Crowdfunded lock lets car owners secure their data
With the federal government proposing airplane style "black boxes" in every automobile, a crowd-funded project wants to design a lock that will allow car owners to secure their data from snooping and tampering.
My first car was a Toyota Tercel with no bells and whistles. It had four cylinders, standard transmission and no AC - basically: four wheels and a chassis, but not much more. These days, new cars - even base models - are really PCs on wheels. Under the dash, they have powerful onboard computers that collect data that's streamed in real time from scores of onboard sensors. And, inside the passenger compartment, automakers are looking to overcome car-skepticism in younger buyers, adding interactive features like docking stations for smart devices, wi-fi, in-dash screens and even open APIs that let you build custom apps that interact with your own wheels (See Ford's Personalized Fuel Efficiency App Challenge for more on this.)
Image credit: Airmika, Inc.
But all this data raises interesting questions. Not the least of them: who does all that data belong to? The Federal Government is looking to lay claim to some of it. Proposed legislation would require new cars to come equipped with Event Data Recorders (EDRs), "black boxes" that capture vital operating data. EDRs can help investigators reconstruct the moments prior to- and immediately after an accident.
A National Highway Traffic Safety Administration rule would require all new cars to have EDRs by September of next year. But that would only codify what's already a de-facto reality, since an estimated 96% of all new cars already come with the devices.
But who owns the data in that device? It's not clear. Thirteen states have passed laws governing EDRs - many requiring the owner's consent before EDR data can be downloaded and analyzed. In the other 37 states, the legal status of EDR data is a matter of debate. Car makers consider the data to be diagnostic information that belongs to them. On the other side, the American Civil Liberties Union and others have called for the federal government to put consumer protections in place. An ACLU analysis in December, 2012, called for laws that "clearly establish the principle that the data on these black box computers belongs to the person who owns the car." "When you buy a car," the ACLU said "you also buy the many computers that, increasingly, run that car."
That notion - that car owners own car data - is behind a new, crowdfunded project on the web site Indiegogo that would allow car owners to lock their black box, preventing unauthorized access to its data, said Tom Kowalick, the president of Airmika, Inc., a North Carolina firm that has made a product called The AUTOcyb Automotive Cyber Security Lock.
Kowalick said AUTOCyb is a kind of "firewall" for automobile data stored in the EDRs, which includes information on speed, braking, acceleration and seatbelt use. Despite federal laws against tampering with EDR data, tools and instructions for how to wipe EDRs are common online. The AUTOCyb is designed to prevent that. The lock plugs into and secures the OBD (on board diagnostics) port that is standard on all gas-powered cars made after 1996. Once inserted, it protects the "chain of custody" around EDR data in the event of an accident.
"You hold the key, not automakers, law enforcement or insurance companies. If others want to access your crash data they will have to seek your permission or use legal means to do so. Basically, this device protects your interests."
Kowalick says that he has counted 29 different companies making products to erase or alter crash data in some way. Some of that is linked to fraud on the second hand car market. But owners could just as easily be victims if data of an accident scene can be altered before, during or after acquisition by law enforcement and others. Car owners may not be in a position to monitor or control access do the data in the event of an accident, when their vehicle suddenly becomes part of a crime scene or investigation. His AUTOCyb key, he said, is about securing the chain of custody around EDR data in the event of an accident.
Kowalick's crowdfunded project is looking to raise $132,000 by May 14th. Those who contribute $33 will receive an AUTOCyb lock for their car. The proceeds of the project, which is hosted on Indiegogo.com, will go to ramping up product development, production and marketing of AUTOCyb, he said.
"If that data is taken out, we want to know who has taken it out and when," he said.
With cars adding more "intelligent" features, security products like AUTOCyb is likely to be just one of many applications seeking access to auto systems. In just one recent example, the firm Automatic Labs Inc. is selling a hardware device that plugs into the OBD port and links the car's diagnostic systems to an iPhone or Android mobile application using Bluetooth 4.0 technology. The hardware-software bundle allows drivers to monitor their own driving performance for fuel hungry activities like rough breaking, speeding and rapid acceleration.
Going forward, that kind of vehicle data may also be of interest to insurance providers, who could monitor drivers actual performance on the road and use it to assess their risk - rewarding good drivers with lower rates, said Richard Bishop, the President of Bishop Consulting and an expert on Intelligent Transportation Systems (ITS).