Modern vehicles are, as Bruce Schneier recently put it, actually computers with wheels rather than cars with a computer added on. Every part of the vehicle's operation is supervised, logged, and managed by digital signals on a complex vehicle network. If you have a crash, your car will tell investigators if you were speeding or swerved to avoid the impact. If you spend too long dawdling at the convenience store instead of visiting your customers, your employer will know about it. If you waste fuel, drive dangerously, or don't turn your lights on when you should, it'll be recorded.
This introduces a lot of familiar debates in security circles. Who owns the data? What counts as personally identifiable? What are acceptable standards for logging, retention, and disclosure? What happens if we get it wrong?
The bad news is the vehicle landscape, like enterprise security, is badly fragmented. The good news is we've learned a lot of useful lessons over the past 20 years which can be brought to bear on the problem, so solving it shouldn't take another 20.
In this presentation we'll review some of the mechanics of how vehicle data is generated, who can see it, and how it can be used and abused. We'll then talk about points of leverage for the industry, the manufacturers, the owners, and law enforcement, and see what common ground exists. Finally, we'll lay out some basic ideas any fleet operator or concerned individual can use to make decisions about what vehicles to use and how to manage the data footprints they generate.