November 2014 – The Connected Car Expo that took place before the LA Auto Show (LAAS) had a variety of speakers and topics. To of the interesting topics that came up and were discussed were (1) the sale & resale of connected cars and (2) security of the communication with the connected car.
On the issue of sale and release of connected cars, the discussion focused on whether or not the technology adds any value to have a customer purchase one brand vs another. The conclusion from the panel was that the tech itself is not a deciding factor, but how it is integrated into the car, and the enhancement of driver’s experience. The tech is now being expected as a standard feature to comply with the distracted driver’s laws and simultaneously allow the driver to keep their mobile connectivity even in the car. As a result, there is no real premium on the technology.
There were doubts about the integration of 3G and 4G modules directly in the car as a long term strategy. With a 15+yr avg life on chars, and a 3-5 yr life on cellular technology, unless the modules are replaceable and upgradable to be made current with new tower systems, these cars will take a big resale hit. The ability to provide connectivity without using the driver’s phone on the higher end vehicles as a large number of these vehicles are under corporate lease with multiple drivers. The standalone service plans fit that model well, but there were doubts that there will be any retention of the value of the feature in the resale under the lease return programs. The group did not address the issue of a standard entry level used car that is under $5,000 in the future needing to be connected on a $1,000 per year data plan contract to have its feature available to the new owner.
On the security side there were two topics in the discussion – one was on the safety of the autonomous car and the second on a driers operated connected car. Right now, drives based systems report full operating and driving information to networks with an encrypted data flow. This is standard procedure for many OBDII devices that report to companies that own these vehicles, fleet management and many insurance companies. The data is identified by an anonymous ID number, it is connected to a customer or driver by an encrypted index, usually held in a third party location, prior to data analytics. This flow allows for a fair amount of security on the data, and provides access to aggregated trends without personal information issues. The challenge is when this data is now passing through the driver’s cellular connection which then identifies the data with that driver. As the connection is no longer anonymized, there is a possibility of using the connection to collect data in the driver’s mobile device, or follow the branch to other aspects of data with an entry through public devices in the cloud.
Additional technology and regulation needs to be enacted, especially in light of the changes in the net neutrality rules that are in progress. These issues lead into the discussion of self-driving cars and security. As these vehicles may do path processing in the cloud, there is the opportunity to send false or incorrect data back to the vehicle with malware, that may impact the driving of the vehicle. Additionally, a self-driving car by necessity has to know where it is going, and determine a route to get there. There are many situations in commercial traffic and with high net worth & influential individuals, where it is preferred that their exact location and route are not known by third parties for their protection and the protection of the materials they are carrying. Creating security for these applications in a vehicle with a public TCP/IP connection to the internet & GPS is a major issue to be addressed