New TV ad makes link between Mass. Question 1 and predators

BOSTON -- The campaign around the ballot question that would expand access to vehicle repair data is heating up with opponents airing a new ad suggesting sexual predators would more easily be able to stalk victims if the question passes and the former Boston police commissioner calling the ad "a dishonest fear campaign."

The ad from the auto manufacturer-backed Coalition for Safe and Secure Data -- part of the group's self-described "multi-million dollar spend" on an early advertising blitz -- warns that "anyone could access the most personal data stored in your vehicle" if Question 1 passes this November.

"The federal trade commission warns your address could be paired with your garage codes to give easy access to your home," a breathy voiceover says in the ad as a cloaked figure approaches a home on foot, uses a remote to open a garage door and then enter the home as a dog barks in the distance. "Domestic violence advocates say a sexual predator could use the data to stalk their victims. Vote no on 1, keep your data safe."

The proposal, which would update a 2013 law by mandating that vehicle owners and independent repair shops can access telematic data often held by manufacturers, had already prompted significant debate about cybersecurity.

The Right to Repair Coalition, which backs the ballot question, said the ad is a scare tactic and is misleading because it conflates the Massachusetts ballot question with a similar, and unsuccessful, effort in California. The group had former Boston Police Commissioner Ed Davis, who is paid as a consultant to the coalition, respond to the ad.

"This ad tries to frighten people and raises real credibility questions for the automakers. The manufacturers try to link Question 1 to a completely different bill from California in an effort to confuse the voters. Don't be fooled," Davis said in a statement. "My firm and our cyber security experts have reviewed Question 1 and deemed it to be safe and necessary. Question 1 clearly states that only mechanical information, for the purpose of repairing a car, for a limited amount of time and only with the permission of the owner, may be shared with class 1 repair shops. This is about consumer choice in car repair, period."

The Coalition for Safe and Secure Data pointed to testimony offered earlier this month by the National Highway Traffic Safety Administration, which expressed doubts that auto manufacturers would be able to comply with the proposed law in the time it specifies and said the law could increase the risk of cybersecurity attacks.

"[I]t is our view that the terms of the ballot initiative would prohibit manufacturers from complying with both existing Federal guidance and cybersecurity hygiene best practices," Deputy Administrator James Owens wrote. He later added, "Two of the most important techniques — logical and physical isolation of vehicle control systems from external connections, and controlling access to firmware that executes vehicle functions — may be rendered impossible by the provisions of this ballot initiative. The ballot initiative requires vehicle manufacturers to redesign their vehicles in a manner that necessarily introduces cybersecurity risks, and to do so in a timeframe that makes design, proof, and implementation of any meaningful countermeasure effectively impossible."