Some Democratic senators want new laws that mandate security and privacy measures on the Internet of Things, as concern grows over personal data collected by connected devices.
Several democratic members of the Senate Commerce, Science and Transportation Committee said Wednesday they are exploring legislation that would enforce privacy and security standards for connected devices. Senator Edward Markey, a Massachusetts Democrat, plans to introduce a bill that will focus on security standards and the data collected by connected automobiles.
This week, Markey released a report saying that most auto manufacturers selling vehicles in the U.S. have "massive holes" in their data security. Only two of 16 car companies that responded to information requests from Markey's office said they have capabilities to respond to a hacking attack in real time, he said during a hearing.
New cars are now "computers on wheels," Markey said, and hacked vehicles can be dangerous.
"A small vulnerability or error in coding can lead to a catastrophic consequence for drivers, passengers and pedestrians," he said. "Thieves no longer need a crowbar to break into your car -- they just need a smartphone."
Markey's legislation will require that makers of wireless access points on connected cars use penetration testing technologies and that collected data is encrypted. The legislation will also require that the car manufacturer or a security vendor be able to detect and respond to hacking attempts in real time.
The bill will also require car makers to explain their data collection practices to drivers and allow them to opt out of data collection without having to disable navigation.
Car companies that can build software to track vehicle performance and other information "should have the same geniuses in those companies to build in protection for security and privacy," Markey said. "If you can figure out an algorithm that sends information around the world in the blink of an eye, you should be able to figure out an algorithm that provides consumers the security and privacy they need."
Representatives of auto makers didn't testify during the hearing. The Alliance of Automobile Manufacturers, a trade group, said it has not yet fully reviewed Markey's report, but its members take several steps to protect security and to tell customers about the data they collect.
"Automakers believe that strong consumer data privacy protections and strong vehicle security are essential to maintaining the continued trust of our customers," the group said in a statement.
Other Democrats in the hearing also suggested they are open to new legislation addressing the privacy and security of the IoT. The IoT industry is projecting huge growth by collecting customer data, and Congress needs to "find that balance" between the industry's data collection and customer privacy, said Senator Joe Manchin, a West Virginia Democrat.
Sign up for CIO Asia eNewsletters.