May 2016 – Wetmachine

As I discussed previously, the auto industry and the Department of Transportation (DoT) via the National Highway Traffic Safety Administration (NHTSA) plan to mandate that every new car include a technology called “Dedicated Short Range Communication” (DSRC), a device that talks to every other car with a DSRC unit (something called “vehicle-2-vehicle” or “v2v” communication). The auto industry fully supports this mandate, which is surprising (since industries rarely like mandates) until you (a) read this report by Michael Calabrese showing how the the auto industry hopes to monetize this with new services and harvesting your personal information (while piously claiming the mantle of saving lives); and, (b) the mandate helps DoT and the auto industry avoid sharing the spectrum with potential unlicensed uses (which actually do contribute to saving lives, but I will save that for latter).

As it happens, in addition to being a full time spectrum nut, I spend a fair amount of time these days on privacy, with just a touch of cybersecurity. So I started to dig into the privacy and cybersecurity implications of mandating DSRC on every car. My conclusion, as I discuss below, is that the DSRC mandate as it now stands is a disaster for both cybersecurity in cars and for privacy.

Yes, NHTSA addresses both privacy and cybersecurity in its 2014 Research Report on DSRC in terms of evaluating potential risks and solicited comment on these issues in their “Advanced Notice of Proposed Rulemaking” (ANPRM). It is in no small part from reading these documents that I conclude that either:

(a) NHTSA does not know what it is talking about; or,

(b) NHTSA does not actually care about privacy and cybersecurity; or,

(c) NHTSA is much more interested in helping the auto industry spectrum squat and doesn’t care if doing so actually makes people less safe; or,

(d) Some combination of all of the above.

As for the auto industry and its commitment to privacy and cybersecurity, I will simply refer to this report from Senator Markey issued in February 2015 (and utterly unrelated to DSRC), find that the auto industry (a) remained extremely vulnerable to cyberattacks and infiltration by hackers; (b) the auto industry had no organized capability to deal with this threat; and, (c) the auto industry routinely collected all kinds of information from cars without following basic notice obligations, providing meaningful opt out, or adequately protecting the information collected. (You can read this article summing up the report rather nicely.) For those who think the auto industry has no doubt improved in the last year, I refer you to this PSA from the FBI issued in March 2016 on vulnerabilities of cars to hacking.

I note that these remain problems regardless of whether the FCC permits sharing in the band, although it does call into question why anyone would mandate DSRC rather than rely on the much more secure and privacy friendly technologies already on the market — like car radar and LIDAR systems. But if the auto industry and NHTSA insist on making us less safe by mandating DSRC, the FCC is going to need to impose some serious service rules on the spectrum to protect cybersecurity and privacy the way they did with location data for mobile 911.

And, just to make things even more exciting, as explained in last week’s letter from the auto industry, GM is rushing out a pre-standard DSRC unit in its 2017 model cars. Because which is more important? Creating facts on the ground to help the auto industry squat on the spectrum, or making sure that DSRC units installed in cars are actually secure? Based on past history of the auto industry in the cybersecurity space, this is not a hard decision. For GM, at least, spectrum squatting rules, cybersecurity drools.

On the plus side, if you ever wanted to live through a cool science fiction scenario where all the cars on the highway get turned into homicidal killing machines by some mad hacker baddy, the NHTSA mandate for DSRC makes that a much more likely reality. In fact, it’s kinda like this Doctor Who episode. And lets face it, who wouldn’t want to drive in a car controlled by Sontarans? So, trade offs.

I explain all this in detail below . . . .

For the last 3 years, the auto industry and the Department of Transportation (DoT) have been at war with the open spectrum community of 75 MHz of spectrum up at 5.9 GHz. I will save the longer history for an upcoming “Insanely Long Field Guide To the 5.9 GHz Proceeding” post. For now, it is enough to know that, as we enter the last few months of the Obama Administration, the auto industry and DoT have been doing everything they can to run out the clock and wait for this FCC to go away, hoping the next FCC will not be as interested in opening spectrum for sharing. You can read the history of 3 years of bad faith and bait and switch in this filing here. You can read the auto industries most recent insistence on testing that will take us well past the end of the Obama Administration here.

So far so normal. This is how spectrum politics works. Incumbents pay lip service to the idea of spectrum sharing, stress the awful terrible things that will happen if the FCC allows the new entrant to operate and cause interference, and insists on an endless series of tests while dragging their feet on anything that would make testing possible. The new entrant, meanwhile, complains bitterly about how the other side are stalling, the interference claims are baseless, and hundreds of billions of dollars in economic benefits are lost as the delay continues. With the final months ticking down, both sides are now ratcheting up their efforts. Last week, PK, a number of our other spectrum public interest allies (OTI, PK, SHLB) and industry folks (Intel, MS, NCTA, WISPA) sent a letter to the President asking the White House to weigh in at DoT and tell them to stop helping the auto industry stall testing so we can open the spectrum to more unlicensed goodness. Yesterday, the auto industry sent its response.

And yesterday, the auto industry finally crossed a line on common decency that just pisses me off.

It is one thing to claim that your technology saves lives and that if the FCC doesn’t do what you want, people will die. It is another thing to knowingly and deliberately invoke actual, real dead pedestrians and dead cyclists you know damned well your proposed technology could not conceivably save in an effort to support your own spectrum squatting. It is even worse when the technology you are pushing, “dedicated short-range communication” (DSRC), would replace the actual existing collision avoidance system you are deploying today that would save cyclists and pedestrians — car radar and sensing systems that use unlicensed spectrum and LIDAR.

Month: May 2016

How DSRC Makes Us Less Safe: Privacy and Cybersecurity (Part 1)

Auto Industry Crosses The Line on 5.9 GHz By Using Dead Pedestrians To Justify Spectrum Squatting.