The road to our connected future may be paved with good intentions, but it may not be secure enough to drive on.
As reporter Andy Greenberg recently detailed in Wired, hackers were able to remotely disable a Jeep while he was driving it. In a country where car ownership and the freedom of the open road are closely tied to individual and national identity, losing control over any vehicle you're driving is a nightmarish scenario. Connecting more devices and vehicles to the Internet has immense economic potential but carries both security and privacy risks. The number of ways cars and trucks can be hacked has grown quickly, as automakers roll out new vehicles more screens and navigation, entertainment and communications systems in response to consumer demand.
Concern about the lack of security in vehicles led Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) to introduce on Tuesday the Security and Privacy in Your Car Act, or the "SPY Act," which would require automobile manufacturers to build IT security standards into connected cars.
"The same kinds of advances in technology that can bring us enormous benefits of wireless connections can also guarantee our privacy and security," Blumenthal said in an interview with The Huffington Post. "It is essential to preventing hackers from taking over and controlling cars."
If the bill were to become law, the SPY Act would instruct the National Highway Traffic Safety Administration and the Federal Trade Commission to create IT security and privacy standards for vehicle electronics and associated in-vehicle networks.
"I never predict outcomes in Congress, but I am very hopeful about this bill because it makes such sound, common sense," said Blumenthal. "Hopefully, it will be supported by some parts of the industry out of enlightened self-interest. I think it is such a profoundly important issue as we move into this brave new world of connected cars."
The SPY Act would go beyond voluntary information sharing about vehicles’ potential vulnerabilities -- a measure proposed by the auto industry -- and mandate that any access points for a car have "reasonable measures" to protect it against hacking attacks. This would include penetration testing, in which an IT security expert uses software to look for weaknesses in a computer system.
Critical navigation systems would need to be isolated from these access points, reducing the possibility of remote operation that the Wired reporter experienced. The SPY Act also would require connected vehicles to have technology that could "detect, report and stop hacking attempts in real-time."
The act is a concrete follow-up to a report that Markey's office published in June detailing the security and privacy gaps it found in vehicle IT systems.
“Drivers shouldn’t have to choose between being connected and being protected,” Markey said in a statement. “We need clear rules of the road that protect cars from hackers and American families from data trackers.”
The bill would also require the FTC and NHTSA to develop privacy standards for the data collection in automobiles. Automakers would need to be more transparent about how driving data is being gathered, transmitted, stored or used. Consumers would gain the ability to opt out of the collection or storage of such data without losing access to navigational capabilities "when technically feasible," except where such data collection is relevant to safety or regulatory systems. The SPY Act would also prevent driving data from being used for advertising or marketing, unless the car owner opted in.
"Ride data includes where do you go for ice cream, or take your kids to school, or shopping," said Blumenthal. "That information could be bought and sold on the market. There has to be stronger safety standards, with the FTC safeguarding privacy."
Those standards would come into force two years after a public rule-making, however, which means the auto industry wouldn't face binding standards until 2018. It's not going to sit still in the meantime.
On Tuesday, an alliance of 12 major carmakers announced that they have formed an "information sharing and analysis center" that would begin exchanging data about emerging threats later this year. The center would "more effectively counter cyber threats in real time and further enhance the industry’s on-going efforts to safeguard vehicle electronic systems and networks," according to a statement by Robert Strassburger, the vice president for vehicle safety at the Alliance of Automobile Manufacturers.
While data sharing may help, it's not the same as building security or privacy in by design. I Am the Cavalry, an IT security industry group that advocates for protecting connected medical devices, cars, homes and public infrastructure, has been pushing automakers to adopt better security standards on their own, Wired reported.
It's more than likely that vehicle manufacturers and their allies in Congress will resist making such standards mandatory, or use more subtle approaches to prevent them from coming into force. For instance, if a massive transportation bill included provisions that removed the ability of NHTSA to regulate software and network connectivity in vehicles, it would significantly undermine the power of the federal government to standardize connected cars.
If that happened, it would be more than a little regressive. In response to safety concerns raised in Ralph Nader's Unsafe at Any Speed and determined consumer advocacy, Congress passed the Highway Safety Act and the National Traffic and Motor Vehicle Safety Act in 1966 -- facing auto industry resistance but paving the way for the federal government to create and regulate safety standards for motor vehicles and roads.
Cars in the United States were subsequently manufactured with headrests, shatter-resistant windshields and mandatory seat belts. Consumers driving connected cars are now facing new kinds of safety and security risks. Although there are no ready digital analogues to a seat belt or an air bag, it's safe to say that any hacking incidents on the highways are going to lead more of us to ask for better protections.
"If there are accidents, then there will be hearings," said Blumenthal. "The way to look at this issue is like safety with air bags or car seats. At first, there was industry pushback, with the costs cited as to high. Consumers wouldn't understand or use them. Then, magically, movement happens."
This article has been updated to include Blumenthal's comments.
Our 2024 Coverage Needs You
It's Another Trump-Biden Showdown — And We Need Your Help
The Future Of Democracy Is At Stake
Our 2024 Coverage Needs You
Your Loyalty Means The World To Us
As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.
Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.
Contribute as little as $2 to keep our news free for all.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
The 2024 election is heating up, and women's rights, health care, voting rights, and the very future of democracy are all at stake. Donald Trump will face Joe Biden in the most consequential vote of our time. And HuffPost will be there, covering every twist and turn. America's future hangs in the balance. Would you consider contributing to support our journalism and keep it free for all during this critical season?
HuffPost believes news should be accessible to everyone, regardless of their ability to pay for it. We rely on readers like you to help fund our work. Any contribution you can make — even as little as $2 — goes directly toward supporting the impactful journalism that we will continue to produce this year. Thank you for being part of our story.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
It's official: Donald Trump will face Joe Biden this fall in the presidential election. As we face the most consequential presidential election of our time, HuffPost is committed to bringing you up-to-date, accurate news about the 2024 race. While other outlets have retreated behind paywalls, you can trust our news will stay free.
But we can't do it without your help. Reader funding is one of the key ways we support our newsroom. Would you consider making a donation to help fund our news during this critical time? Your contributions are vital to supporting a free press.
Contribute as little as $2 to keep our journalism free and accessible to all.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.
Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.
Contribute as little as $2 to keep our news free for all.
Can't afford to donate? Support HuffPost by creating a free account and log in while you read.
Dear HuffPost Reader
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. Would you consider becoming a regular HuffPost contributor?
Dear HuffPost Reader
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. If circumstances have changed since you last contributed, we hope you'll consider contributing to HuffPost once more.
Support HuffPostAlready contributed? Log in to hide these messages.