Markey's proposal, announced Wednesday during a Senate Commerce Committee hearing, would establish federal standards to secure cars. At the same time, it would strengthen privacy standards, giving drivers the right to keep data that streams off cars to themselves.
"We need the electronic equivalent of seat belts and airbags to keep drivers and their information safe," said Markey, a Massachusetts Democrat. "There are currently no rules of the road for how to protect driver and passenger data, and most customers don't even know that their information is being collected and sent to third parties."
The legislation, co-sponsored by Sen. Richard Blumenthal (D-Connecticut), would direct the National Highway Traffic Safety Administration and Federal Trade Commission to set the standards.
On the security side, the proposal would mandate that car companies and third-party vendors be competent in detecting, reporting and responding to real-time hacking events. That's important, because the report released Monday by Markey concluded that only two manufacturers out of 16 surveyed currently have the capability to respond to a real-time infiltration.
"Most say they rely on technologies that cannot be used for this purpose at all," the report said.
In terms of data privacy, the legislation would require that drivers are made aware of data collection, transmission and how that information is being used. Most notably, the proposal would allow consumers to decline data collection without having popular features like navigation disabled.
One provision specifies a prohibition on "the use of personal driving information for advertising or marketing purposes," an idea that will surely be unwelcome by industry insiders who have been conjuring up ways to leverage that data into new revenue streams.
Borrowing a page from the fuel-economy information that appears on new cars' Monroney stickers, the legislation would augment those labels with information on how well the vehicle protects drivers beyond whatever minimum standards are set. That information would be derived from a rating system.
"Connected cars represent tremendous social and economic promise, but in the rush to roll out the next big thing, automakers have left the doors unlocked to would-be cyber-criminals," Blumenthal said. "This common-sense legislation would ensure that drivers can trust the convenience of wireless technology without having to fear incursions on their safety or privacy."