy, high level target.
Here is what Jane Doe Inc, the Massachusetts Coalition Against Sexual Assault and Domestic Violence told the legislature in January about Question 1:
So why the scare ads?
I mean, seriously. You think we all suck q-vapors and are going to believe that Q1 is just a front for the adenachrome industry?
You sound reasonable here - way off base IMHO because dealers can already get this information, but reasonable. But your organization's ads are sexist, stupid, patronizing, and pissing off a lot of people.
We have different ads covering different aspects
We have to make a number of different points. This is a complex proposal that the other side has not been honest about.
For example, 99.99% of funding for Question 1 comes from $35 billion Missouri-based O’Reilly Automotive, $27 billion Tennessee-based Autozone, $10 billion North Carolina-based Advance Auto Parts, the Auto Care Association (ACA) and the Coalition for Auto Repair Equality (CARE).
Both ACA and CARE are led and funded by the retail auto parts industry and aftermarket parts manufacturers. ACA’s Chairman is the CEO of a private equity-owned auto parts supplier, and CARE’s Chairman and President are the CEO of NAPA Auto Parts and the VP of Government Relations for AutoZone, respectively.
This is not about local repair shops, and it is not about Right to Repair. This is about major national retail chains that want access to your vehicle information.
Your point?
100% of the funding for your cause comes from automakers and their chief lobbying organization.
Ballotpedia link
Source: https://www.ocpf.us/Filers/Index , search for "Coalition for Safe and Secure Data"
Yes
The retail auto parts industry and aftermarket parts manufacturers are exactly the people I would expect to have an interest in car owners and independent mechanics being able to fix cars. There is nothing the least bit shady about their spending money to advance that ability. The 'No' campaign's innuendo-dripping ad campaign, on the other hand, is really sleazy.
who is paying you?
You're asking us to trust local car dealerships and not trust national autoparts companies. Why?
This is about money, not safety. If this passes it's bad for automakers bottom line. Don't pretend they have any other motivation.
As I said in my first post
Yes, our organization is funded by automakers. That has always been clear. The other side has consistently tried to hide their funding. Their original campaign finance report hid $3 million in funding from O'Reilly, Autozone, etc. They only updated with the correct information after we called attention to it in the press.
I don't care that the the other side hid their funding.
I like being able to buy parts at O'Reilly, Autozone, etc. for my vehicles. Pointing this out is pointless.
One is one better than the other?
Yes, as you've said. But why should automakers "win" and autoparts dealers loose? Are you honestly suggesting Ford cares deeply about my personal safety and finances. (And that Autozone wants me stalked?)
Given that you're saying women will be raped if autoparts dealers are able to access car information it's cute how you're accusing them of being deceitful.
One group is spending millions trying to change the law
And hiding their true funding source. We are asking to keep the law the same. The burden of proof is on the side trying to change the law. They have yet to provide an example of why it needs to be changed.
Because they want the money
Burden of proof? This isn't a criminal case.
Autozone obviously wants to be able to sell repair services and parts. Your side wants to lock them out of that market. It's that simple.
For MY car I want full control over where and how the diagnostic data gets sent. You are arguing that you, not me, should have that authority.
The burden of proof is on the
Whatever you say, counselor.
They seem familiar. Shades of "Kevin?!"
It reminds me a lot of this hilarious ad put out by the No on Question 4 folks in 2016, when question to legalize recreational cannabis was on the ballot. I'm pretty sure it backfired and helped the Yes on Question 4 side. Scare tactics like this usually make vote against whoever puts them out. They treat voters like idiots.
These stalker ads are
These stalker ads are practically the only ads I have seen in months. I have never watched one past the "skip ad" trigger. It took me all of five seconds to get suspicious: who is paying for ALL THESE ADS, and why do they want so badly for me to fear for my safety while going about my normal life as a woman?
When I finally saw an article explaining what they were about it was almost beside the point. Offensive, misogynistic scaremongering will never get my vote.
Now watch the shill come back with "well we expect other women to be stupid enough to fall for it, don't get so offended. You just haven't seen the ads for smart people!"
If this tech is dangerous, leave it out of my car. Some of the creepiest creepertons I've ever encountered have worked at dealerships and would still have easy access to my info, so giving dealers a theoretical monopoly on stalking and assault does not make anyone safer.
Conor is doing his side a disservice .
There is no good argument for opposing Question 1. Every consumer needs to have the right to do as they so please with a product that they purchase. To lock consumers into system that favors a manufacturer is unfair. If a consumer wants to give up their privacy, which many willfully do on a daily basis, then that's their right to choose. This idea that privacy exists, and can be protected by larger corporations is entirely false, and misleads the public. It took me all of a couple of minutes to learn that Conor has declared a homestead somewhere in MA (I will not provide the address, and I have never met Conor), with the numbers 307 being a part of it. The number only added here for Conor to realize how much he doesn't know about privacy. If he can't protect his own, what can he do for ours?
Yes on Question 1 will be my vote.
This goes beyond privacy
Question 1 allows for two-way access to vehicles. It's not just about gathering information. It also allows for pushing information to vehicles.
Also Question 1 doesn't lock anybody into anything
A NO vote on Question 1 keeps the Right to Repair law the same. The law already guarantees you can get your car fixed wherever you want and local repair shops get the same information as dealer repair shops.
That won't change no matter what happens with Question 1. According Bill Hanvey, President & CEO of ACA, the main funder of Question 1, there are 15 times more local repair shops than dealer repair shops in the U.S., and his colleague, Paul McCarthy, President and COO of the Automotive Aftermarket Suppliers Association, also a major supporter of Question 1, says: “There’s simply not enough capacity in the automaker system to repair these vehicles.”
The best part of this
The best part of this is here
So, he's basically saying that mechanical data counts as location data because the imaginary stalker/hacker could infer location from the corrosion. So, the stalker has now pinpointed the location of the car to... a coastal area?
Ha?
I was asked to give an example
Of how the case could be made that location data is related to mechanical data one time. Once that door is opened, it is impossible to close.
If that's the best example you can give...
I'm not sure that speaks very highly of your point. What practical or useful knowledge does a malicious entity gain from maybe being able to infer that someone who owns a car has maybe driven it in a coastal area? (on the East Coast especially!)
If this is really private information that needs to be protected, I'm wondering why we don't have a campaign out to protect us from the dangers of parking stickers, town beach permits, or decals for ski resorts, all of which I see regularly on cars and immediately give much more detailed information about places where those cars regularly drive to much more than the mechanical data would.
It's merely an example
Of how one could argue that location data is relevant to repair, not an example of how the information could be used maliciously.
Wait, what?
Isn't the whole "sexual predator threat" thing based on someone using this information maliciously? Why is that part of your ad campaign if you're not actually willing to make this argument?
I addressed that in my original reply to Adam's post
You are specifically asking me about the example I gave to WBUR, which was in response to a question unrelated to the ad or that argument.
"Honest to goodness"
"Scouts honor, I was doing 200MPH across the Bonneville salt flats all last month. That Yunits guy said I was on the Cape, but I was at the salt flats...".
Ok that made me laugh
I understand many of you disagree with us. I appreciate you letting me make the case.
And we appreciate you contributing your side
At least, some of us do. For the record, I now have all my car service done at the dealer. It usually costs more, but sometimes they give me a really good deal. For years, I went to an independent, but he sold the shop, and the new owners pulled some questionable crap that made me not want to go back. Finding an honest mechanic can be difficult. I know there are also dealers who cheat customers, but the one I go to has always been good.
All that said, I'm going to vote 'Yes.' People who've managed to find a good independent should be able to have that garage do all the work on their car.
Huh?
Is that not true today?
Has anyone ever taken their car to a independent mechanic who said "sorry, but I don't have any way to talk to your car's computer so I won't work on it"?
yes
yes. Even before 2012 there are mechanics with shops that didn't have expensive diagnostic equipment.
You understand there was a time when cars were repaired with basic hand tools,a light bulb with a couple lengths of wire, and good hearing right?
In over a hundred years of internal combustion engines' existence not much has changed except the bells, whistles, and electrical sensors tied into a "brain" that controls timing/fuel delivery. You used to adjust that all with a flat head screwdriver.
We need this...but not like this
Working in software and having a minor interest in cars, I spent some time looking into the aspects of this referendum. The conclusion I reached is that I'm voting No, despite that putting me in the same boat as the "beware! rapists!" ads and car manufacturers.
The outlined software and access requirements detailed in the referendum are not realistic nor secure. And if the car manufacturers rushed the work to meet the nearly impossible deadline, then the system would be even less secure. Furthermore, once you have thousands of cars on the road with these less secure systems, when patches came out later to fix the insecurities, nobody would take their car to the dealership to get the patches. People barely update their laptops on time and that just means restarting it once in a while and waiting a few minutes.
So, while I am completely for improving customer access to detailed information in the computer that drives them around sometimes and I'm all for making it universal and easy for any mechanic to use such an interface to diagnose your car's problems rather than requiring them to have multiple different tools for multiple different brands for multiple different models and years, etc., this is not the way to do it as described in this referendum.
It was well intentioned, but badly drawn up. Federally, we should mandate some key parameters and define the framework and everything and then enforce it in a time frame reasonable enough to get it into future cars.
Partially agree
The requirements don't reference anything that is inherently insecure. Open standard doesn't mean open access to the information for everyone.
This is the key point (IMO). If they try to do this in less than one year (which is basically what's required for 2022 model year) then it will not be done safely.
I couldn't agree more with this. I wish I could believe that it would happen.
Insecure
Wireless access is unnecessary and insecure inherently in comparison to a wired connection.
If you have a wireless access point in your car, I can access it as long as I'm anywhere within range. If you're talking to your car's wireless access point, I can copy whatever is going between you two. If you're trying to connect to your car wirelessly, I can pretend to be your car and lie to you. You can put encryption and security in place, but those can be beaten or backdoors found. Furthermore, neither encryption nor firewalling nor other security options are mandated in the referendum (which goes back to my point of well-intentioned but totally inadequately drafted).
There's absolutely no reason your mechanic would need a wireless solution. It adds tons of unnecessary risk while providing a very mild convenience considering if your mechanic is working on your car, he can open the hood and plug into an outlet. It could even be a physically locked-alike location that requires the car key to unlock it. People can't even properly lock or hide their WiFi at home and you want them to manage their car's WiFi better than that just so the mechanic doesn't have to bend over to learn why the motor warning light is on?
First of all, I have not said
First of all, I have not said I think this a good measure, just that your claim that open standards are insecure.
At least for high-end cars, most already have wireless connections, so this isn't going to change that at all, just require an open standard for that connection.
No, I don't. With my wifi, I can choose from multiple security options (including none) and any password. There's no reason that every wireless connection should allow that. Personally, I'm not a fan of allowing any wireless connection to vehicles. I would prefer that be made completely illegal. Again, wireless connections are already being used.
Good. Since that technology will always be changing, it shouldn't be legislated. I suppose they should add the word "secured" in front of the requirement for a wireless connection so that a jackass lawyer doesn't argue that the car manufacturers had no idea that they should think about security.
Can you? If it's encrypted it will be meaningless. I agree that any connected device (connected to the internet or any wireless system) is less secure than one that isn't, but (again), cars are already connected devices.
Backdoors don't get "found", they are built. Using Elliptic Curve Cryptography, certain parameters can be chosen so that any group knowing about those parameters could break the encryption. However, most encryption standards are open standards which means it's hard to get away with that. The NSA did it about a decade ago and people found out and started switching to a new standard. I want to emphasize that the NSA didn't find a way to break the encryption, they helped create a standard that they knew they could break and thought would look hard to break to everyone else.
I want to preface this next statement by saying that A) I agree NO wireless access is best and B) the time frame in the ballot question is too short.
It would be a trivial task to design a system that uses extremely strong ECC to encrypt all transmission of data, require physical connection for sharing of all keys*, and completely lock off two way communication for critical systems. It won't be 100% secure, but we are not currently working in a world where your vehicle is anywhere near 100% secure.
* Technically, you could probably get around this, but you would need to convince users to install hardware... which will always be a way around physical connections.
Disagree
I work in software too, but I don't really follow your point. There's nothing inherently unreasonable about the proposal. It will be expensive for car manufacturers to implement correctly, but that doesn't strike me as a good reason not to mandate it.
I haven't seen anything that suggests to me the current state is more secure, especially if your contention is that the manufacturers lack the will or ability to do it right. I think these companies tried to create an anti-competitive system to corner the repair market, and the high cost penalty on them of disallowing that shouldn't be a consideration when I vote.
Sure, a perfect federal system to handle all of this would be great, but that's not the decision in front of us. I'll always vote against allowing these companies to hold their products hostage with proprietary software or by limiting data access.
You answered your own question
If it's expensive to do, they won't do it. They'll meet your mandate but not do it correctly. The end result will be a disaster. Additionally, any future patches to match any future laws you put in place to fix all the ways they attempted to skirt the "true intent" of your mandate (but would have cost them more money initially) will require people to update their car's computer...which won't happen except for the super-vigilant (or the ones going to the dealership every time anyways). Compare this to how many people drive around with 10 year old maps in their car's computer.
So, if you're going to mandate it, you should craft a law. You should get a consumer protection committee to define the requirements to meet the law. You should do this on a national level with industry group involvement and realistic timelines.
Half-assing it in a MA referendum is not going to accomplish anything but a disastrous landscape of barely acceptable results with the DA and advocacy groups wasting time chasing down every manufacturer flaw and most mechanics being no better off wading through all the bugs/problems while hackers find ways to extract data left and right through security holes that never get patched, and an app landscape that will lie about what it's doing to tell you what your warning lights mean (while secretly uploading the rest of your data to the app creator).
This is what I appreciate about UHub
A post about a ballot question about auto manufacturer / personal data rights gets up to 75+ comments.
Thanks for the Info
This is one of the most informative threads I've ever seen here.
I am nervous about the "internet of things", but I distrust ads that go straight for the lizard brain with threats of murder, stalking and sexual assault. The apparent threat to independent repair shops is a convincing argument for the bill, but the expansion of availability of one's data is a concern.
The many posters who took the time to present facts and technical data in support of their opinions have been extremely helpful. Thanks.
The No campaign might have
The No campaign might have been able to run with their scary ads a little better if there wasn't also an incumbent presidential candidate running American hellscape campaign ads at the same time. Sometimes they run in the same commercial break.
I did see a fairly unscary No ad tonight, but it may be too little, too late at this point.
I've got no horse in this race
But if no location data is stored how can a stalker track you with the data?
There’s a new anti-question 1
There’s a new anti-question 1 ad featuring a repair guy named Santos, who says he doesn’t need the data. Am I correct that he runs an auto body shop and not an full car repair shop?