Major vehicle manufacturers are telling Congress to keep its distance as the industry evolves to take advantage of the “Internet of cars.”
Representatives of Toyota, Tesla and GM are scheduled to testify before a House Oversight subcommittee on Wednesday, when they will tout the safety and comfort benefits of increasingly connected cars in prepared testimony.
Their plea for limited government intervention comes after the recall of 1.4 million Chrysler vehicles earlier this year when researchers found a flaw that allowed them to remotely hack into the vehicles.
“Regulation at a time of rapid innovation runs the risk of limiting the realization of the full extent of safety advances,” Tesla’s head of business development Diarmuid O’Connell will say when testifying Wednesday.
Increased regulation should be avoided unless “absolutely necessary,” he will say.
O’Connell said the Chrysler vulnerability could have been avoided if manufacturers ensured that their vehicles were not directly connected across the Internet. He also said connected cars must isolate their mechanical systems, such as braking, and make sure to use encryption technology to protect privacy of information transferred to and from vehicles.
“Tesla is seeing increased vehicle security interest and scrutiny from academic and industry security researchers,” he said. “Tesla encourages and applauds this assistance — to the extent of even providing financial rewards for the best research.”
Toyota’s head of connected services, Sandy Lowenstein, endorsed a congressional cyber sharing proposal that recently passed both chambers and urged lawmakers to merge the bills quickly and send them to President Obama's desk.
The company also called on the government to clarify that car hacking violates the Computer Fraud and Abuse Act. Outside advocates, however, have warned that researchers should be exempt so as not to chill the kind of study that uncovered the Chrysler vulnerability.
The auto industry has recently set up its own information sharing coalition and adopted best practices for user privacy. But Toyota rejected automotive-specific cyber regulations.
“The truth is that industry can move quicker than the government to update or modify out-of-date practices or adjust to new or emerging threats,” Lowenstein wrote in prepared remarks.
The National Highway Traffic Safety Administration is slated to address privacy concerns in an upcoming rulemaking process and has also worked with the Federal Trade Commission on the issue.
Outside advocates have called on Congress to pass legislation to require regulators to write privacy and cyber rules dealing with connected cars.
Lawmakers such as Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced legislation that would require regulators to set standards to ensure all wireless access points of a vehicle are protected, that critical systems are isolated, that the vehicle has technology to detect and stop a hack in real time and that all information collected is secured.
It would also require rules to force car companies to make customers aware of the data that is collected from cars, give customers the ability to opt out of the collection and bar marketers from using the information to target ads.
