The Internet of automobiles

February 24, 2015

Westlaw Journals Commentary thumbThe number of “smart things” is growing thanks to advances in technology and demand in the consumer market.  In 2009, there were 2.5 billion connected devices, most of which were mobile phones, personal computers and tablets.  By 2020, there will be a far greater variety of products and more than 30 billion connected devices.

Already on the market are thermostats and light bulbs that connect to a person’s smartphone and can be turned on or adjusted remotely.

In development are slippers for elderly people that detect falls, as well as ceiling fans that adjust in speed according to who walks into the room.  Relatively soon, cars, clothes, homes and even entire cities will be able to communicate and interact with us in near-real time.

Whether we are ready or not, one thing is undeniable: The business of connected devices that are able to deliver greater convenience, safety and efficiency is no longer a thing of the future.

The ‘Internet of things’ has arrived.

Among the fastest-growing sectors in the industry of smart things is the connected car.  No longer just a simple way to travel from point A to point B, cars are now the equivalent of a computer, cellphone and camera all rolled into one motorized package.  Because almost 90 percent of new cars sold today are equipped with Bluetooth, most cars already have some element of connectivity to them.

However, new developments to be seen in the coming years will take connectivity to the next level.

One manufacturer’s upcoming model will feature 4G LTE (long-term evolution) data connection, enabling its onboard computer to read aloud tweets and Facebook posts, display navigation routes and access more than 7,000 Internet radio stations at lightning-fast speeds.

Yet another manufacturer’s latest model will, itself, be a 4G LTE Wi-Fi hotspot, allowing drivers to connect their smart devices through the vehicle to the Internet.

Beginning in 2017, all new cars will be required by the government to have broadband capability.

It is important to note that tomorrow’s connected car is as much about safety as it is about convenience.

Starting in October, all new cars sold in the European Union must be equipped with an eCall device that automatically dials for emergency help if it senses a crash.

One American manufacturer’s newest model takes that one step further.  In the event of an accident, a device installed in the car will dial 911 and transmit details about the crash — such as location, crash type, change in velocity during impact, safety belt usage, number of impacts and airbag deployment — to assist the telephone operator in dispatching the appropriate amount of resources.

For example, if the operator knows that both front seat belts were fastened at the time of a high-speed collision, he or she may decide to send an additional ambulance to the scene.

Other technology is being designed to prevent accidents before they occur.  This year, several manufacturers will debut cars with “adaptive cruise control” and a “lane keeping aid” system.

By using a combination of cameras and sensors, the car can steer, accelerate and decelerate, and determine how much distance to maintain around other vehicles and obstacles.  If a car ahead of you swerves to avoid an obstacle, your car can mimic the same swerve path by following the tire treads.

Equally impressive is one manufacturer’s development of a facial recognition system that will enable the car to authenticate the driver.  If the driver is recognized, the car will display information specific to that person.  If the driver is not recognized, a photo of the person is sent to the smartphone of the primary owner, who can then set features that should be enabled or disabled.

For instance, if the driver is a teenager, his or her parent can set restrictions to require the use of safety belts and limit speed, audio volume and the use of a mobile phone while driving.

Some manufacturers are even working with the government to develop vehicle-to-infrastructure communication.

The U.S. Department of Transportation and the National Highway Traffic Safety Administration have approved the development of technology that will allow cars to communicate with other cars and transportation infrastructure in order to transmit data on speed, position and other factors.

Soon, if your car has a blind spot and another vehicle is in it, your car will alert you and will not allow you to drive into the other’s space.

Or, if there is ice on the road ahead, an embedded sensor on the road’s surface can detect that ice and alert you as your car approaches.  If no action is taken, your car will automatically slow down to a safe speed and alert others behind you to adjust their speed accordingly.

Indeed, the potential of the connected car seems boundless.

Now that the age of the connected car has arrived, there is some question regarding what lies ahead with respect to the privacy of vehicle owners, data usage in product liability actions and connected-car security.

To be clear, connected cars do collect and transmit significant amounts of data, can access potentially sensitive information on users’ cellphones and are potentially susceptible to being hacked.  If the connected car is merely a computer and cellphone on wheels, then many of the privacy and security issues being posed by critics of connected cars have already been encountered.

Such critics have raised pointed concerns regarding government and police surveillance.

Because connected cars come equipped with global positioning systems, it is possible that a car manufacturer or GPS service provider could store movement data and subsequently be asked to provide that data to the police or government.

That said, all cellphones already have the ability to track the movements of users through cell-site data (the identification of the radio cell tower or towers nearest to the device), GPS or Bluetooth beacons.  Thus, connected-car tracking as a concept is no more novel than the idea of cellphone tracking, which has moved from the unfamiliar to the commonplace and, in some instances, is even welcomed.

For example, in 2012, repeated phone calls made to the parents of a kidnapped 17-year-old in Las Vegas helped police locate her abductor and safely rescue the teen.  Recently, the New York Times called such efforts by police “a routine tool,” observing that “the wide use of cell surveillance has seeped down to even small, rural police departments.”

Although no court has ruled directly on the question of privacy rights with respect to connected cars, an analysis of Fourth Amendment rights as applied to GPS tracking is illustrative.

In United States v. Jones, 132 S. Ct. 945 (2012), the U.S. Supreme Court held that the warrantless installation and monitoring of a GPS tracking device on a defendant’s automobile was a physical intrusion that is considered a search within the meaning of the Fourth Amendment.  The court, however, clearly distinguished the facts in Jones from “situations involving merely the transmission of electronic signals without trespass [that] would remain subject to Katz analysis.”

Katz v. United States, 88 S. Ct. 507 (1967), said the Fourth Amendment protects a person’s “reasonable expectation of privacy.”

Therefore, procuring GPS or cell-site data, which involves only the transmission of electronic signals without trespass, is subject to the Katz standard that extends 4th Amendment protection in cases in which a person has an “actual (subjective) expectation of privacy … that society is prepared to recognize as ‘reasonable.’”

By applying Jones and Katz, it becomes clear that protection from police and government surveillance for connected-car users is no different than that for cellphone users.  Both are traditional forms of technology modernized by the addition of geo-location tracking, and both use the transmission of electronic signals to accomplish this task.

Similarly, both forms of technology are ubiquitous and pervasive — 91 percent of Americans own a cellphone, and 95 percent of American households own a car — and both already have elements of connectivity that are deemed acceptable and reasonable by society.  Although high-tech smart cars seem to have only yesterday evolved from concept status, the legal protections already in place can, indeed, be extended to address them.

Critics of connected cars have also questioned whether auto manufacturers will use data from connected cars to defend product liability lawsuits.  It is important to note that EDRs — event data recorders that capture information on speed, braking, steering and safety belt usage in the event of an accident — have been present in automobiles since the 1990s.

About 96 percent of model year 2013 cars have EDRs, as well as at least 150 million older vehicles on the road today.

It is common practice for auto owner’s manuals to state that EDR data can be used  in lawsuits brought against them, and as a result, they  have been using EDR data as evidence in product liability matters for years.  That said, plaintiffs’ attorneys have also been able to use EDR data in product liability litigation.  Thus, the use of EDR data as evidence in product liability litigation has benefited not just auto manufacturers, but individual drivers as well.

Similar to the EDR data that have been used as evidence by auto manufacturers and individual drivers for quite some time, connected cars will generate data that may also be used as evidence in product liability litigation.

In November, the Alliance of Automobile Manufacturers and the Association of Global Automakers released the Consumer Privacy Protection Principles for Vehicle Technologies and Services, a self-regulatory code pertaining to connected cars which has been voluntarily signed onto by most major auto manufacturers.

The Consumer Privacy Protection Principles state that:

  • It is reasonable for auto manufacturers to use or share “covered information [identifiable information that is retrieved from vehicles by or on behalf of an auto manufacturer] to protect the safety, property, or rights” of auto manufacturers.
  • Affirmative consent is not required from vehicle owners when “geolocation information, biometrics, or driver behavior information is used or shared … as reasonably necessary to protect the safety, property, or rights” of auto manufacturers.

Plaintiffs’ attorneys can also obtain connected-car data from auto manufacturers for their own use.

Despite the availability of connected-car data to product liability litigants, the use of this data does face obstacles in the courtroom.

The first potential obstacle is the issue of chain of custody, or whether there has been an opportunity for parties to manipulate the information after it has been retrieved from a vehicle.  A second potential issue is the reliability of connected-car data as evidence.

Simply put, vehicle telematics systems are not designed to serve as evidence in product liability litigation.  If they were, they would gather much more information about a car’s surrounding environment and how a car reacted in that environment.

Because the ultimate goal in collecting vehicle telematics data is to offer benefits such as safety services to drivers, this data, on its own, would probably not serve as strong evidence.

So yes, connected-car data could be used in product liability litigation, but they could be used to the benefit of either party, and their evidentiary value may be limited.

Finally, critics of connected cars vociferously argue that smart cars are susceptible to hacking and therefore pose a danger to privacy and public safety.

Indeed, it is true that connected cars contain wireless-enabled computer components that can be controlled remotely.  It is equally true, however, that connected cars run on staggeringly complex lines of software code, which, for the great majority of us, including most hackers, is virtually impossible to decrypt.

Even so, it is not inconceivable that an extremely sophisticated hacker could disable a car’s alarm system, unlock its doors, or control the lights, steering, brakes or navigation. Undoubtedly, in the extreme, car hacking affects not just a stolen car, but the safety of the car’s driver and all others on the road.

Despite this daunting possibility, society should be encouraged that existing law- enforcement systems have generally kept pace with the sophisticated “Internet of Things” market.

Just last year, the Federal Trade Commission charged TRENDnet (a company that markets remotely controlled video cameras) with failure to use reasonable security to design and test its software.

According to the FTC, the company failed to include a password requirement setting, transmitted user login credentials in readable text over the Internet (despite the existence of software that is available to secure such transmissions) and stored consumers’ login information in readable text on their mobile devices.

As a result of the company’s negligence, links to live feeds of nearly 700 cameras were made available to the public.  The matter ended up settling within a few months, but not without the company agreeing to establish a comprehensive information security program to address risks that could result in unauthorized access to or use of the company’s devices.

The TRENDnet matter demonstrates that security is about having adequate protections for a product and its data — not whether or not a product should be brought to market.

As we recognize the capability of smart things and the accompanying need to develop secure infrastructure, experts have been working to develop more secure operating systems and have been improving data encryption.

Likewise, law enforcement officials recognize the advantages of smart things while they remain committed to enforcing privacy and security as a priority.  Both constantly improving security protections and existing law enforcement systems have evolved along with the Internet of things, and there is every reason to assume this trend will carry over into the connected-car market.

The connected car is one of the greatest technological trends of modern day.  To be sure, as with all new products, there will be some wrinkles to iron out.  When the first motorcars appeared in the early 1900s, they were seen as expensive, dangerous and unreliable.  But, as we now know, technology continued to improve, and cars eventually came to change the face of America.  The smart car is no different: driving will become more convenient, safe and efficient, and the laws will keep pace to protect us.