One of the most frequent predictions for significant growth in 2018 is the development of the connected car ecosystem. During the second half of 2017, there were workshops, proposed legislation and other guidance from the Department of Transportation and the National Highway Traffic Safety Administration (NHTSA).
In June 2017, the FTC and the NHTSA hosted a workshop in Washington, D.C. to discuss the enormous amounts of data collected and used in the connected car ecosystem. The workshop included representatives from consumer groups, industry, government and academia, and explored the benefits and challenges in this fast-growing market. After reviewing the materials submitted in connection with the workshop, the FTC released its Key Takeaways earlier this month.
In addition, the U.S. House of Representatives passed H.R. 3388, the SELF DRIVE (Safely Ensuring Lives Future Development and Research in Vehicle Evolution) Act to encourage testing, development and deployment of highly automated vehicles. Finally, the U.S. Department of Transportation and the NHTSA released new federal guidance for automated vehicles titled Automated Driving Systems 2.0: A Vision for Safety.
The FTC Staff Perspective noted the following key takeaways:
- Car manufacturers collect data for a variety of purposes.
- Geolocation data to direct emergency personnel to the scene of a crash.
- Infotainment systems use consumer data to access apps or contact information.
- Third parties provide “dongles” that connect to ports in cars and collect and transmit consumer driving habits. Such data could be used for diagnostic purposes or could be of value to insurance companies.
- The types of data collected range from aggregated data to sensitive personal data.
- Aggregate data could be used for traffic management, while biometric data such as fingerprints or iris patterns could be used for authentication purposes.
- Consumers may be concerned about the secondary, unexpected uses of the data.
- Addressing privacy concerns is important to gain consumer acceptance.
- Industry initiatives are underway to educate consumers. (Consumer Privacy Principles were jointly introduced by the Alliance of Automobile Manufacturers and Global Automakers in 2014, and the National Automobile Dealers Association is partnering with the Future of Privacy Forum.)
- Different approaches may be needed for different types of data and use.
- Connected and autonomous vehicles will have cybersecurity risks and vulnerabilities that can be exploited. Panelists identified some best practices for addressing some of the risks, including the following:
- Information sharing with groups such as the Auto-ISAC, the International Organization for Standardization and the Society of Automotive Engineers could limit the extent to which vulnerabilities can be exploited.
- Network design opportunities could be useful to protect safety-critical functions if they are segregated from other functions controlled through the network.
- Disclose newly discovered vulnerabilities during development and after sale to mitigate such risks.
- Continued efforts to establish standards for baseline security for connected cars, through industry self-regulation in connection with government standards and guidance such as the NIST Cybersecurity Framework.
The FTC Staff Perspective highlights a number of key issues that we will continue to follow.