What is the US Congress doing to enable the upsides of the coming autonomous vehicle (AV) world and to protect everybody from the downsides?
Well, they’re discussing it. In some cases they’ve proposed legislation about it. What will actually get done and when is not yet clear.
What is clear is that so far, while cybersecurity and privacy are components of both discussion and legislation, the language is a long way from airtight, which could be a problem.
Autonomous vehicles (AVs), otherwise known as self-driving cars, are automatic targets. Given the massive amount of data collection and connectivity necessary to make such a system function, how could they not be?
The gleam in the AV industry’s eye is for hundreds of millions of “devices” to be collecting and sharing data – through V2V (vehicle to vehicle) communication – that will identify drivers and perhaps their passengers, track their location, speed, driving habits and more.
Besides the obvious privacy implications, that offers opportunities for hackers to take control of critical systems like brakes, steering, accelerator, locks etc, or demand a ransom to leave them alone. In short, AVs are a “target-rich environment”.
And, of course, multiple giants of both the auto industry and the internet – Ford, GM, Toyota, Google, Apple, Tesla, Uber, Lyft and more – are racing to get their models on the road.
So what is Congress doing?
The House Energy and Commerce Committee, in a rare display of bipartisanship late last week, unanimously approved the SELF DRIVE Act, which contains sections on both cybersecurity and privacy. The bill will now move to a vote in the full House.
Among other things, it would require manufacturers of any “highly automated vehicles” to have a cybersecurity plan that includes, “a process for identifying, assessing, and mitigating reasonably foreseeable vulnerabilities from cyber attacks or unauthorized intrusions, including false and spurious messages and malicious vehicle control commands.”
Its privacy provisions track pretty closely to the “Privacy Principles” issued in 2014 by the Alliance of Automobile Manufacturers and the Association of Global Automakers, which call for vehicle owners to be given “clear, meaningful notice” about the collection and use of driver data; “certain choices” about how it is collected, used and shared; along with other provisions about data security, minimization and de-identification and…