Two U.S. senators today filed a bill that would require the federal government to establish standards to ensure automakers secure a driver against vehicle cyber attacks.
The Security and Privacy in Your Car (SPY Car) Act, filed by Sens. Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.), also establishes a rating system -- or "cyber dashboard"-- that informs consumers about how well the vehicle protects drivers' security and privacy beyond the proposed federal minimum standards.
"Drivers shouldn't have to choose between being connected and being protected," Sen. Markey said in a statement. "We need clear rules of the road that protect cars from hackers and American families from data trackers. This legislation will set minimum standards and transparency rules to protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles."
The legislation would also ban the use of personal driving information collected by automakers from vehicle computer system for advertising or marketing purposes without the owner clearly opting in.
The bill follows a report released by Markey last year -- The Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk -- that called out major gaps in the auto industry's efforts to secure cars from hackers who can take advantage of cellular or Wi-Fi-connected cars.
For example, the report states that only two of the 16 car companies had developed any capability to detect and respond to a hacking attack in real time and and most customers don't even know that their information is being collected and sent to third parties.
"Nearly 100 percent of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions," the report said.
Last year, the world's 19 biggest automakers agreed to principles they say will protect driver privacy in an electronic age where in-vehicle computers collect everything from location and speed to what smartphone you use.
A 19-page letter committing to the principles was submitted to the Federal Trade Commisison from the industry's two largest trade associations: the Alliance of Automobile Manufacturers (AAM) and the Association of Global Automakers (AGA). The AAM represents Detroit's Big Three automakers -- Ford, GM and Chrysler -- along with Toyota, Volkswagen AG and others. The AGA also represents Toyota, along with Honda Motor Co., Nissan Motor Co. and Hyundai Motor Co., among others.
Carmakers already remotely collect data from their vehicles, unbeknownst to most drivers, according to Nate Cardozo, an attorney with the Electronic Frontier Foundation.
"Consumers don't know with whom that data is being shared," Cardozo said. "Take Ford Sync, for example. In its terms of service, it says it's collecting location data and call data if you use Sync to dictate emails."
Sign up for CIO Asia eNewsletters.