Playing with Fire: The Privacy Implications of Connected Vehicle Technology

by Letters 4 the Damned

Why is it that connected car data needs to be protected? One reason is its value. Data from connected vehicle technology is estimated to be worth 1.5 trillion dollars by 2030.[1] The other reason is that it may contain private information about the driver or individual who owns the vehicle. In my previous article, I discussed the security concerns created by connected vehicle technology yet the privacy implications could be just as devastating.

Privacy concerns are raised by the transmission of data between cars, the type of data gathered, where that data is stored, and how it is used. In order to protect data in transmission, especially personal identification information, data “need[s] to be robustly anonymized, strongly encrypted, and securely protected.” [2] NHTSA aims to exclude personal identification information from vehicle-to-vehicle communications and utilize encryption to lower the risk of eavesdropping on the transfer of data.

NHTSA’s proposed rulemaking requires data on message packaging, time, location, movement, path history, future predicted path, exterior lights, vehicle based motion indicators, vehicle size, other optional data, and event data including but not limited to antilock brake system activation, stability control activation, airbag deployment, and hard braking. [3] The proposed rule excludes “data identifying a specific private vehicle or individual regularly associated with it, or data reasonably linkable or linkable, as a practical matter, to an individual.” NHTSA defines reasonably linkable and linkable as a practical matter as “capable of being used to identify a specific individual on a persistent basis without unreasonable cost or effort, in real time or retrospectively, given available data sources.” [4]

NHTSA is seeking comment on whether any of the required data listed above or a combination of it could be utilized to identify an individual. However, one troubling aspect is the definition of linkable which seems to leave open data that could identify an individual if doing so requires unreasonable cost or effort. In the world of cybersecurity where Advanced Persistent Threats are becoming a more frequent occurrence such a loose definition should be narrowed further.

The type of data being gathered by connected vehicle and autonomous technology also creates concerns regarding stalking or other criminal behavior. Generally speaking, data from connected vehicle and autonomous technologies “can be correlated with other information…. the location where the vehicle is regularly parked overnight…could be used to profile the likely user…and to predict the user’s actions.” [5]

Adversaries also focus on obtaining financial gain through hacking vehicles and violating privacy. This may be achieved in several different ways; remote unlocking and theft of vehicles, ransoming control of the vehicle until receipt of payment through untraceable bitcoin, accessing data located on driver’s cell phones through USB ports in the vehicle, or listening to conversations inside a vehicle via Bluetooth connectivity. [6] The proposed Digital Short Range Communications devices will provide an additional attack pathway to the vehicle.

In regards to data storage, the Markey Report found that the majority of auto manufacturers offered technology features that gathered and sent data to a data center, sometimes run by a third party. [7] Most of these manufacturers could not describe measures that were in place to protect the data although many utilized the data in a variety of ways.   Furthermore, “[c]ustomers [we]re often not explicitly made aware of data collection and, when they [we]re, they often cannot opt out without disabling valuable features, such as navigation.” [8]

In response to NHTSA’s 2014 ANPRM on connected vehicle technology the Electronic Privacy Information Center advised that NHTSA should conduct a more comprehensive analysis of privacy and security and “…not collect PII without the express, written authorization of the vehicle owner…ensure that no data will be stored either locally or remotely…require end-to-end encryption of V2V communications, including the basic safety messages…require end-to-end anonymity; and …require auto manufacturers to adhere to the Consumer Privacy Bill of Rights.” [9]  While NHTSA has clearly taken steps to exclude personal information from connected vehicle technology and protect privacy such steps can always be improved upon possibly through collaboration across agencies.

  • Christopher Kolezynski

[1] Clark T., Fasten Your Seat Belt Connected Car Data Worth 1.5 Trillion, Forbes (Sep. 17, 2016),  http://www.forbes.com/sites/sap/2016/09/07/fasten-your-seat-belt-connected-car-data-worth-1-5-trillion/#54eff6f65a2b

[2] Glancy, D., Privacy in Autonomous Vehicles, 52 Santa Clara L. Rev. 1171, 1205 (2012).

[3]  Federal Motor Vehicle Safety Standards; V2V Communications, 49 CFR Part 571, 106-122 (proposed Dec. 13 2016) (to be codified at 49 CFR pt. 571).

[4] Id at 123.

[5] Glancy, D., Privacy in Autonomous Vehicles, 52 Santa Clara L. Rev. 1171, 1196 (2012).

[6] Burke Katie, What do car hackers really want? Security threats are mostly about money, Automotive News (October 17, 2016), http://www.autonews.com/article/20161017/OEM06/310179880/what-do-car-hackers-really-want.

[7] Markey, Tracking & Hacking: Security and Privacy Risks Put American Drivers at Risk, at 1.

[8] Id. The SPY Car Act explicitly addresses the concern over loss of navigation features when opting out of data collection.

[9] Comments of the Electronic Privacy Information Center, Federal Motor Vehicle Safety Standards: Vehicle-to-Vehicle (V2V) Communications, 79 Fed. Reg. 161 (comment sent October 20, 2014) (to be codified at 49. C.F.R. 571).

 

Advertisements