The Department of Transportation’s National Highway Traffic Safety Administration (“NHTSA”) announced in 2014 that it would begin steps toward implementing vehicle-to-vehicle (“V2V”) technology with an aim toward decreasing the number of traffic accidents on the nation’s roads. V2V technology allows communication between cars on the road to alert drivers of potential accident situations. However, with the new V2V technology come additional privacy concerns. In August, the NHTSA released an advanced notice of proposed rulemaking for V2V technology. In addition to key findings on privacy and security, the report included findings on the technical feasibility, and estimates of costs and safety benefits. The following is a review of the NHTSA’s key privacy findings for the V2V system.
The NHTSA report began with an emphasis that the V2V system:
- Would not collect or store data on individuals or individual vehicles, nor would it allow the government to do so;
- Would not contain data in safety messages exchanged between vehicles or collected by the V2V security system that could be used by law enforcement or private entities to personally identify speeding or erratic drivers;
- Would not permit tracking through space or time of vehicles linked to specific owners, drivers, or persons;
- Would not collect financial information, personal communications, or other information linked to individuals; and
- Would not provide access to the vehicle for extraction of data.
The NHTSA report also assured that the V2V system would enroll enabled vehicles automatically without collecting any information identifying specific vehicles or owners, and would enable the NHTSA and motor vehicle manufacturers to identify lots or production runs of potentially defective V2V equipment without the use of VIN numbers or other information that could identify specific drivers or vehicles.
In its analysis of the transmission, collection, storage, and sharing of V2V data, the NHTSA focused on two categories of V2V system functions – system safety and system security. Regarding system safety, the V2V system requires devices to send and receive safety messages containing information about a vehicle’s position, heading, speed, and other information relating to vehicle state and predicted path. This communication information does not contain personally identifying information (“PII”) and is broadcast in the limited range required for vehicles in the vicinity to communicate with each other. Regarding system security, the information consists of the exchange of certificates and other communications between V2V devices and the entity or entities providing security for the V2V system. This information would be encrypted and subject to security measures aimed at preventing unauthorized intrusion and access to the system or vehicle.
- Collection and transmission of “anonymous” data only from users for mandatory applications;
- Anonymous maintenance of data until destruction;
- Collection of personally identifiable information (“PII”) only with the consent of the consumer;
- Use or transmission of PII in a manner that prevents misuse or loss; and
- Prevention of unauthorized attacks on the system.
Through these identified principles, the NHTSA recommended specific requirements for V2V systems including implementing end-to-end anonymity for privately owned or leased vehicles and occupants for all V2V technologies; for mandatory services, having no ability to track specific identified vehicles across space and time; implementing protection from attacks on the system by providing secure, end to end encryption of vulnerable communications; changing short-term security certificates and vehicle identification every few minutes to prevent location tracking, and assigning certificate signing requests in an anonymous fashion; providing multiple legally and administratively separate Security Certificate Management System entities with distinct governances; and providing sufficient security to prevent hackers, users, and system administrators from accessing any information that can be linked to individuals or motor vehicles.
Finally, the NHTSA also laid out key elements for future privacy assessments of V2V systems by the Department of Transportation and the NHTSA. The privacy assessments will focus on eight particular areas:
- Transparency – Are consumers informed of the data that will be collected and transmitted by the V2V system and how the data is used?
- Individual Participation and Redress – Do consumers have a reasonable opportunity to make informed decisions about the collection, use, and disclosure of their PII? Will consumers have an opportunity to make decisions regarding the collection and use of their data?
- Purpose Specification – Are the purposes of the collection, use, maintenance, and dissemination of data or categories of collected data properly disclosed and reasonable?
- Data Minimization – Is data collection and retention being minimized to necessary collection retention and no excessive collection and retention is being done?
- Use Limitation – Is assurance being provided to consumers and any other subjects of the data collection that the data will not be used for purposes that are incompatible with the purposes disclosed and for which the data is being collected?
- Data Quality and Integrity – How will the system assure data quality and integrity throughout the data lifecycle and in all business processes associated with data use?
- Security – What physical, technical, and procedural measures will system administrators take to protect the data?
- Accountability and Auditing – Does the V2V system have adequate procedures in place to ensure that the privacy controls are being followed and executed?