Privacy in V2V (vehicle-to-vehicle) Technology

November 18, 2014 9:50 am

Privacy in V2V (vehicle-to-vehicle) Technology

While the vehicles we drive get smarter and smarter, abilities like self parking or braking seem old in the light of the new vehicle to vehicle technology onboard many of the new vehicles. Connected cars are expected to generate $ 131.9 billion in sales by 2019.
Vehicle-to-vehicle (“V2V”) technology was developed to decrease the number of traffic accidents on the nation’s streets and highways.
This new technology allows vehicle to vehicle communication on the road to ideally avoiding possible accidents.

As with any new technology, there are new liability concerns for the user; concerns that define privacy and self incrimination in the face of a vehicle accident.

In August 2014, the NHTSA released an advanced notice of the proposed guidelines for implementing V2V technology, while still keeping user information private and inaccessible to government or corporations.

In an unprecedented move toward privacy, the NHTSA or Department of Transportation’s National Highway Traffic Safety Administration, announced that it would immediately begin steps toward implementing vehicle to vehicle technology and the guidelines to protect privacy.

Summary of the NHTSA’s key privacy guidelines for the new V2V technology.

The NHTSA report used strong language to define personal privacy with regard to V2V technology in that the V2V devices:

would not collect or store data on individuals or individual vehicles,

nor would it allow the government to do so;

would not contain data in safety messages exchanged between vehicles or collected by the V2V security system that could be used by law enforcement or private entities to personally identify speeding or erratic drivers;

would not permit tracking through space or time of vehicles linked to specific owners, drivers, or persons;

would not collect financial information, personal communications, or other information linked to individuals; and
would not provide access to the vehicle for extraction of data.

The NHTSA report also assured that the vehicle to vehicle technology system would “enroll enabled vehicles automatically without collecting any information identifying specific vehicles or owners”,
and would enable vehicle manufacturers to identify defective V2V equipment without the use of information that could identify personally identifying information.” In other words, nearly anonymously.

The NHTSA focused on two categories of V2V system functions – system safety and system security.

System Safety

In the V2V system safety, the software is designed to send and receive safety messages with general information about a vehicle’s geographic location, direction and traveling speed as well as other information such as projected location from previous locations and other information; although the information excludes PII. The NHTSA says the information is “broadcast in the limited range required for vehicles in the vicinity to communicate with each other”.

System Security

System Security is achieved via  exchanges of certificates and other communications between devices and the entity or entities providing security for the V2V system, but potentially not excluding third parties that may have an interest in the Vehicle operation and location. Third parties such as creditors, community supervisors, insurance companies and the like.

When these types of organizations have a “finger in the pocket” of the vehicle owner; what liability is in place when a vehicle is suddenly shut off in traffic due to a missed payment or un-installed update?

If the information is encrypted and “subject to security measures for  preventing unauthorized intrusion and access to the system or vehicle”, does that imply that there is a guarantee of freedom from intrusion into the vehicle operation?

What was unprecedented for a government entity was the implementation of procedures for a privacy policy for V2V systems.

Privacy Policy Principles

As recommended by the NHTSA a summary of the privacy policy principles are as follows:

Collection and transmission of “anonymous” user data only for mandatory applications

Data retained under anonymous ID until destruction;

Collection of personally identifiable information (PII) only with the knowledge and consent of the user;

Prevention of misuse or loss or unlawful transmission of (PII) personal identifying information;

Prevention of unauthorized hacking, data leakage or attacks on the system.

NHTSA recommended specific requirements for V2V systems including but not limited to:
implementing end-to-end anonymity for privately owned or leased vehicles and occupants for all V2V technologies; encryption and use of multiple security certificates that change minute to minute making travel data anonymous and strong anti-hacking measures in place.

NHTSA identified points for future privacy assessments of V2V systems by the Department of Transportation and the NHTSA.

The new privacy assessments will focus on eight specific topics:

“Transparency – Are companies clear and correct about the data that collected and transmitted by the V2V system and the privacy systems are in place as to not reveal any user PII?

Individual Participation and Redress – Do consumers have a enough information to make reasonable and informed decisions regarding allowing this intrusion into their personal life? Is a refusal policy or default system in place?

Purpose Specification – Are the purposes of the collected data truthfully disclosed?

Data Minimization – Is it minimal data with no PII collected and retained? Systems may need to be devised for oversight.

Use Limitation – Is there a limitation of the amount and type of data so there is no mass collection of unrelated data collected?

Data Quality and Integrity – Assurance the data collected is true and correct and made available only to those entitled to the data.

Security – What specific measures will be in place to protect the data?

Accountability and Auditing – Are there adequate procedures in place to ensure that the privacy controls are being followed and executed?

All of these ideals if properly implemented would also impact the usage of vehicle data collected and it’s admissibility to be used against you in court after an accident.

While it appears there is a movement on the part of the NHTSA to protect a natural persons privacy rights, the action may in fact limit the information harvest-able from your in car V2V data, making it more difficult if not impossible for your vehicle’s, or any vehicle’s data for that matter, to become a witness against you should you be involved in an accident.

Refreshingly, the NHTSA seems to be using the privacy principles, privacy policy foundations, and privacy policy assessments to show their commitment to protecting these vital and primary Constitutional rights.