Cybersecurity Experts Support Right to Repair

This post is sponsored and contributed by a Patch Community Partner. The views expressed in this post are the author's own, and the information presented has not been verified by Patch.

Information technology experts and cybersecurity professionals agree that Massachusetts’ Question 1, also known as Right to Repair, does not threaten consumer privacy or the safety of our automobiles.

Question 1 gives consumers the right to access wireless digital data that is required to repair modern automobiles. If Question 1 passes, drivers will be able to take their car to an independent repair shop. If the ballot question fails, consumers will be forced to get their car fixed at the dealership and repair costs will increase as local garages go out of business.

Carmakers have spent tens of millions of dollars on misleading ads claiming that Question 1 would allow cybercriminals to access drivers’ personal data such as garage codes. One commercial goes so far as to claim that Question 1 would let foreign hackers remotely take over cars and cause crashes.

These claims are false and have been rejected by the overwhelming majority of subject matter experts. Jennifer King, the director of consumer privacy for the Center for Internet and Society at Stanford Law School, called the carmakers’ claims “security fearmongering” and dismissed their worse-case scenarios as, “really stupid.” Former Boston police commissioner and cybersecurity expert Ed Davis called the automakers ads, “a dishonest fear campaign,” and explained “there would be no access to personal data.”

The reason Question 1 poses no threat to consumer privacy or safety is that it only applies to mechanical data. This includes information such as why a check engine light is on or why the car’s integrated GPS system suddenly stopped being audible. It does not include personal information such as garage door codes or a vehicle’s location — despite what Question 1’s opponents are saying.

Recently, almost a dozen members of SecuRepairs, a California-based organization of cybersecurity professionals, wrote a letter to the Boston Herald supporting Question 1. They wrote, “Our group, SecuRepairs, represents some of the world’s top information security experts. In our professional opinions, this small expansion to the state’s right to repair law in no way increases the risk of identity theft, cyber stalking or vehicle hacking.” Among the letter’s authors were academics, businesspeople, and think tank staffers. They represent a broad range of cybersecurity expertise but are unanimous in supporting Right to Repair.

Question 1 updates the Right to Repair law that passed overwhelmingly in 2012. That law required car companies to share automobile data and let consumers get their vehicle repaired by independent mechanics. This year’s Right to Repair law simply updates the rule to apply to wireless electronic data that was rare in 2012 but is increasingly common today.

This is a sponsored post contributed by a Patch Community Partner, a local sponsor. To learn more, click here.