United States Senators Richard Blumenthal and Edward Markey introduced legislation earlier this week designed to combat the rising threat of automotive cyber attacks, according to a release on Blumenthal’s Senate website.
The bill, known as The Security and Privacy in Your Car (SPY Car) Act, would direct the National Highway Traffic Safety Administration and the Federal Trade Commission to establish federal standards to secure cars and protect drivers’ privacy.
When introducing new cyber legislation, two of the biggest concerns are security and privacy, and this bill seeks to address both issues. Regarding security, under this bill, all access points in the car would be equipped with reasonable measures to protect against hacking attacks; all collected information would be secured to prevent unwanted access; and the vehicle would be equipped with technology that can detect, report and stop hacking attempts in real-time.
The legislation would also address users’ privacy concerns as well. Specifically, it would require that owners are made explicitly aware of collection, transmission, retention, and use of driving data, are able to opt out of data collection and retention without losing access to key navigation or other features (when technically feasible except in the case of electronic data recorders or other safety or regulatory systems), and that personal driving information may not be used for advertising or marketing purposes.
Additionally, there would a rating system or “cyber dashboard” that would display an evaluation of how well various vehicles rate beyond the aforementioned minimum standards that would be presented in a transparent, consumer-friendly form on the window sticker of all new vehicles, allowing consumer pressure to further push automotive companies toward securing their vehicles.
“Rushing to roll out the next big thing, automakers have left cars unlocked to hackers and data-trackers,” Blumenthal said in the release. “This common-sense legislation protects the public against cybercriminals who exploit exciting advances in technology like self-driving and wireless connected cars. Federal law must provide minimum standards and safeguards that keep hackers out of drivers’ private data lanes. Security and safety need not be sacrificed for the convenience and promise of wireless progress.”
The legislation comes amid growing concern about automotive safety against cyber attacks. A WIRED article published this week featured two researchers who successfully disabled the transmission and cut the brakes of a 2014 Jeep Cherokee among other scary commands, although a Markey spokesperson told WIRED that the bill’s release wasn’t timed to WIRED’s story.
The entire release of the proposed legislation can be found on the Blumenthal website.