Security Architecture, Endpoint/Device Security, IoT, Security Strategy, Plan, Budget, Vulnerability Management, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Advocacy groups urge FCC to address connected car technology threat


Several public interest groups petitioned the Federal Communications Commission (FCC) to take action over the implementation of Dedicated Short-Range Communication (DSRC) technology that the auto industry plans to implement in connected cars in upcoming months.

Six consumers groups Thursday filed comments informing the FCC about the dangers of DSRC and nearly 20 consumer groups filed a letter to the FCC to show their general support for the need for a non-commercial condition, and adequate privacy and cybersecurity protections concerning the technology.

DSRC was chosen by the auto industry for vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication use in both autonomous and standard vehicles to help avoid collisions as well as for commercial services such as mobile payments, in-car advertising and “infotainment” systems.

The groups argue that the technology will introduce more attack vectors as well as additional vulnerabilities to connected vehicles which already may not be secure for another three years if the technology is used for reasons outside of ensuring safety.

In the letter, the privacy groups argued that American's don't need a “Facebook On Wheels” in which DSRC licensees are free to partner with any “commercial data broker, advertiser or any other third party with virtually no notice to consumers and no need to obtain consumer permission – or even provide consumers with a means of opting out of these commercial arrangements.”

Another concern is that current “privacy by design” proposals in the National Highway Traffic Safety Administration (NHTSA) 2014 Technical Report and Advanced Notice of Proposed Rulemaking aren't adequate enough to fully protect consumers.

If the auto industry wants to use technology for commercial use they should have an obligation to protect user safety and cybersecurity, and respect consumer privacy, John Gasparini, policy fellow at the public interest group Public Knowledge, told via emailed comments.

“We're interested in ensuring that as the auto industry works to put this specific technology into every new car sold in the US, they recognize and address the substantial cybersecurity issues raised by increased connectivity in already vulnerable automobiles, particularly those related to linking life and safety systems to commercial applications,” Gasparini said.

In Late July, the consumer interest groups filed a Petition for Rulemaking with the FCC to establish requirements for cybersecurity and privacy protection in the DSRC by limiting the technology's use to life and safety uses only, require cybersecurity plans before activating DSRC systems, and for data transparency and breach notification. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.