Barcelona, March 22, 2018.- The automobile, autonomous / electric, will be part of the Internet of Things (IoT). Sooner than we think today. Every product of our lives with an Internet connection will be a constant source of data. The privacy and security of the data that a car connected to the Internet emits is one of the main concerns. From SETRAM we have had the opportunity to know an exhaustive guide of ACEA to know the best way to guarantee the security of this data. Below we publish only a summary and strongly advise reading the entire study, prepared by the European Association of Automobile Manufacturers (ACEA).
The best way to provide safe and secure third-party access to the data generated by your vehicle is by means of an off-board facility. This is a remote and secure server from where service providers can access the data, rather than directly having access to the (moving) vehicle in an uncontrolled way.
Vehicle manufacturers are prepared to make car data available to third-party services, but they want to guarantee that this happens in a way that:
- Ensures the protection of the vehicle user’s personal data;
- Does not endanger the safe and secure functioning of the vehicle; and
- Does not undermine the liability of the vehicle manufacturer.
To limit such risks, a better and more balanced alternative to uncontrolled and full access to the in-vehicle data is for vehicle manufacturers to communicate the relevant vehicle data in a secure manner to an off-board facility. Service providers can access vehicle data through off-board means, rather than directly in the vehicle, in order to minimise safety, security and liability risks.
Hence, off-board access to data provides an open yet protected interface for third-parties, as it operates in accordance with clearly defined technical, data protection and competition rules. Of course, vehicle manufacturers secure communication between the vehicle and the off-board facility.
Providing direct access to in-vehicle data to third parties poses serious security and safety risks to the vehicle, you as a driver, your fellow passengers and other road users:
Direct third-party access to vehicle functions can facilitate hacker attacks, since every new external data interface increases the number of potential targets and entry points.
Even uncontrolled third-party access to vehicle functions or data that are not directly security-relevant can lead to risks through networking. This could enable car theft or the remote unlocking of a door, for example, as well as creating opportunities for fraud or the theft of your personal data.
Endangering safety-critical functions
Similarly, safety-critical functions such as braking can be affected negatively by the use of in-vehicle resources and computing capacity for unapproved third-party applications. Your car doesn’t have nearly as much processing power as a computer. It couldn’t possibly handle the volume of data requested, or the frequency with which it could be requested, if dozens of service providers would be granted direct and uncontrolled access.
Additional safety risks in terms of driver distraction can arise if external third parties have uncontrolled access to your vehicle’s on-board systems, user interfaces and function displays. This could happen, for example, through apps or additional control units that would draw your attention away from the road.
Giving direct and uncontrolled access to the data inside your car, van, truck or bus might also lead to unintended consequences from the installation of additional software. This includes the potential for serious malfunction or even a crash of the system. Something that may not be too worrying in, say, your smartphone, but can represent a serious risk in a moving vehicle.
A car is a means of transport, the primary function of which is to bring people or goods safely from one place to another. It requires much higher standards in safety, security and privacy compared with smartphones or other consumer devices. It is not a PC that can be rebooted if a problem occurs while driving.
Motor vehicles contain highly complex, technically-sensitive systems that must meet high technical and legal standards. These systems are developed and monitored by the vehicle manufacturer in strict compliance with road safety regulations, product safety and quality standards – in some cases, far beyond what is legally required.
Moreover, a motor vehicle also has a lifetime of at least 8 to 10 years, while the average smart phone has a lifespan of 2 to 3 years and is often seen as a disposable device. The hardware of a car needs to be resilient and stable. Ultimately, vehicle manufacturers are responsible for the safety and security of the vehicles they put on the market.
Interested service providers will be able to access the vehicle data they need through a secure remote server, on the basis of a contract with the vehicle manufacturer.
In addition, independently-managed neutral servers can be set up to make vehicle data readily available to interested third parties without the need to sign a contract with the manufacturer of a car, van, truck or bus. These servers are totally ‘neutral’, meaning that they are neither operated nor financed by the manufacturers but by an independent party. Of course, these neutral server operators are required to implement state of the art security and data protection measures.
Various companies have already shown an interest in setting up such independently-managed servers. IBM, for example, recently launched a service to make vehicle data accessible through their cloud platform to parties that want to develop new and innovative services.
The neutral server will also facilitate data access, in particular for small and medium-sized companies, by offering multi-brand data access on one server, rather than obliging them to use multiple servers of individual manufacturers.
Moreover, the neutral server ensures customer choice. With a neutral server, vehicle users are free to obtain services from the vehicle manufacturer, his network of authorised repairers or any other service provider of their choice.
Service providers can have fair and reasonable access to the data they need to offer their services to vehicle users. That includes independent repair shops, fleet operators, insurance companies, etc. Any information that is available to the vehicle manufacturer’s network of authorised repairers will be made available on the same conditions to independent third parties that offer competing services: the same type, amount and quality of data, at the same time, at the same price.
This concept for the transfer of vehicle-generated data ensures access in a fully transparent and anonymised manner. That is, the neutral server enables service providers (as well as the exact services they offer) to remain unknown to the vehicle manufacturer. Thus, it contributes to innovation and allows fair and open competition.
The type of data cars generate – and which thus can be used for providing certain services – differs from brand to brand, and even within brands, from model to model. The same applies to other motor vehicles of course, such as vans, trucks and buses, which all generate such information as well.
Various types of vehicle-generated data can be used to improve the driving experience, increase comfort for the driver, optimise products, and to contribute to societal goals such as improving road safety and reducing fuel consumption:
- Tyre pressure;
- Vehicle speed;
- Fuel consumption;
- Oil level;
- Engine status;
- Battery charge status;
- Steering angle;
- Outside temperature of the vehicle.
Vehicle-generated data do not include data imported by vehicle users (such as mobile phone contact lists and selected destinations for navigation), nor data received from external sources (for example information transmitted by roadside units, other vehicles or vulnerable road users).
Most data generated by your car are primarily of a technical nature. They exist only temporarily, are used locally within vehicle systems and are never stored.