The retired boston police commissioner has done an ad spot for Yes on Right To Repair specifically to slap down the "you will be raped in a parking lot" FUD: https://www.youtube.com/watch?v=0bye5DRBSpw
The EFF is also strongly in favor, naturally, but i think Ed Davis will pull more weight if anyone's undecided.
(when marijuana legalization was on the ballot in 2016, the then-chief of the state police did a similar ad spot whose pitch boiled down to "vote yes so we can stop wasting our time on stupid college students, willya?", which I think had a similarly large impact. )
Scummy is a polite word for the advertisements. It's been fascinating to watch them evolve in waves.
First wave: POV of a predator in a parking garage approaching a woman. Grave female voiceover: "Sexual predators could track your automobile, and remotely control the vehicle - including unlocking the doors." The female victim turns as the camera descends on her - she screams - "Vote No on Question 1. Don't let sexual predators control YOUR vehicle."
Second wave: Russian hackers with pimples nodding with pleasure as they take control of your vehicle, in a "Kremlin-sponsored hacking room" that looks like NCIS by way of Dr. Strangelove. Vote no - don't let Russian hackers control your vehicle.
Third wave - Muddy the waters by changing tone entirely to mimic the "Yes on 1" ads which have local, named individuals urging "it's your data, keep control of it." Muddied version - "It's your data, keep it safe. Vote no on 1."
Fourth wave - white unnamed men in auto shops with forced-sounding boston accents explaining that if you vote yes on 1, it'll hurt the little guy.
The insane $$ being thrown at trying to kill this bill [] tells a story in itself.
Over $23 million paid by automakers funded these scummy advertisements. Thankfully we know this from campaign finance transparency. The ads say in fine print that they are paid for by the "Coalition for Safe and Secure Data" and that top donors include "the Alliance for Automotive Innovation."
A Coalition campaign finance report from 2020 [0] shows $23 million in receipts from the likes of Ford Motor Company, General Motors, Toyota, Honda, Nissan, and others.
Expenditures in that report show who is helping them produce these ads.
Which reports? Reports that require disclosure of political advertising spend?
Yes. They're incredibly important. I want to know who is paying to try to influence an election. Many times, actionable information is exposed through these reports.
AIUI the German solution is to make their cars so difficult to repair and maintain, and require so many specialised tools, that nobody who isn't an authorised dealership will want to touch them.
It's interesting that there's no norm against participating in this kind of gross dishonesty. Everyone is comfortable that political speech is just a set of things you say to win the argument, and need bear no relation to any real or plausible events.
I think that it's not that there is no norms, it's that there's no point in having norms. These attack ads are conducted by proxies, not the interested parties themselves. It takes more energy to go after them then it takes for the interested parties to make a new proxy.
Ha, as if auto manufacturers all have an org dedicated to monitoring and deterring sexual predators and Russian hackers. Can anyone from one of these companies comment on this? Can I get a discount if I opt out of that at the dealership? I'm a techie, really I'd prefer to install Windows Defender on the car myself, thank you!
It wouldn’t be so laughable if the auto manufacturers didn’t already claim your data as their own and sell it to marketers.
This tidbit from the Onstar privacy policy made me laugh:
“The nature of our products and services means that there may be circumstances where you might let someone else use a product or service that we provide to you (for example, you let someone else drive your OnStar equipped vehicle). It is important that if you do let someone else use one of our products or services that you inform them of this Privacy Statement and of the privacy choices that you have made.“
The "No" column in the official state voter information booklet is almost criminally scummy. They quote Jane Doe, the Mass coalition against sexual assault and domestic violence, to make it seem like they're against the law. If you go to Jane Doe's website they say they aren't against the law, that the quote wasn't authorized, is out of context, and that they're disgusted that somebody would use battered woman as pawns to further their unrelated political agenda.
They're incredibly scummy but a super thin veneer. I don't know how anyone buys their BS. On one hand they feature grease monkeys talking about people hacking your car, I'm not sure people should be using their local mechanic for cybersecurity advice. More important, the fine print at the end makes it clear that it's the auto manufacturers sponsoring those ads, and their bias is obvious.
I'll lose some faith in humanity if it doesn't pass.
What I don't get is, why hasn't anyone stated the obvious.
Why do cars have location data stored onboard? Personal information? GPS data?
I have a phone, which already has stupid levels of personal info in it. Who on Earth needs another phone in their car, tracking everything, watching where I drive, who I call, on and on and on.
I don't get it. No one needs any of this crap in a car.
Take a phone for example, terrible security updates (eg, many phones barely have them last the terms of a 2 or 3 year contract). Then? Nada!
So how does that relate to my car? Lots of people keep cars for a decade.
Where are my free security updates, to all aspects of these network connected, wifi enabled, cars?
You think GM is going to give you a security update on a 10 year old platform?
It's a car, yet it's treated like the most horrid of things by GM/others, an IOT connected device.
If it's one thing I've learned over the years, it's that if someone can, and there's any profit motive, they will.
In terms of storing data? 20 years ago my VW recorded a great deal, as I discovered when the dealer's repair shop said to me "So you like to drive fast, eh?".
They knew precisely how fast, too.
What else is stored in that black box, which is often used by insurance companies, and police, after an accident? And required to be there, by US law? Or I suppose if they decided to execute a warrant against it?
These days, I'd be astonished if GPS data wasn't stored there too. And a lot more, as well.
Yet I say this ; do you know? Precisely? Exactly and precisely what is stored there?
Yet outside of the EDR/black box, there's the infotainment system, often with GPS data as well.
We live in a society where conspiracy theories based on lies, lack of knowledge or pure insanity trump actual scientific facts, and where basic health tools such as masks have been politicized.
In such a society I would be (pleasantly) surprised if the majority doesn't buy this BS.
Treat people like they're too stupid to think for themselves long enough and it becomes a self fulfilling prophesy. If the people of Massachusetts buy that crap they need only look in the mirror to find who to blame.
The last time anyone bothered to run a poll on this question, it was 65-35 Yes, which is roughly the same margin that Right to Repair passed by in 2012.
MA ballot initiatives, if passed, become ordinary laws. The Legislature can modify or delete them, just like any other ordinary law. However since the people voted for it, the Legislature is generally reluctant to do that.
Control over your device and the data it generates/transmits is fundamental to both. You can choose to care about one or the other, but they’re practically and ideologically closely related.
The problem with discretion is that it is also a common tool of discrimination. I'm fairly sure I have been given a pass on a few traffic violations that I probably wouldn't have if I weren't white.
In a city near me, they gave officers the discretion to either write people a ticket, or haul them to jail, for personal amounts of marijuana. After a few months, it was reported that not a single ticket had been written. I don't think most officers know what "discretion" means. Sad state of affairs, that.
It's not that cut and dry. Police officers have a duty to uphold the law. They swear an oath to be faithful to that duty. Thankfully, that still means something to most people. However, when given a choice as to how to uphold the law, they often take the low road, unfortunately.
That Yes ad raises more questions than it answers. What constitutes mechanical data? Does it include timestamps of when the engine was running and for how long? Is location data explicitly excluded? What about data that could be used to infer location, like vibration sensors picking up pothole impacts or gravel roads?
It seems simpler to just say: "This bill gives you, the owner of the vehicle, the right to give access to your car's data (that the automobile manufacturers are already collecting with little oversight into how it is used) to a third party mechanic of your choice for a limited time. It does not make this data available to literally anyone who wants it."
(The "for a limited time" concept does appear in the actual text of the bill in section 3 [1].)
If you are actually a potential rapist there are plenty of easier methods than setting up a fake repair garage and matching vibration sensors with pot holes. The entire idea is ridiculous.
Well sure, but if the larger point you're trying to make is that sensitive data doesn't get into the hands of the wrong people, "the data isn't actually sensitive data" is a weaker argument than "random people can't access your data without your explicit permission, and then only for a limited time."
The creepy "no" add is implying that your car's data is just available on some website for anyone to look up. That's a pretty big misconception that should be contradicted.
The other ballot option in MA this year, Question 2, would enable ranked choice voting for state and federal elections. There was a bit of a thread about this the other day: https://news.ycombinator.com/item?id=24561551
What's weird is that before moving to MA I had never even heard of ballot options. As far as I can tell they just don't exist in PA, so social studies curricula just don't teach them. I'm increasingly a big fan; it seems like a valuable escape hatch for a democratic republic for the citizens to have the power to bypass the legislature if necessary.
We have them in CA as well. I think in general they're a good workaround for getting things passed that the legislature for some reason doesn't have the political will to work on.
On the downside, repealing these things usually takes another ballot measure (the legislature can't touch most of these), so if one passes that turns out to be a bad idea, it'll be harder to remove it. Unfortunately we do have a few persistent ballot measures that have been on the books for years that are detrimental, but there's no will to get rid of them (Prop 13, I'm looking at you).
Occasionally I'll vote "no" on a proposition that I agree with, simply because I believe it's something that the legislature should take up, and doing it through the ballot measure process will end up being too inflexible.
This year's Prop. 15 would radically revise the tax limitation scheme adopted in Prop. 13/1978 by removing much commercial/industrial property from the coverage of it's limitation on annual increases of assessed value, and seems to be polling comfortably ahead.
If anyone's reading this and similarly hates Prop. 13 (1978), then please vote No on Prop. 19 this year!
It sounds good on the surface (helping disabled, elderly, and wildfire victims) but is truly just another way to extend Prop. 13 by allowing the type of rich homeowners who already unfairly benefit from Prop. 13 to continue to do so while buying a new house.
It’s a double edged escape hatch. In practice the vast majority of voters know little to nothing about what’s being decided.
On the other hand many third rail political views have a great deal of popular support. So, IMO the trick is to require a very large number of signatures to get on the ballot.
Agreed. It is useful to pass things that a legislature may never pass, like term-limits for legislators.
In Washington State, the initiatives frequently yield legislation that has conflicts/dependency problems with the existing law, something that happens far less-often with bills from within the legislature.
Also agreed that a high signature-number bar is one of the simplest/expedient ways to limit ballot-initiative spam. We have a person who has successfully made it their personal mission/job/source-of-notoriety to place some sort of small-government initiative on the ballot every year.
Yeah, on the ballot in our state is a law that supposedly prohibits the enforcement of local gun regulation, only allowing state regulation. Except its so poorly worded its unclear to judges and police and such what it even means.
> It’s a double edged escape hatch. In practice the vast majority of voters know little to nothing about what’s being decided.
Neither does the legislature, in many cases. On balance I'd rather have direct democracy for the majority of things. It has worked quite well in Oregon, which has an initiative system.
Direct democracy also leads to dumpster fires of a policy choice like Proposition 13 for your southern neighbors. No guarantees it wouldn't have passed through regular legislative channels, I suppose...
Given that it's also a third-rail for politicians to try to touch, it sounds like it worked precisely as it should, and gave people what they wanted and voted for.
Oregon passed something similar, albeit weaker; I wish we'd passed something much stronger. Not because I'm anti-taxation, but because funding anything via property taxes is an incredibly bad idea and leads to funding and service quality that's correlated with property values.
Both of those would be a substantial improvement, yes. At that point, you'd just have an unusual, specialized wealth tax.
If you're going to change property taxes that much, though, you might as well go all the way to a land-value tax, which would also reduce problems with assessment and improvement.
If you're interested in voting systems I suggest checking out my links in that thread about cardinal systems (much simpler and better in almost every way). You might also want to check out Clay's comments there and elsewhere, he's the co-inventor of STAR.
I think the results from the Fargo election are much more promising and interesting for those looking for representative voting systems.
Yes, a ballot question can be a referendum or an initiative. Basically, at least in MA, if you as a citizen want a law passed or repealed and you don't think the legislature will take it up, you can collect signatures of people who agree with you. If you get enough, it will be added to the next state election as a question for the voters to yea or nay.
In other words, it's a direct democracy end run around the usual representative democracy system.
Ah cool, that makes sense - I think that's called a citizen's initiative in the Netherlands and in the EU, where it has only existed for 14 and 13 years, respectively. Indeed a great addition to representative democracy.
Indeed. As a Montana citizen, its been excellent seeing medical marijuana legalization pass through ballot initiatives, and hopefully this year full legalization and regulation.
The people and their representatives don't always agree on every issue, and having an outlet for that nuance is very beneficial. I think any amount of direct democracy we can add is a good thing.
The thing that bugs me out about this law is that, AFAICT, this data is _already_ required to be available to any 3rd party manufacturer through a physical "non-proprietary interface" (so far, an OBD-II port) after a similar ballot initiative from 2013 [0]. This law essentially just makes the data available wirelessly.
I care about security holes and I care about consent. Having a physical interface makes it easy to provide data with consent to repair shops who need while trivially making sure no third party manufacturer or insurance company is leaked a massive database of everyone's driving data. I really don't see how the "wireless" addition gives me more of a right to repair, but I clearly see how it forces manufacturers to significantly increase their surface area of possible data leaks.
I'm all for Ben Franklin's liberty/safety argument, but with the 2013 law already in place, I honestly don't see the upside of the 2020 law.
I see where you're coming from, and this proposed law doesn't seem super useful in isolation. But consider:
1. Publishing the same data over OBD-2 ends up being an afterthought. Without even looking at the specifics, I guarantee that there is data transmitted through telemetry that is not output through OBD-2. That's just how embedded development works - focus on making the main feature work, then forget about the rest. It seems quite hard to apply the law to the details of a technical system ("Sorry, when developing we didn't consider that type of data necessary for repairing the car, even though we are using it to diagnose. Anyway we'll fix it in the model year after next"). Whereas it's straightforward to say that no matter how many different interfaces automakers develop, independent auto repair has to be able to access all of them.
2. If we're concerned with privacy (and we should be), then we need an orthogonal privacy law that prohibits automakers from backhauling this information without consent, and selling this information without consent (eg to insurance companies). Letting them unilaterally collect and only make it accessible to their dealers, practically guarantees a terrible security implementation - something like one master login for each "trusted" dealer, that can access any car's data by VIN. Mandating access for third parties will actually result in the attack surface being properly designed and audited.
3. Once you're taking the privacy hit, then there is a stored history that won't be available over OBD-2. Imagine going to a repair shop and they tell you to borrow a dongle and drive around for two weeks, where a dealer can help you immediately. This ties into data ownership, in that you should be able to retrieve your own records.
4. Imagine a hypothetical service that keeps tabs on your car's metrics and alerts you to developing conditions. With mandated access, this can be done as a simple web service. Without that, you'll need a separate dongle, probably specific to your car if things advance beyond OBD-2. I'd personally rather have a dongle and a local service that I control (coupled with a privacy law or pulling the cell modem), but unfortunately that's not how the consumer market works.
These are definitely valid points. Unfortunately your last example (3rd party web services easily discovering when I need an oil change, or what days I've been driving aggressively) is the kind of hypothetical I would want laws actively preventing.
Arguably, it's not this law's job to introduce such a protection! But best I can tell, no other law covers it in MA. It is perfectly legal for 3rd parties to sell this and other data without my explicit consent or even an opportunity to opt out (I think only CA has such an opt-out [0]).
Granted, manufacturers already have and can sell this data with no recourse. But at least manufacturers have national brands which could be hurt by selling or leaking massive amounts of data about their customers. Perhaps some brands could even make privacy a selling point. It seems like this law erodes that thin shell of protection.
> 3rd party web services easily discovering when I need an oil change, or what days I've been driving aggressively ... is the kind of hypothetical I would want laws actively preventing.
But why, if it would still require your consent? Not faux consent based on click through or economic pressure, but real consent in the way the GDPR is getting at.
> But at least manufacturers have national brands which could be hurt by selling or leaking massive amounts of data about their customers. Perhaps some brands could even make privacy a selling point.
This doesn't seem to be playing out for any other industry, even ones with much lower barriers to switching (eg cell phones, supermarkets, credit cards). Privacy just does not seem to be a market differentiator. Car purchase timeframe is on the order of a decade (especially for the type of people concerned with autonomy that don't lease). So you buy a car from a brand that isn't selling your data, and a few years later they turn around and sell your data anyway. Then do you grin and bear it, or sell your car at a loss and go back to the market just to get screwed again? Until there is a privacy law, self help to prevent anyone getting your data in the first place is the only real option here.
> But best I can tell, no other law covers it in MA. It is perfectly legal for 3rd parties to sell this and other data without my explicit consent or even an opportunity to opt out
Yes, this is the root of our society's privacy/surveillance problem. The CCPA is relatively recent, and even that has been neutered to appease entrenched interests.
Companies want to hold power over you by selling your data, and also by withholding your own data from you. Being hesitant to address the second problem because of unknown unknowns about the first problem seems like the path of self-defeat. I'd love to see another ballot initiative that addresses privacy by retaining control of our data, but this is orthogonal.
I'm in the same boat. I don't understand the argument that manufacturers are using telematics as a loophole, since it seems that the 2013 law specifically says that while many uses of telematics are not covered by the law, those that are "necessary to diagnose and repair a customer's vehicle" ARE still covered.
> With the exception of telematics diagnostic and repair information that is provided to dealers, necessary to diagnose and repair a customer’s vehicle and not otherwise available to an independent repair facility [...] nothing in this chapter shall apply to telematics services [...].
So, are manufacturers doing things like including telematics that they claim "aren't necessary" but in reality are pretty important? If so, then independent repair shops are at a disadvantage, but the solution should be to force those signals to be available through the physical port.
Or is it a matter of independent repair shops not being able to compete with the dealerships who can get telematics to do things like email you when it is detected that your oil is low?
As far as I can tell, the 2013 law doesn't actually define "telematics" or "telematics data". This intiative does define the latter to be data that the car collects and phones home, and which the car itself may not store at all (but the "remote receiving point", as the law calls it, does store).
It seems to me that you can't reasonably require access via the physical port on the car to data that is not actually present in the car's systems. Or am I missing something?
I was also extremely confused by the smartphone app requirement. I don't imagine most car guys want to fumble around with their personal, expensive, fragile smartphone while doing automotive work.
Modern vehicles generally have very advanced media consoles installed in the dash. Why can't they just display the information there? Or just add a standardized port under the hood with a publicly documented interface that mechanics could plug a device into?
I'm not a fan of the smartphone app requirement (as opposed to, say, a web app requirement), not least because it presupposes ownership of a smartphone. But I _think_ the intent is for "normal people" to be able to know at least as much about their own car and its behavior as the manufacturer does, and more importantly to know what it is their manufacturer knows. Importantly, this is all about data that got shipped off wirelessly to the manufacturer and does not reside in the car itself anymore.
The media console approach would require the existence of such a console and for the media console to connect to "the cloud" to retrieve the data. Possible, presumably, since the car is connecting somehow to ship the data out to start with, but I'm really not sure what the tradeoffs are there.
The standardized port idea unfortunately suffers from that last problem too: it relies on the car itself to make a connection to "the cloud"; depending on what's going on with the car that may or may not be possible, I'd think.
While I support right to repair and will be voting accordingly as a born and raised Masshole the whole "centralized platform for service info" thing is a massive red flag to me.
Having to go through the government (the proposal as I understand it) to get service literature is only better than having to go through an uncooperative manufacturer. They could have just revoked the exemption for telemetry data without any of this platform nonsense. I don't want to get too off in the weeds here but I have zero expectation that the legislature doesn't have more nefarious things in the works for later. Cracking down on the backyard mechanics who keep the shitboxes of the greater Boston area running and forcing the poors onto the T would be their wet dream. If the goal is to give owners and manufacturers more access then why not just mandate that the OEMs provide the access, why go through the trouble of a platform if it's not part of a bigger picture that you don't want to tell people about just yet?
> Cracking down on the backyard mechanics who keep the shitboxes of the greater Boston area running
Don't really have much to add to your point. But I wanted to mention, that on my block (a mixed income neighborhood in Boston) has 1 guy who fixes almost all our cars. He doesn't own a shop, he just brings his tools and fixes your box on the street. Every time he's out there he acquires a new customer. We all love him. His work is great, and his prices are so low my wife has to argue with him to take more. Without him, there's a lot of people where I live who would be in a tough spot.
Pardon my ignorance: what centralized platform? As far as I can tell, the proposal requires direct two-way communication between the vehicle and end user.
The independent repair shops with the “yes on one” signs I think help more than any sign I’ve seen. As stated by others there have been a lot of ads about this.
MA resident here -- I'm voting yes on this ballot question for the exact reason why farmers seek older farm tractors and machines. The more shops that have access to data, the more competition there will be, which is a good thing.
The bill is summaraized in the voting guide which also has the full text.
I’m voting yes.
PDF of Massachusetts guide to the ballot question. It has a nice summmary and the legalease versión too.
https://www.sec.state.ma.us/ele/elepdf/IFV_2020.pdf
....
Commencing in model year 2022 and thereafter a manufacturer of motor vehicles sold in the Commonwealth, including heavy duty vehicles having a gross vehicle weight rating of more than 14,000 pounds, that utilizes
a telematics system shall be required to equip such vehicles with an inter-operable, standardized and open access platform across all of the manufacturer’s makes and models. Such platform shall be capable of securely communicating all mechanical data emanating directly
from the motor vehicle via direct data connection to
the platform. Such platform shall be directly accessible
by the owner of the vehicle through a mobile-based application and, upon the authorization of the vehicle owner, all mechanical data shall be directly accessible by an independent repair facility or a class 1 dealer licensed pursuant to section 58 of chapter 140 limited to the time to complete the repair or for a period of time agreed to by the vehicle owner for the purposes of maintaining, diagnosing and repairing the motor vehicle. Access shall include
the ability to send commands to in-vehicle components
if needed for purposes of maintenance, diagnostics and repair.
SECTION 4.........
I have to say, the linked Voter Information document in the article does a great job of describing the intent of question and the consequences for a "yes" or "no" vote. I wish all ballot questions had such a clear explanation.
These ballot questions are typically bizarrely phrased in legalistic and often deliberately misleading language. Someone entering a voting booth unprepared to read a dense confusing paragraph about a topic they may have never thought of is vulnerable to the whims of whatever politics are in play behind the rhetoric of the ballot question.
The only thing holding me back from a yes vote is the availability of detailed location data to 3rd parties. Can a mechanic sell this data? Can it be subpoenaed by police?
I prefer that they don't have it either, but that's not a choice. But if every garage in the state has access to this data, it seems like a much bigger risk.
I don't know - it seems like you're assuming that authorized dealerships are a lot more trustworthy than general repair shops. That authorization is usually more "expensive" rather than "difficult" to acquire so a lot of the smaller shops have struggled to secure it.
I think one way to read the decrease in volume is that - yea it'd sure be nice if six fewer dealerships had access to this information, so why don't we make sure they all get forced to close their doors because the automakers don't want competition - there would be fewer in count, but that doesn't really speak to the security of that data at all (additionally, most of the sensitive data you probably care about doesn't appear to be on the table for this bill - specifically telemetry about driving habits doesn't appear to be under consideration)
There's not a database of location data that all garage's can access. It's mainly about making it so that car manufacturers can't design car computers in a way that in a way that impedes independent shops from doing repairs without paying the manufacturers for access (think like custom data access protocols, or obfuscation that's only readable after paying Honda a monthly massive fee). This is the battle that farmers are fighting against john deere.
Actually, if the data is only accessible to a few authorized shops, that's when the data is especially likely to be sold. Data is really only valuable in aggregate - if more shops can service cars, then each shop really gets less access to aggregated car data. More choice means less centralization of the data which means it's more difficult to collect enough data for it to be sold.
I think the car manufacturers are the ones who are hoping to monetize the data, and that's why they're trying to restrict access.
I don't know that centralized warehousing is relevant here, given that the systems seemingly rely on centralized silos regardless. But keeping the system dealership-only will encourage security by obscurity (eg one master login per dealership that can then access any car), whereas opening it up will force automakers to design their system for fine grained security.
What use is location based information to a repair shop? Is it simply that opening up this dealer-only content to 3rd parties will in turn share the location data? I can't see any benefit in sharing location specific info to a shop. Why not have the bill insulate that type of data...walled off, for dealer and owner only to access.
Of no use to them, but perhaps a valuable thing they can sell to others (insurance companies, marketers, spies, etc).
I'd really rather my car not gather that much data to start with. My phone provides all the mobile compute and navigation (and privacy invasion) I need. I don't think historical telemetry data of any kind is going to deliver extra value to me, the car owner. Every extra feature in a car is just another thing that breaks.
Worse, it doesn't give you extra value, it detracts value. It's info about you, out of your control, yet unlike gmail, which is free, you've paid cold hard cash to be tracked.
I think what we need is just an "everything" bill. If you pay ANYTHING for the hardware, then you control EVERYTHING.
The full stack. You can't sell it, the code isn't yours, but by rights you get the full dev kit for the entire OS.
This is the only way forward. The only way to stop all spying, show everything malicious being done to end users, and ensure I can repair anything borked down the road.
More likely, it's your phrasing and typography that is causing downvotes rather than your ideology. Using capitals for emphasis violates the guidelines (https://news.ycombinator.com/newsguidelines.html), and for many people, starting with repeated this's pattern-matches to a low quality comment. You might ask yourself if your style is conducive to the message you are trying to convey.
I don't give two flying farts how you chose to punctuate or emphasize your comment. I fully appreciated it and agree with it a lot. Unsure why downvoted as well. (Also new here, so will make note of rules).
I'm not really sure I understand what location data has to do with right to repair?
Do you mean because now some OnStar type API must be documented "for repair"? (if so, I'd argue that security through obscurity is little to no security at all and I'd hope that your API is properly secured. For example just because the Google email API is documented doesn't mean people suddenly can read my email!)
Also in the same vein...can insurance companies get it? Progressive has been trying to hawk that OBD-II spy box for ages now, and this would seem to be a gold mine for all of them.
The ballot question is actually about the "Right to WebApp Development Competency." Voting yes means you believe that, after a "Such platform shall be directly accessible by the owner of the vehicle" law passes, webapp developers will MAGICALLY gain the competency needed to rapidly deploy a life-or-death-critical service for access by millions of unsecured client endpoints, and deploy it with no security-relevant design or implementation flaws.
There's at least some hope of delivering a secure service to dealerships. (I don't know whether this has succeeded.) There's also some hope of delivering a secure service to registered endpoints at independent shops that can be audited for client security practices. This is the correct next step. With the state of webapp security today, there is NO HOPE AT ALL of delivering a secure service to the general public.
On the positive side of this: My local repair shop has sent a couple of email blasts explaining how they'll be able to use this data safely to help us, and respectfully asking us, their customers, to vote Yes On 1. I'm all for it. And I do infosec for a living.
I'm seeing videos suggested by the YouTube algorithm from time to time about the Right to Repair and nothing is more infuriating then watching those people who basically sold their soul to say things that are not only blatantly baseless but also which are very against the public interest and will have negative impact on the environment for the generations to come.
I dont even know what side you mean. Right to Repair allows longer product life (environmental plus) at the cost of simplifying modifications that worsen environmental impact (though that can be mitigated with careful regulation).
Its all still individual consumption environmentalism, which is the minority of impact.
I would vote yes if they Excluded location data. The language of the propositions doesn’t do that. This suggests to me that it’s as much a Silicon Valley style big data-play as a simple “right to repair” issue, which I would happily support
I don’t understand how engineers can read the actual text of the Question and think this is a good idea...
> shall be required to equip such vehicles with an inter-operable, standardized and open access platform across all of the manufacturer’s makes and models.
What is a “platform” in this context? The vehicle is supposed to be equipped with one, so presumably not a cloud server then?
Inter-operable with what? Other manufacturers? Standardized how and by whom? What does “open access” mean in this context?
Does this run on the car? In the cloud? How do you connect to it? Remember this is a legal requirement, not a spec that can just be revised.
> Such platform shall be capable of securely communicating all mechanical data emanating directly from the motor vehicle via direct data connection to the platform.
So I think this is saying that all mechanical data which is emanating from the vehicle must also be made available by connecting directly to “the platform” but you could read it two or three other ways.
> Such platform shall be directly accessible by the owner of the vehicle through a mobile-based application and, upon the authorization of the vehicle owner, all mechanical data shall be directly accessible by an independent repair facility
As supposed to the ODBII port which is the current standard, now we have a “mobile-based application” which the “owner” of the vehicle uses to directly access the “platform”.
I don’t know how the car is supposed to know who the owner is, let alone the original manufacturer of the car.
But then after somehow authenticating the owner on this mobile based application there’s also going to be a way to authorize your repair shop to do the same?
So perhaps repair shops are registered with this platform and I can select them from a list, or maybe after I’m magically authenticated I send them an email and they open that on their phone and click a link which send a message to an app which... wait what?
> limited to the time to complete the repair or for a period of time agreed to by the vehicle owner for the purposes of maintaining, diagnosing and repairing the motor vehicle.
Oh yeah and these access tokens are also time limited and revocable.
> Access shall include the ability to send commands to in-vehicle components if needed for purposes of maintenance, diagnostics and repair.
So I’m just not following at all the level of complexity here and the huge number of red flags on legislation which is trying to spell out a technical solution instead of just spelling out the effect.
We don’t need an open access inter-operable standardized data platform providing direct and delegatable remote control via mobile application to mechanical control systems. We really don’t.
I would be a lot happier if it simply said that manufacturers must provide documented vendor extensions to the ODBII port to cover any new data streams.
My understanding is the motivation for Q1 is that vendors will stop including ODB ports since they can rely on OTA mechanisms [1], thus bypassing the intent of the previously enacted right to repair bill. The Globe editorial [2], despite being in favor of Question 1, acknowledges many of the concerns you've laid out. They suggest, as a possible remedy, that the Legislature amend the law if and when voters approve it, and propose "a compromise that requires all cars, including electric vehicles, to keep their OBD ports — which mechanics can currently plug into to retrieve diagnostics data ."
> I don’t understand how engineers can read the actual text of the Question and think this is a good idea...
Because engineers are generally capable of understanding that law is law, and not a computer program.
> Remember this is a legal requirement, not a spec
Yes, this is a basic principle of how laws are written. You've supplied the rebuttal to the rest of your comment. All the terms that you singled out and put scare quotes around are meant to be applied by the courts to ongoing industry practices - the point is to avoid needing future revision based on details. If the lack of specificity offends your engineer sensibilities, then you need to work on developing other modes of thinking.
It's not a lack of specificity that I'm worried about - quite the opposite, I think this text is far too over-specified while managing to use fluff terms that are mostly meaningless.
Meaning a court will have to somehow divine meaning from all those scare-quoted terms when the inevitable lawsuits commence.
The retired boston police commissioner has done an ad spot for Yes on Right To Repair specifically to slap down the "you will be raped in a parking lot" FUD: https://www.youtube.com/watch?v=0bye5DRBSpw
The EFF is also strongly in favor, naturally, but i think Ed Davis will pull more weight if anyone's undecided.
(when marijuana legalization was on the ballot in 2016, the then-chief of the state police did a similar ad spot whose pitch boiled down to "vote yes so we can stop wasting our time on stupid college students, willya?", which I think had a similarly large impact. )