Not only are there privacy implications in terms of what the vehicles will be transmitting locally, vehicles also need to have a network connection as well to receive new certificates and certificate revocations:<p><pre><code> Under the proposal, each message will be digitally signed. Each car
will be provisioned with 20 certificates (and corresponding secret keys)
per week, and will cycle through these certificates during the week,
using each one for five minutes at a time. Certificates will be revocable;
revocation is meant to guard against incorrect (malicious or erroneous)
information in the broadcast messages, though there is no concrete proposal
for how to detect such incorrect information.
</code></pre>
This regulation will force all cars to be connected cars, and being connected comes with its own security and privacy implications.
Car privacy has been dead for a decade or more between cashless toll systems, cellular carriers and LPR. It's not coming back.<p>Sticking your head in the sand and pushing back against a system that is necessary to protect the safety of the driving public as automated vehicles become a thing is shortsighted.<p>Image recognition technology is such that you likely have a dozen or more government and private entities noticing you. You can buy data from cell carriers to know the average income of travelers on a road at a given time for 45 minute drive in urban and suburban areas.<p>Hell, I built a parking gate system for somebody with a raspberry pi and an outdoor security camera sourced from EBay -- and I'm a dope with no unique skill in these areas.
Given how shoddy (<a href="http://illmatics.com/Remote%20Car%20Hacking.pdf" rel="nofollow">http://illmatics.com/Remote%20Car%20Hacking.pdf</a>) automobile software is, the idea of safety-critical components parsing radio broadcasts from other vehicles and acting upon that is very worrisome. I do not trust vehicle software manufacturers to get this anywhere near right.
<i>None of them, however, permits tracking quite as cheaply, undetectably, and pervasively</i><p>This is a theme. Large swathes of privacy have been eroded simply because technology allowed the Government to use principally legal methods on a much greater and automated scale. And with the past an current government, there is no particular push to reverse this.<p>The only help here has been the Supreme Court decision on warrantless GPS trackers.
This reminds me of the complete lack of security in ADS-B transmissions from aircraft.<p>See an interesting DefCon talk from a few years ago: <a href="https://www.youtube.com/watch?v=CXv1j3GbgLk" rel="nofollow">https://www.youtube.com/watch?v=CXv1j3GbgLk</a>
"What about the safety benefits of proposed technology?"<p>Yes, what about the safety benefits of proposed technology? As in, what are they? Until that paragraph I didn't even know this was supposed to be a safety system, just a surveillance system. How is this supposed to increase safety?<p>Also, who is going to pay for these boxes and what will be the penalty for not installing one?<p>This makes spying by Google and FB look mild by comparison.
My thoughts:<p><i>>The basic summary of the proposal, known as Dedicated Short Range Communication (DSRC), is as follows. From the moment a car turns on and every tenth of a second until it shuts off, it will broadcast a so-called “basic safety message” (BSM) to within a minimum distance of 300m. The message will include position (with accuracy of 1.5m), speed, heading, acceleration, yaw rate, path history for the past 300m, predicted path curvature, steering wheel angle, car length and width rounded to 20cm precision, and a few other indicators. Each message will also include a temporary vehicle id (randomly generated and changed every five minutes), to enable receivers to tell whether they are hearing from the same car or from different cars.</i><p>Ok this could be useful, especially with autonomous vehicles hitting the road.<p><i>>Under the proposal, each message will be digitally signed. Each car will be provisioned with 20 certificates (and corresponding secret keys) per week, and will cycle through these certificates during the week, using each one for five minutes at a time. Certificates will be revocable; revocation is meant to guard against incorrect (malicious or erroneous) information in the broadcast messages, though there is no concrete proposal for how to detect such incorrect information.</i><p>Ugh, why do they need to be provisioned by a third party. Just let each car generate its own random ephemeral keypairs per some time interval and sign with those. You already said "Each message will also include a temporary vehicle id (randomly generated and changed every five minutes)", so what's the need for third party certificate provisioning.
I'm betting that will cut down on speeders since automated ticketing will be as easy as a receiver that matches the certificate with the car and automatically issues a ticket.
The proposed message format isn't including car identity, at least that I can tell.<p><a href="https://www.gpo.gov/fdsys/pkg/FR-2017-01-12/pdf/2016-31059.pdf" rel="nofollow">https://www.gpo.gov/fdsys/pkg/FR-2017-01-12/pdf/2016-31059.p...</a><p>Without identity, how is this a massive invasion of privacy on the order of Google and Facebook?
Big Auto Exec... "Hey we are years behind on self driving tech, what are we going to do about it? How can we catch up?
We're going to end up having to license software from Tesla/Google?!"<p>Other Big Auto Exec... "Oh don't worry we'll just use our political influence to change the rules to dramatically simplify the problem."
Woah, how did this even get on the table? It takes mere seconds to think of a vast array of <i>genuine societal disasters</i> that could come from this. This is beyond clipper chip levels of stupid.