Technology vs. Privacy: A Black Box Update
If federal legislators and the National Highway Traffic Safety Administration have their way, provisions of the Motor Vehicle Safety Act of 2010 will be passed in the U.S. House of Representatives (HR 5381, see Sec. 108) and the U.S. Senate (S.3302, see Sec. 107) to mandate the installation of MVEDRs (motor vehicle event data recorders) in all new vehicles sold in the United States. Both bills have been reported out of their respective Commerce committees and are awaiting action by the full legislative bodies.
The House bill would require the installation of MVEDRs in passenger cars by the 2015 model year. The Senate version is more aggressive, mandating installation in the first vehicle model year that occurs two years after enactment of the bill. While approximately 85 percent of U.S. vehicles are estimated to already have “black boxes,” the Motor Vehicle Safety Act of 2010 that spawned both bills places significantly different design and usage standards on MVEDR manufacturers.
An early October 2010 article written by Ivan Berger for the Institute of Electrical and Electronics Engineers (IEEE) describes the MVEDR technological gap that must be closed in order to protect the privacy of vehicle owners. IEEE formed a working group, designated (as only engineers can) as “1616a,” to begin addressing consumer protection and data security concerns. The following excerpts from Mr. Berger’s “Automotive Black Box Standard Gets Privacy Update” highlight some of the hurdles that system engineers are working to overcome:
“. . . the diagnostic link connector (DLC) was designated as the download connector for in-vehicle networks,” [IEEE Project Co-Chair Tom] Kowalick says. That connector, present on all cars sold in the United States since the 1996 model year . . . will now be used to access the MVEDR data.
Only vehicle owners would have the key, or codes, to the lockout, giving them sole control over their data. That should prevent data tampering and protect data from misuse, according to Kowalick. “With today’s electronic tools, going through the DLC is the most common way to tamper with car systems and read recorded data,” Kowalick says. That can jeopardize the car owner’s privacy because many of the control units . . . can retain data for longer periods than the mere seconds captured by MVEDR. What’s retained . . . could include GPS-marked destinations or other information that an owner might want to keep private.
Thieves could change a car’s recorded vehicle identification number (VIN) stored on the area network. That would immediately prevent telematics services such as General Motors’ OnStar from locating a stolen car or turning off its engine before it could be taken to a chop shop or have its VIN plaques and etchings changed. By preventing unauthorized access, the lockout can help establish a chain of custody for evidence.
As cars acquire more drive-by-wire electronic sensors and systems, there will be more data to capture and control, calling for additional standards. And if the Motor Vehicle Safety Act of 2010 passes, making MVEDRs mandatory by 2015, “there will be up to 200 million light vehicles with unprotected EDRs,” Kowalick says. “Several companies are already offering ways for the unscrupulous to tamper with digital odometer readings or even erase crash data . . .”
For more information on black boxes, check out the black box section of the NMA website.