Privacy SOS

Senator asks car companies how safe their products are from hackers and unwarranted police tracking

Please note that by playing this clip YouTube and Google will place a long term cookie on your computer.

What kinds of protections have car manufacturers built in to their systems to prevent malicious hacking or unwarranted spying against their customers? We will soon find out.

Senator Ed Markey has sent another set of letters to private companies seeking information affecting the privacy and security of hundreds of millions of people. The Massachusetts Democrat has already sent two rounds of letters to telecommunications companies, asking for details about how often and under what circumstances law enforcement agencies request cell phone user information.

The results of the first batch of letters netted the first substantive information released to the public concerning police department surveillance of Americans' cell phones. The results were shocking: police nationwide made more than 1 million requests for user data in one year alone. We are awaiting publication of the latest cell phone company responses, which will shed further light on cell phone surveillance in the United States.

But the Senator's new letters concern another privacy and security problem that has gone largely unattended to in congress: the computers in our cars.

In December 2013, Markey's office sent letters to twenty major car manufacturers, asking for details about how their systems protect "against the threat of cyber-attacks or unwarranted invasions of privacy related to the integration of wireless, navigation, and other technologies into and with automobiles."

"Today's cars and light trucks contain more than 50 separate electronic control units (ECUs), connected through a controller area network (CAN) or other network (such as Local Interconnect Networks or Flexray). Vehicle functionality, safety, and privacy all depend on the functions of these small computers, as well as their ability to communicate with one another. They also have the ability to record vehicle data to analyze and improve performance. On-board navigation technologies as well as the ability to integrate mobile devices with vehicle-based technologies have also fundamentally altered the manner in which drivers and the vehicles themselves can communicate during the vehicles' operation."

Markey's concerns, he says, "are based on two recent developments that highlight potential threats to both automobile security and to consumer privacy": a recent DARPA study that showed researchers could remotely "cause cars to suddenly accelerate, turn, and kill the brakes", and "the increasingly use of navigation of other technologies that could be used to record the location or driving history of those using them."

The DARPA study, Markey observes, was "built on prior research that demonstrated that one could remotely and wirelessly access a vehicle's CAN bus through Bluetooth connections, OnStar systems, malware in a synched Android smartphone, or a malicious file on a CD in the stereo."

The Senator asks the car companies to respond to his questions by January 3, 2014. That means sometime in 2014, drivers across the world will have better insight into how their privacy and security could be compromised by cutting edge automobile technologies, and lawmakers will be armed with the information they need to better protect the public.

Read Markey's letters here.

© 2021 ACLU of Massachusetts.