Legal Developments in Connected Car Arena Provide Glimpse of Privacy and Data Security Regulation in Internet of Things
With the holiday season in the rear view, automobiles equipped with the newest technology connecting carmakers with their vehicles, vehicles with the world around them, and drivers with the consumer marketplace – Connected Cars – have moved from the lots to driveways. Automakers are remaking their fleets to offer unprecedented choice and convenience to drivers. However, as recent studies have shown, the connectivity inherent in Connected Cars, and the fast pace at which the industry is developing, raise privacy, data security, and physical safety concerns about the vulnerability of Connected Car computer systems. Lawmakers and regulators have begun to devote increased attention to this issue while plaintiffs’ attorneys have been emboldened to haul automakers, manufacturers, and computer system developers into court. As one of the earliest entrants into and faster-growing components of the Internet of Things (IoT), Connected Cars represent a testing ground for the development of consumer privacy rights and security standards for the IoT. The approach by Congress and the courts to the governance of Connected Cars will likely guide the development of standards and practices across the IoT spectrum.
Internet of Things
Connected Cars are part of the growing and evolving Internet of Things. The IoT describes the ecosystem of everyday products and services that are equipped with “smart” technology that allows them to connect to other products or services to communicate and transfer information about users to retailers, manufacturers, and the like, typically via a wireless network. The IoT currently includes devices we use every day such as Fitbits, connected appliances, smartphones and smart TVs. As the industry grows, IoT devices will continue to permeate the objects we use on a daily basis.
Connected Cars in particular will compose the majority of the automotive fleet in the near future. The market for Connected Cars is projected to reach $54 billion in the next two years. It is estimated that by 2020 there will be 250 million Connected Cars on the road, and about 90 percent of new vehicles in Western Europe will be connected to the Internet. Connected Cars provide consumers with convenience and a personalized driving experience. Automakers and retailers gain access to consumers to provide improved services and to market products. Onboard computers allow for navigation technologies and integration with mobile devices that complement and enhance the vehicle technology. They also allow for the collection of driver data and other driver information to enable companies to efficiently deploy customized services and experiences. Automakers are developing Connected Car technology that will allow drivers to shop through the car dashboard, based on their location and preferences determined through data collection.
Connected Car Privacy and Security Vulnerabilities
The connectivity necessary for providing the features offered by Connected Cars may pose privacy and security dangers and vulnerabilities. Connected Cars can contain more than 50 separate electronic control units (ECUs) connected through a controller area network (CAN) or other network. Those ECUs communicate with each other and the CAN through use of digital messages called CAN packets. If CAN packets are not authenticated or encrypted, they may be susceptible to remote hacking through the vehicles’ wireless and phone components. This wireless technology may also enable unauthorized access to other systems and data collected by the vehicle, such as location data and potentially payment card data used for dashboard shopping.