Two Democratic lawmakers are calling on the Federal Communications Commission to address potential privacy and security hazards posed by the growing use of new technology
that allows cars to communicate with each other.
"Vehicle, safety, cybersecurity, and privacy threats could grow over time as more and more vehicles become interconnected," Sens. Ed Markey
(Massachusetts) and Richard Blumenthal (Connecticut) say in a letter to the FCC.
The lawmakers specifically address vehicle-to-vehicle communications technology, which enables cars to connect
with each other via dedicated short-range communications systems. Carmakers are expected to increasingly build this type of functionality into new automobiles.
Markey and Blumenthal say that
even though the technology offers benefits to drivers -- including the ability to share traffic information -- it also "could increase vehicles' vulnerability to safety, cyber, and privacy
threats."
The lawmakers offer several examples of potential privacy threats from connected cars, including that companies will use data gleaned from vehicles for ad targeting. "Businesses
could collect and analyze sensitive driving information, such as where the vehicle travels and how long it stays there, without the knowledge or consent of the consumer and then send targeted
advertisements via dashboard consoles, in-car entertainment systems, or digital billboards," the lawmakers write.
They also reference other threats, including that hackers could gain control
of cars -- as happened last year when security researchers remotely took over the transmission, steering wheel and brakes of a Jeep Cherokee being driven by Wired's Andy Greenberg.
Last
summer, Markey and Blumenthal proposed the "Spy Car Act," which would
prohibit car manufacturers from using data collected from vehicles for advertising or marketing purposes, without the owners' explicit consent.
They are now urging the FCC to consider
regulations that would prohibit the use of the dedicated short-range communications spectrum in cars for commercial applications that "may make vehicles more vulnerable to safety, cyber, and privacy
threats."
The lawmakers also want the FCC to consider requiring automobile makers, companies and other spectrum users to submit (and periodically update) privacy and security plans, and to
notify consumers and law enforcement about data breaches.
"In this new IoT era, safety, cybersecurity, and privacy cannot be an afterthought," they write. "We must ensure that ... vehicles
have robust safety, cybersecurity, and privacy protections in place before automakers deploy vehicle-2-vehicle and vehicle-2-infrastructure communication technologies."