Internet security – or lack of it – is in the news headlines constantly. Whether it’s the recent White House Summit on Cybersecurity and Consumer Protection at Stanford University, or news coverage of hackers manipulating bank transactions in Eastern Europe, data breaches and cyber-crime are top-of-the-mind issues for consumers and business owners worldwide. With the majority of attention focused on computer systems and handheld smart devices, the security risk inherent in Internet-enabled cars has not attracted much attention until now. On Feb. 11, Senators Ed Markey and Richard Blumenthal announced that they are joining forces to craft legislation to address the privacy and security issues involved with Internet-connected cars. If you enjoy the convenience of hands-free access to your mobile phone and voice activated navigation, this topic should interest you. Here’s what the senators’ initial survey of 16 major automobile manufacturers revealed, and an overview of what they want auto manufacturers to do to address security and privacy issues.
- Navigation systems capture a wealth of personal driver data, including location and destinations, vehicle speeds and parking locations. In most cases, drivers don’t know this information could be utilized by others. In many cases, it is shared with third-party data centers.
- Almost all cars with wireless Internet connectivity are vulnerable to hackers, and most auto manufacturers are either unaware of or unable to monitor for security breaches or hacking.
- The FTC also has reported on the possible privacy and security risks inherent in smart cars. And in response to this, two major automobile industry trade groups – the Alliance of Automobile Manufacturers and the Association of Global Automakers – have proposed self-regulatory measures to limit the collection and use of vehicle data to only that which is “needed for legitimate business purposes.” Nineteen U.S. car manufacturers have committed to incorporate these voluntary measures into their vehicles beginning with 2017 models.
- The senators’ report states that the wording of the self-regulatory proposals is vague enough to create lots of leeway under the umbrella phrase “legitimate business purposes,” and wants to see clear federal rules on what’s permissible and what constitutes appropriate uses of drivers’ data.
Here’s what the senators seek:
- All wireless access points in vehicles protected against hacking, and the protection systems evaluated by testing.
- All collection data securely stored and encrypted to prevent data theft.
- Vehicle manufacturers and/or third-party providers be required to have the capability to detect and respond to hacking efforts in real time.
- Drivers must be given clear information about data collection and transmission as well as how their driving information might be used.
- Consumers to have the choice of “opting out” of data collection without having to disable the navigation function.
- Personal information about drivers not to be used for advertising or marketing purposes.
Balancing technological innovations for vehicles and the development of additional interfaces with the need for strong vehicle security and adequate consumer data privacy is a complex issue. The stakes are high both for vehicle manufacturers and individual drivers.