My first car was a Toyota Tercel with no bells and whistles. It had four cylinders, standard transmission and no AC - basically: four wheels and a chassis, but not much more. These days, new cars - even base models - are really PCs on wheels. Under the dash, they have powerful onboard computers that collect data that's streamed in real time from scores of onboard sensors. And, inside the passenger compartment, automakers are looking to overcome car-skepticism in younger buyers, adding interactive features like docking stations for smart devices, wi-fi, in-dash screens and even open APIs that let you build custom apps that interact with your own wheels
AUTOcyb (Automotive Cyber Security Lock)
Image credit: Airmika, Inc.
But all this data raises interesting questions. Not the least of them: who does all that data belong to? The Federal Government is looking to lay claim to some of it. Proposed legislation would require new cars to come equipped with Event Data Recorders (EDRs), "black boxes" that capture vital operating data. EDRs can help investigators reconstruct the moments prior to- and immediately after an accident.
A National Highway Traffic Safety Administration rule would require all new cars to have EDRs by September of next year. But that would only codify what's already a de-facto reality, since an estimated 96% of all new cars already come with the devices.
But who owns the data in that device? It's not clear. Thirteen states have passed laws governing EDRs - many requiring the owner's consent before EDR data can be downloaded and analyzed. In the other 37 states, the legal status of EDR data is a matter of debate. Car makers consider the data to be diagnostic information that belongs to them. On the other side, the American Civil Liberties Union and others have called for the federal government to put consumer protections in place. An ACLU analysis in December, 2012, called for laws that "clearly establish the principle that the data on these black box computers belongs to the person who owns the car." "When you buy a car," the ACLU said "you also buy the many computers that, increasingly, run that car."
That notion - that car owners own car data - is behind a new, crowdfunded project on the web site Indiegogo that would allow car owners to lock their black box, preventing unauthorized access to its data, said Tom Kowalick, the president of Airmika, Inc., a North Carolina firm that has made a product called The AUTOcyb Automotive Cyber Security Lock.
Kowalick said AUTOCyb is a kind of "firewall" for automobile data stored in the EDRs, which includes information on speed, braking, acceleration and seatbelt use. Despite federal laws against tampering with EDR data, tools and instructions for how to wipe EDRs are common online. The AUTOCyb is designed to prevent that. The lock plugs into and secures the OBD (on board diagnostics) port that is standard on all gas-powered cars made after 1996. Once inserted, it protects the "chain of custody" around EDR data in the event of an accident.
Sign up for CIO Asia eNewsletters.