Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.), members of the Commerce, Science and Transportation Committee, reintroduced legislation that would direct the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal standards to secure our cars and protect drivers’ privacy. The Security and Privacy in Your Car (SPY Car) Act also establishes a rating system — or “cyber dashboard”— that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards.
The Senators believe:
- NHTSA, in consultation with the FTC, should develop standards that prevent hacking into our vehicle controls systems. These performance standards should require that:
- Hacking protection: all access points in the car should be equipped with reasonable measures to protect against hacking attacks, including isolation of critical software systems and evaluated using best security practices, such as penetration testing.
- Data security: all collected information should be secured to prevent unwanted access—while stored on-board, in transit, and stored off-board.
- Hacking mitigation: the vehicle should be equipped with technology that can detect, report and stop hacking attempts in real-time.
- The FTC, in consultation with NHTSA, should develop privacy standards on the data collected by our vehicles. These standards should require.
- Transparency: owners are made explicitly aware of collection, transmission, retention, and use of driving data.
- Consumer choice: owners are able to opt out of data collection and retention without losing access to key navigation or other features (when technically feasible), except for in the case of electronic data recorders or other safety or regulatory systems.
- Marketing prohibition: personal driving information may not be used for advertising or marketing purposes without the owner clearly opting in.