In the wake of press accounts describing the results of a test during which researchers controlled the brakes, steering and transmission of an automobile driven by a Wired reporter after hacking into the vehicle’s wireless entertainment system, Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) introduced legislation on Tuesday that would require the Federal Trade Commission (FTC) and the National Highway Traffic Safety Administration (NHTSA) to develop federal standards for protecting driver privacy and data security in automobiles equipped with wireless vehicle-to-vehicle (V2V) communications systems.
Known as the Security and Privacy in Your Car (SPY Car) Act, the bill requires the NHTSA, in consultation with the FTC, to establish cybersecurity standards for V2V-connected automobiles. Such standards should include measures to (1) protect all vehicle access points and critical software systems against hacking, and (2) secure collected V2V data to prevent unauthorized access while that information is stored on-board, off-board or during transit. Vehicles should “be equipped with technology that can detect, report and stop hacking attempts in real time,” and vehicle owners should be “made explicitly aware of collection, transmission, retention and use of driving data.”
Owners must be allowed under the new NHTSA/FTC standards to opt out of data collection and retention efforts “without losing access to key navigation or other features,” and personal driving data may not be used for advertising purposes without the owner “clearly opting in.” Finally, the bill mandates the development of a “cyber dashboard” window sticker for all new vehicles which provides prospective buyers with “an evaluation of how well each automobile protects both the security and privacy of vehicle owners beyond” minimum standards to be established by the FTC and NHTSA. Emphasizing that “drivers shouldn’t have to choose between being connected and being protected,” Markey asserted: “we need clear rules of the road that protect cars from hackers and American families from data trackers.”