A group of automakers through the Alliance for Automotive Innovation is suing Massachusetts in federal court to block the new ‘Right to Repair’ law that passed on November 3rd. This law was known as “Question 1” to Massachusetts residents hitting the polls earlier this month.  As we discussed in our prior blog post, the new state law expands access to certain diagnostic and repair data collected by onboard computer systems that is currently only accessible in ‘real-time’ by the manufacturers (and in turn, their dealers). The lawsuit argues that it will impose a financial burden on auto manufacturers and threatens the privacy of car owners by exposing data from their vehicles. We discussed many of these privacy and security concerns in our post back in October when consumers were still contemplating whether they wanted their small autobody shops to have more access to their data or to prevent more sharing of their vehicle’s data.

The lawsuit asks the court to declare the new Right to Repair expansion to be legally unenforceable. It claims that this new law violates numerous federal laws related to cybersecurity and intellectual property. The lawsuit also poses the arguments that auto manufacturers made during the ballot campaign: that independent autobody shops already have access to the data they need to fix consumers’ vehicles under the existing Right to Repair law.

Moreover, manufacturers say the requirement that they install a standardized  “platform” on all cars equipped with telematic technology sold in Massachusetts by model year 2022 forces them to implement the requirement immediately because the first production of 2022 models are already getting ready to hit the market.

Finally, the lawsuit relies heavily on the testimonial letter that the National Highway Traffic Safety Administration (NHTSA) sent to a committee of the state legislature back in July that stated that Question 1 posed new cyber risks by compromising the integrity of a vehicles functions such as steering, acceleration and braking. However, the NHTSA also stated in its letter that manufacturers should continue to control those vehicle functions, which, on its face, the new Right to Repair Law also seems to support (i.e., the new system in 2022 models will communicate “mechanical data,” and the proposed definition of “mechanical data” states that it includes information that is “related to the diagnosis, repair or maintenance of the vehicle.” This would NOT include telematics data collected related to an immobilizer system or security-related electronic modules. That exception is not being stricken by these proposed revisions). 

We will follow this lawsuit to see how it shapes access to vehicle data not only in Massachusetts but across the country as a whole as more and more cars are equipped with real-time telematics data collection and transmission.

Binary Check Ad Blocker Security News

Hall County, Georgia reported on October 7, 2020, that it was the victim of a ransomware attack that disrupted some of its systems, including email and telephone services in public buildings and the sheriff’s offices. Last week, the county indicated that in addition to telephone and email services, the ransomware attack also affected the county’s election administration system that verifies voters’ signatures on absentee ballots.

The county states that the ransomware attack (believed to be DoppelPaymer malware) will not affect voters’ ability to cast ballots, but it could slow down the county’s ability to process absentee ballots. According to public reports, there have been 13,703 absentee ballots cast in Hall County as of October 23. This incident is being reported as the first example of a ransomware attack affecting the 2020 election.

The ransomware attack will not completely thwart the ability of election clerks to count valid ballots. The County is able to use a statewide signature database in the event that it is not able to get the County signature matching system up and running, and as a last resort, they can go back to the old days and match signatures with voters’ registration cards.

Predictions are that hackers will be increasing the frequency and mode of attacks until election day, and that they believe that the closer the attack is to election day, the higher the chance is to score a payment.