August 18, 2014
Automobiles now contain a variety of advanced computing and communications technologies. The integration of those technologies into our cars means that many critical technology law issues associated with data security, information privacy, and advanced computer systems must now also be addressed in the context of automobiles.
The advanced level of information technology now included in cars is perhaps best illustrated by the dramatic growth of driverless vehicle technology. The pioneering work of integrating advanced information collection and processing technology into cars has matured to the point where many different vehicles are now able to drive themselves, without a human at the wheel to control them directly.
Several different jurisdictions have now modified their laws to permit operation of driverless vehicles on public roads for test purposes. Driverless vehicles are being tested on public roads in California, Nevada, and Florida. Volvo is testing them on public roads in Gothenburg, Sweden. Most recently, England granted permission for texting of driverless vehicles on public roads, beginning in January 2015.
Concerns have been raised by some parties regarding the movement toward permitting use of driverless vehicles on public roads. Those concerns generally focus on the safety aspects of the vehicles and the uncertain distribution of responsibility and liability associated with operation of the vehicles.
The use of advanced computing technology in cars means that those vehicles now routinely collect, store, and distribute substantial data associated with vehicle operation. Cars contain their own version of the well-established “black boxes” long used in aircraft to collect flight data. Automobile black boxes collect operational data such as speed, distance traveled, geographic location, and braking patterns.
Use of advanced computing and communications technologies in automobiles raises the issue of ownership and rights of access to data collected by the vehicles. Important open issues remain as to who owns and controls the data collected by cars, the vehicle owner, the auto manufacturer or the manufacturer of the data collection devices? These issues carry important information privacy implications.
Recently, a group of computer security researchers wrote to the CEOs of several of the world’s leading automobile manufacturers, warning them of the critical nature of automotive data security concerns. The researchers urged the CEOs to ensure that their companies implemented the following five key steps to secure automobile data: 1.) design their cars specifically for maximum data security; 2.) disclose security vulnerabilities to proper authorities and technology experts so they can be effectively addressed; 3.) implement secure software development programs; 4.) design systems to capture security breach evidence effectively, and 5.) isolate critical vehicle systems from network access.
Additionally, automobiles are now sophisticated digital entertainment centers. Digital media systems such as Ford’s “Jukebox” and the General Motors Hard Drive Device enable car users to download, play, and re-play large volumes of recorded music. For example, Ford’s “Jukebox” system is reportedly capable of downloading and storing 164 hours of recorded music.
Recently, the Alliance of Artists and Recording Companies (AARC) sued Ford and GM for alleged violations of the Audio Home Recording Act of 1992. The AARC alleges that the music recording systems sold by Ford and GM as part of their cars are illegal music recording devices that facilitate copyright piracy. The AARC is reportedly seeking damages of $2500 per installed device and injunctive relief requiring the devices be modified to incorporate effective anti-piracy safeguards.
Without doubt, automobiles and other vehicles are now active and significant components of the global data network. In that capacity, they are generating important technology law issues. The resolution of those issues will have substantial impact on critical technology policy concerns such as data security, information privacy, and digital rights.