Tinkering with cars and solving problems is Tony Venuto's love and livelihood. It’s what drove him, over 30 years ago, to launch the Dedham repair shop and used car dealership that he now co-owns with his brother-in-law — him running the repair side, while his relative oversees sales.
“I love working with my hands and fixing things,” said Venuto, 56, while plugging a tool into a 1990s-era standardized port to diagnose a car at his shop, A.S.P.I. Motor Cars. “I love the challenge.”
Venuto said he decided to support an upcoming state referendum that will affect shops like his when he heard that big auto makers might eventually be able cut independent repair shops out of the business by withholding the wireless diagnostic data that late-model cars transmit. Question 1, on the ballot in next week's election, asks Massachusetts voters, who passed the nation's first so-called right to repair law in 2012, whether that wireless data belongs to manufacturers or vehicle owners. Passage would again put the state in the forefront of this area of law.
Advocates of the ballot question point to estimates that nearly 90 percent of new cars will have connective capacity by 2022, and say the proposal would level the playing field between the big automakers and independent shops like Venuto's, whose survival is tied to access to diagnostic data.
More Politics
But opponents, like Conor Yunits of the Coalition for Safe and Secure Data, counter that the ballot question's terms are unclear and would result in privacy-threatening changes to the way manufacturers maintain data now.
“All of these companies that are building these systems are spending huge amounts of money to protect and secure this information,” Yunits told GBH News. “Now, we’re talking about throwing that out the window and making everything connect to a system that has not been tested, has not even been created yet, and doing it by model year 2022, which is really actually next year.”
Yunits’ group is financed by auto makers with large market shares in Massachusetts. The coalition has collected about $26 million to campaign against the proposal, while the "yes" side has raised $24 million, according to public data reviewed by GBH News.
Aaron Lowe of the Auto Care Association, which has contributed $4.6 million in support of Question 1, said standardizing data access is necessary to keep the car repair sector competitive.
In an interview with GBH News, Lowe likened the repair data fight to the port that mechanics often plug into, to begin diagnosing a car’s problems.
“We take it for granted that that port is the same on every single make and model in the country,” Lowe said. “But that’s not the way it was going to be. It was a fight with legislators as part of the Clean Air Act that required that that port be standardized. And the standardized port has had tremendous advantages to competition in the industry.”
Tommy Hickey, director of the Right to Repair Coalition, admitted the measure is somewhat preemptive, given that those ports are not yet wireless. But he argued that the existing right to repair law from 2012 needs to explicitly cover this anticipated technological advancement.
“It’s preemptive, but it’s starting today,” Hickey said. “We need independent repairers to evolve with the car as it goes.”
The "no" side argues that it's safer for each company to have a proprietary data system. If they're forced to standardize as the ballot question mandates, opponents say, it would theoretically only take one bad actor to figure out how to hack into all the data systems.
Opponents and experts in the information technologies field also point to some of the proposal's imprecise language. Question 1 does not specify who would create, monitor or protect the new open source platform that would facilitate data access for owners and independent repair shops.
"So, to say that somehow an app that has to come out in the next year and has to connect to every single connected vehicle in Massachusetts is going to be safe and is going to be secure, is ludicrous,” said Yunits.
The question also does not explicitly exclude personal or location data from the definition of what can be accessed, raising concerns about the potential for overreach.
“The issue that I think is ambiguous is, for example, is the speed that you’ve been driving at the locations that you’ve been to — personal or mechanical data,” said Stuart Madnick, director of cybersecurity at the MIT Sloan School of Management.
Andrea Amico, founder of the Privacy4Cars app that helps drivers wipe personal data from their vehicles, said that while he does not see a way repair shops could access a driver’s text messages or garage door codes, there is ambiguity on how location data might be interpreted.
“I think where the questions really lay is on geolocation data, because some [wireless] data can actually be very telling of who you are and what you do in your personal life,” Amico said.
Both men readily acknowledged that potential hacks are a risk — regardless of this referendum’s outcome.
A recent study from Tufts University also suggested that the proposal could benefit from a “sharper definition of what counts as repair-relevant” data, even though the drafters may have intended to leave it out. The legislature could make that clarification if the referendum passes.
Yunits and his fellow opponents are skeptical.
"All we can do is do is judge it by what's in front of us, and what's in front of us creates a lot of risk," he said.
Back at the Dedham repair shop, Venuto said he just wants to be able to fix cars into the computerized future.
“Obviously, if they have the trump card on withholding that information on how to fix it, they have an advantage over us,” he said. “As long as we have that information, we have the opportunity to fix that for a customer — and that's what we want.”