Skip to main content

tv   Hearing on Cars and the Internet  CSPAN  January 4, 2016 3:28am-5:39am EST

3:28 am
committee hearing on the future of automobiles be connected to computer networks. topics included the potential for major safety improvements in cyber security and privacy concerns. >> good afternoon. this meeting will come to order. without objection, the chair is authorized to declare recess. the order of business will be as follows. since we have a joint subcommittee hearing today, we
3:29 am
will have opening statements herd, ms.f, mr. kelly. after that, we will hear from then, after wend have heard from the witnesses, we will go to questions. so with that, i will give the first opening statement -- and again, welcome, everyone. it's interesting, the age we live in, of new technology and communications. the incredible technology that we see in take for granted every day, we are hearing a new -- we are entering a new era in transportation technology. there's some of the older panelists, members of an
3:30 am
audience who remember when you used to open the hood of a car and could take out the various parts and identify everything. figure outd a phd to what is in there, and its capabilities are just astounding. a lot of safety features and cars we didn't have before, but we today will address the issues relating to, again, what we call the internet of cars and look at some of the implications of that technology. i think some of this was highlighted some time ago when that vehicle was hacked. fortunately, it wasn't the folks who chose to do harm, but it did demonstrate that vehicles with certain types of electronic fact bety can in
3:31 am
hacked, and it does pose some questions. we have called together today leaders of industry and some others. i particularly want to thank the private sector partners a frankn open and discussion of where we are in where we are going and what the industry is doing to deal with some of these issues and i think they have been most cooperative and i appreciate that and we learned a lot from that particular informal meeting. today is a little bit more formal. can --ave a lot that we 2010,of benefits -- in 1.2 million on the world's
3:32 am
highways. united states, some years ago, we had 43,000 per we have taken that down to 33000 and there are a lot of positive things that have been done again, through safety, technology, warning systems, a whole host of electronic devices. now, in our vehicles, that makes us safer. economic benefit from connected vehicles is estimated to be $500 billion. we want to ensure that electronic systems we have in these vehicles cannot be hacked, that, in fact, we have safety provisions put in and protections for the consumer and for the public. helped author the direct -- national
3:33 am
highway traffic safety administration to complete the review and ultimately determine the needs for safety vehicles and electronic systems. we will hear from some folks today where they are in the requirement that will be crafted and put in that. a pastnow the year and the deadline be set in law. automobile makers has been setting their own cyber security standards which is the good news. the bad news is that we have a lot of variety and people going a different direction while the andonal highway safety traffic safety administration continues to move forward, mandating, dictated short-range communication devices in cars -- you must make certain technology this technology hasn't been surpassed by the next -- thing that is coming up.
3:34 am
are it is is in technology rapid. -- advances in technology a rapid purely spent over $500 million on testing this technology that was discovered in 1999. , in 1999, this state-of-the-art for some of our communications was the flip phones and we have come ability further from that, so. i fully support connected vehicle technology and help with this advancement in the future. we will see vehicles that can talk to each other. inwill see safety provisions vehicles that will make cars and have more reliable a whole host of features that will benefit the consumer in the traveling public. ae we must be able to allow bridge to get that environment is the new technologies come to light. while remaining cognizant of the
3:35 am
need for consumer privacy. so this afternoon, i look forward to hearing testimony from potential witnesses and i pledge to work collaboratively with everyone here on this side, both sides of the aisle, and with the industry. we are entering a new, exciting era that we want to be ready for. let me now recognize the ranking member of the subcommittee on transportation for her opening statement. >> thank you. our motor vehicles rely on the same methods of communication to and as we have seen committee times, computer networks are
3:36 am
regularly the victims of hackers. theave already mentioned july instance this year when a vehicle was hacked. less than one month later, from that instance, or researcher demonstrated how vulnerabilities in a different vehicle could also let hackers learn the owners home and dress, see our credit card information, and more. so far, there has been no note incidence of malicious attempts to have vehicles but i have to ask the witnesses today, is that because the overall security of the vehicle computers is that good? or heavily simply been that lucky? congress gave the national highway transportation administration the responsibility to regulate cyber security in vehicles but manufacturers and suppliers in the best position to identify weaknesses in their own products. safety ofhe cyber cars, trucks and motorcycles on the nearly 4 million miles of road that crisscross the united states requires partnership of government, industry, and researchers.
3:37 am
each has an important role to play. that is why fight it especially troubling that according to bloomberg, one of the automobile manufacturers involved in the july hack we did 18 months, 18 months to tell federal safety regulators about the security flaw while the other manufacturer reportedly knew about the vulnerability for five years. it undermines a partnership that is a surge protector public safety from cyber security threats. that is simply unacceptable. connected automated vehicles communicate with other vehicles. they have the potential to revolutionize road safety and save thousands of lives. i agree with him. i look forward to examining these issues in more detail. i think the chairman for bringing this hearing. >> thank you. i to recognize mr. heard, who
3:38 am
has the subcommittee on information technology for his opening statement. >> thank you. 's hearing is one of a series of hearings. to join with you in a transportation subcommittee here today. my first car was a toyota four runner and i like to call her shirley marie appeared i got her in the summer of 2000 and added until summer 2013. we had a lot of adventures together the wanted she cannot do is connect to the internet. 2020, it isd to forecast to one in five vehicles will have some form of wireless network connection. it amounted to more than 250 million connected vehicles. thatent study predicted the internet of things, which includes cars, could have a total potential economic impact of between $4 trillion-$11 trillion. the report further states that
3:39 am
the hype around the internet of things may actually understate the full potential. i agree. i likely does understate the full potential but only if policymakers, consumers, advocates, and other stakeholders understand the real value can be created and focus on supporting innovation and cyber security and privacy practices. i worry that overeager regulators in congress will hacked it a stunt with restrictive regulations and heavy-handed legislation. let forward to hearing from our witnesses from the automotive industry today on what steps they are taking proactively to secure their connected vehicles and protect people's safety as well as their privacy. i look forward to hearing from mr. garfield on what the companies he represents are doing to ensure the same, that people are safe, that information is secure, that they can be confident to increase the benefits offered by connected vehicles.
3:40 am
aboutorward to hearing the standards of excellence in highway safety while staying strictly within the statutory authorities and taking care not to hamper innovation. >> thank you. i am pleased to recognize the ranking member of the subcommittee on information technology. love them. you are recognized. >> i think the chairman and our witnesses. today's cars has been dubbed computers on wheels are they gather in store vast arrays of personal information about the drivers, affording greater convenience and safety but also greater erosion of privacy and security. our automakers are inventing new technologies that have made the drivers experience more enjoyable and efficient. tor the air in vehicle vehicle technology, things that were once only science-fiction can save lives and prevent accidents.
3:41 am
comes new innovation questions over security challenges and how data is stored. as a number of internet connected cars grows, so does the threat of vehicle hacking. if cars are going to store personal information about where route and lives, the they taken together, and where they stop, there should be assurances that the information .s stored securely our subcommittee's review of cedar -- previous cyberattacks on networks revealed that the same vulnerabilities show up again. the interconnectivity of seemingly unrelated parts of the network makes it substantially easier for a hacker to move through a network and locate sensitive personal information. it is not just computer systems that lack segmentation. seemingly unrelated components of internet connected cars do, as well. a modern car can talk to the radio, the radio can tell
3:42 am
whether the doors are locked and the doors know whether the wench and wipers are gone. one of the key topics of today's hearing from me is whether the auto industry is designing cars with operating systems that securely store personal information. ofwe enter this great age tremendous technological innovation, i will focus on how automakers, congress, and regulators can work together to secure our vehicles from malicious attack and protect americans. i think our witnesses -- i think our witnesses for their participation. -- i think our witnesses for their participation. the yield the remainder of my time. >> think you. -- thank you. the internet of things brings technology and connectivity into every corner of our lives including our cars. with the pervasiveness of
3:43 am
standards, security and privacy protection to come or part of the never. unlike other sectors, security and privacy by designer not yet fully ingrained in automotive manufacturing culture, as evidence by vendors regarding cars ever security issues with wireless entry fees and hacks of cars. however, regulation can be slow, rigid, and discouraging and red rushing the regulation is not my opinion the answer. but neither is a lack of accountability or standards. the advances of the industry has made in the past year, such as setting up an information sharing and analysis center and a set of enforceable privacy principles happened in part because of public and government pressure. the security in the car study act also known as the spike our study act, a bipartisan bill sponsored by congress. industry in bringing advocates e-government together to strike a balance between innovation and consumer protection.
3:44 am
i served in the military -- i insulin reserves and i am turned to think about worst-case are threeso there overarching scenarios and questions of elected post at the panel hopefully during the time today you might be of immense array. the first is, is it possible now or in the future for a hacker to remotely taking control of a car and use either as a weapon or cause an accident? second, is it possible now or in the future for a hacker to take control of a fleet of cars and use them as weapons or cause accidents? 30, is it possible for hackers now or in the future to take partial control of a car so that's and say you are going to in a highway safety must for our and suddenly the brace: without your knowledge -- thereby causing an accident. be curious to know if one does a andretical possibilities, second, if so, looking again to mitigate that aspect? americans have a right to drive cars that are safe and keep their information audited and eyes by the comment the
3:45 am
testimony from today's panel in the forward to asking additional questions on this issue of public importance. think you. 8 -- thank you. i yield back. >> think you. -- thank you. do any of the members have quick statements? >> the chair will hold a record open for five legislative days for any number who would like to submit a written statement. >> mr. harry lightsey who is the director of consumer experience at general motors.
3:46 am
sandy logan steam, vice president -- loganstein that toyota. toyota. -- at toyota. garfield is the president and ceo of the information technology industry ms. barnes finally, is the associate director and administrative law council of the electronic privacy information center. welcome, witnesses. i might tell you in advance that i will swear you in a just a second and we also try to statement,limit your
3:47 am
your verbal statement before the committee to five minutes. chair tosk through the have additional information or data put into the record. with that, we are investigating an oversight committee and subcommittees of congress. could you please stand and i will swear you in. raise your right hand. the you solemnly swear that the testimony you are about to give before the joint subcommittee meeting of congress is the whole truth and nothing but the truth? allthe record reflect that of the witnesses answered in the affirmative. thank you. be seated. we will go right to our witnesses. let me start first with -- welcome him again and all of you and thank you for your cooperation today and he is the
3:48 am
administrator of the vehicle safety research at national highway traffic safety administration. welcome. you are recognized. the microphone up as close as you can so we can hear you. >> good afternoon. i appreciate this opportunity to testify up at the national highway traffic safety administration is addressing emerging challenges associated with new, connected vehicle technology. in 2013, there were over five .7 vehicle crashes in the united states that resulted in 32,719 deaths. the consequences of these crashes range from personal tragedies that will impact individual families forever to the billions in economic dollars that we can actually measure. to a dress these crashes in the increasing use of connected vehicle technologies
3:49 am
we can believe can help us to that. when combined together, new technologies and such as vehicle to vehicle communication and automated technologies have the potential to dramatically change the safety picture in the u.s. however, as the chairman pointed out, these new technologies also bring new and different challenges. for example, consumers hear a lot about cyber security as it is related to things imprisonment remission. it often seems like every day, there is a breach reported in the media. auto space, cyber security is taking on new visibility, showing up and television shows. we understand these dynamics. we believe that the challenges associated with connected vehicles are addressable in asia not keep us from pursuing innovation that can save lives. and analysis indicates that it can address up to 80% of crashes involving two or more motor vehicles. this technology promises to be transformative in could even
3:50 am
enable a new era of safety to not only saves lives but other benefits, as well. and fully realize, this communication technology is a symbol even beyond on vehicles. it can be deployed to other devices that would be carried by pedestrians and cyclists, thereby addressing those types of crashes. however, for it to be effective, it relies on the low cost security system -- a robust security system. exploring the potential of connected vehicles and other advanced technologies, we understand the cyber security is essential to the public acceptance of new vehicle systems and if it filled the safety promise they hold. to developing the last cyber security environment, we modified its organizational structure, developed partnerships, adopted it and approach considered legislative action, and encourage members of the industry to take independent improve the cyber security posture of vehicles. our goal is to be ahead of potential vehicle cyber security challenges and seek ways to address them.
3:51 am
consulted other government agencies, vehicle manufacturers, suppliers, and the public to develop our cyber program. the approach covers various safety applications deployed on vehicles as well as those envisioned for future vehicles that may feature more advanced forms of communications and automation. however, we also believe there are tremendous opportunities in this round for proactive steps. in fact, such steps are essential. regulation and enforcement alone will not be sufficient to address the risks. cyber security threats simply moved to fastener to varied for regulation to be the only answer. the auto industry can play an essential role by cooperating in establishing rigorous practices that are address the broad range of cyber threats, by reacting quickly and appropriately when such threats emerge, and by working closely with the government in independent security analysts to identify and defeat attacks. we have also given special consideration to the security systems that enable this technology.
3:52 am
have spent some time developing the network and the trusted architecture goes along with the system. while we have made significant progress, we believe that more testing is necessary we plan to undertake that. the trust aspect of the system is based upon bki. tweet the design to balance security and privacy. we take consumer privacy very seriously and in the context of our proposed rulemaking on fears of the vehicle communication, we will address privacy as a relates to that system. the effectiveness of the tv technology also has unallocated portion of the spectrum. in light of growing demand for spectrum, special sharing has been a topic of much discussion. d.o.t. is not opposed to sharing the spectrum. toward that end, d.o.t. is working closely with that cc and tia, members of the industry, and other stakeholders on a next databases to test and evaluate
3:53 am
potential sharing solutions for the 5.9 gigahertz spectrum. we are waiting for devices. under the leadership is secretary fox, the department has taken several steps that support the deployment of this technology. in august 2014, we issued in advance proposal of rulemaking in the plentiful of it up this you with a proposal and just recently the secretary announced about a program all into two for the deployed this technology. connected and automated vehicles that can sense the environment around him and communicate with his other vehicles and with the infrastructure have the potential to revolutionize road safety and save thousands of lives. we are already laying the groundwork needed for the road ahead and look forward to working with congress, manufacturers, suppliers, and others in the administration, and in eric in public, in this exciting transmission future. unfortunately addressing questions. >> thank you. welcome theduce a
3:54 am
executive director of global innected customer experience global public policy at general motors. welcome. >> thank you very much. thank you for the opportunity to testify. roughly 100 years of his existence, the automobile has impacted american life in ways unique to any other machine. it has impacted how we live and work, where we live and work, how our cities have grown, and how our country has grown. yet the machine itself remains basically what it was at the time of its inception. engineine combustion connected by a drivetrain two wheels on the road, driven by a human being. we are now entering an era where all of those basic tenets will change genetically.
3:55 am
cars will, more and more, have different modes of mobility other than a gasoline engine. they will be connected to each other in ways that will make the driving experience safer and more enjoyable. more, reallyre and for a human being of the driving task. because we know that humans are fallible and will have crashes in cars, the automobile industry and the national highway traffic -- transportation safety has spent the last half century designing and building automobiles to be safer when they crash. with innovations like seatbelts, airbags, and crumple zones. andy, we are designing building automobiles to avoid collisions entirely. with technologies like forward and rear collision warning, backup cameras, lane keeping, and blind spot warnings. technologies these allow the machine to assist in
3:56 am
the driving task itself when the human driver does not react appropriately when quickly enough to prevent a crash. technologies like a vehicle to vehicle communications will be deployed with the promise to and had over 80% of the crashes on today's roads. the savings in terms of lives, property damage, medical cost, and congestion will be enormous. movingral motors, we are quickly to take advantage of these innovations. read the first automobile manufacturer to build connectivity into our vehicles. has over 6 million customers in the united states in over one million customers connected on our we have employed technology in our vehicles, including advanced rearview mirrors and we are the only automaker that has
3:57 am
announced a commitment to deploy vehicles with the technology and the cadillac model next year. however, we must acknowledge that with change comes challenge. we must deploy these innovations the safest manner possible. we must omit to our customers -- we must admit to our customers that we respect their privacy. the software may have more abilities that bad actors could exploit to threaten customer safety and privacy. and we must do all we can to prevent hacking. we must realize that we are competing with other technologies for the use of scarce resources like spectrum. we must be able to use these resources in an efficient mannar. er. if we have the freedom to innovate within these parameters, the promise of the future cannot be imagined today.
3:58 am
thank you, i look forward to your questions. >> thank you, we will now hear from the vice president of connected services and product planning at toyota. welcome, your recognize. an exciting time for the auto industry, more vehicles are being outfitted with more safety features and on bilboard services. we interact with these the a via smartphone. futurenected car of the will far surpass the ones of today. to address questions about vehicle data, the industry came together and develop rentals for vehicle technologies. these privacy principles include meaningful protections, including heightened protections on vehicle data, like the vehicle location or how someone drives. for example, automakers will not
3:59 am
share with third parties or use the data for marketing purposes without the affirmative consent of the owner. with these principles, the industry will protect data in the internet of things. this is precisely the type of effort the government has encouraged from the private sector, and it should serve as a model. cyber security is a key focus. although no cyber attack on a vehicle has occurred, the auto industry is well aware that the risks that exist for other connected devices also exist for connected cars. we fully grasp the potential consequences of the successful, real-world attack. in that light, the auto industry exchangeg a group to industry information. we are fully committed to the success. we expect initial information
4:00 am
sharing by the beginning of the end of this year. some are making the case that cyber security best practices and standards are needed. the question is, whether automotive best practices will look any different than those that guide cyber security and other contexts? that being said, the auto industry recognizes that efforts to adapt best practices to the vehicle may be appropriate. that is why the industry has recently embarked on an effort to identify best practices that are being and can be applied to vehicles and to address any potential gaps. for the very same reasons that the government has refrained from mandating cyber security standards and other sectors, there is a significant risk of the government mandating vehicles. industry can move quicker than government to adjust to new threats. in addition, setting specific standards may encourage some companies to simply comply --
4:01 am
not to do more to protect consumers. finally, a specific approach will almost certainly have for the limitations internet of things at large. at the internet of cars you call, we are on the cusp of a radical transformation that will be made possible by vehicle to vehicle communications. dsrc is a technology that will us to overcome challenges posed by sensor technology. we can identify collisions at a greater distance or around the corner. red an extensive dsrc.laboration on due to the spectrum crunch, we support the prospect of sharing spectrum, if they can be proven
4:02 am
that no harmful interference lifeimpair dscr safety of mission. a proposal has been offered that has the potential to accomplish this goal. the auto industry has recently proceeded to validation testing, and we remain confident it will remain a workable solution. in closing, i like to provide two final observations. first, the internet of cars ecosystem is evolving. technology companies, telecommunication providers, insurance companies, and others will continue to introduce pots and technologies designed to directly communicate with vehicles. as the ecosystem evolves possibility for protecting against cyberattacks and preserving consumer privacy should evolve to include all relevant players in this space. second, there is a number of agencies seeking to oversee or influence cyber security and
4:03 am
privacy related to the internet of things, either broadly or with a narrow subset. the resulting cacophony of proposals is exceedingly difficult to manage and prioritize. without consolidations of these efforts, clarification of the roles, and better communication, the opportunities provided will almost certainly suffer. thank you for the opportunity to testify before you. >> well, thank you. we will recognize the vice president of business development for tesla. welcome, sir. you are recognized. >> good afternoon, we appreciate the opportunity to come here today. and for the opportunity to speak. tesla is known for being exceptionally safe. we have been awarded the highest possible safety rating, five stars, not just overall, but in every category.
4:04 am
safety is a watchword at tesla. automotive injury and fatalities have fallen as result of safety improvements such as airbags, energy absorption, and to maintain the pace of fatality rates, vehicles need to increasingly use computerized systems to avoid crashes, with particular opportunity in the vehicle space. two examples leading to significant safety benefits, compared to non-connected vehicles, are the following. the first would be automatic emergency braking. a vehicle feature which attempts to avoid accidents by applying brakes. tesla is one of 10 manufacturers committed to making this a standard feature. we have delivered on this promise. the same technology is applied to autopilot functionality, where improvements are constant,
4:05 am
as vehicles effectively learn from varying road conditions and share those through the fleet with connectivity. the recall rate in general is about 70%. for a given vehicle that 7%rants a recall, about will get repaired. connected vehicle technology offers a significant opportunity for us to do better. modern vehicles are heavily software-controlled, and software changes alone can often resolve a safety issue. in 2013, we became aware of a hazard relating to incomplete third-party installation. after the change was identified, we were capable of identifying and solving the third-party fault. the software solution was automatically delivered to the entire fleet.
4:06 am
and in contrast to the industry average, recall updates of 70%, we can achieve update rates nearly 100% in a short amount of time -- measured in days. concerns as we go forward, the first caution is to ensure that any update to a vehicle is updated by the manufacturer. this can be achieved by using cryptography, a technology referred to as signing. the second is to strongly isolate the mechanical. if it has network conductivity, the processor should not have direct elections to the mechanical systems -- steering, acceleration, breaks. we do not have gear selection, that is a separate matter. some implement this with a gateway technology. a third precaution is to use encrypted protocols for the vehicle. this ensures privacy of the integrity of the data.
4:07 am
weh respect to regulation, have rapid innovation for safety. already significantly benefiting from investments in successvity, we expect to only continue, as the full potential of connected vehicles are realized. overzealous or premature regulation does not allow for innovation or creative solution innovation.fety any move in this direction must be considered carefully, only to the extent necessary, in our view. thank you for the opportunity. i would welcome any question. the would like to recognize gentleman with iti> . >> thank you, members of the committee. the mostlf of 65 of
4:08 am
dynamic companies in the world, we thank you for hosting this hearing. it is perfectly timed before 42 million americans get on the road to engage in thanksgiving commutes. i would suspect that 5-10 years from now, the cars in the commute would look quite different. i will focus my testimony on the issue, which is the transformation that is occurring, the innovation that is taking place, in that space first. second, what we are doing to deployment in a secure and safe way. it is often said that it is difficult to appreciate history when you are experiencing and living it. from my conversation with our companies, we are living in an innovation renaissance. the convergence of almost ubiquitous broadband exponential improvement in computational processing comes with almost unlimited storage, and it is transforming mobile computing. that includes the original mobile technology, which is the
4:09 am
car. insee that manifested today advanced driver systems, whether that is adapted cruise control or automatic braking -- which i have and maryin my car. we will see that in the future, whether it is vehicle to vehicle or in autonomous vehicles. we are working hard to deploy technologies to make those types of vehicles available, sooner rather than later. whether that is dedicated short-range communications, wireless,te or or 5g is a number of panelists have noted, it is in the early days. it is impossible to tell which will work effectively. what we do know is that there will be radical, transformative improvements in safety, access, as well as how we view our cities. the other panelists have spoken about the safety issues. i will not repeat that.
4:10 am
but think about all the people today who are not able to drive because of a disability or because they are too old or too young. , orugh connected vehicles autonomous vehicles, those people will have access to transportation in a way that they do not today. similarly, when we do not have to think about cars being parked all the time, the way we think about our landscape in our cities will change dramatically. our companies are investing billions of dollars to bring that to the market, sooner rather than later. and our partnering with any companies on this panel, we will make this possible. and as well, working with the public sector to enable that. a big part of our work is ensuring that consumers have confidence in the safety and security of those vehicles. and security will become even more prominent in the future. for us, we have long experienced
4:11 am
working on cyber security security. whether it is protecting tradeking the cloud or everything in between, increasingly, the norm is redundancy at the software and hardware level, so it is not a latch on later on. that means you can build into a chip set. the encryption protocols to adapt if the encryption is circumvented. we are advancing that work. we have taken a collaborative approach and coming with a framework of standards and best practices, while allowing sufficient flexibility for innovation. there is still work left to be done. and that speaks to the role that congress can play.
4:12 am
a number of members of the panel have pointed to the number of efforts and initiatives that are being undertaken in this space. congress can play an important role in bringing order to that cacophony, as mr. logan identified. is really a need, and ranking member duckworth made this point, for a national information of thing strategy. there is so much work taking place in this space, but not much of it is well coordinated in a strategy that serves economic security and safety interests. finally, once we look at what is being done and develop a strategy, there is an appropriate place for regulation to deal with market gaps. and we would advocate the approach that has been taken by mist in developing a regulatory framework, is the appropriate
4:13 am
approach. thank you. >> thank you, we recognize, waiting patiently, the associate director at the electronic privacy information center. welcome. >> thank you, chairman mica. ranking member kelly and duckworth, i am the associate director for the electronic privacy information center. we are an independent nonprofit research center focused on human rights issues. we thank you for taking time to consider the important privacy implications of the internet of cars. new vehicle technologies offer a variety of new services to american drivers, and are quickly being implemented by american car companies. technologies also raise substantial privacy and security concerns that congress
4:14 am
needs to address. as cars become more technologically sophisticated, they collect a lot of personal data. including physical location, destination, text messages, and phone records. most car companies and other companies, including google, failed to inform consumers of their data collection practices. few give consumers true control over the data. auto companies also use personal driving information for various, but they purposes -- which leaves consumers in the dark over who has access and why/ . this is often retained for years, if not indefinitely. the very real possibility of remote car hacking poses substantial risk to security. cars can be taken control of, including breaks, steering, and car locks.
4:15 am
they can provide access to the physical location, using built in gps navigation systems. which can facilitate crimes such as stalking, harassment, and car theft. congress must enact meaningful safeguards to protect privacy. last year, a group of 20 automakers, including general motors and toyota, signed a pledge voluntarily for security. federal substitute for data security regulation. the pledge fails to provide substantial privacy protection, lacks any meaningful enforcement, and supports the status quo of the wholesale collection of sensitive driver data. to protect the privacy and security of american drivers, congress will need to do more. first, congress should act on pending legislation.
4:16 am
2015 should establish federal standards for connected cars, in consultation with the ftc, to develop privacy regulations for driver data. it provides a good framework for meaningful safeguards. there is also the house draft bill that would require car companies to develop modest privacy policies for the collection of driver information. the house draft falls short of providing robust privacy protection. it would not require manufacturers to actually develop or even implement privacy-protecting measures. instead, the company could only inform drivers about whether the company chooses to take various privacy-protecting measures. scrutiny forizes developing the policy. the draft would broadly criminalize vehicle hacking, including for research purposes.
4:17 am
the senate bill comes much closer to safeguarding the interest than the house draft. oppose, we would i the house draft, which would be a step backwards for americans concerned about privacy and security. second, congress should hackingh fines for connected cars, but only when there is malicious intent. this will prevent research to discover vulnerabilities. third, congress should grant authority to issue privacy rules. the spy car act of 2015, with civil fines for offenders, provides a type of privacy and security safeguards that drivers need. as congress moves forward, it is hasical that this agency rulemaking authority. this rule should incorporate
4:18 am
consumer privacy bill of rights. which is a sensible, comprehensive framework for privacy protections that provide some standards and would help establish fairness and accountability for the collection and use of driver information. every day, without car privacy and protection, it places countless drivers at risk for having their personal information, or worse, their physical safety, at risk. swiftly.must act thank you for the opportunity to testify this afternoon. i would be pleased to answer your questions. >> we will go right into your questions. national highway traffic safety administration, in 2012, when i helped craft the
4:19 am
legislation, i put a section 31 -402. electronic systems performance. it said specifically, not later than two years after an accident, that was july. 2012, the august of secretary shall complete an examination of the need for safety standards, with regard to electronic systems and passenger motor vehicles. and has a couple of criteria. upon completion, the secretary should submit a report to the committee. i see i screwed up. i should've put the department of transportation in here, too. they don't have one, but we have commerce in the senate. at energy and commerce in the house. have you completed that report? >> no, mr. chairman. that is still under review.
4:20 am
what we have done, which is unprecedented, we put the entire research program that we developed in consultation with other government agencies and the private sector -- i guess iis not -- just put these things in the law and we forget them. it should've been until july, we give you august until 2014, november? ok? so we are a bit behind? >> agreed. >> is there a draft? >> i tried to get a draft from the committee. they said they did not have one drea thi. this is from either committee. can you submit joint subcommittees here a draft? >> i am not sure if i can' but we will take tha. >> not sure if you can?
4:21 am
>> the work it has been done -- >> we want to see it. you can, and you will. you will have it here in 10 days. that is the way we operate here. you did not comply. we do not have any penalties now, do we, if someone hacks a vehicle? >> that is correct. >> the law is still favoring the senate side as far as testimony. but we have seen that they can be hacked. that is also correct. ? so far, no one with intent has been hacked. but you could probably stop an engine. or could disable brakes steering, because they have electronic components. with that be a good assumption? i am not technologically competent.
4:22 am
>> that is correct. you would be able to disable that. >> congress has enacted, i have then we gaveon us, a lot of money -- maybe. >> if i may, to suggest the suggestson of that that nothing is being done, when in fact, much is being done. >> it is not that nothing is being done. we give certain directives. i was going to get to the question of them working with you all. whichu did talk to them, sets standards and have pretty good reports back. participated? has have you participated with him? >> yes, mr. chairman. we embrace the framework. we adopted that into our -- >> both of those federal
4:23 am
agencies, or with the private sector, or in a group? >> we had discussions with both. >> and you? >> yes. >> we've all had discussions. perfectlyactually, accurate, i'm certainly -- we are absolutely involved in an ongoing basis. i cannot testify to the involvement. >> i commend you for coming together as an industry, working -- and i don't want to imply that nothing has been done. but my job is to give certain directives to agencies. i am not here just to look good. i know i do. [laughter] >> yes you do, mr. chairman. >> my job is to hold their feet to the fire. when you put something into law, some of the newer members will find out around here, i put things into law three or four times and they still do not comply. we won't go there today.
4:24 am
we give you a lot of money. we spent about $500 million in taxpayer funds testing the dedicated short range radio communication devices. what is it currently doing to address the potential issues with security credential management systems? where are we on that? jpo funds,nds are joint program office. >> is that under you? >> it is not. it is now part of the office of the secretary. >> it is under dot? half $1they have had million. >> what the department is doing is putting the sort of hardware behind that system. what has been done to date
4:25 am
has been a lot of hard work, smart people coming up with design. now we feel we must build this to see the vulnerabilities and do large-scale testing. >> do you have any idea where? i am told some of what you have done is actually sliding behind the advances in technology. and how much more money, how much more time will it take? do you know? thethink that is why> secretary of transportation is putting it out for public comment in 2016. >> so that is not until next year? months, hein two asked us to accelerate that. which we have. >> we spent a lot of money, and we don't see a lot of progress. and when would you have your final report, the report that i requested here? it is in draft, you are going to give us the draft? when will you have that finalized?
4:26 am
>> i can get back to you on the record with that, sir. >> within the next 10 days? >> absolutely. i want a firm date, and i wanted part of the record. >> absolutely. >> sorry, i don't mean to be demanding. >> circum-i understand your frustration -- sir, i understand your frustration. >> we expect the agencies to act responsibility. right now, just my final question. cars can be hacked with electronic systems. we do not have in place either a bility to stop that. i guess that is the simple way to put the. is that correct? >> mr. chairman, thank you. gm has invested a lot of time and effort into making it as difficult as possible to hack into cars.
4:27 am
as i indicated, we embraced the framework. >> that is an individual effort. we applaud you for that. but my question is that we really don't have a standard, we don't have the ability to prevent that development? do we? >> we have the ability to implement things as a business. >> general motors cannot be hacked? >> i cannot say they cannot. but we are making it difficult. >> you are individual. i am asking if we have a standard. as i know.as i'far >> we are trying to be proactive. >> but again, the question was -- and i applaud each of you. tell us they are five-star and all of that. but my question was, is there a
4:28 am
standard developed? is there protection in place, the answer is? >> we have begun working as an industry to establish - - >> but we don't have that in place, mr. o'connell? >> there is sort of a difference between hard access and wireless hacking. we have seen the former, people with access to a vehicle then being able to modify certain axis. >ccess. it has happened on isolated cases. i am personally unaware of any wireless hacking. >> there are no protections or standards? >> known that we are aware of -- none that we are aware of. >> congress has not held any agencies to the fire.
4:29 am
in theuld just point out written testimony, key examples of computer scientists and other researchers finding ways to wirelessly hacked into vehicles. >> there is a difference between developing standards and their being laws. standards being developed around cyber security. and there are laws in place that would punish someone. be it the digital millennium computer act or anything else. the question is, are there laws mandating particular standard? i would argue that mandating a particular standard be the absolute wrong approach. >> we don't have that. but we still have industrywide standards or protections. unpacking a host of things we are for today. >> mr. chairman? on the last question, the industry group just recently --
4:30 am
within the last week -- has developed a set of voluntary industry best practices. we are just looking at. thatted you to know was out there. >> usually, things happen before the hearings. >> thank you, mr. chairman. thent to speak to sector-specific sharing analysis centers, which are nonprofit member driven organizations formed by critical infrastructure owners who share information between government and industry. not necessarily in the automobile industry, but other areas. can you talk about what mechanisms or organizations have been instituted? and also by the industry, to ensure -- >> sure, there is been quite a bit of work.
4:31 am
we were at the forefront to encourage -- it is up and running right now. there are additional steps that are probably necessary. one is clarifying the role it will have interaction with the agency. and how that group will be expanded to other sectors, including suppliers. >> i would like to speak to the suppliers portion of it. this is something that has come up in my work on the armed services committee on military equipment. cyber security is something of great, great potential harm to our military. and one of the things i found out was for military weapons platforms, something as critical as the new fighter jet, there is not complete security of the supplier network. gentlemen the three from the automobile manufacturers here talk a little bit about what you have done to secure or safeguard or inshore
4:32 am
that there is -- ensure that there is a plan you can trust? i have in my congressional manufacturerip that has been identified as a problematic company that engages significantly in both corporate espionage and in governmental and intelligence espionage, as well. what are you doing -- i am assuming you don't make your own chips. but what are you doing to make sure your supply network is secure? >> thank you, ranking member. invested substantial resources and time into the cyber security issue. in fact, we created a global cyberzation to end security products and services. is headed bytion our chief product cyber security officer, who reports to the
4:33 am
senior management of the corporate company -- including the ceo and the board at regular intervals -- about cyber products and services. that includes our supply chain. and we have requirements that our suppliers must meet. we audit them on those requirements. and we test their products. and we have those products as part of security by design. g, allhe very beginnin the way through to production of those products, those products are tested by both internal and external experts. phone cyber r cyber vulnerabilities? >> it is pretty standard. >> for toyota, cyber security is
4:34 am
paramount. we also use industry-standard best practices, risk assessments, multilayers. we have cyber security teams embedded in our activities, from the day we put pen to paper through development, and even through the operations. one thing i also want to mention invitedwe have also automotive suppliers to participate in that. and so wenging them can share information with them, as well. >> mr. o'connell? >> a couple of thoughts. withof them are consistent my colleagues, the general robustness of the system. tesla, being an industry leader in the electric vehicle space, we have a unique
4:35 am
concern about the integrity of our operations. because as a new industry and uniquelyt we are vulnerable. especially in software development, but also on the vehicle side, we have a much higher degree of vertical integration. many of our software systems are t designed from the ground up, rather than relying on outside providers. with respect to our chip technologies, to my knowledge largely, we are sourcing from domestic sources. but we are holy focused -- wholl y focused on the vulnerabilities, as any silicon valley company would be. >> i always appreciate your questioning and insightfulness. i want to recognize my colleague from the great state of texas for five minutes. >> thank you very much, mr. chairman. i appreciate the opportunity.
4:36 am
in my browsing the correct? --and i pronouncing that correct? >> yes. >> tech companies like google, making anl are autonomous vehicle overall. and prevention technology for atshes do not rely on dsrc all. what steps are you taking to support this type of innovation, which is one of the reasons why the u.s. leads globally in intelligent transportation systems? >> with respect to the automated technologies, we could not agree more. we think there is a future for both, both connected and automated. we are pushing hard on both. you see recent examples by the secretary on emergency braking, we just included that technology into our new car assessment program, one of the most visible
4:37 am
in terms of consumer information. the other thing we have done is encouraging industry to make that technology standard, slowly meeting trying to get them to a place where it is a standard feature on all vehicle models, without regulation. that is a september announcement that just happened. likewise, on connected vehicle technology, we believe that it is a mandate that is necessary to get the market to go. >> so, how are we going to tie this in with the proposal to mandate dsrc and all like vehicles? when you require companies to put dsrc on top of their own technologies? re: forcing a standard on folks that may not be ready for -- are we forcing a standard on folks that they may not be ready for? approach look at the
4:38 am
of the department, it is trying to get it out of the research phase and ready to deploy. as for these difficult questions, we certainly believe it is ready to deploy. we believe they are, mentoring e complementary. tesla, you take a different approach to determining security issues. you basically have a bug bounty and employ white hat hackers. why is that a good thing? how was it working? >> sure, our approach is really consistent with sort of software development -- the silicon valley approach -- to hardening software over the course of time. it relies on a system of incentives, whereby we encourage folks to test our system, both
4:39 am
professional and informal environments. and we reward them when they added the five vulnerabilities. this is consistent with the incentive system that i think generally works in the human environment. but we find it works very well in most software environments. it is working very well for us, as well. identify us to rapidly and rectify, and intimate the solutions. u.s. supported a global standard at 77 gigahertz. we are looking locally at a whole different frequency range, around 50 gigahertz. is this an example of one hand not talking to the other? would we not be better off with one international standard? >> i'm not exactly familiar with
4:40 am
that issue. i do know on the radio side of things, we have worked very hard to make sure we have the same standards on both sides of the atlantic, so to speak, so we can have one set of hardware. >> mr. lowenstein, would you like to address that? >> we fully support the idea of sharing spectrums. gigahertz band. we think it is important to protect this bandwidth in the u.s. dsrc provides life-saving services. >> is there a technical reason it would not work at 77 gigahertz, like the rest of the world? >> i'm sorry, i am not a technologist. >> if i might, it speaks to the point you are making earlier about all the disparate efforts in this area. and why an agency that is focused on standards and standard development globally
4:41 am
has to be part of this conversation. >> ici amount of time. i look forward to a second round of questions. >> now, i would like to recognize the ranking member of the i.t. subcommittee. my friend from the great state of illinois, robin kelly. >> the promise of internet connected vehicles is that they bring greater levels of convenience and safety. but that same connectivity means that these computers on wheels faced the same threats and vulnerabilities as other computers. mr. garfield, given the volume compromises of networks, in your estimation, how likely is it that we will see hackers, instead of just researchers, hacking connected cars? especially in light of the testimony? >> it is hard to the future. but i think the likelihood israel. and that it is likely.
4:42 am
i think the information that mr. o'connell shared about the approach in the software industry on taking an agile adjustch, where we and integrate robustness, so we are not compromised completely, is the proper approach. >> is there anything that keeps you up at night, any scenario that concerns you the most? >> generally, i sleep quite well. [laughter] but i think part of my worry is that all of the great things we have been talking about will be a dream deferred. because our policy apparatus will not be as agile as our software development to keep up with these shifts. so i get the instinct to act. and we should act. what we are suggesting is that we act in a strategic and coordinated action to make sure
4:43 am
that shared interests are achieved. logan,o'connell, mr. when you think of new features you are going to add to your cars, is there anything -- not that you would do it on purpose -- that you would add that could be negatively compromised? as you are getting more connected, i guess? said, wes we have certainly embrace all of the tenets that mr. garfield has spoken about. and we incorporate security by design, defense in depth strategies throughout our reviews. and so, from the very beginning of any service or hardware, it begins to go through the design cycle for our automobiles. cyber security posture, that particular element is being evaluated. , andisk of being assessed
4:44 am
appropriate measures are being taken to mitigate that -- into the lifecycle of the vehicle, itself. toyota, the safety and trust of our customers is paramount. as i mentioned on the telematics side, we employ the same best practices that have been mentioned here today. we include our cyber security experts in the very beginning. they provide feedback to us that we implement. i think as we go forward, we will continue to expand on that. we also look forward to working as an industry to develop best practices we can all employee. >> you did not ask me, but i sleep well at night, too. [laughter] i know reasons, one, that we are employing within tesla some of the industry's best. considering privacy
4:45 am
issues, the other piece that gives mean peace at night, we are working in context of open innovation. whereby it is not -- the integrity of our system is not tesla, butant on looks outside to improve the system and rapidly implement them. >> thank you. your testimony talked about some of the statistics dying on the highway. but mr. garfield, your testimony references a tremendous economic and societal benefit that could be derived from autonomous vehicles. in your opinion, what could congress and the federal government be doing? what more can we do?
4:46 am
>> thanks for asking. there is certainly important work for congress. there are so many different agencies working on the internet of things. connected cars are a part of that. congress can play a great role in bringing clarity on a path forward. and filling gaps where they exist. for example, the representative spoke about the spy act that is going through the house. trying to bring order to all the work going on. we think that would be quite valuable. >> thank you. i yield back. >> now, i like to recognize the gentleman from north carolina, mr. walker, for five minutes. >> about five or six years in the early 1990's, i worked in the auto industry on the retail side. i can look back on those 20 years and see how much paperwork on the dealer side was required then.
4:47 am
and how much is required now. the last thing we want is more federal regulations on these men and women who are working hard to provide jobs out in the industry. so i do have a couple of questions, though, to make sure we are headed the right direction. what role, if any, and the internet of cars can be filled by the federal government? i would like to hear your thoughts on that. >> one of the things we are doing is try to ensure proactive steps from the get-go. it has been mentioned about security by design. we think that is paramount. one of the things we have been doing all along, we saw this coming, that in order to see the vision of the future with automated and connected vehicles, we really have to start focusing on that. we have been pushing and prodding as best we can to get that to happen. >> in your opinion, do you really need a specific regulator? or auto specific best actor's
4:48 am
here? or is the national institute voluntarily setting the right approach? can you address that? >> it really might be all of that. right now is kind of a two-pronged approach, working with the auto industry on a set of best practices. but as a regulatory agency, we have to keep in mind that that is our job. if there's a need, we will do so. >> does the federal trade commission currently have jurisdiction under section five two police the privacy policies -- to police the privacy policies, to the extent they connect personal information from these devices? that is probably more directed at the fcc. but we have been working very closely with the sec on privacy issues. >> ok, does the department of
4:49 am
transportation or the nhtsa have particular expertise that would warrant them -- to answer your response -- to oversee the privacy responses related to the devices? >> we do have privacy expert. that is one thing we will be referencing an hour rulemaking. we have expertise. >> is there a certain timeframe, date, a conference, or meeting you will be addressing this. ? >> sure, what we will be doing medications, wens we wil will have more on that. >> last question, most of the technologies and development are independent of the dsrc. what is the nhtsa doing to enable further adoption, to not hamper the innovation that we are seeing? >> we are using regulations, where appropriate.
4:50 am
it really is an era where we see technology. knology to g >> in your testimony, you notice the sensitivity of the information connected by the vehicles. but just to review. describe what kind of information could be collected? and what entities would be collecting it, other than the manufacturers? is locationle information, which can reveal an individual's patterns or habits. there is also the collection of credit card information, with certain telematics placements in the car. individuals can, in the car, speak into their system for a text message -- that is audio. there is also text messages looking at the privacy policies of certain manufacturers.
4:51 am
it is an almost endless list. most of the time, manufacturers do not specify the various third-party entities. we know in certain contexts that it is marketers. we know there is an increased market for insurance companies to gain additional access. without sufficiently requirement, law enforcement could also gain access. >> i have just a few questions and seconds left. and what questions are we seeing the most innovation on this right now? can you go down the line? i yield back after that. is certainly ae globally competitive part of the industry. the united states leads in terms of the deployment of the advanced technology. but i think this is rapidly changing. and i think the proper policies need to be in place to ensure
4:52 am
that this innovation continues in the u.s. >> thank you, i agree. we are moving very quickly in the u.s. to adopt these kind of technologies. although, in countries like japan, technologies of artie been put into place. >> i won't refer to our unique regional hubris, but i think the most advanced efforts are taking place in the u.s. i like to see us on the leading edge of this. >> thank you. >> you are recognized for five minutes. >> i want to thank the ranking members for the searing. mr. o'connell, you can talk area the hubris of the bay as long as you want to. [laughter] i represent that area of the country. i asked that this be entered into the record. >> without objection. >> and maybe toyota and general
4:53 am
motors, the whole issue of independent researchers -- mr. o'connell has talked to tesla's advocacy. could you tell me if toyota and general motors have the same feeling that they will allow for independent researchers to help them to make sure the software is working properly? i say to someone in the context of what has happened, vis-a-vis volkswagen. can you respond as to whether you agree with mr. o'connell? >> we generally agree with this approach. we have a specific relationship with certain groups of security researchers and academics. as i said, they perform valuable services for us in terms of testing the vehicle software and the systems on the vehicle. to help us design and make them better, so that hacking them is more difficult. we are also public the
4:54 am
disclosing that we are looking very hard at security vulnerability programs. whether or not it is exactly like the one tesla described will be determined. but we should be rolling that out very quickly. we want to know if our software has more abilities. we want to know that, both from folks within the company and outside the company. >> mr. lowenstein? >> we try to welcome information from so-called white hat hackers. we have regular communications, regular relationships. we attend the same conferences they do. we also do employ third-party cyber security testing on some of our systems, to ensure that we have all the most up-to-date information. and we are patching any vulnerabilities we might find. thewitching to privacy, privacy principles are exciting to look every buat.
4:55 am
concerns, mrs. barnes we had very spirited debates for opting out of third-party data. the industry lobbied heavily against agree it did not get it. within the language you have in the privacy agreements you have come up with, and the value you place on it, and the concerns that have been expressed here today as well, can you provide a comprehensive list of all the data currently tracked and store in your vehicles? can you provide that information, and can you provided to the committee -- borrowing on the chairman's within aomments -- couple of weeks? >> our relationship with the customer is the most vital thing we have in the company. we respect the privacy of our customers. and we want to protect their
4:56 am
information. i will say that before we disclose any information to any third party, we get specific affirmative consent from our customer to do so. >> mr. lowenstein? >> we also follow a similar process, we want to be very transparent on the data we are collecting, and how we are using it. for instances where location-based services are used, we asked for affirmative consent of the consumer. >> appreciate that, mr. o'connell? >> a similar protection is the up and out. people have the option to not share any of their data with us. wen they do share it, atomize that dead and aggregated as such and not only can you not data but wethe
4:57 am
aggregate it as such that you is to that's the intent increase principally safety of the vehicles. >> hopefully will hit all of us. that related to other tech privacy protections. normsgeneral, the privacy in the united states are driven by different standards. also at the heart of the regulation in this area which over time has become more expensive, not just to deal with expectations that are explicitly articulated, but those that are normative.
4:58 am
>> is our recognize myself here, can you tell me what that is? dedicated short-range radio connections. it was an safety messages between devices. >> this is being developed by the department of transportation? --and a whole bunch of agent ultimate soup. agencies, suppliers, manufacturers. andere is my concern, dod va spent over half $1 billion electronicet to health records to work together. this four years they said is really hard, will have to go to separate areas. now we talk about being in industry where you have so much private sector investment, why are we even thinking about the federal government getting involved and doing this?
4:59 am
a standard hasn't developed out of the private sector. the thing is probably going to work a little bit better, do you have some opinion on this? >> we do. >> i would like to hear them. >> i shared it in my testimony consummately are technologies being developed, gncluding advanced lt and 5 that we can't tell which will prove most effective. so we think having the ability for all of those, including dsrc to advance but without a thumb on the scale for the department of transportation. >> why do we think that department of transportation should be doing this? why would this be helpful in the concert of interconnected cars? i appreciate you talking with the safety concerns related inter--- two interconnected cars. >> i think there is a
5:00 am
misconception about the proposal level. we are writing a proposal to make sure everything is needed to support communication between vehicles. at some point in the future, data comes in that shows there is not the technology that can meet the safety potential -- i think tesla is doing it. has even tinkered with this. none of those comments came in. not one person responded back saying this technology shouldn't be mandated. makingi think we are that with an open mind. it is just a proposal, the idea that we will get comments and evaluate where we are. the whole notion of going this step is to take it out of the research where it is been for so long. dearsolutely, i had
5:01 am
friends in a recent car accident and that was a fatality. -- therethat hit them breaking involved. i think the technology tesla is developing, i want to see this as we as possible. my question to you is, is there any barriers that are preventing you from moving faster on deploying the technology? human i think it is just will, and open communication both between the parties here at the table and with government bodies so that confidences obtained all around. we used the convenient power of our separate agencies, and share information. that is what will solve this problem. can protect more
5:02 am
citizens, the survey great thing for all of us. my question to you, this is from you having your hat as the new chair of the auto -- have you been given any information and brief in an thing of known attackers targeting specifically vehicles, types of vehicles, russian organized crime is that creating focus on getting access to vehicles. have you seen that kind of information? >> i am not actively involved in isac myself i can't get that information to you. awaret about you, are you of getting access to legal information? >> at this moment, no. >> one of my concerns is that i did this for a living.
5:03 am
on trains and subways. we have to know the threat is. this is why i think this c istion of the auto isa important. the federal government should be sharing as much information as it possibly can with the private sector to protect itself and protect consumers. if you are not getting that, let me know. office ofint is, the personnel management had difficulty protecting the requisite 23 million people. audacity to not even say "my bad" when they sent out the letters that said you were compromised. when some of these issues have arose with the auto industry that i got a letter pretty quickly talking about how you
5:04 am
fix it. there was a responsiveness that i wish the federal government had. concerned i am always inn we put too much faith federal agencies to protect our information. where we need to work sureher to make entrepreneurship is allowed to grow. quicki can make a recommendation for legislation pending for quite some time. it is long overdue, and to be helpful here as well. would like to recognize my colleague from virginia, mr. connolly. >> welcome to the panel. maybe, can you
5:05 am
tell us the difference between autonomous and assisted vehicles? >> and common nomenclature, the idea is that an economist vehicle doesn't necessarily will -- autonomous vehicle doesn't necessarily rely on communication. it is truly not connect to another car or communication -- or to a driver, correct. assisted by communication or by another -- driverless also be in that sense? >> yes. >> i represent northern virginia, national capital &mgion as measured by a mobility scorecard now has the nation's worst congestion. as measured by these metrics -- 82 hours stuck in traffic every 35 gallons of gas wasted
5:06 am
idling every year, and at least me every year.ti talk of these technologies assist a region like this with arguably the worst congestion? >> yes, so first of all of the backtrack a little bit to the chairman questions about, and let me say on behalf of the industry and gm, private industry is investing a substantial amount of money greater or equal to the mother money the government is investing in this technology. view this as, mentoring to the onboard sensor technology that are also being used for many of the safety systems. advantages today of being the only technology we know of that meets all the
5:07 am
latency requirements to be able vehicles talk to each other in time to prevent a collision or crash from happening and works for bad weather. those are the advantages we see to dsrc, if you take all of these collisions, all of these technologies, any time that we can prevent a crash from happening we get the benefits of all the congestion that happens when you have a crash. >> i conceded that, but that is not my question. i think we have covered safety and i concede that. you talk about i'm not in control, what if something happens, well 94% of current fatalities are due to human error. surely we can do better than that. and we can reduce i think significantly --
5:08 am
seeing better already with advanced driver assistance systems. >> but how can it work in helping to alleviate and better manage congestion? that was what i was getting at? system,u take the whole certainly as we bring the andastructure into play, traversing was become more aware of what cards are flowing in what direction, they can time themselves to optimize the traffic flow. , beingous vehicles better control than by human operators, will be able to follow each other a little bit more closely. in a safe manner, and therefore make more efficient use of the roadways of the already have -- instead of having to continually have add lanes to our highway system. >> i want to give mr. logan seen -- loebenstein an opportunity to
5:09 am
come in here as well. this is the nations capital, we are not very good at deploying technology currently. in terms of traffic management, not much. i have been involved in local government for a long time. japan, they're light-years years ahead of us in the deployment of technology for managing traffic control. have technology deployed already for improving traffic flow. if we look at the traffic informationtraffic was provided one way to vehicles here years ago, now they understand they can communicate back and we know real-time when there is traffic and weather is traffic. i think expanding the thennication allows us to improve routing which improve it improves productivity for businessmen to think about delivering goods and services.
5:10 am
it has the capability of improving emissions as well. youtube was a great video that shows 20 cars put on a race track with individual drivers all given a green light to move at a certain time at a areain speed, human systems not great as you know. , myastructure is also hard comments are mostly within the context of tesla. driveralready fielding systems, what we refer to as autopilot. it presumes that the driver is there and at the hands are on the wheel. a low-speed environment such as congestion, and vehicle can modulate its own position and traffic and keep traffic flowing. it is tempting to think this or technology could be of limited rapidly across the fleet, it is too bad the connectivity doesn't exist across the fleet.
5:11 am
at a think you'll see it incremented more quickly over time. >> just at the end, i think what is hopeful is how rapidly we already are adjusting to new technologies that assist us. on our own where getting on this and finding out what is the better route because of congestion. i can even look at reports coming from what is causing the congestion. s has revolutionized -- i have to explain to my young staff what a map was. we have become hooked on that already, it is an efficiency. i'm confident as we advanced technology at think we will adjust. like is a mature being here. to recognize the chairman of the full committee. mr. -- for being here, this is one of the most exciting part of our economy.
5:12 am
this is somewhere where we can lead to world, and can real jobs on people's lives as long as the federal government doesn't come in and screw it up. we are been prone to do that in the federal government. one of the raging discussions and topics we will have to do in the station in light of the horrific terror attacks in europe and what we have a furtherd here is discussion about encryption. i think one of the big questions before our nation is how much security, will we give up in the name of security? it is a difficult question when these he loved ones on television being killed, it is a difficult thing. i want my neighbors and friends to be a safe and protected as
5:13 am
they could be people who are wanted to cause them harm. if you could address the whole encryption issue, how does it really work? you really can't create a key for just the good guys. it's either encrypt it, or it is not. give me your perspective on that. thanks for the question, i would start by saying that people that i work with are patriots. so they were sickened by what they saw in paris, as everyone else in this room. the context in which we are this conversation speaks the issue. aboute are talking security and safety, and corruption is an important tool. the conversation is not either or, it is how we advanced security with encryption as a tool and make international
5:14 am
security is protected. i think that are ways to do that. thatnk a folly is to think creating backdoors or making keys available to just some people is absolution. if you create vulnerabilities, they will be widely exploited. to thet you just give it guy the genius bar, and your wife, and call it a day? explain come to the person not as familiar with this how this works. challenge to the person just giving in to the person of the genius bar bars the same challenge we are talking about with 90% of traffic accidents. person entrusting one who may be vulnerable to being compromised with the security for everyone. that is the problem with empowering the guy or gal at the genius bar.
5:15 am
you are creating a vulnerability that could be widely exploited. >> the city when of 20 addresses of the panel here? probably not. >> it is an issue of philosophy right? none of us has a new group was a tory i think open systems are ultimately the best systems to innovate and to protect. it is a dynamic process, but it hopee where i guess you either in the inherent goodness of man or the inherent badness of man. i prefer to vote for the former. i think that it is the minority that are malignant. and a truly open system where innovation is encouraged, where
5:16 am
there is sufficient penalties for malignant behavior, you will see a net positive benefit over time. >> i think, as members on this this, 99% of with our population that does deal with things in a safe and secure way are good, honest, decent people. i think the bigger obligations to protect them as best we can. certainly, there can be carveouts for law enforcement need to fear probable cause. type ofave a terrorist activity going on, of course there are things -- whether geolocation or other types of things they should be able to tap into. if you are a suspicionless american, someone leading a good, decent, honest life, i think you have an expectation of privacy in this nation. that will certainly come into wit cars, butc
5:17 am
with the internet of things. this will be one of the big question to be all have to deal with. issueswe approach these has to be grounded in something. what they need to be grounded in its our values. thatof our values here is we act consistent with laws. there are certainly legal frameworks for gaining access to that information. lawill work with enforcement to ensure our national security is protected. at the same time, there is a fundamental belief that people's rights will be protected as well. we have figured out how to strike that balance, and will continue to do so. that is partly why we are viewed the way we are around the world. >> may i just onto that, and other way in which to ensure growth -- both privacy and
5:18 am
security escorted that into the cars. more privacy protected would be enhancing techniques which are minimize or eliminate the need to collect personally identifiable information. so that when there is a report of a malicious hack, those that need information are only getting the absent of -- absolute necessary information about moving the personally identifiable information. it is not important what she was speaking inside the car, where she was going. i do hope members are able to look at the geolocation legislation that we have here that you would need a warrant or trackion certainly to some of geolocation. i do think that is the content of their life. >> two other members have questions? >> i would like to take up a
5:19 am
little bit where the chairman left off. thatutomakers testified they are very careful with the information that they collect. reading your written testimony, i'm not sure that you would agree with that. there is a lot of information that is tracked. i haven't turned up geolocation on my phone, this is my veterans day map. was, i canerywhere i slide over and it tells me i got into the houston airport and was there for 32 minutes at 4:00 in the morning. shower, ie and took a lexington, iss welcomed some bicycle riders. i then went to applebee's degree some betterments. it notes everywhere -- veterans.
5:20 am
it knows everywhere i went. this is turned on by default in almost every persons phone. i would imagine the cars collected the same information. unless i am aggressive about turning it off, or telling them a don't want it shared with marketing partners i will is in the pop up saying you are near a water burger, why don't you stop? informationot of that is out there. do you want to comment on that? always advocate for stopping at water burger, but repeatedly fails consumers. this idea that there is such an information asymmetry that auto manufacturers and third-party services can gobble up all the information.
5:21 am
and that the consumer isn't he unaware. when we're looking at the privacy pledge, the consumer doesn't have any type of choice. enough for theot consumer, that is why we need some kind of standard. where the consumer love guaranteed privacy protections. should not be on the consumer to turn off her location information at every single subset. when you look in the cars buy act, there was a provision that would allow the individual to turn off data collection should she choose, but still retain the functionality. >> how easy is it -- we can talk about hackers, ballistic about the government. how easy is it for the google, orto contact tesla, toyota, and say i want information for xyz person. do they need a warrant? what do they need?
5:22 am
>> it would depend exactly what type of personal data it is. some of it may be protected under statutory provisions. but, in the absence of full on protection for all of the types of information that is collected not only by auto manufacturers but third-party services, that is why there needs to be -- >> it could eventually be subpoenaed by private parties as well. >> easily. insurance companies, marketers, that is some provisions to prevent marketers and getting it as well. -- do many requests they they get a year? number,ot aware of the but we have a long-standing policy whenever we get requests we require either a court order or a warrant. >> we have that same policy.
5:23 am
we will not give away any customers private information unless there is due process of law. >> thank you very much. we talk about encryption, and all the technology in the cars and the computers. we look at -- we also created a system where we are now making it difficult for us to repair our own cars, to modify our own cars. the industry of being able to kill the industry for our car because it is all automated for the gps system. recently a case for john deer tractor with a could let them fix it same copyright on the security and the anti- circumcision made it illegal for the to fix it without going to a john deere dealer.
5:24 am
we see the death of the corner garage. whether it is bigger tires to jack up your pickup truck or do things to enhance performance -- >> the example you gave is a great example of regulatory processes working. every three years the copyright office has to evaluate the dmca to enjoy the good faith resources can be advanced. recently, the copyright office said that as a part of doing good-faith research you can do so on a car. and get beyond the encryption systems. it is a great example of an agile system working effectively. >> my concern is you never really on your vehicle because there is so much software involved. you made the licensing software that could become a brick that if you tried to modify it or
5:25 am
transfer it. >> we can't have it always. we can't say we want connected cars, and be secure and safe while the same time saying we want everyone to be able to get into that and be able to stop it while it is moving. think he is saying we want open sourced software so we can see what is coping in and in control. where's the line? >> to be clear, i did necessarily advocate for open source software. i do advocate for an open system of improving software. that is an important differentiator. the last, that there are models that posit people don't even want to own their car anymore. this may no longer be a problem which opens up the possibility
5:26 am
that there are others. >> i appreciate your comments on that and yield back. >> and the other questions? in closing, i'm sitting here thinking my wife is a pretty ofrt lady, and she does all the computer work at the house. onng the bills, everything, a sunday afternoon she is on the computer. she gets a call for microsoft service center. they ask for some information. she reluctantly kind of gave it to them. the next thing we know her .omputer is locked it is an extortion attempt. i found out they were pakistanis , i'm a member of congress. we have a whole communications
5:27 am
network, with the capitol police and access to the fbi. basically, they told me that you are screwed. and it was extortion. i can see extortion to you can , this showsar happen with our little home computer. it was interesting, we bought some of the software. she found of the software company that they keep another locked protection behind that. release actually can the system. think weget toyou to have incredible capabilities. i was in a general motors car,
5:28 am
device -- i just spoke at gonzaga high school. i told all those teenagers what is coming. they were aghast. the things you can do are unbelievable. our biggest -- i was paying attention to the paris terrorist threat. those kids get in a car, and that is the biggest cause of death for our teenagers. fromve gotten deaths 43-33,000, a huge percentage of those our kids. the devices i saw was pretty astounding. how you can control that. the question more than the comment is -- private
5:29 am
sector has come up with some incredible innovations. standards andg trying to protect the owner and the consumer. you have a good association bring together, trying to folks together. i'm anxious to see your report. i get to said it was just turned over. , likeope of government the chairman said, we usually over legislate and over regulate. trying to get it right, you want to also protect rights. i hammered on dot because i -- it is now three years ago i said let's see where we are going with this. i tried to set a schedule. that hasn't been adhered to. bitter frustration in that. it is complicated.
5:30 am
they need to work with you. the towns like, for the most part, they are. we don't want them to come out requirements,, or mandates that-- are obsolete. by the time we enact them, sometimes they are an overreach. that is a challenge we face. in closing, and the quick guidance on how to proceed? i want to hear from the private sector. i know we are going down a certain path. what do think the proper role of standards, i the tried to get a biometric standard after 9/11, that was three times i put in law biometric standard. i think we may be there it is 12 years later.
5:31 am
they're very difficult to nail down. changing technology, you have to try this. it is like trying to change the wheels on a vehicle that is moving down the highway. tell me, how you would like to see this unfold? the three guys representing the companies that actually produce vehicles. >> thank you, mr. chairman. with all due respect, our industry can't afford to wait for government. we are not doing that. we are investing a substantial amount of resources and energy into innovating. will make our products safer, and make them more enjoyable. again, i have to nail you down. what is the proper role of government? regulation, law, --
5:32 am
>> i think our industry has shown time and again that we can, and do work well together. i think the industry needs the freedom to innovate, and to do that work. >> who in government would you at -- should we leave it dot? how should it be structured? >> for the federal level, we work well with them and have proven we can do that. think in this space, obviously the federal trade commission is active in this space. we have begun to work with them as well. we will work with whatever agencies congress decides are the ones that need to be involved in this. >> if i could interject, --
5:33 am
>> after i hear from others. i didn't really get a real handle -- we haven't even really talked about the ftc. let me hear your take. >> first of all, we appreciate the work that has taken place between the auto industry and it's a so far. it is a 15 year long road to get to where we are. we think really good technology that is ready to go. once we get this spectrum mission close i think we can move forward with that. dsrc promises a safety alive. we look to be missed framework and think that it is a good agency for us to partner with. as an industry, to create the same types of best practices and self guiding principles be of already done in terms of the
5:34 am
privacy and security. anothere level, and level. principle, issues of it is all about incentives. no one could be more interested in our own survival, especially as a small, young company that we are. putting the right incentives in place is key. whatever we do, whatever agency it resides in, we need to foster innovation and share it. but in the proper incentives in place to innovate, and to share. of how thisive case could proceed was advanced emergency braking. rather than resisting the impulse to regulate, they foster the development of the technology. then encouraged the deployment of that technology and did so as far as i know without the benefit of any sort of regulatory knowledge. the hazard with standards is in a long process you move
5:35 am
towards lowest common denominator. that is to be encouraged in some cases, but the standard-setting process -- but not wholly appropriate in innovative arenas like this. to the agencies, i don't have any particular point of view. the only thing i would adds one of the real challenges here is that these are crosscutting impact multiple agencies. one way that congress can certainly help is bringing order to that for making sure there is greater coordination among all the agencies. it is not to suggest anything the cut out, but congress can play a critical role in making departmentc, and the of commerce are working with each other to achieve the things we all have in mind. again, you did a very good agendaing us your
5:36 am
recommendations. thank you on the privacy side. thank you for participating. i look forward to hearing back and seeing some of your plans. do is leave like to the record open for ten days. we may have additional questions, others we didn't even get to. without objection, that is so ordered. again, i'm looking forward to having a report on the other items we requested today. you, each of you, very interesting. and we made10 years such incredible progress. thing ato do the right
5:37 am
this important juncture. that is bringing out these issues. need to go is important. if there be no further business , we wille subcommittee adjourn. thank you.
5:38 am
>> c-span has your best access to congress in 2016. the house and senate will reconvene on january 4. on tuesday, january 5 the houses back from legislative work. on monday, january 11 senate returns it to 2:00 p.m. live coverage on tv and radio. republican congressman mark walker is a newcomer to politics. he talks about the 2014 campaign in which he defeated a number of well-funded better-known opponents. >> you represent north carolina's sixth the district. a baptist minister and a former republican congressman mark walker is a newcomer to politics. he talks about the 2014 campaign in which he defeated a number of well-funded better-known opponents. >> you represent north carolina's sixth the district. a baptist minister and a former car dealer.

28 Views

info Stream Only

Uploaded by TV Archive on