In an effort to head off the auto industry’s plans to introduce a pre-standards version of Dedicated Short-Range Communication (DSRC) as early as next month, consumer groups are asking the FCC to grant a petition that would prohibit the operation of DSRC devices until cybersecurity and privacy concerns are adequately addressed.
The move comes after Public Knowledge (PK) and the New America Open Technology Institute (OTI) filed a petition with the FCC in June to immediately prohibit use of DSRC until it adopts service rules that protect the cybersecurity and privacy of DSRC users. Groups making comments to the FCC this week include PK, OTI, Access Humboldt, Consumer Watchdog, Institute of Local Self-Reliance, Center for Rural Strategies and Privacy Rights Clearinghouse.
“The auto industry is rushing to deploy DSRC units in the hopes that, once the tech is on the road, it will be harder for consumers and policymakers to cry foul on their Trojan horse plan to monetize public safety spectrum,” the groups told the commission. “Whether or not they are successful, and regardless of whether or not the Commission sees fit to grant our requested Stay of Operation for the DSRC service, it must be made clear to the auto industry, as licensees of the 5.9 GHz band, that their rush to deploy will not absolve them of responsibility for any cybersecurity vulnerabilities which may exist in first-generation DSRC units.”
They say that because the FCC’s existing rules include a backwards-compatibility requirement. Thus, it is conceivable that vulnerabilities introduced in first-generation DSRC units will not be patched due to the absence of update mechanisms. Such vulnerabilities, they argued, would be perpetuated in future devices due to the need to ensure backwards compatibility with unpatched units per the existing service rules. Without adequate cybersecurity planning, including provisions for updating all active units deployed at any point in time by a DSRC licensee, threats that could be patched in later versions may linger.
Public Knowledge has previously argued for regulators to limit DSRC to life and safety issues and not allow automakers to monetize the spectrum with advertising and mobile payment types of apps.
“The auto industry plans to put DSRC in every car. That imposes an enormous responsibility to ensure that DSRC technology protects user privacy and guards against cyberattack. Although NHTSA [National Highway Traffic Safety Administration] has proposed many potential protections, none of these are law, and no one can say with certainty what the final rules will be, or when they would go into effect,” said John Gasparini, policy fellow at Public Knowledge, in a statement.
“Additionally, the auto industry can avoid NHTSA’s pro-consumer proposals by operating commercial services using five of the seven channels not covered by NHTSA’s proposed rules. An auto industry spokesman has already said that NHTSA’s privacy proposals would not apply to any commercial use; instead, automakers’ commercial services would set their own privacy terms, ‘like Facebook (Reg. req.).’”
The FCC and the Department of Transportation have been considering whether the wireless frequencies used by DSRC can be shared with others for uses such as gigabit Wi-Fi. Public Knowledge stressed in its petition that the privacy and cyber safety concerns are independent of any decision on sharing and requested a separate proceeding for these issues.
- see this FCC filing (PDF)
Cisco asks for more time to deliver DSRC prototype device
Public Knowledge, OTI want FCC to protect DSRC users from cyberattacks
Qualcomm, Intel, others urge Obama to release 5.9 GHz for Wi-Fi
Qualcomm, NCTA, auto makers push for 5.9 GHz testing for vehicles