As we barrel towards election day national attention is focused on the Covid-19 pandemic, civil unrest, and the race for the White House. In Massachusetts, however, hidden well-out of the nation’s view, there is a topic on the ballot with another potentially crippling impact to life as we know it.
Massachusetts Question 1 proposes to augment the state’s 2013 Automobile Right to Repair Law with new added vehicle data access requirements. At first impression, the initiative brought to the ballot by the Massachusetts Right to Repair Coalition appears to be a simple request for better access to the telematics systems in modern vehicles. Hidden under the hood, however, is a request for access to telemetry through standardized open methods that – without proper safeguards – are ripe for cyber terrorism that could quickly place vehicle occupants and other road users at increased risk.
The ballot initiative looks to “require manufacturers that sell motor vehicles equipped with telematics systems to install a standardized open data platform beginning with model year 2022. Vehicle owners could then access telematics system data through a mobile device application and then give consent for independent repair facilities to access that data and send commands to the system for repair, maintenance, and diagnostic testing”.
To better understand what the Massachusetts Right to Repair Coalition is asking for, one needs to recognize that we are not simply talking about repairing the brakes, mufflers, and tires of legacy vehicles. We are discussing allowing access to data use in the diagnosis and repair of complex engineering systems, each with 100 million or more lines of computer code – systems that even engineering teams with access to detailed design specifications do not fully understand.
In modern cars, software systems are the glue between physical systems. For instance, in a braking system, when a driver presses the brake pedal an electronic signal passes through several computational systems that augment the driver’s input. If a collision appears imminent, the system may even apply brakes “automatically”. What was once hydraulic is now electronic.
Standardized interfaces to the complex computational architecture of a vehicle, as required by the proposed ballot question, would take decades to build and may never be truly robust against evolving threats. Asking automakers who have spent a decade or two (and billions of dollars) to fortify vehicles across the fleet against cyber threats to open wireless accessibility to the car to any number of unknown third parties in a matter of months is not practical or safe. The computational backbone of a 2022 model year vehicle was designed and sourced years earlier with various types of encryption technologies to secure data, not open it.
The National Highway Traffic Safety Administration (NHTSA) has recognized the threat posed by this when it testified that “the ballot initiative would prohibit manufacturers from complying with both existing Federal guidance and cybersecurity hygiene best practices.” The testimony states that “NHTSA is also concerned about the increased safety-related cybersecurity risks of a requirement for remote, real-time, bi-directional (i.e., read/write capability) access to safety-critical vehicular systems.”
In 2019 the Federal Bureau of Investigation (FBI) stated in a report obtained by CNN that the “automotive industry likely will face a wide range of cyber threats and malicious activity in the near future as the vast amount of data collected by Internet-connected vehicles and autonomous vehicles become a highly valued target for nation-state and financially motivated actors.”
Were this ballot question to pass and vehicle manufacturers to comply, vehicles themselves or individual repair shops could become the target of cyber-attacks. An environment where repair shops utilize the same internet-connected tools to work on many different vehicles is the perfect arrangement to deliver and spread a ransomware virus or other malicious agent. We understand that virus and other malicious efforts are being used to disable or try and extract personal identifying information from our computers, phones, and other electronics, but what can happen in vehicles is worse. Just consider a scenario where a single virus sends a coordinated signal to the brakes of 1000’s of vehicles, suddenly stopping them in their tracks. By this I don’t mean a failure of vehicles to start, but rather a sudden full application of the brakes at highway speed meant much like 9/11 type event to purposely inflict large collateral damage.
Make no mistake, there are advantages to what the ballot calls for. Consequently, it is worth continuing a dialogue as to how data should be shared in a secure manner and even enhance our ability at MIT to do research with vehicles that currently encrypt telemetry. But requiring access to data in an accelerated timeline without seriously considering the possible externalities of a digital world, is simply a failure of imagination. Perhaps a broader question needs to be asked, what are the bounds of Right to Repair in a safety-critical software driven automotive landscape?
As we approach election day and worry about foreign interference in our democracy, we need to fully remember that the same nation-state actors and global terrorist organizations that are trying to shape the election would see a standardized open data platform as an invitation for a new type of interference. To allow information to more readily be sent to the vehicle, by any number of unchecked third parties, without properly considering all the potential externalities could easily be a recipe for a colossal automotive safety threat.