U.S. regulators should do more to ensure data transmitted among vehicles to prevent crashes on the road can’t be stolen and used against drivers, privacy advocates cautioned at a federal forum on Wednesday.  

"Privacy issues are incredibly important in connected cars," says Joseph Jerome, policy counsel with the Center for Democracy and Technology. "As we add more and more sensors, more and more cameras, it will lessen our privacy."

As cars become more connected, regulators are looking to safeguard communications involving a range of vehicle advances—from high-tech safety features already in operation to completely self-driving cars expected on the road, perhaps within a few years.

“Consumers should know what data their car is collecting, and who has access to this information,” says William Wallace, a policy analyst for Consumers Union, the policy and mobilization arm of Consumer Reports. “Also, consumers’ trust is critically important to the broader acceptance of advanced features—including lifesaving safety systems.”

The forum on vehicle privacy and cybersecurity was hosted by the Federal Trade Commission and the National Highway Traffic Safety Administration. 

The major stakeholders, including regulators, automakers, software companies, and consumer groups, expressed hope that coming technologies will save lives on the highways. At the same time, the emerging technology presents unprecedented challenges for automakers to protect against hacking and ensure that customer data doesn’t get into the wrong hands.

As currently envisioned, vehicle-to-vehicle data would include very precise information about vehicle size and weight that could be used to extrapolate make and model information, says Jeremy Gillula, senior staff technologist at the Electronic Frontier Foundation. Independent evaluations have shown that vehicles could be hacked, even though regulators tried to design the system to ensure consumer privacy, he says.

“They tried,” Gillula says. “We appreciate they put some effort in, but it’s not there yet. The system as being talked about today wouldn’t protect privacy in any meaningful way.”

That assessment was disputed by Christopher Hill, a principal at Booz Allen, a consulting firm that worked with the Department of Transportation in evaluating vehicle-to-vehicle communication protocols. Security experts concluded that data transmitted through V2V technology would be sufficiently encrypted and limited to protect individuals’ identities, he says.

Overall, consumers are excited about the potential to improve highway safety through new technologies, says Carrie Morton of the University of Michigan’s Mcity automated-vehicle research center. V2V communications are limited to a range of about 1,000 feet, which should limit the hacking risk, she says. Even using basic technology today, a person could take a picture of a license plate and acquire a lot of information about who’s driving, she adds.

Drivers already use services that expose their personal driving and vehicle information, such as Waze, a mobility app where consumers enter their personal commuting information to crowdsource traffic information, Morton says. If they see a benefit, then “they’re okay with the trade-off,” she says.

But car dealers are hearing concerns about car data collection and privacy, says Andrew Koblenz, executive vice president of legal and regulatory affairs at the National Automobile Dealers Association. Event-data recorders and what happens to personal data from phones that are synced with infotainment systems are among the most common questions asked of dealers, he says. NADA felt compelled to publish a brochure to answer such common privacy questions.

"We're entering into a new age, where people don't know what the realm of the possibility is with this data," says Jason Carter, a research scientist with Oak Ridge National Laboratory who has worked on vehicle privacy and security. "It's not that they're not concerned, it's that they're not aware of what an adversary can do with the data."