FCA among first to place limits on vehicle scanning

By John Yoswick

New automaker restrictions on vehicle scanning were among the topics discussed at the Collision Industry Conference (CIC) held in Palm Springs, Calif., earlier this year.

Jack Rozint, outgoing chairman of CIC’s Emerging Technologies Committee, said that at least two more automakers will roll out “secure gateway” systems, similar to one Fiat Chrysler of America has in place, that limit access to vehicles by those seeking to scan vehicles or reprogram modules. Such systems are “essentially a firewall, similar to one you’d put on your home or office computer network in order to control the access to that network from outside,” Rozint said.

“If you are an authorized user, the secure gateway will not restrict your access to be able to do scans or reprogram modules, etc. If you aren’t an authorized user, or you’re trying to perform a function that’s not permitted, you get blocked.”

The need for such gateways was clear after the much-publicized hack in 2015 of a Jeep Grand Cherokee that showed such vehicles could be remotely accessed and controlled. To scan some 2018 and 2019 FCA vehicles — and nearly all 2020 models, Rozint said — shops must be registered with AutoAuth. There is a one-time registration fee of $50 per repair facility for up to six authorized users (additional users each are $2 more). If not using FCA’s scan tool, a shop must supply the serial number of the scan tool (or tools) they will be using from among those tools authorized by FCA.

“FCA has limited the registration to only those tools that have a diagnostic license with FCA,” Rozint said. “So if you have a tool and it’s not on the list, it’s probably because the scan tool manufacturer hasn’t registered yet, or they don’t license diagnostic data from FCA.”

Once a shop’s tools and technicians have been authorized through AutoAuth, no other additional steps are required when scanning or reprogramming FCA vehicles, Rozint said. Other automakers may use different administrators (like AutoAuth) or processes for securing access to their vehicles, he said. 

At his final CIC meeting as co-chairman of the “Insurer-Repairer Relations Committee,” Clint Marlow of Allstate in Palm Springs said vehicle scanning is one topic that he feels the industry has come a long way toward reaching consensus on.

“Maybe not as quick as some people would have liked to have seen,” Marlow acknowledged. “From an insurer’s perspective, it’s obvious that the new [vehicle] technology has changed the game. It’s obvious that for the newest vehicles with ADAS, this is going to be part of a proper repair procedure. Hopefully the repairers aren’t seeing a lot of disagreement around that any more. I’m not saying you’re always going to get pre- and post-repair scanning on your estimate. But I think most of the time, people who are using a degree of common sense [know when] it is a value-added procedure.”

He cited one of his family’s vehicles, a 2008 Ford F-150, as a vehicle with little technology necessitating a scan despite some vehicle manufacturers’ position statements that “just say ‘any,’ ‘all’ or ‘always’.”

“If my truck came into your shop, and it needed a rear bumper, do we need to put the additional expense of a pre- and post-repair scan on that particular truck? I’d like to think we can think about this logically. Understand the safety systems on the particular truck and make decisions, using the statements as guidance,” Marlow said.

Just minutes later during the discussion, however, CIC attendee Jake Rodenroth of asTech told Marlow, “I just pulled up [the 2008 Ford F-150] and there are actually 27 different initializations and resets and synchronizations that your truck is supported with. Rather than a [model] year being the driving force [in the decision whether to scan], maybe it’s the [OEM] operations and the impact [to the vehicle] that says, ‘Clint’s truck has tire pressure monitoring affected, and there’s a scan tool step for that.’ My point is, there are [scanning-related] steps with those cars, too.”

Marlow didn’t fully disagree.

“I like the idea of looking at [the repair] operations, looking beyond the [OEM] position statements and looking at [vehicle] systems,” Marlow said. “On that same bumper on my truck, there certainly was an option to have a rear-sensing system, and my answer [related to scanning] completely changes if that’s the case for that particular truck.”  •

Companies say they don’t share data with CARFAX

After discussions at several industry events last year about shop data from estimates or parts orders relative to a particular vehicle seemingly resulting in an entry on CARFAX or another history report for that vehicle, a number of companies have released statements saying they are not the source of such data “leakage.”

“We don’t share data with CARFAX, never have shared data with CARFAX, have no intention of sharing data with CARFAX,” Dan Risley, vice president of quality repair and market development for CCC Information Services, said. “So if you are writing an estimate in CCC ONE and it shows up on some customer’s CARFAX report, you need to do some research on your end: who is pumping data from your system, or if one of your partners that you’re sharing data with is sharing it with someone else.”

CCC’s statement came just a week after OEConnection told users of its CollisionLink system that the company “does not and has never provided or sold data to CARFAX, AutoCheck or any other vehicle history reporting company.”

Frank Terlep, who co-chairs a Collision Industry Conference (CIC) committee focused on “Data Access, Privacy and Security,” gave “a big shout out” to such companies that have “stood up and said we’re going to protect our customers’ data.” He also shared a first draft of “Golden Rules” the committee is developing for those entities accessing and using shop estimate data. Those five rules call on such companies to make it clear what data is being used and why, to pledge to not misuse or allow others receiving the data to misuse it, and to give customers “the choice of what to share and what not to share.”

Terlep said the committee welcomes feedback on the draft. He said the committee envisions presenting the rules, once finalized, to all companies using industry data, and to recognize those companies who pledge to abide by them.  •