Modern vehicles contain more than a hundred Electronic Control Units (ECUs) that communicate over different in-vehicle networks and are often connected to the internet which makes them vulnerable to various cyber attacks. Data collected by the connected vehicles is directly related to the vehicular system. These data can be hacked and exploited to cause anything from harmless mischief to physical injury or even life threat.
Vehicle-to-vehicle (V2V) communication technology, now increasingly being called V2X (vehicle to multiple other things like traffic infrastructure) is starting to be installed in many brands bringing a lot of positive benefits and features. They help to protect vehicles from collisions due to driver error to malfunctioning signals, potholes and other drivers who might be impaired.
But privacy advocates contend that the data collection inevitably become another component of the surveillance state. Some argue that the federal Department of Transportation (DoT) and the National Highway Transportation and Safety Administration (NHTSA) have made significant efforts to build privacy into the data collection for V2X. These measures are including provisions to ensure that data collected to create that safety possible would be anonymized and never logged or stored. That is privacy by design and default. But ultimately this gives birth to another set of problems— helping criminals to be anonymous.
Experts recommend that the agency should work to identify proactive technical or legal control that could limit third party collection, aggregation, or sale of V2V data, including considering encryption or higher Pseudonym Certificate rotation rates.
It is probably inevitable that V2V will become standard soon. It is a truth that while technology can enable faster and more comprehensive data collection, the privacy risks aren’t any different from those that have always existed.