The Auto Care Association, based in Bethesda, Maryland with over 3,000 member companies, sent a letter to the U.S. House of Representatives subcommittee, warning that provisions in draft vehicle cybersecurity legislation could allow car companies to take “full control over who has access to key vehicle systems, many of which are needed for repair purposes.”
The letter further stated that, “such action could have severe anti-competitive impacts on our industry and car owners who depend on independent repair shops for about 80 percent of post-warranty repairs.”
The provision in question was included in a “Discussion Draft to Provide Greater Transparency, Accountability and Safety Authority to the National Highway Traffic Safety Administration,” issued by the Subcommittee on Commerce, Manufacturing and Trade of the House Energy and Commerce Committee. The provision would make it “unlawful for any person to access, without authorization, an electronic unit (ECU) or critical system of a motor vehicle or other system containing driving data for such motor vehicles, either wirelessly or through a wired connection.”
In the letter, the association called the provision vague, citing that the ECU is the brain of the vehicle and that shops need access to the ECU in order to provide diagnosis and repair for a vehicle. “The Auto Care Association believes that when a consumer purchases a vehicle, they own not only the sheet metal and mechanical parts, but the software as well. While the design of the software might be the property of the developer, ownership and the access to that software should be controlled by the owner of that vehicle and not by the vehicle manufacturer.”
Published in the January 2016 Edition of American Recycler News