Earlier this year, GM issued an OnStar privacy statement clarifying how it could use data collected from its in-vehicle service. The vehicle-related information it collects involves diagnostic data, odometer readings, estimates of remaining oil life, tire pressure calculations and information about collisions; it also includes driving information, such as vehicle location, speed, safety belt usage "and other similar information about how the vehicle is used.
Bonte said others in the auto industry are mindful of GM's high-profile mistake, so many automakers are now scrubbing the data they receive from in-car systems in order to protect customer privacy.
"This was a real industry pushback as a result of the mistake by GM. Now everyone is very careful," Bonte said. "They'd love to use the data... and there are so many use cases, including diagnostics to improve designs or prevent recalls by identifying faults at an early stage."
Who's watching you drive?
Ken Schneider, vice president of technology strategy at software security company Symantec, believes digital certificates will be key to providing privacy while also allowing crucial driving data to be gathered. That data can improve overall traffic conditions and the individual driving experience.
Modern vehicles, Schneider said, can have as many as 200 CPUs and multiple communications networks between internal computer systems. While most systems are isolated within the car, others are used to transmit data back to manufacturers, dealers or even the government.
"On the plus side, this data can make the user experience much richer and personalized because from one vehicle to the next, it will know all my settings and [be] able to integrate your car into your digital day," Schneider said. "The flip side of that is it creates risk."
To mitigate that risk Schneider said, companies such as VeriSign have issued more than a billion digital device certificates — a Secure Sockets Layer electronic handshake — over the past decade to ensure authentication of electronic communications.
"For example, a car has to know which cloud platform it's communicating on, and the cloud needs to know that it's the car it's supposed to be talking to," Schneider said. "The only way to know that is to have digital certificates on either side."
If not protected, in-vehicle diagnostics data could also be used by government agencies to track driver behavior. Nightmare scenarios could include traffic violations being issued without law enforcement officers on the scene or federal agencies having the ability to track your every move in a car.
Sign up for CIO Asia eNewsletters.