FTC, NHTSA To Raise Concerns With House Subcommittee Privacy, Cybersecurity Proposal for Vehicles
Witnesses from the FTC and the National Highway Traffic Safety Administration will raise concerns with a legislative staff discussion draft that includes multiple proposals intended to improve motor vehicle safety processes and issues like cybersecurity. Their issues will be raised during a House Commerce, Manufacturing and Trade Subcommittee hearing Wednesday, according to prepared testimony. NHTSA Administrator Mark Rosekind and FTC Privacy and Identity Protection Division Associate Director Maneesha Mithal will testify during a first panel beginning at 10 a.m. in 2123 Rayburn.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
A second panel will include Alliance of Automobile Manufacturers CEO Mitch Bainwol; Global Automakers CEO John Bozzella; Motor & Equipment Manufacturers Association Senior Vice President Ann Wilson; National Automobile Dealers Association President Peter Welch; Automotive Recyclers Association CEO Michael Wilson; Center for American Progress Vice President-Energy Policy Greg Dotson; and NHTSA former Administrator Joan Claybrook.
Internet connectivity and networked sensors are being added to cars as a means of improving safety, increasing mobility, and providing other customized conveniences to drivers, said a Republican staff background memo. NHTSA is expected to issue a rulemaking at the end of the year on requirements for vehicle-to-vehicle communications devices being placed into new cars, and has been engaged in securing commitments to make automatic emergency braking a standard feature in new vehicles, the memo said. But the committee has also made its own proposal on vehicle data privacy, motor vehicle data hacking and cybersecurity, which NHTSA’s Rosekind will testify “may have the opposite of their intended effect,” because the committee’s proposal largely relies on industry, not NHTSA, to set safety standards.
In the past 10 months, NHTSA has “secured the first cybersecurity-related safety defect recall in automotive history,” embraced Transportation Department Secretary Anthony Foxx’s call to expedite technology innovations that can save lives like accelerating a proposed rulemaking on vehicle-to-vehicle technology, added automatic emergency braking (AEB) to NHTSA’s New Car Assessment Program, and secured voluntary commitments from major automakers to make AEB systems standard on new cars, Rosekind said. In his testimony, he encouraged Congress to enhance NHTSA safety authorities to include criminal penalties for vehicle hacking and to “provide significant additional funding” in its 2016 budget request so the agency can address emerging issues such as cybersecurity.
The FTC appreciates the subcommittee’s goal to protect privacy and security of consumers’ information, but has concerns about how the provisions are drafted, particularly the provision of Title III, the FTC’s Mithal said. If passed, the draft would allow vehicle manufacturers that submit a privacy policy to the Transportation Department to be exempt from FTC oversight, Mithal said. A privacy policy could also be changed under the current draft without notifying consumers, Mithal said.
The draft would also prohibit unauthorized access to an electronic control unit, critical system, or other system containing driving data, even for research purposes related to uncovering security vulnerabilities, Mithal said. She said it would establish an Automotive Cybersecurity Advisory Council made up of at least 50 percent automobile manufacturer representatives, to develop best cybersecurity best practices that wouldn't be enforceable by the FTC.