Protecting driver privacy requires a root of trust
Thu, 10/15/2020 – 05:16
As you may be aware (and really, who isn’t?), it’s election season in the United States. In my home state of Massachusetts, in addition to the usual choices of political candidates for local, state and national offices, this year’s ballot includes a special question that raises potential data privacy concerns. Specifically, Question 1 aims to create new legislation related to the telematics data captured by vehicles sold in the state. For the uninitiated reader, vehicle telematics data includes information captured by GPS, sensors (to track driving behavior, environmental conditions and more) and data captured by on-board systems (e.g. engine temperature, fluid levels, tire pressure).
If Question 1 passes, manufacturers of vehicles that use telematics systems that collect and wirelessly transmit data related to their vehicles’ maintenance and repair would have to equip such vehicles with a standardized open access data platform.
This platform would give drivers the ability to access their vehicle’s diagnostic data via a mobile app and grant access to their automobile mechanic of choice. This is particularly useful when the dreaded, yet ambiguous, “Check engine” light comes on. Although a “right to repair” law – the first of its kind in the nation – originally went into effect in November, 2013, that legislation dealt specifically with on-board diagnostics systems, whereas this proposed measure would also cover telematics data transmitted over the air.
Backers of the ballot question feel this is a natural extension of that original law, while opponents argue that the data could be tied back to individual drivers, creating privacy concerns.
Of course this isn’t only a concern for Massachusetts drivers, as a growing number of vehicles capture telematics data. An estimated 28.5 million telematics-enabled vehicles were sold in 2019 and the volume continues to grow rapidly. What’s more, millions of aftermarket telematics devices are already in use to support services like safe driver discounts from insurance companies or for parents to monitor their kids’ driving behavior.
Although the language of Question 1 specifies that the data to be collected is limited to mechanical data for vehicle diagnostics, repair and maintenance purposes”, one can certainly envision a future – in Massachusetts and elsewhere – where telematics data is linked to personal profiles for the purpose of targeting advertisements and services to drivers based on their location, driving behaviors and vehicle maintenance records (“Your oil change is overdue – use this handy coupon today!”).
Opponents of Question 1 are trying to raise voters’ anxieties by describing scenarios where stalkers track down their victims or burglars easily identify which houses are empty. A far more likely consequence, in my opinion, is a cybercriminal using stolen personal data for financial gain. After all, that’s what we see with the vast majority of attacks.
All of this raises questions like: How is the telematics data transmitted from the vehicle to the remote server? How and where is the data stored? Could the telematics data be tied back to individual vehicle owners?
As we know from decades of sensitive online data transmissions, encryption is required to ensure its protection. Similarly, once the data has arrived at the remote server, the use of encryption, pseudonymization or tokenization can be used to help prevent individual identities from being revealed.
In order to be truly secure, all of these data protection techniques require a best-practice root of trust, the kind that only a hardware security module (HSM) can provide. HSMs protect the keys that underpin cryptographic processes, thus thwarting a malicious insider or even a sophisticated external attacker’s attempts to steal personal data.
Whether Question 1 on the Massachusetts ballot passes or not, as personal data becomes more commodified and momentum builds behind other right-to-repair legislation, organizations that transmit, capture or store telematics data must be considering the privacy implications. Otherwise, in the event of a publicized breach, they face the scrutiny of industry regulators along with financial and reputational damage from lost consumer confidence.
Learn more about connected vehicle security here
*** This is a Security Bloggers Network syndicated blog from Drupal blog posts authored by jim-delorenzo. Read the original post at: https://www.ncipher.com/blog/protecting-driver-privacy-requires-root-trust