Two Democratic lawmakers are calling on the Federal Communications Commission to address potential privacy and security hazards posed by the growing use of new technology that allows cars to communicate with each other.
"Vehicle, safety, cybersecurity, and privacy threats could grow over time as more and more vehicles become interconnected," Sens. Ed Markey (Massachusetts) and Richard Blumenthal (Connecticut) say in a letter to the FCC.
The lawmakers specifically address vehicle-to-vehicle communications technology, which enables cars to connect with each other via dedicated short-range communications systems. Carmakers are expected to increasingly build this type of functionality into new automobiles.
Markey and Blumenthal say that even though the technology offers benefits to drivers -- including the ability to share traffic information -- it also "could increase vehicles' vulnerability to safety, cyber, and privacy threats."
The lawmakers offer several examples of potential privacy threats from connected cars, including that companies will use data gleaned from vehicles for ad targeting. "Businesses could collect and analyze sensitive driving information, such as where the vehicle travels and how long it stays there, without the knowledge or consent of the consumer and then send targeted advertisements via dashboard consoles, in-car entertainment systems, or digital billboards," the lawmakers write.
They also reference other threats, including that hackers could gain control of cars -- as happened last year when security researchers remotely took over the transmission, steering wheel and brakes of a Jeep Cherokee being driven by Wired's Andy Greenberg.
Last summer, Markey and Blumenthal proposed the "Spy Car Act," which would prohibit car manufacturers from using data collected from vehicles for advertising or marketing purposes, without the owners' explicit consent.
They are now urging the FCC to consider regulations that would prohibit the use of the dedicated short-range communications spectrum in cars for commercial applications that "may make vehicles more vulnerable to safety, cyber, and privacy threats."
The lawmakers also want the FCC to consider requiring automobile makers, companies and other spectrum users to submit (and periodically update) privacy and security plans, and to notify consumers and law enforcement about data breaches.
"In this new IoT era, safety, cybersecurity, and privacy cannot be an afterthought," they write. "We must ensure that ... vehicles have robust safety, cybersecurity, and privacy protections in place before automakers deploy vehicle-2-vehicle and vehicle-2-infrastructure communication technologies."