Recent headlines increasingly herald a new era in connected cars – from Avis/Budget’s agreement to purchase 10,000 connected Toyota vehicles, to reports of wireless payment systems being integrated into vehicles for drive through purchases. Vehicle connectivity is seen as a high growth, high revenue proposition, not just for the automobile industry but also for various industries “connected” to the sale, servicing and use of vehicles.
A “connected car” is one that has any form of wireless connection, connecting its user and the outside world. For example, Cadillacs equipped with an early version of OnStar Services, where an airbag deployment would activate a voice cellular phone call with OnStar’s service center, were some of the very first connected cars.
Today, connectivity often comes in the form of a 4G data connection directly from the car to the Internet, and access to that connection inside the car via a direct connection to automotive systems, as well as WiFi hotspot capability to provide mobile phones and other personal devices with Internet access. Once connectivity exists, the number of connections and purposes for connections become virtually unlimited. A few examples include pay-for-use insurance sensors, repair/maintenance management, autonomous driving data transmission and reception, and, of course, and in-car entertainment.
Automobile manufacturers and other players in this space such as Verizon, have recognized the market potential in connecting the car to the Internet, and in connecting devices to the car. Several of these companies offer devices that connect to the onboard diagnostics (OBD or ODB2) port on vehicles. The most basic of these devices are used to display vehicle diagnostics (the original purpose of the ports) to owners. Some OBD2 devices also offer GPS location services and safety scores or more detailed information on engine, brakes and other vehicle diagnostics. A few devices offer to store information about the car in a subscription-based cloud while others, like Verizon’s HumX, combine the ODB2 connection with the device’s own 4G network connection.
For car dealerships and aftermarket telematics companies, connectivity offers new connected car solutions for consumer entertainment, vehicle safety, lot management, accurate vehicle data for service and maintenance marketing/ retention opportunities, and new F&I consumer product offerings for modern location tracking/stolen vehicle recovery service. The future holds brand new marketing opportunities and business management solutions for the car business that enables a tech-savvy dealership to thrive.
The rapid development of technology fuels a corresponding shift in the focus of the automotive industry, which can be seen in the tremendous recent growth in patent filings by manufacturers and other industry players for software and electronic devices. All of this comes at a time when pre-5G and 5G will soon provide a huge jump in bandwidth and reliability of cellular data communications. The concurrent development of the components of “connected car” technology points towards the inevitable increase in concern and public scrutiny on security and privacy benchmarks. The enormous amounts of personal and sensitive data posed by connected vehicles, such as real time precise geolocation data and the contents of driver communications from mobile phone connections, make data collection issues impossible to ignore. Recent roundtable discussions held by the Federal Trade Commission invited public comments by industry representatives, consumer advocates, academics and government regulators to discuss issues related to connected vehicle and autonomous vehicle data collection, privacy and security practices of vehicle manufacturers, the role of different government agencies and self regulatory standards. Federal and state regulatory effort to embrace technology that is in constant flux and invite public commentary marks the start of a long journey to provide legal benchmarks and safeguards.
As in any area of rapidly developing technology, car manufacturers and suppliers are competing to secure intellectual property rights, not only in hopes of securing a dominant position in existing markets, but to license the technology to others.
Another area of legal risk associated with connected cars is product liability. The issues here are complex and, given the sea of technologies and suppliers involved, will surely bring even more players into the fray than was previously the case.
Many of the legal issues will be novel. For example, with connectivity to the cloud comes the collection of data, but who owns the data? Will manufacturers seek to create agreements with vehicle owners to license or take ownership of some of the data, but not all? How can data protected by existing privacy law be segregated from data that is not?
What are the legal and regulatory implications of over-the-air repairs, where signals are sent to the connected car to improve or repair a software flaw, or even to correct a mechanical problem by sending a signal that will change operating parameters? Manufacturers are incentivized to download updates over-the-air, and not at the dealership. IHS Automotive projects that automakers will save $35 billion from overthe- air updates in 2022, up from $2.7 billion in 2015. Those savings would come from 10.9 million map updates, plus 42.5 million telematics updates, 34.4 million infotainment updates and 13.2 million updates to safety-critical control units. It can only be hoped that this upside does not detract from key safety, security, and consumer satisfaction issues. Many manufacturers and consultants believe over-the-air updates for vehicle operation and safety issues should be considered only for extraordinary situations and only after the utmost care is taken to ensure the update is protected against any possible compromise, including hacking, with such fixes only performed by a trained technician and proper diagnostic equipment and tools necessary to ensure the utmost safety and security.
Of all the looming societal and legal concerns over connected cars, none is more pressing than security – cyber security, to be precise. Most of the underlying architecture of even new vehicles was designed at a time when it was easy to assume the vehicle would never be connected to anything other than a technician’s scanner. This includes not only the ODB2 port, but the hub used by the vehicle to connect all in-vehicle equipment (e.g., parking sensors, airbag, active safety system) and systems (infotainment), allowing them to communicate – the so-called Controller Area Network, or CAN. Therefore, before any systems are made accessible through connected car technology, it is essential that security against intentional and unintentional compromise be robust and verified as operational. The vehicle, electronics, and computer industries are all players in this space, and each has a different outlook on security. As much as regulations are bemoaned by industries generally, with the stakes so high, industry players, as well as the public at large, may welcome legal and regulatory guidance in this area.
Bert Rasmussen is a Partner with The Scali Law Firm, Christian Scali is Founder and Managing Partner of the firm and Melanie Cliff is a Partner with the firm. Recognized as California’s top boutique automotive law firm, The Scali Law Firm’s clients range from small, family-owned businesses to publicly held global companies and high net worth individuals. Its team of attorneys has decades experience in a number of practice areas, with a high degree of specialization in serving the auto dealer industry. To learn more, visit scalilaw.com.