Today, Public Knowledge and The New America Open Technology Institute filed a Petition for Rulemaking with the Federal Communications Commission to establish requirements for cybersecurity and privacy protection in the Direct Short Range Communication (DSRC) service.
DSRC is the automobile industry’s chosen technology for vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication. The auto industry intends to deploy DSRC for both autonomous (self-driving) vehicles and in standard vehicles for purposes of collision avoidance. Additionally, the auto industry plans to use DSRC to offer commercial services such as mobile payments, in-car advertising, and “infotainment” systems such as video streaming.
Public Knowledge’s Petition for Rulemaking asks the FCC to adopt the following safety measures before permitting the auto industry to deploy DSRC for American vehicles:
- Limit DSRC to life and safety uses only. The auto industry plans to take spectrum allocated for safety of life and monetize it with advertising and mobile payments. This compromises cybersecurity and potentially violates the privacy of every driver and passenger.
- Require automakers to file a cybersecurity plan before activating DSRC systems. This plan should not only show that auto manufacturers have taken appropriate precautions today, but explain how they will update security over the life of the vehicle.
- Data transparency and breach notification. Auto manufacturers must inform purchasers of DSRC-equipped cars what personal information they collect and how they will use that information. In the event of a data breach, the manufacturer collecting the information must notify the customer.
The following may be attributed to Harold Feld, Senior Vice President at Public Knowledge:
“In March, the FBI and Department of Transportation (DOT) issued a joint Public Service Announcement warning Americans to be careful against cyberattacks on their cars. A hacked car equipped with DSRC will spread the infection to any other car equipped with DSRC like a mosquito spreading Zika.
“When the FCC created the DSRC service rules in 2004, it did not impose any requirements with regard to cybersecurity or privacy protection. In light of these recent reports and warnings, that must change.”
General Motors intends to deploy its first DSRC-equipped car in the next few months.
You may view the Petition for Rulemaking for more information.
Members of the media may contact Communications Director Shiva Stella with inquiries, interview requests, or to join the Public Knowledge press list at shiva@publicknowledge.org or 405-249-9435.