AUTOcyb ™ - Vehicle ‘Black Box’ Cyber Security Key premier’s at CEweek in NYC on June 26-28th
Just as the U.S. Government mandates vehicle black boxes that you cannot turn-off, disable or remove – an inventor’s start-up introduces consumer protection.
AIRMIKA, INC. of Southern Pines, North Carolina believes cars and trucks are the next victims of cyberattacks. Our view is that when you purchase a vehicle you own more than just the vehicle – you own the electronic data the vehicle creates and stores. We believe you should control access to this data to prevent tampering and misuse. Thus, we provide a simple solution to do so, the AUTOcyb™ - automotive cyber security lock, a vehicle connector lockout to safeguard access to in-vehicle electronics networks. This product is inexpensive ($30-40 retail) and simple to use. You control the key.
USEFUL if you agree:
- The U.S. is proposing mandating automotive black boxes without adequate consumer protection.
- Congress and Federal regulators failed to provide privacy safeguards.
- Vehicle data is critical probative evidence widely used in civil and criminal court cases.
- Electronic data can be tampered or deleted.
- Although vehicle owners “own” the data they lack a means of controlling data access.
USELESS if you agree:
- I’ll never crash a vehicle or need evidence.
- Nobody would want my data so why should I safeguard it.
- Everybody will follow the law so why worry?
- Vehicle cyber security is really not necessary.
- Nobody can hack a vehicle.
The technology was standardized by the Institute of Electrical and Electronics Engineers (IEEE), the world's leading professional association for the advancement of technology to help provide greater consumer protections by improving the effectiveness of automotive event data recorders (EDRs) “black boxes” with new lockout functionality designed to prevent data tampering, such as Vehicle Identification Number (VIN) altering and odometer fraud. It also addresses concerns over privacy rights by establishing standards protecting data from misuse.
The AUTOcyb™ aims to preserve the data quality and integrity needed to meet federal collection standards, while protecting consumers’ privacy. Built on more than a decade of EDR research and development by organizations including federal agencies, industry trade associations, and global automotive, truck, and bus manufacturers, newly added safeguards in IEEE 1616a address the following areas:
- Data tampering – modification, removal, erasure, or otherwise rendering inoperative of any device or element, including EDRs;
- VIN theft – duplication and transfer of unique VIN numbers, a process known as “VIN cloning”, enabling stolen cars to be passed off as non-stolen;
- Odometer fraud – rolling back of vehicle odometers, resulting in the appearance of lower mileage values; and
- Privacy – prevention of the misuse of collected data for vehicle owners.
YES, YOUR VEHICLE MAY HAVE A BLACK BOX: As early as 1996, auto manufacturers began installing EDRs as part of car and light truck airbag modules. Triggered by certain conditions, such as changes in vehicle speed, EDRs collect a variety of data during crash and near-crash events. Data typically collected includes speed at time of impact, steering angle, whether brakes were applied, and seatbelt usage during the crash.
Tom Kowalick, Founder and President of AIRMIKA, Inc. notes “Legal issues revolve around ownership of the data and the extent to which the Fourth Amendment privacy protections prohibit seizure of that data absent consent. To date there is no consensus among the Courts. Under current law, to establish a reasonable expectation of privacy a person must establish two things: that the individual had a subjective expectation of privacy; and that that subjective expectation of privacy is one that society is prepared to recognize as reasonable.”
Regarding courtroom use, EDR evidence has cleared both the Frye and Daubert thresholds of admissibility. EDR data has been used in criminal cases to prosecute drivers who drove recklessly before fatal collisions and in civil cases to prove or rebut vehicle‐defect claims. Ownership of the EDR and EDR data is a matter of State law, and such provisions vary considerably among only 13 States. In addition, courts can subpoena EDR data through court orders, and some States collect data under their existing State laws governing crash investigations. Federally, the National Highway Traffic Safety Administration (NHTSA) considers the owner of the vehicle to be the owner of the data collected from an EDR. Clearly the law in this area will evolve as more electronics-intensive vehicles capture a broader scope of information.
HOW IT WORKS
The AUTOcyb™ is designed for post-1996 light vehicles (cars and light trucks) that contain a Diagnostic Link Connector (DLC) which is accessible and in good working condition. It attaches to the vehicle's DLC, normally located under the dash, and can be removed for vehicle maintenance, inspection, or emissions testing. This connector lockout gives the reassurance of knowing that you have control of crash data access. The black box / EDR will still work exactly as it is designed to. You determine when and who sees the data (within State law) and thus, control how it is used.
Using the AUTOcyb™ establishes the fact that the vehicle owner believes others must receive permission or resort to legal measures to access crash data via the DLC interface port. The AUTOcyb™ automotive cyber security vehicle connector lockout is U.S. patented and globally standardized as IEEE-1616a establishing the fact that society currently recognizes the inherent value and usage protocol of this product as reasonable. Kowalick recommends, “The least you can do is make everyone follow the law. This device helps to protect you against unlawful search and seizure.”
- Key Messages
- vehicle cyber security
- black box consumer protection
- Fourth Amendment protection
- View Related Video