Invisible, but Not Transparent: An Analysis of the Data Privacy Issues That Could Be Implicated by the Widespread Use of Connected Vehicles

In 2015, the U.S. Department of Transportation began the first phase of its 50-month program to introduce connected vehicles to American roadways. While many have focused on the potential traffic safety benefits wide-scale implementation of connected vehicle technology could ultimately bring about, few have discussed the potentially serious data privacy issues that connected vehicles could create. Although few know the exact technological capabilities connected vehicles will have, it is likely that they will be designed to regularly transmit highly sensitive private information over a relatively unsecure network. This paper analyzes the potential privacy issues that could be implicated by such a system, with particular focus as to how those issues are exacerbated by existing state law. Unless substantial amendments are made to existing legislative schemes, widespread use of connected vehicles could seriously jeopardize the security of our private information

Privacy implications of smartphone-based connected vehicle communications

Considerable work has been carried out into making the vision of connected vehicles a reality, with inter-operable communications to take place between vehicles for the purpose of improving road safety and alerting road users to accidents or sudden braking. The cost of deploying such a solution to large numbers of vehicles is significant, and vehicles have a much longer lifespan than other consumer equipment, leading to other work considering the use of smartphones as possible devices for such connected vehicle networks. In this paper, we consider the security and privacy implications of using smartphone based platforms for connected vehicle applications, both in vehicles, and those carried by pedestrians. We also consider the general risks of relying on consumer smartphones, particularly with regard to the lack of long-term security updates being available. We finally explore the need for privacy to be considered in the design of solutions, in addition to the well-recognised need for security, and explore the trade-off between anonymity and prevention of abuse, in the context of designing future connected vehicle technologies

Who\u27s Driving You? Driver Data Remains Unprotected Under COPPA and Shine the Light

As our lives become more driven by technology, California’s privacy laws fall short of protecting our personally identifiable information. Vehicles in particular present an increasing privacy concern, as our automobiles become more computer and less car. Cars today have increasingly sophisticated capabilities, stemming from connected technology and sensors, and their ability to capture geolocation and biometric data. This data can be used to make inferences about drivers’ behavioral patterns and daily habits. This Article analyzes whether California’s privacy laws—California Online Privacy Protection Act (“COPPA”) and Shine the Light—adequately address privacy concerns regarding driver data collected by the connected car. This Article considers how notice and consent can effectively protect connected car drivers, and concludes that consumers need a more effective way to manage how connected car data is collected, retained, and used

Using Searchable Encryption to Protect Privacy in Connected Cars

Providing vehicles with extended connectivity introduces new opportunities for services, and also security applications such as misbehavior detection. However, for many applications, personal data needs to be processed by the system providers, which impairs the privacy of the vehicle users. While focusing our research on new possibilities of connected car security, we follow privacy by design principles. We explore the utilisation of various privacy-enhancing technologies (PET) in order to provide advanced connected car applications, while preserving the personal data of the vehicle users. Specifically, we aim to develop practical schemes that utilise Searchable Encryption to provide a framework for secure and privacypreserving connected car applications

A Distributed and Privacy-Aware Speed Advisory System for Optimising Conventional and Electric Vehicles Networks

One of the key ideas to make Intelligent Transportation Systems (ITS) work effectively is to deploy advanced communication and cooperative control technologies among the vehicles and road infrastructures. In this spirit, we propose a consensus-based distributed speed advisory system that optimally determines a recommended common speed for a given area in order that the group emissions, or group battery consumptions, are minimised. Our algorithms achieve this in a privacy-aware manner; namely, individual vehicles do not reveal in-vehicle information to other vehicles or to infrastructure. A mobility simulator is used to illustrate the efficacy of the algorithm, and hardware-in-the-loop tests involving a real vehicle are given to illustrate user acceptability and ease of the deployment.Comment: This is a journal paper based on the conference paper "Highway speed limits, optimised consensus, and intelligent speed advisory systems" presented at the 3rd International Conference on Connected Vehicles and Expo (ICCVE 2014) in November 2014. This is the revised version of the paper recently submitted to the IEEE Transactions on Intelligent Transportation Systems for publicatio

EXPLORING THREAT-SPECIFIC PRIVACY ASSURANCES IN THE CONTEXT OF CONNECTED VEHICLE APPLICATIONS

Connected vehicles enable a wide range of use cases, often facilitated by smartphone apps and involving extensive processing of driving-related data. Since information about actual driving behavior or even daily routines can be derived from this data, the question of privacy arises. We explore the impact of privacy assurances on driving data sharing concerns. Specifically, we consider two data-intensive cases: usage-based insurance and traffic hazard warning apps. We conducted two experimental comparisons to investigate whether and how privacy-related perceptions about vehicle data sharing can be altered by different types of text-based privacy assurances on fictional app store pages. Our results are largely inconclusive, and we did not find clear evidence that text-based privacy guarantees can significantly alter privacy concerns and download intentions. Our results suggest that general and threat-specific privacy assurance statements likely yield no or only negligible benefits for providers of connected vehicle apps regarding user perceptions

Privacy in the Age of Autonomous Vehicles

To prepare for the age of the intelligent, highly connected, and autonomous vehicle, a new approach to concepts of granting consent, managing privacy, and dealing with the need to interact quickly and meaningfully is needed. Additionally, in an environment where personal data is rapidly shared with a multitude of independent parties, there exists a need to reduce the information asymmetry that currently exists between the user and data collecting entities. This Article rethinks the traditional notice and consent model in the context of real-time communication between vehicles or vehicles and infrastructure or vehicles and other surroundings and proposes a re-engineering of current privacy concepts to prepare for a rapidly approaching digital future. In this future, multiple independent actors such as vehicles or other machines may seek personal information at a rate that makes the traditional informed consent model untenable. This Article proposes a two-step approach: As an attempt to meet and balance user needs for a seamless experience while preserving their rights to privacy, the first step is a less static consent paradigm able to better support personal data in systems which use machine based real-time communication and automation. In addition, the article proposes a radical re-thinking of the current privacy protection system by sharing the vision of “Privacy as a Service” as a second step, which is an independently managed method of granular technical privacy control that can better protect individual privacy while at the same time facilitating high-frequency communication in a machine-to-machine environment

Developing a Privacy Code of Practice for Connected and Automated Vehicles

Connected and autonomous vehicles (‘‘CAVs”) can collect, store, process and transmit vast amounts of data. Understanding the use (and potential misuse) of this data, particularly when that data is about an identifiable individual within the meaning of data protection law, is regarded critical to the success of this new mode of transportation. However, what constitutes personal information in relation to coneccted and automated vehicle data on a case-by-case basic. This presents a policy challenge for the government and creates uncertainty for businesses wishing to make use of this data