Net neutrality reversal drives privacy concerns for connected car data
Though the U.S. Federal Communications Commission voted to overturn net neutrality, individual states are taking matters into their own hands. More than two dozen states, including California, New York, Connecticut and Maryland, are considering legislation to reinstate net neutrality rules within their borders. Earlier this year, Washington became the first state to sign such legislation into law. While the reinstatement of net neutrality could take some time, governors in several states, including New Jersey and Montana, have also signed executive orders requiring internet service providers (ISPs) that do business with the state to adhere to net neutrality principles.
Without net neutrality, ISPs and telecom companies have the right to prioritize services according to customers’ needs. One industry likely to feel the effect of this is the automotive sector; connected cars depend on consistent data transmission.
It’s estimated that by 2021, over 380 million connected cars will be on the road. Today, the motor manufacturing industry is still in the very early stages of figuring out how to make money from connected car data. The relaxing of net neutrality rules makes it possible that auto manufacturers will team up with telcos and ISPs to offer customers a range of data-based services. Ultimately, this could be even more profitable than actual vehicle sales.
One of the biggest challenges for motor manufacturers will be to convince customers that their privacy is assured and that it will not be open season for their data.
Big data, big profits
By the year 2020, it is estimated that 20 billion in-car devices will be constantly sending back vehicle data via the internet. That means each vehicle will be transmitting around 1.5 TB of data every day –more than 25 GB per hour per car. For this reason, working out how to utilize, analyze and manage all this big data will become a key part of every motor manufacturer’s business model.
The search for which software platforms to partner with is already underway. Ford’s Ford Pass platform and GM’s OnStar AtYourService feature are early examples of how auto data is sold to third parties, such as insurance companies or roadside retailers, to help them tempt drivers with loyalty discounts and special offers.
The repeal of net neutrality allows internet providers in the U.S. to get in on the action. In the near future, deals between ISPs and auto manufacturers could give rise to a range of software-based service packages. The exact content and the speed at which each service is delivered could vary according to the car owners’ needs.
While ISPs and car manufactures would be able to use the relaxing of net neutrality rules to create more monetized services, the new rules also provide a great advantage to the public safety. Since data can be prioritized, life-critical data (e.g., public safety) can have a higher priority than someone streaming music. While new net neutrality rules might create business opportunities for ISPs, humanity will also benefit as important services will have a higher priority than someone binge watching Netflix.
Privacy challenges
One of the biggest challenges around privacy is how to develop services that reconcile the conflicting interests of product designers and marketing executives with those of the legal and compliance teams. One such compromise came to light in 2015 when the German motorist organization, Allgemeiner Deutscher Automobil-Club, discovered that large amounts of data were being captured by the on-board diagnostics (OBD) system of a BMW model, including driving destinations and phone contacts, without the permission of the user. Originally, the data could only be accessed by directly connecting to the OBD. However, as soon as the data started being transmitted wirelessly, the risk of it being captured, processed and shared without the customer’s permission becomes unacceptably high.
In Europe, especially under General Data Protection Regulation (GDPR), automakers must ensure they have the express permission of the vehicle owner before they can share car data. As the U.S. has not enforced similar regulations yet, there are concerns that connected car data may be harvested and sold at the expense of owner privacy. For example, someone could potentially make money from stealing customer details that are stored in the entertainment system of a rental vehicle. By connecting your phone to a rental car, you could unwittingly give details of your smartphone, recent locations visited and even your home address for others to mine for malicious purposes.
Consumer confidence at a crossroads
The effect of all this on consumers is hard to gauge, partly because industry studies conducted to date are colored by the interests of the sponsoring parties. Insurer Willis Towers Watson portrays a broadly positive picture saying 55% of consumers will likely purchase a new or preowned vehicle with new technology features in the next 24 months. Four out of five drivers, it says, are open to sharing their driving data.
In contrast, research published by digital platform security company Irdeto is decidedly more downbeat. The study of over 8,000 consumers in six countries revealed 93% of respondents either don’t have a connected vehicle or don’t know if they do. Nearly half (49%) do not own and do not plan on buying a connected car. A high proportion (85%) cited cybersecurity as the reason for their caution.
Car manufacturers need to be able to provide the car owner, or future owner, an easy-to-understand overview of which data is being collected and how it is used. Current and future regulations will also cover these items to protect the consumer.
Securing the connected car
One surefire way to protect driver data is to use virtual private networks (VPNs). VPNs are a useful way for motor manufacturers to ensure any driver data transmitted wirelessly remains completely private. This is especially important for GDPR compliance. VPNs in vehicles can guarantee secure connectivity, assured authentication and centralized remote management for software patches and over-the-air updates.
Additional protection can be achieved by utilizing secure connections, advanced authentication and centralized management. First, decide whether the application requires on-demand or always-on access, as well as command-line or API control. Next, implement added security with a second factor of authentication. Lastly, a central management provides the ability to remotely configure any internet-connected device to patch or update software, scale VPN connectivity and manage authentication.
Overall, while doing away with net neutrality gives internet providers much more freedom to shape how we connect to the online world, implementing VPN technology can protect our privacy and provide secure connectivity when operating any connected device or machine, especially a connected car.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.