Share By Megan Anderle
What if your car were to tell you when you veer from your lane or automatically “pre-charge” the brakes when you’re about to hit something, making it easier to stop short?
Google’s self-driving cars, which have logged more than 500,000 miles in the testing phase on California roads, will likely be available for purchase within five years. Apple just announced plans for its piece of the pie with Carplay, an iPhone-integrated dashboard. Ferrari, Mercedes-Benz and Volvo are on board as some of the first car manufacturers to incorporate the platform in their vehicles.
Connected cars are among a growing number of connected objects, often referred to as the “Internet of things” — from your refrigerator to your thermostat — that claim to simplify your life, largely by connecting you to what has become a lifeline for modern society: the smartphone.
There’s no denying the safety and convenience (and let’s face it, wow factor) of having a “smart” vehicle, but at what cost? Is your privacy at risk?
Last month, the U.S. Department of Transportation (DOT) and National Highway Traffic Safety Administration (NHTSA) announced they will move forward with enabling vehicle-to-vehicle (V2V) communication technology for light vehicles.
(V2V) communication technology involves machine-to-machine connections in which cars can exchange basic safety data, such as speed and position, for the purpose of avoiding crashes.
NHTSA says officials are working toward regulatory policies for V2V communications and other connected elements, including Wi-Fi and dedicated short-range communications (DSRC), which collects information such as a car’s GPS location and speed. But new vehicles already have these systems in place, and privacy advocates say the laws should have been well established.
“It strikes me as a little late in the game,” said Dorothy Glancy, a law professor at Santa Clara Law who specializes in privacy and transportation law.
While V2V data can be made anonymous, other layers of connectivity work differently. DSRC is of particular concern to privacy advocates for the detailed information it collects, and the fact that there is no “off” switch. Glancy said there is a need for Congress to authorize the collection of this kind of data, not just policies from NHSTA.
The approach should not be to develop the technology now and worry about its implications later, Glancy said.
“Many pieces of a large puzzle still need to fit together. What remains to be addressed is security and privacy, along with consumer acceptance, affordability, achieving the critical mass to enable the ‘network effect’ and establishment of the necessary legal and regulatory framework,” the Alliance of Automobile Manufacturers said in a statement.
Who Owns the Data?
Some customers of new vehicles are wary of who owns their connected cars’ data, largely because there are no laws that spell this out.
“It’s an undetermined question. The usual reaction is, well, the driver should own data, but you could say if the car manufacturer is telling the car what to do, they could own it. And if it’s marketed to a third-party, then maybe it belongs to them,” said Frank Douma, research fellow and associate director of University of Minnesota’s Hubert H. Humphrey School of Public Affairs.
Some car manufacturers, like Ford, have made the promising decision to prohibit data from being transmitted without customer consent.
The data that is collected is merely used to improve vehicles.
“When a customer brings a vehicle for repair, data can be physically retrieved from modules and vehicle connectors. Data only is used to support customer requests for services, repair vehicles, and improve products,” said Christin Baker, Ford spokeswoman.
The other side of the coin is that opting out of data collection subsequently defeats the main purpose of connected vehicles: To keep the roads safer through the exchange of real-time messages.
The bottom line is, without clear-cut regulations, there is no easy solution to collecting data of connected vehicles.
Another major concern is the potential for hackers to send fake messages to a connected vehicle, confusing the driver and possibly causing accidents.
“One can certainly imagine a hacker creating spurious messages for a major hazard up ahead for the entertainment value of the car slamming on brakes,” said Richard Weiland, president of Weiland Consulting Company.
Christopher Kitts, director of the Robotic Systems Laboratory at Santa Clara University, agrees.
“I have to believe that for every wonderful sensing and control system devised, there is somebody — hopefully on the payroll of the automobile vendors — thinking of how to attack it, disable it, spoof it, and/or turn it into a dangerous function,” he said.
Technology firms are taking hacking threats seriously, and companies like Cisco and Harman International Industries are offering software to safeguard connected vehicles’ systems.
“The only viable approach is to firewall the car functions from the infotainment side of the system. Hardware and software security mechanisms can act as a barrier between malware and vehicle critical functions,” said Sachin Lawande, executive vice president and president of the Infotainment Division at Harman.
Harman’s next-generation infotainment platform boots the car up securely, encrypts data, and secures the network. The system also isolates “crashed” or “compromised” parts of an infotainment system from other connected components.
Experts agree there is a need for this sort of technology, and while they say there haven’t been any cases in which a connected vehicle has been operated remotely by a hacker, that doesn’t mean it’s not possible down the road. Self-driving cars will present even greater security concerns.
“Once we have autonomous vehicles on the road, that’s a real concern,” Glancy said.
“These connected car technologies are the building blocks for autonomous vehicles.”
Subscribe to our weekly newsletter to keep up with all of RealBusiness’ original stories.