Vehicle-to-vehicle wireless standard under fire

By Brian Albright /

A group of consumer advocacy associations have issued a letter to the Federal Communications Commission voicing their concerns about the possible commercial use of the dedicated short-range communications (DSRC) spectrum band that will be used for vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) connected car applications. The groups raised concerns about both driver privacy and safety if automakers are allowed to provide commercial services using the wireless technology.

Back in 2014, the National Highway Traffic Safety Administration (NHTSA) released an advance notice of proposed rulemaking that would mandate DSRC-based vehicle-to-vehicle communications in light vehicles. The agency was most interested in left turn assist (LTA) and intersection movement assist (IMA) systems that would help drivers by alerting them to cars that are running red lights, or preventing drivers from making a left turn into oncoming traffic. According to NHTSA’s findings, just those two systems could prevent up to 592,000 crashes and save more than 1,083 lives per year. The proposed mandate would take effect in 2020, and General Motors plans to include the technology in vehicles as early as the 2017 model year.

The consumer and privacy groups support a request by Public Knowledge and the New America Foundation for an emergency stay on the use of DSRC in the 5.9GHz spectrum band because of the possibility of connected cars being hacked or companies mis-using vehicle owners’ personal information. The Intelligent Transportation Society of America (ITSA), Alliance of Automobile Manufacturers and the Association of Global Automakers filed a counter petition to deny that emergency request.

The letter to the FCC was signed by representatives of Consumer Watchdog, Consumer Action, the Center for Digital Democracy, the Consumer Federation of America, the Electronic Frontier Foundation, and other groups.

Dr. William Whyte, author of the IEEE 1609.2 V2V security standard, met with White House officials earlier this month to discuss the issue. “There is no doubt that connected cars are vulnerable to hacking and the examples the petition provided do an excellent job proving that,” Whyte said. “However, all of those attacks were done through cellular connections, on-board diagnostic (OBD-2) port dongles, remote keyless entry fobs and other wireless connections. Unlike each of these technologies, DSRC was designed from the start with security and privacy in mind.”

The FCC has allocated 75 MHz of spectrum in the 5.9 GHz band for use by Intelligent Transportations Systems (ITS) vehicle safety and mobility applications.

According to the letter from the consumer advocates, ITSA and automakers hope to deploy commercial services on the DSRC spectrum (such as infotainment applications). These services may not be covered by the privacy-by-design protections proposed by NHTSA in its 2014 Technical Report and advanced notice of proposed rulemaking. Instead, application providers would be responsible for providing whatever level of privacy they wanted.

According to the letter: “Americans do not need to have ‘Facebook on Wheels’ imposed on them by government fiat in the name of public safety. Absent Commission action on the Petition, DSRC licensees will have the freedom to install any commercial application they chose on the consumer’s government mandated DSRC device. Without Commission action on the Petition, DSRC licensees are free to partner with any commercial data broker, advertiser or any other third party with virtually no notice to consumers and no need to obtain consumer permission – or even provide consumers with a means of opting out of these commercial arrangements.”

Consumer protection concerns have been increased by cybersecurity vulnerabilities highlighted by the 2015 Markey Report, as well as private testing by a number of different companies and hackers. DSRC units could potentially be exploited to spread malware from car to car, putting personal information at risk and potentially creating a safety hazard.

According to automotive industry groups, the request for a stay is flawed because DSRC systems don’t collect or store information that can be linked to a specific driver or vehicle. According to the Alliance of Automobile Manufacturers, the stay is also flawed because it doesn’t meet the FCC’s requirements such a request.

The IEEE 1609 DSRC Working Group also defended the security of the standard to the FCC. According to the Working group: “Security and privacy have been fundamental DSRC technical and policy requirements since its inception. IEEE 1609.2-2016 is comprehensive and informed by industry best practices and by academic research in cryptography, privacy and anonymization.”

“It is essential that the intelligent transportation revolution, powered in no small part by the 5.9GHz safety spectrum, continue.” said Regina Hopper, ITSA president and CEO.  “From saving lives to reducing emissions to easing traffic congestion, the full promise of intelligent transportation is transformative.  Such a move would be reckless and unwarranted, undermining the clear public interest.”

You can read the consumer group letter here.

%d bloggers like this: