[dsr_]

I would feel better about an option that encrypted all internal logging, and left me in charge of the key, so that I could give read-only access to the service technician, and then revoke it after the car was good.

But that's hard to do in a consumer UI.

[Crito]

Put the key in the actual key (or key fob, in the case of Tesla). Service technicians could use a "valet+" key that would get them access to everything except those protected logs, or read only access to the logs. If the customer were so inclined, they could volunteer the key+key to the technicians.

The key+key would be tamper resistant so that revoking credentials after getting your car serviced would be less necessary; just make sure they give you that key back.