The Center For Democracy & Technology (CDT) and four cryptographers have stated their security and privacy concerns regarding proposed rules by the National Highway Traffic Safety Administration (NHTSA) for vehicle automation and communications. In a CDT blog post, Chief Technologist Lorenzo Hall stated that the group's concerns about NHTSA's:
"... proposed rulemaking to establish a new Federal Motor Vehicle Safety Standard (FMVSS), No. 150, which intends to mandate and standardize vehicle-to-vehicle (V2V) communications for new light vehicles... Our comments highlight our concern that NHTSA’s proposal standard may not contain adequate measures to protect consumer privacy from third parties who may choose to listen in on the Basic Safety Message (BSM) broadcast by vehicles. Inexpensive real-time tracking of vehicles is not a distant future hypothetical. Vehicle tracking will be exploited by a multitude of companies, governments, and criminal elements for a variety of purposes such as vehicle repossession, blackmail, gaining an advantage in a divorce settlement, mass surveillance, commercial espionage, organized crime, burglary, or stalking.
Our concern is that the privacy protections currently proposed for V2V communications may be easily circumvented by any party determined to perform large-scale real-time tracking of multiple vehicles at once. This poses a serious costs for both individual privacy and society at large..."
FMVSS Standards include regulations automobile and vehicle manufacturers must comply with. Read the proposed FMVSS Rule 150 in the Federal Register. The proposed rule specifies how vehicles will automatically broadcast Basic Safety Messages (BSM).
The group's detailed submission (Adobe PDF) to the U.S. Department of Transportation (DOT) described specific privacy concerns. One example:
"2.1 Linking a vehicle to an individual
The NPRM proposes that vehicle location accurate to within 1.5 meters be included in every BSM. Such high accuracy is sufficient to identify a vehicle’s specific parking spot. Assuming a suburban environment where the parking spot is a driveway, this information is enough to identify the owners or tenants... Vehicles can be further disambiguated among members of a household or people sharing parking spots by when they leave and where they go. For instance, shift workers, 9-to-5 office workers, high school students, and stay-at-home parents will all have different, distinguishable patterns of vehicle use. Even among office commuters, the first few turns after leaving the driveway will be very useful for disambiguating people working at different locations..."
So, when you leave home and the route you take can easily identify individuals. You don't have to be the registered owner of the car. Yes, your smartphone broadcasts to the nearest cellular tower and that identifies your location, but not as precisely. Privacy is needed because the bad guys -- stalkers, criminals -- could also use BSMs to spy upon individuals.
The security experts found the proposed BSM privacy statement by NHTSA to be one-sided and incomplete:
"The examples of third-party collection provided in paragraph (b) of the privacy statement mention only benign collection for beneficial purposes, such as accident avoidance, transit maintenance, or valuable commercial services. They selectively highlight the socially beneficial uses of V2V information without mentioning commercial services [which] may not [be] valuable for consumers; or other potential, detrimental, or even criminal uses. This is especially troubling..."
The CDT and security experts recommended that due to the privacy risks described:
"... we firmly believe that, unless a considerably more privacy-conscious proposal is put forward, consumers should be given the choice to opt-in or opt-out (without a default opt-in), and should be made clearly aware of what they are opting in to..."
I agree. A totally sensible and appropriate approach. The group's detailed submission also compared several vehicle tracking methods:
"... physically following a car or placing a GPS device on it, do not allow for mass tracking of most vehicles in a given area. Some options, such as cellphone tracking or toll collection history, require specialized access to a private infrastructure. Cellular data does not provide precise position information to just anyone who listens in... Moreover, cellular technology is evolving rapidly — today it provides more privacy than in the past... license-plate-based tracking requires a line of sight to a given vehicle, and thus is usually neither pervasive nor real-time. A vehicle can be observed driven or parked, but not tracked continuously unless followed. Only a few vehicles can be observed by a camera at any given time. Thus, license-plate-based tracking provides only episodic reports of locations for most vehicles. In contrast, because receiving the BSM does not require a line of sight and the BSM is transmitted ten times per second, multiple vehicles can be tracked simultaneously, continuously, and in real time.
The Privacy Technical Analysis Report concluded that the only option other than BSMs that may be viable for large-scale real-time tracking without any infrastructure access is via toll transponders."
License-plate tracking and the cameras used are often referred to as Automated License Plate Readers (ALPR). Law enforcement uses four types of ALPR technologies: mobile cameras, stationary cameras, semi-stationary cameras, and ALPR databases.
So, BSM provides large-scale real-time tracking. And, while toll transponders provide consumers with a convenient method to pay and zoom through tolls, the technology can be used to track you. Read the full CDT blog post.