Car tinkering technology can tweak on-board software, but in some cases the government says it’s illegal, if it’s primary purpose is to remove emissions controls.
getty
The Department of Justice is demanding major tech providers Amazon, Apple and Google provide identities, addresses and purchase histories of at least 100,000 people who used a car tinkering app made by Cayman Islands-based EZ Lynk. The subpoenas are part of the DOJ’s ongoing court case against EZ Lynk over its alleged role in Clean Air Act violations, which the company disputes.
It’s a rare example of the government obtaining subpoenas to grab data on anyone who downloaded an app. In one case in 2019, Forbes revealed Apple and Google were ordered to provide information on over 10,000 people who installed a gun scope app on their phone. In this latest case, the government is asking for information on at least 10 times more individuals. EZ Lynk, privacy advocates and car enthusiasts say the subpoenas represent overreach by the government and a threat to Fourth Amendment rights against unreasonable searches.
The DOJ first sued EZ Lynk in 2021, accusing the company of breaking the Clean Air Act by selling “defeat devices,” which are designed to remove emissions controls on a vehicle. EZ Lynk denies its primary purpose is to help drivers circumvent emissions laws, as its apps can be used for other tweaks and software upgrades, as well as to monitor a car’s performance.
“People want to modify their cars and always will.”
Justin Montalbano, CTO at vehicle cybersecurity company Block Harbor
According to a joint letter to the court from EZ Lynk and the DOJ, filed earlier this month, the DOJ subpoenaed Apple and Google across March and April for details on anyone who downloaded EZ Lynk’s Auto Agent app to find customers to testify in the case. Subpoenas were also served on Amazon and Walmart, asking for names and addresses of people who bought the EZ Lynk hardware that users plug into a port in their vehicle, the letter says.
In the letter, EZ Lynk lawyers wrote that Apple and Google are planning to fight the subpoenas. Walmart declined to comment. None of the other companies subpoenaed responded to a comment request.
“These requests for potentially hundreds of thousands of people’s PII go well beyond the needs of this case and create serious privacy concerns,” wrote EZ Lynk’s lawyers in the letter. “Investigating this claim does not require identifying each person who has used the product.”
The government said in the letter its request for data was fair and appropriate, and it had “consistently sought customer information” because its lawyers want to interview witnesses about their use of EZ Lynk’s technology. It has already presented evidence to the court of people using the company’s tools to remove emissions controls on their cars, including Facebook and EZ Lynk forum posts outlining that use of the product.
The DOJ and EZ Lynk both declined to comment.
In the letter, EZ Lynk’s lawyers also claimed the government had tried to acquire user data in 2019 by having it provide “a backdoor to the EZ Lynk system that would allow government monitoring of unsuspecting users.”
Responding in the letter, the government denied it ever asked for an “inappropriate backdoor.”
The case had previously garnered attention when EZ Lynk argued it should not be sued because it was protected by Section 230 of the Communications Decency Act of 1996, which gives tech companies immunity when their products are illegally misused. A judge denied the Section 230 claim in August 2025 and the case proceeded.
Tom McBrien, counsel at Electronic Privacy Information Center, supported the court’s decision, writing last year that tech companies shouldn’t be able to hide behind Section 230 when they knowingly promote tools for illegal use cases. He cited evidence that EZ Lynk’s patent applications mentioned features to sidestep emissions rules. But McBrien says the government has gone too far in demanding such a vast amount of customers’ personal data.
“It’s worrying that the government could obtain personally identifiable information for every customer through discovery, which is outside of the privacy protections provided by the Fourth Amendment and other privacy statutes,” McBrien tells Forbes.
The Department of Justice argued in the letter that because EZ Lynk users’ provided their personal information to the company and agreed to its terms and conditions on how it would be used, “they no longer have a cognizable privacy interest as to that information.”
Aaron Mackey, deputy legal director at the Electronic Frontier Foundation, says that argument is “particularly problematic.” Most people never read company terms, he notes. That the government wants all users’ information “raises questions about why they want this data and what they’re going to use it for beyond the prosecution of this case,” he says, warning about users potentially being implicated in a crime by simply using the technology.
Founded in 2014 by mechanics Brad Gintz and Thomas Wood, EZ Lynk has expanded from helping customers tinker with their cars to providing fleet tracking for customers in the U.S. and Canada. The bootstrapped business is popular in car hacking and “right to repair” communities, where people believe they should be able to tune and modify products as they see fit.
Justin Montalbano, president of the Car Hacking Village at the Def Con hacking conference in Las Vegas, says “violating people’s privacy by subpoenaing a company for personal information isn’t the right path to clean air.” A better path, he suggests, might be a law that mandates drivers have their vehicles checked for defeat devices in yearly check-ups.
The government won’t deter people from using apps like EZ Lynk’s with aggressive action in court, Montalbano says. “People want to modify their cars and always will, regardless of laws,” he adds.
MORE ON FORBES
