The FTC recently filed a comment on the National Highway Traffic Safety Administration’s advance notice of proposed rulemaking related to vehicle-to-vehicle communications. The comment left no doubt that the FTC wants to regulate the Internet and everything connected to it.
Nonetheless, the FTC’s specific comments about vehicle security were noteworthy:
First, participants expressed concern about the ability of connected car technology to track consumers’ precise geolocation over time. Such information may divulge personal details about an individual. Did Consumer A visit an AIDS clinic last Tuesday? What place of worship does he attend? Was he at a psychiatrist’s office last week? Did he meet with a prospective business customer? By collecting geolocation information from motor vehicles, businesses could build profiles of a driver’s activities over time and use the information for purposes unanticipated by the driver. For example, a business could sell the information to a data broker, which might, in turn, tag the consumer with reference to his medical conditions and sell it to other businesses. Indeed, many consumers are concerned about the privacy of their geolocation data. One recent study found that nearly three quarters of consumers surveyed were reluctant to enable location tracking on their phones due to privacy concerns. Consistent with this generalized concern about geolocation data, NHTSA’s own survey discussed in the V2V Report reflects consumer discomfort about businesses having access to additional driving-related geolocation information.
Second, FTC workshop participants expressed a concern that information about driving habits could be used to price insurance premiums or set prices for other auto-related products, without drivers’ knowledge or consent. This kind of collection can fall outside the FCRA, which generally governs data supplied by and furnished to credit reporting agencies for certain eligibility decisions.
A third concern relates to the security of connected cars. At the Commission’s Internet of Things workshop, one participant discussed his successful efforts to remotely access a car’s internal computer network; he reported that he was able to control the vehicle’s brakes and other critical functionality by hacking into the telematics unit.
Pingback: Regulating the Internet of Things | Privacy and Surveillance