In the transfer of estimate information – as data travels along the Internet from shop to insurer – open standards are good; they allow any vendor who uses that standard to seamlessly link his product or service to any other vendor’s product or service. For shop owners, an open standard means you can select an estimating system based on performance, cost, service by the vendor and ease of use, instead of which system is needed for a particular insurer.
In the wrong hands, however, open information is bad; people can take advantage of your personal information – your credit card number, for example – for their personal gain.
Open access connects the two, which can be good or bad.
The debate regarding open access is what prompted two competitors, ADP and CCC, to join forces. These two information providers said this data needed to be protected so some hacker didn’t get it and take advantage of their clients, hence ADP and CCC’s decision to consider encryption of the estimating management system (EMS) file and licensing agreements, respectively.
Such a decision could have crippled the electronic claims processing companies (dotcoms).
The dotcoms – along with Mitchell and CompEst, also leading information providers – claimed providers don’t own the transferred estimate information. So, if someone wants to use it to provide a service as a communication link – which is what the dotcoms do – they should have access.
Just when it seemed everyone had chosen their side and was sticking with it, ADP and CCC announced they were no longer considering encryption and licensing agreements. Open access was OK with them, too.
But why wasn’t it before? Why the debate? And why should you care? Let’s face it. This topic takes a lot of energy to figure out. Is it worth it? The mind is a precious thing. Wouldn’t it be terrible to replace a lovely childhood memory with facts and figures about the debate over open accessibility of estimate data?
Here’s why you should care:
Since the dotcoms can now access data, they can more easily be your communication link, passing estimate information from your shop to insurers. You’ll now have more companies to choose from in selecting this communication link, and your decision can be based on quality and price of the product.
This decision was the last hurdle faced by open standards, and it ensures that the goal of the Collision Industry Electronic Commerce Association’s (CIECA) EMS standard – also known as systems integration – will be achieved. The goal: that shops no longer have to print out information from one system and re-key it into the other system. No matter what provider you use – ADP, CCC, Mitchell or CompEst – the EMS system will format the estimate so when it gets to the insurer, it looks just how they wanted it.
How would encryption or licensing have hindered this process? “If a shop uses XYZ management system and both ADP and CCC estimating, the EMS functionality they purchased in the management system [would’ve been] taken away by ADP or CCC encrypting,” says Roger Cadaret, executive director of CIECA. “The shop [would] again have to manually re-enter the estimate and assignment.”
The Internet has become an even more vital tool in collision repair.
On the other hand, if ADP and CCC hadn’t made this decision and access to data had been closed to the dotcoms, your choices would have been more limited – even more so because the dotcoms might have slowly died off. And if the dotcoms disappeared, what’s that say for Internet technology? Would we say it’s too risky? Maybe the next time some Internet company rep came by making promises, you’d slam the door so hard in his face the hinges would rattle.
But before slamming the door on this topic, it’s important to understand how we got to this point. How did open access suddenly become such a sticking point, and what did the folks in this debate have to gain by participating in it? Or more importantly, what did they stand to lose if they didn’t?
Why the Debate Started
If it weren’t for the Internet and this damn sophisticated computer technology – which makes it possible to access estimate information and pass it along like hand-me-downs in the Brady Bunch – this wouldn’t have been a problem.
For years, shops have relied on the information providers to double as their communication link with insurers. It made sense. You use their estimating system, so why not let them pass that data along to the insurer while you’re at it? That way, you’re paying fees to fewer companies.
But wait. Some shops on direct-repair programs (DRPs) found themselves forced to buy two or three estimating systems in order to appease insurer demands that they use a particular provider. Some insurers preferred the ADP link. Others liked CCC. And so on. Sure, the base functionality for Mitchell, ADP, CCC and CompEst was the same; they created an estimate. At issue, however, was the transfer.
“A shop need not buy more than one estimating system, ever,” says Cadaret. “This problem [of buying all three systems] arose when insurers bought into closed solutions that didn’t focus on the data as much as the delivery of it. The appearance of the data can always be standardized, but the closed communications standards of ADP, CCC and Mitchell make it impossible to deliver to anyone not buying the system.”
So why did insurers prefer one estimating system over the other? Maybe an insurance company CEO’s initials were ADP or his dog’s name was Mitchell and that was the basis of the decision. More likely, it could’ve been because insurers had legacy systems that read results of a particular provider, compiling data and output around that data. To introduce another estimating system could confound what the insurers were using.
But this didn’t change the fact that shop owners wanting to do plenty of insurance work had to fork over a lot of money to purchase multiple systems. They didn’t like it, but they felt they had no choice. Eventually, however, people started asking, “Why spend all this shop money on three provider systems? Why not create a uniform standard?”
So, in 1994, out of the Collision Industry Conference (CIC) grew CIECA. CIECA would work with the providers to produce such a standard, which came to be known as the EMS standard, also known as systems integration. What does EMS do?
“It eliminates the need to print out information from one system and then re-key it into the other system,” says Cadaret. “This is done by setting a standard for how the information has to look during the transfer and allows the developers of both software systems to format their data according to the standard for exporting and importing.”
But wait again. If you could use any estimating system to create an estimate, then could a shop use any communication link to transfer it? Hmmm … As the Internet emerged, so too did the possibility that estimates could be sent even faster and at the click of a mouse.
Hey, what if some upstart companies – Silicon Valley types – decided to specialize in being the communication link, without having to create a whole estimating system? It’d be easy. Just intercept an estimate – with the shop and insurer’s permission, of course – take the information within and reformat it so it could be received by the insurer.
That’s what the electronic claims processing companies – the dotcoms – had in mind. They figured they were providing a valuable service. What they didn’t understand was why a couple of the industry’s largest information providers were trying to stop them.
Compared to This, Calculus Was Easy
This didn’t appear to be a debate over open standards. No, that would be too easy. Plus, just about everyone involved favored open standards. Nope, we’re talking about the information that’s passed along lines created by open standards. Who owned this information, and what did this ownership give them the right to do? And did an open standard always lead to open information? And how did the answer to that question affect accessibility?
It came down to two things: protecting information and securing money. Let’s start with protection.
“We believe we have an obligation to our trading partners to protect their interests,” says Jim Powers, vice president of market management at CCC. “That includes data in [our] database, OEM parts data, insurer data, consumer data, etc. There’s a strong potential for money to be made by gathering and selling data in a way that may not be in the best interest of organizations that could justifiably argue they own the data.”
In other words, there’s a lot of data traveling out there when an estimate is sent from a shop. But would the dotcoms collect and harvest that information, using it to compile lists of names and addresses of shops, customers and other valuable information?
Joe Landolfi of AutoVista Claims says no. “We don’t harvest someone else’s data,” he says. “We pass it through to various trading partners.” Their interest, he says, is in acting as an information channel.
Rick Tuuri, ADP’s director of industry relations, cautiously agrees. “I’m not suggesting anyone would [harvest and sell the data], and I’m not afraid they will. But once you get to this area, you have to be very careful. … We must take every step to protect the information because if we don’t, someone is going to get the data across the Internet or some other means. Then it could be used against a customer. And if [that customer] finds out he’s having a problem because ADP didn’t take the proper precaution to make sure that information was private, we could get sued by the customer.”
Who would want the data? Well, CCC and ADP weren’t sure, but as long as an opportunity for foul play existed – no matter how remote or unlikely – steps to protect that data should be considered – even if it meant the dotcoms couldn’t access it. CCC looked at the possibility of licensing agreements with the dotcoms, while ADP considered encryption and/or licensing agreements.
But the waters were made muddier by the fact that Mitchell and ComPest favored open access to data. They were on record as saying the shop owns the data created on the estimate, so if the shop says it’s fine for dotcoms to access data created on a Mitchell or a CompEst system, then they weren’t going to stop them.
“We want to compete on the merit of our product and the merit of our service offerings and allow you to use the data that you create,” said Mitchell’s Paul Grange late last year.
And this was just what the dotcoms wanted to hear in their debate with CCC and ADP. It was like breaking up an alliance in “Survivor” and getting a couple of them on your side. “Mitchell and CompEst didn’t feel the need to protect the data after it passes out of the estimating system, and ADP and CCC did,” says Cadaret.
But was protecting clients the only reason why encryption and licensing agreements were considered? Many said no.
Share It Fairly, But Don’t Take a Slice of My Pie
Why licensing or encryption? Many said to protect financial interests.
“You’re a fool not to protect your business interests,” says Tuuri. “Our database development, just to keep up-to-date with the current model year, is $3.5 to $4 million annually. Plus we got a crew of 70 people … who’ve built a database this information can go into.”
And such a database wasn’t built over the weekend. Data gathering builds upon previous years, so the database gets bigger. And to protect financial interests means protecting that investment in the database. The rationale of ADP and CCC is: “We spent all this money and time. Why would we just give that information to you?”
But accessing huge databanks isn’t that easy. Open access doesn’t give the dotcoms a chance to see those providers’ storehouses of data. The dotcoms will only see estimate information – during its transfer from shop to insurer – that’s based on that storehouse of data.
“It’s a legitimate fear that computers can make it much easier to steal and manipulate data,” says Cadaret, “But I don’t yet see how a claim service company could cost effectively steal data one estimate at a time and build an estimating database of practical value.”
But ADP and CCC didn’t fear the dotcoms. They wanted to be 100 percent sure their business interests were protected from hackers. “We’re saying, if somebody wants to make money off our investment, then don’t we have the right to make money off them making money off that?” asks Tuuri.
“There’s nothing wrong with anybody voluntarily paying for anything,” says Cadaret. “However, I see potential for the licensing thing to impose much additional cost and time delays. My rough estimate is if this becomes the norm, there will be a dozen management system companies and twice that many claims service companies wanting license agreements from the information providers. That doesn’t happen overnight, nor inexpensively. Just consider the legal fees alone.”
The dotcoms, however, felt that if they had the shop’s permission to access data, why pay the providers for it?
Who Owns What?
Was it right to prevent someone else from accessing information? “I think it goes back to ownership of the estimate,” says Cadaret.
The dotcoms claimed that ADP and CCC had no right to restrict access to data because they didn’t own the data. The shop did. So if a shop chose to use a dotcom as a communication link, then nothing should restrict this flow of communication.
According to ADP and CCC, however, ownership wasn’t that simple to determine.
“Does the shop own the consumer’s name and address?” Tuuri asks. “No, I think the consumer owns that. And the shop is an authorized licensed agent of the consumer, as is their insurance company. So the shop owns some of the information, [the provider] owns some of the information and the consumer owns some. You’ve got a multitude of owners here, and everybody’s ownership rights have to be considered and protected.”
Now we approach the heart of the debate. ADP and CCC said there are many owners, since the information had so many parts to it. The estimate is a puzzle of information, and many parties contribute a piece. And to protect the interests of those information owners, they considered licensing agreements and encryption. To some this seemed extreme, like building a 10-foot cement wall around your house to protect it from one raccoon you’ve only heard about but never seen. But over-protection was considered better than being sorry.
“Information providers have an obligation to protect the interests of their trading partners,” says Powers. “In other words, the insurers, repairers, consumers, OEMs and other vendors.”
But this right to protect overlapped a bit with a dotcom’s right to gain access to data. As Powers points out: “Dotcoms have a right to responsibly use data in cases where those who legitimately claim to own the data are in agreement to provide it to the dotcoms.”
But the dotcoms said they’d be responsible. And if it was agreed that they had the right to access data if they were responsible, then why consider encryption or licensing agreements?
A Change of Heart
This debate hit the floor of CIC meetings in December and January, with no clear resolution. At the April CIC meeting, however, ADP and CCC revealed that they now favored open access.
In a statement read by Tuuri, ADP reiterated its support of protecting information with proper security measures but stated encryption was no longer an option. “ADP has no plans to encrypt output files from the Shoplink, Stellix or PenPro applications,” Tuuri said. “ADP will not take any measure regarding this issue until the appropriate standards and policies are created or unless it’s deemed necessary by clients, business partners or government regulations.”
Shortly after this statement, CCC announced that they’d also allow open access to estimate data – but that those who want the information must sign an agreement that removes responsibility from CCC in case the information is misused.
“We’ve always strongly supported open communication of estimate data,” says Mitchell President and CEO Jim Lander regarding ADP’s and CCC’s decisions. “It promotes open competition and the ability to share information between shops and insurers. … We applaud ADP and CCC for … promising to remove restrictions on the use of estimate data.”
But was this debate necessary? Wouldn’t it have been better if everyone had agreed to open access right from the beginning?
“However painful [this debate was],” says Cadaret, “it’s [been] a good thing because it will result in more of the industry understanding the issues around open standards and electronic commerce.”
Writer Mike Lawrence is associate editor of BodyShop Business.
What’s an Open Standard?
BSB: What does it mean to have an open standard?
Cadaret: Having an open standard means that any vendor who uses it can have his product or service linked seamlessly to any other vendors product or service. This is a means of creating modularity. A GTE telephone can be used on the MCI network to deliver tones to the Bank One computer, which will give you your checking account balance via simulated voice. Or a Compaq computer will work well with a Sony monitor, any kind of modem and speakers or a mouse from any manufacturer. This freedom of choice allows all of us to select the module or component that we like best or the service we trust the most.
If shops had the freedom to use any estimating system that supported CIECA standards because insurers accepted them, then both the insurers and the shop could select the estimating system that works best for them. The factors to be considered then would be performance of the system, cost, service by the vendor and ease of use, instead of which system is needed for that insurer.
BSB: Who would consider open standards to be beneficial?
Cadaret: Everyone who thinks about it for a few minutes realizes that standards benefit all of us in the long run. They greatly simplify things like finding a light bulb that fits your lamp, using your credit card in any ATM machine, buying tires and knowing they will fit on the hub of your car, and on and on.
In the electronic commerce world, a good example is the Fax machine. Initially, in 1979, you could send a fax to anyone who had exactly the same kind of machine as you. The machine makers quickly solved this problem by agreeing to international Fax protocol standards so every machine would receive from every other one. Whenever technology is to be shared by people or companies, standards are a huge benefit.
Four questions with shop manager and software creator John Shortell
Connecticut shop manager John Shortell has created his own management system software, so he knows a thing or two about compiling data and encrypted data. But just because he’s faced some of the same challenges as the dotcoms, does he sympathize with them?
BSB: How do open standards benefit shops?
Shortell: Open standards would be an obvious benefit to shops. Open standards would open competition, giving shops and insurance companies more choices in the information exchange industry. As it is now, we have few choices. These startup dotcoms are making a valiant effort to free those of us in the autobody industry from the chains of the big three, and I applaud it. But I also respect the notion that [ADP and CCC] need to protect their businesses and interests.
As a developer of body shop software, I understand the frustrations of these new information exchange providers who can’t get their hands on the source code they need to make their software work. But I also understand the time and money that CCC and ADP have invested in their products. They have a right to protect their interests. This is what capitalism is all about. To suggest that we in the autobody industry should denounce such a business practice is a nauseating thought. If the dotcoms want access to someone else’s hard work, let them pay for it. Or let them pay some pre-pubescent little hack to steal it for them.
BSB: What are the effects of encryption or licensing of data on shops?
Shortell: It limits their choices. But capitalism is more important than choices.
BSB: Do you see any anti-trust or monopoly issues related to encryption? If so, what are they? How does this affect shops?
Shortell: Absolutely not. Hey, I’d love it if they shared their information. But one of their money-making services is exchanging information between shops and insurance companies. Why should they hand over the key to their store rooms?
BSB: Is this debate between the traditional providers (mainly ADP and CCC) and the electronic claims processing companies (dotcoms) a good thing?
Shortell: I think it’s a great thing. Nothing better than a good debate. But I think the debate, or better still, a constructive dialog between the dotcoms and the data providers is going to be the only way to resolve the issue. If the dotcoms want to make money using ADP’s and CCC’s information, let them offer to pay for it. Or … maybe CCC and ADP will start thinking outside the box (that phrase is becoming a tiring cliché) and find a way to take advantage of other companies using their information so they can afford to give it away. Let’s just hope that if the dotcoms get together and take the information providers to court over this, they don’t get the same spineless putz of a judge who crucified Bill Gates in the Microsoft trial.
What You Should Know About Encryption and Licensing Agreements
How would ADP and CCC deciding on encryption or a licensing agreement have affected shops?
First, let’s define encryption. It’s the coding of computer information in such a way that it’s worthless until it’s decoded. Think about that classic movie, “A Christmas Story,” where Ralphie sends away for a Little Orphan Annie decoder ring, which would enable him to figure out the message at the end of her radio show. Without the ring, Ralphie would just hear a bunch of numbers. But with the ring, those numbers would suddenly correspond to letters and would spell out a message. So if estimate information is encrypted, only those who coded the information – and those they trust with the “key” to decoding it – know what it means. Thus, they can control who can get the instrument to decode the data and, in essence, control who knows the secret. They can distribute the decoder ring to whomever they choose.
So the dotcoms, who need that decoder ring from the information providers, probably won’t get it without permission. Little Orphan Annie’s message will be lost on them.
How does encryption differ from licensing? While the result is pretty much the same (dotcoms can’t get access to information and need permission to see it), the means to that end are different. Licensing agreements allow a management system or a dotcom to gain access to data. For example, one party may pay the other to gain access to some information. For example, the information providers have licensing agreements with the OEMs as a way of getting parts numbers because the parts numbers are the OEMs’ proprietary information.
The shop feels the effect of encryption or licensing in this way: “If a shop uses XYZ management system and both ADP and CCC estimating, the EMS functionality they purchased in the management system could be taken away by ADP or CCC encrypting,” says Cadaret. “The shop will again have to manually re-enter the estimate and assignment. If the management system company gets a license from ADP, but not from CCC, they’ll have half the EMS functionality they bought. If a claims service company gets a license from CCC, but not from ADP, they’ll be only half as valuable to the shop.”
What Makes the Information Valuable
One example: A customer’s Dodge Durango is declared a total loss. This information is sent between a shop and insurer, and a hacker gets access to this information and sells it to a Dodge dealer. The dealer may then call the customer and say, “Hey, we got a Durango with your name on it.” That’s a customer concern.
Another example: A hacker gets access to estimate information from a shop and focuses on that shop’s labor rate. But this labor rate might be for one insurer and not another. The hacker may then try to sell this information to all insurers the shop works with. Suddenly, all insurers want to do business at the new, low rate formerly reserved for someone else. That’s a shop concern.
A final example: A hacker goes the extra effort to compile estimate information, based on numerous transactions he’s collected and saved. Now he feels he has enough information to put this info on a disk, mass-produce it and sell it at a low cost. That’s an information provider concern.
The last example is what the providers have already protected themselves against. “Our CDs contain levels of encryption so hackers can’t just take it to a CD mass-production outfit,” says Tuuri. But the first two examples, while based on speculation, are possible. How possible is hard to say. But any possibility is enough reason, say ADP and CCC, to consider licensing or encryption.