The Nov. 18 question-and-answer session between members of the House Subcommittee on Transportation and Public Assets and the Subcommittee on Information Technology heard testimony from various automotive industry groups centered on how they handle safety and privacy issues associated with the nation’s increasingly connected vehicles.
Following the hack of a Jeep Cherokee in July and a Tesla Model S in August, lawmakers focused their attention to whether or not regulation needed to be put into place to protect consumers.
In the same month as the Jeep hack, Sen. Ed Markey, D-Mass., introduced Senate Bill 1806, known as the Security and Privacy in Your Car Act (SPY Car Act), in an attempt to tackle some of the larger questions around consumer protections and the auto industry.
Unsurprisingly, the testifying automakers, which included General Motors, Toyota and Tesla, said federal regulation could inhibit their continued innovation in the space and lead to some vehicle makers meeting only bare minimum standards, instead of exceeding them.
“…Tesla believes that in order to maintain the pace of reducing injuries and fatality rates, vehicles need to increasingly use computerized vehicle systems to avoid crashes, with particular opportunity afforded in the connected vehicle space,” said Telsa’s Diarmuid O’Connell.
The electric carmaker’s spokesperson said the rapid pace of advancement in the connected car realm would continue to be a valuable asset for both vehicle safety – like automated braking and learning and communicating roadway conditions – and in addressing recall issues through software updates.
O’Connell said many of the issues raising concern in the connected car space could ultimately be addressed through manufacture-only updates, strongly isolating vehicular networks from the vehicle’s mechanical systems and improved encryption for communications with the vehicle.
“We’re in a period of rapid innovation for automotive safety; Tesla vehicle safety already significantly benefits from investments in vehicle connectivity. We expect innovation and success in delivering enhanced safety to only continue as the full potential of connected vehicles is realized,” he said. “Overzealous, or more particularly, premature regulation that does not allow for innovation or creative solutions can actually deter or block safety innovations and as a result any move in this direction must be considered carefully and only to the extent absolutely necessary in our view.”
Testimony was also heard from a privacy advocate who urged Congress to take action to address “substantial privacy and security concerns centered on connected cars.
“New vehicle technologies offer a variety of new services to American drivers and are quickly being implemented by car companies. But these new technologies, typically based on Internet connectivity, also raise substantial privacy and security concerns that Congress needs to address,” said Khaliah Barnes, associate director of the Electronic Privacy Information Center. “As cars become more technologically sophisticated, they collect a lot of personal data including physical location, destinations, text messages and phone records.”
Barnes also said the industry fails to fully inform consumers as to how their information will be shared and with whom. She went onto say that the SPY Car Act would create a “good framework for meaningful safeguards.”
“The very real possibility of remote car hacking poses some substantial risks to driver safety and security,” she said. “Congress must enact meaningful safeguards to protect privacy and security in the Internet of Cars.”
When asked to talk about cybersecurity vehicle standards, automakers deferred to a number of cooperative efforts, as well as collaboration with the National Institute of Standards and Technology (NIST) and other agencies, but said strict mandates were not an action they would support.
“There is a difference between there being standards and there being laws," said Dean Garfield, president and CEO of the Information Technology Industry Council. "There are certainly standards being developed around cybersecurity, and there are certainly laws in place that would punish someone, whether it’s the Computer Fraud and Abuse act or the Digital Millennium Computer Act, from folks hacking into cars or anything else. But the question is, are there laws mandating a particular standard, and I would argue that mandating a particular standard would be the absolute wrong approach."
Garfield added that while carmakers are likely to see malicious vehicle hacks emerge as the technology evolves, misguided policy decisions could negatively impact innovation and software development.
“I think part of my worry is all of the great things we’ve been talking about will be a dream deferred because our policy apparatus won’t be as agile as our software development to keep up with these shifts," he said. "I get the instinct to act, and we should act, what we’re suggesting is that we act in a strategic, coordinated fashion that ensures our shared interests are achieved."
Harry Lightsey, executive director of Global Connected Customer, Public Policy at General Motors said the industry could simply not match the pace of government when it comes to innovation and product development.
“With all due respect, our industry can’t afford to wait for government and we’re not doing that,” he said. “I think that the industry needs the freedom to innovate and to do that work.”
Those representing the automotive industry said they would be willing to collaborate with government partners, but collectively said mandates could translate into real harm from a business standpoint. Lawmakers were also quick to voice their own concerns about government intervention in the space.
“This is one of the most exciting parts of our economy," Rep. Jason Chaffetz said in his comments. "This is somewhere we can lead the world. It’s something that’s going to create real jobs and have a real impact on peoples’ lives as long as the federal government doesn’t come in and screw it up, which we are prone to do in the federal government.”