Will Data Security and Privacy Take a Backseat in Autonomous Vehicles?
Fully autonomous vehicles (AVs) are coming. By some estimates, they’ll be ready for passengers en masse as soon as 20201, while others predict we’re at the beginning of a long period of hybrid autonomy2.
The arrival of AVs promise some highly-anticipated benefits. Safety is at the top of the list: The technology-packed vehicles could prevent3 80% of unimpaired accidents, for example, helping to reduce the 1.35 million annual traffic deaths4 across the globe.
And that’s all thanks to the vehicles’ ability to collect, process and analyze millions of data points: from street signs to speed bumps, traffic flows to weather, driver behavior to car performance.
But all of this safety data often includes personal data5.To make the car’s airbag safer, sensors need to know a passenger’s weight to adjust the airbag’s deployment velocity. To ensure children aren’t left alone in cars, cameras need to monitor the vehicle’s interior. Even some of today’s vehicles — many of which are level 1 or 2 on the autonomy scale6 — have access7 to data about where we travel, who travels in the car and the average speeds of the driver. And for the most part, that information belongs to the car manufacturer, not the driver.
Still, the benefits of all this data-collection in AVs is driving their continued development. But so far, says Lisa Joy Rosner, CMO of Israel-based automotive data services platform Otonomo8, how the data will be protected, and how an individual will allow or deny access to that information remains uncertain. It’s a challenge her company and others in the still-nascent industry are focused on solving—even as these vehicles become more autonomous and collect more data that, in the wrong hands, could counteract those safety promises driving full autonomy forward.
Autonomous Vehicles Will Get More Secure, Not Less
Most6 of today’s vehicles have low-level autonomous components, like adaptive cruise control or an automatic braking system. These components are, by their nature, less secure because there are fewer of them: A hacker could easily throw the car off-track by disrupting one sensor. That’s because the signals in many of today’s vehicles are routed through one, central location called the Controller Area Network (known colloquially as the ‘Can bus.’) Once a hacker has access, they can simply reverse-engineer the signals to confuse the car9. Hackers might also interfere with a car’s radar10 using radio signals to mask an object in the vehicle’s path.
But AVs of the future will have a plethora of sensors: One proposed AV model11 from an American manufacturer, for example, has 14 cameras to detect traffic lights and pedestrians, 3 LiDARS that create a 3D topical map of the surroundings, and 21 RADARs of various types to help with everything from blind turns to navigating intersections. All these sensors create a redundancy, meaning the car can consider a host of factors before it makes a decision, ignoring a fishy signal from one of its cameras. In fact, fooling a fully autonomous AV would require interrupting a majority of the sensors—faking the car’s environment almost completely.
While not one hundred percent secure, this nature of AVs is actually more hacker-proof than some of today’s most secure corporate networks9. In a corporate network, once an actor’s identity is verified the system assumes they are ‘safe.’ Because of their reliance on these sensors, AVs are always alert to suspicious activity.
Onboard Storage Powers Proactive Security
The growing number of sensors on AVs means much more data for the car to collect, analyze and process, too. Current AV models generate 4-6 terabytes12 of data every day—and might one day produce 8-12 TB of data per day13. Because the load is too great to transfer to the cloud12—which is time-consuming, has latency and security issues, and can be expensive—many manufacturers are turning to onboard storage edge computing. As rolling data centers, future AVs will be more secure and more efficient in their ability to make decisions based on the data they collect.
Beyond hardware, many in the industry are beginning to explore software security as well. To date, they have embraced rules-based cyber security measures, but according to Gil Reiter, vice president of product management and marketing at SafeRide Technologies14, those measures can only repel known attacks. The future of security for AVs, he says, will also require artificial intelligence and machine learning to assess a vehicle for unusual activity and address security proactively. Onboard storage will be critical here, too, due to the breadth of information needed to train neural networks to identify possible threats, and enable defenses to react immediately before a hack can do any damage.
Passenger Data Privacy Remains Uncertain
While efforts around AV data security are promising, the question of passenger privacy remains uncertain. Even though one survey15 found 92% of vehicle owners agreed they should be able to decide who sees their data, they currently do not7 — in part, at least, because most auto manufacturers require passenger data to improve AV performance.
“Being able to tie specific behaviors to specific people is going to be really hard to do over time because of the privacy backlash,” says Avery Ash, head of autonomous mobility at Seattle-based INRIX16, which provides connected car services and mobility analytics. “That’s not going to quiet down.”
Data anonymization is one avenue that makes it possible to collect the data that’s essential for AV development and functioning — i.e. the details of a trip but not about the driver making it — without compromising privacy, says Ash. INRIX, for example, anonymizes trip data and only uses the segments that are valuable for building AI models and data analyses.
And once drivers don’t have to take the wheel, according to Rosner, a whole new set of data privacy concerns come into play. AVs of the future will become places for experience, to work, relax and shop, generating a host of additional personal data. Broader regulations on the subject are just beginning to come into discussion in the U.S. Fortunately, Rosner says she’s seeing most of their manufacturer customers opt for the highest privacy standards so that they’re in compliance globally.
“Companies know that earning consumers’ trust is a hard thing to do,” she says. “Companies that do it well are adopting the strictest policies and applying them universally.”
With these fast-evolving complex privacy and security environments, AV companies will need to address questions about how data protections will be implemented and ensured in a way that balances not only the driver’s peace of mind—but also their safety.
This content is produced by WIRED Brand Lab in collaboration with Western Digital Corporation.
- Future of Autonomous Cars is Not Exactly Driverless
- Autonomous Cars Have Driven ‘Millions’ of Miles and Transported ‘Tens of Thousands’ of Passengers
- How V2X Technology Will Change How You Drive
- Global Status Report on Road Safety 2018
- Eyes on the Road! (Your Car Is Watching)
- Here’s Where Your New Car Lands on the Self-Driving Scale
- Your Car Knows When You Gain Weight
- Assume Self-Driving Cars are a Hacker’s Dream? Think Again
- Hackers Fool Tesla S’s Autopilot to Hide and Spoof Obstacles
- How The GM Cruise AV Senses The World Around It
- Autonomous Vehicles: The Race is On
- The Data Management Implications of the Federal Automated Vehicles Policy
- SafeRide Technologies
- Most Car Owners/Lessees Agree That Today’s Vehicles Could Be Considered Technological Devices