Oct. 23, 2015—A letter sent this week by the Auto Care Association to a U.S. House of Representatives subcommittee warned that provisions in draft vehicle cybersecurity legislation could allow car companies to take “full control over who has access to key vehicle systems, many of which are needed for repair purposes.”
The letter further stated that, “such action could have severe anti-competitive impacts on our industry and car owners who depend on independent repair shops for about 80 percent of post-warranty repairs.”
The provision was included in a “Discussion Draft to Provide Greater Transparency, Accountability and Safety Authority to the National Highway Traffic Safety Administration,” which was issued by the Subcommittee on Commerce, Manufacturing and Trade of the House Energy and Commerce Committee. The provision would make it “unlawful for any person to access, without authorization, an electronic unit (ECU) or critical system of a motor vehicle or other system containing driving data for such motor vehicles, either wirelessly or through a wired connection.”
In the letter, the Auto Care Association called the provision “vague,” citing the ECU as the brain of the vehicle and that shops would need access to the ECU in order to provide diagnosis and repair for a vehicle. “The Auto Care Association believes that when a consumer purchases a vehicle, they own not only the sheet metal and mechanical parts, but the software as well,” the letter said. “While the design of the software might be the property of the developer, ownership and the access to that software should be controlled by the owner of that vehicle and not by the vehicle manufacturer.”
