Democratic Senators Ed Markey (Mass.) and Richard Blumenthal (D-Conn.) have reintroduced a bill aimed at improving cybersecurity in automobiles.
The Security and Privacy in Your Car (SPY Car) Act would require the National Highway Traffic Safety Administration and Federal Trade Commission to develop automotive cybersecurity and privacy standards. It also necessitates a “cyber dashboard” rating system that would inform consumers of the cybersecurity standard in their cars.
The detailed provisions of the bill are as follows:
This bill directs the National Highway Traffic Safety Administration (NHTSA) to conduct a rulemaking to issue motor vehicle cybersecurity regulations that require motor vehicles manufactured for sale in the United States to protect against unauthorized access to:
(1) electronic controls or driving data, including information about the vehicle’s location, speed, owner, driver, or passengers;
(2) driving data collected by electronic systems built into a vehicle while that data is stored onboard the vehicle, in transit from the vehicle to another location, or subsequently stored or used off-board the vehicle. The regulations must require vehicles with accessible data or control signals to be capable of detecting, reporting, and stopping attempts to intercept such driving data or control the vehicle.
A violator is liable to the U.S. government for a civil penalty of up to $5,000 for each violation.
NHTSA must also conduct a rulemaking to require the fuel economy labeling that manufacturers attach to motor vehicles to display a “cyber dashboard” with a standardized graphic to inform consumers about the extent to which the vehicle protects individuals’ cybersecurity and privacy beyond the minimum requirements.
The Federal Trade Commission is required to conduct a rulemaking to:
(1) require motor vehicles to notify owners or lessees about the collection, transmission, retention, and use of driving data;
(2) provide owners or lessees with the option to terminate such data collection and retention (except onboard safety systems required for post-incident investigations, emissions, crash avoidance, and other regulatory compliance programs) without losing navigation tools or other features; and
(3) prohibit manufacturers from using collected information for advertising or marketing purposes without the owner’s or lessee’s consent. Violations are to be treated as unfair and deceptive acts or practices under the Federal Trade Commission Act.