Legislation Raises Serious Vehicle Privacy, Security and Safety Issues for Consumers   

Published

Members of Congress are Urged to Oppose H.R. 906 

 

ISSUE

Advocates for “right to repair” legislation claim that independent automotive repair shops do not have access to the parts or data necessary to repair vehicles. However, this concern was rectified years ago, and today the information independent shops need to repair vehicles is readily available from every auto and truck manufacturer. The latest iteration of “right to repair” legislation (H.R. 906) has little to do with repairing a vehicle. Instead, the bill compels auto and heavy-duty truck manufacturers to provide any “aftermarket parts manufacturer” the information necessary “to produce or offer compatible aftermarket parts,” i.e., parts not made by the auto or truck manufacturer. This legislation would also give any third-party remote, bidirectional access to sensitive consumer data from vehicles, which raises significant consumer privacy, cybersecurity, and automotive safety concerns. This bill regulates only vehicles and does not apply to other products, such as farm equipment or mobile phones. Members of Congress should oppose H.R. 906 since it raises serious vehicle privacy, security and safety issues for consumers.  

BACKGROUND

 

Vehicles generate tremendous amounts of data, including private information such as biometrics, vehicle location, or driver behavior data. This data is currently regulated according to strict privacy principles to protect consumers’ privacy and safety. However, H.R. 906 would require vehicle manufacturers to provide any third-party remote, bidirectional access to vehicle-generated data “without restrictions or limitations.” This overbroad requirement, which covers all the vehicle’s data, is unrelated to the servicing of the vehicle and creates serious privacy and safety concerns. 

 

The National Highway Traffic Safety Administration has noted the “significant safety concerns” open access to vehicle telematics would raise, stating, “Open access to vehicle manufacturers’ telematics offerings with the ability to remotely send commands allows for manipulation of systems on a vehicle, including safety-critical functions such as steering, acceleration, or braking…A malicious actor here or abroad could utilize such open access to remotely command vehicles to operate dangerously, including attacking multiple vehicles concurrently.”

 

The Government Accountability Office (GAO) is currently conducting a comprehensive study on the competitiveness of the automotive repair market. GAO’s report, due early next year, should be reviewed by Congress first to inform any legislation dealing with automotive right to repair.


KEY POINTS

  • This legislation undermines intellectual property rights. H.R. 906 unfairly promotes the interests of aftermarket companies by compelling auto and truck manufacturers to provide any “aftermarkets parts manufacturer” the information necessary “to produce or offer compatible aftermarket parts.” This giveaway of proprietary information allows aftermarket parts manufacturers to gain access to automakers' proprietary information which could then be used to facilitate the reverse engineering of genuine, original auto and trucks parts, including safety-critical parts.
  • H.R. 906 is built on a faulty premise as independent repair shops currently perform more than 70% of all non-warranty repairs. The bill is based on the premise that information necessary to service and repair vehicles is not available to independent repair shops. However, information necessary to repair vehicles is available to independent repair shops, dealers and individuals through the National Automotive Service Task Force, as well as through several private companies.
  • H.R. 906 creates new privacy, vehicle security and safety risks. The bill would force manufacturers to release information which could create serious privacy, data security and vehicle safety risks. For example, the bill mandates that vehicle manufacturers provide all the “vehicle-generated” data unconditionally, which may include sensitive private information, to any person the vehicle owner has designated. Also, with the increasing complexities of vehicles today, including the growing electric vehicle market, it is important that vehicle service and repair is performed by trained and certified technicians to ensure customers’ security and safety.
STATUS
The House Energy and Commerce Subcommittee on Innovation, Data and Commerce held a hearing on H.R. 906 on Sept. 27 and a markup on Nov. 2. NADA and other industry stakeholders submitted a coalition letter opposing this fundamentally flawed legislation. Members of Congress are urged not to cosponsor or vote for H.R. 906.                                                                                      
 
Download This Brief
 

Contact