Safety, convenience, theft prevention – these are some of the benefits cited by experts in the automotive industry on why vehicle owners should take IoT for cars seriously. The smart car has been around for a couple of years, but according to a study by the National Highway Traffic Administration in the United States, anxiety over hacking and generally, the security of a vehicle connected to the Internet, is preventing the smart car to get the respect it deserves.
With in-vehicle computer systems making big waves in the car manufacturing industry on a global scale, automobile makers have been consistently reminded about investing in high-end cybersecurity for every car they make. It doesn’t help that the network architecture of mass produced automobiles today are still based on the Controller Area Network (CAN) bus which largely fails on the technology front because its infrastructure is not network-ready.
SPY Car bill
It is thus a welcome development that concerns about automobile cybersecurity has finally found its way to legislature. In the US, a bipartisan bill had been filed in the House of Representatives last January to require the National Highway Traffic Safety Administration, the Federal Trade Commission, Department of Defense and other automative industry stakeholders, to implement appropriate cybersecurity standards for new vehicles. Sponsors of the bill call it “good cyber hygiene”, but generally it constitutes universal security mechanisms for computers, such as firewalling, personal identity privacy and data protection. Interestingly, the bill is also called SPY Car Study Act which stands for Security and Privacy in Your Car Study Act of 2017. The passage of this bill is highly anticipated in the IoT tech scene as it will clearly lead to higher demand for and greater recognition of IoT for everyday lifestyle.
Data Protection Act
In the UK, there are a host of issues raised about the autonomous and connected vehicles (ACVs) such as sharing of critical personal data, including insurance, taxes, fees, location, bookings and even the mileage of your car. The implication on sharing of data among multiple operators is that this makes the system vulnerable to data breach, theft and hacking. Within this scenario, tension is high as to how car makers and users will receive the Data Protection Act of 1998 and General Data Protection Regulation (GDPR) which will take effect starting May 2018.
Tech analysts cited some key challenge for the automobile industry when the law is enforced. One critical issue, as mentioned above, is the sharing of personal data among many organizations, such as the car dealer, the police, infrastructure and even commercial establishments. There is clearly a need to make privacy notices to be made a lot more evident, easily grasped and fully documented so that the car owner should be able to make an informed decision to give consent to access his or her private data. So the first question that sticks to mind is: is the user interface in smart cars for notifications sufficiently designed to protect the user’s privacy? Related to this, the Information Commissioner in the UK is mulling the use of standardized icons across all types of vehicles to represent different parts of the privacy notification.
The GDPR also determines the protocols for data sharing. Collaboration among organizations that requires the use of personal data of the car owner is a requirement, whereby each party has a clearly defined role and responsibility as far as the use of the personal data is concerned. This is seen to reduce the number of privacy notices that the user will have to contend with for each organization because there will now be a centralized processing mechanism for this purpose.
A key element in the GDPR is the right of the user to object from the accessing his or her personal data. One challenge lies on how users will be made to accede to the standards rather than deny themselves the benefits of IoT for their automobile.
The e-Privacy Regulation
The European Union is also rolling the dice for IoT for its constituents with its draft e-Privacy Regulations which is still at the very early stage of legislation. In its draft form, the law seeks to make all content, metadata and information stored on user’s devices confidential – regardless of whether or not it is personal data.
Tech experts laud this piece of legislation to give a “higher level of privacy rules for all electronic communications” and “ensures privacy of machine-to-machine communications.” When enacted, the law will apply to internet giants like WhatsApp, Facebook Messenger and Skype.