Car data can tell where you have been, what the technical status of your car is, how you drive and – through access to your phone – who you know. So far, FEMA has not written about data access and security for motorcycles, because it is not a very current topic.
However, history shows us that new developments in the car industry will reach the motorcycle industry sooner or later. FEMA has no reason to expect that it will be different this time. Therefore, we need to start the discussion on motorcycle data ownership.
FIA region 1 is campaigning against the way the automotive industry deals with the control over access to car data, the in-vehicle functions and resources (e.g. instrument panel display). They do this with the ‘Connected Vehicle – My Car My Data‘ campaign. Car data can tell where you have been (the last 100 parking locations, the latest destination entered in GPS), what the technical status of your car is (detailed data of the drive battery, mileage reading, quality of the charging), how you drive (length of time you used different driving modes, number of times the seatbelts tightened e.g. due to sudden breaking), who you know (mobile phone’s synced contact data etc.).
This causes many threats: privacy (Big Brother), expensive maintenance and unrequested offers, loss of warranty/law enforcement, hacking and profiling. From the motorcycle manufacturers, as far as we are aware, only BMW transfers data from the on-board computer of the motorcycle via the analysis equipment at the dealer to the head office in Munich. This was confirmed to FEMA by BMW in an email in 2016. In fact, the communication of data is not just about vehicle data, but with the increasing coupling of sensors and devices, it’s also about personal data.
In the automotive world, a fierce discussion has already arisen about who can access this information and how it should be arranged. The vehicle industry on one side and an alliance formed by consumer organization FIA region 1 (dealer organizations and others, united in AFCAR) on the other side are diametrically opposed.
To summarize a complicated story: the car manufacturers advocate a structure that speaks of an ‘Extended Vehicle’ (an electronic ‘copy’ of the original vehicle) on the manufacturer server and supplemented in-series with a neutral server to ensure that independent operators cannot be monitored by the manufacturer in his role as aftermarket service provider. This means that all data from and to the vehicle will entirely flow over the vehicle manufacturer’s server, who therefore has absolute control over this data flow. The data flow can conveniently be used for data mining, customer profiling and developing of new services. Independent service providers pay twice a fee to get access to the data, once to the vehicle manufacturer to get data from the Extended Vehicle server and paying additional fees that are charged by the Neutral Service provider. This means that the vehicle manufacturer in his role as service provider has a significant cost advantage compared to all other service providers. In the end, the vehicle manufacturer can reduce its aftermarket service network and do servicing remotely. All cost in the end will be passed through to the consumer.
Independent service providers can also try to get into direct business with the vehicle manufacturer through a business-to-business contract and obtain data directly from their Extended Vehicle servers. Obviously, this comes at a cost and is depending whether or not the manufacturer ‘likes’ the independent service provider and their products or not. The manufacturer also prohibits third parties to write to the vehicle over the Extended Vehicle server, e.g. preventing Over-the-Air software updates or actuate vehicle components for the purposes of diagnostics, as they claim that this compromises vehicle security, creating for themselves so called ‘ Security by Obscurity’. In other words, the role of the vehicle manufacturer shifts from designing and building vehicles towards becoming data monopolist and aftermarket service provider who dictates the conditions for the independent service providers and aftermarket industry. This possibly to the detriment of the consumer who cannot any longer benefit from a fair but competitive market getting best value for money.
AFCAR, on the other hand, is advocating an On-Board Telematic Platform (OTP) whereby all vehicle data is directly communicated with third parties such as the vehicle industry, insurance companies, authorities and other third parties via a ‘Harmonized Automotive Gateway’ (a standardized electronic link). The control lies with a ‘Harmonized Automotive Gateway Administrator’ (AGW Admin), which is under the control of a dedicated, competent, independent entity that is acceptable to all stakeholders and not just by the vehicle manufacturers only. In addition to the privacy elements, this discussion is also important for after-sales activities such as repair and maintenance, prognostics, sale of parts, road-side assistance, breakdown of insurance premiums and in the future possibly even enforcement. This doesn’t mean that authorities continuously are allowed to look over the shoulder of the consumer but e.g. only in the case of an accident get access to relevant and carefully selected data.
Despite the fact that within the motorcycle world the ownership of vehicle-related data is still under discussion and – according to the umbrella of European motorcycle manufacturers (ACEM) – not even relevant at all, the FEMA board has decided to investigate whether and to what extent affiliation with the AFCAR consortium is possible.
What data is transferred? In 2015 an ADAC report already showed how much vehicles are “saying” about drivers, compared to what consumers may think. Some examples of data sent, identified in the study:
About the driver profile:
– Length time use of different driving modes;
– Seatbelt tightening owing to hard braking;
– Number of trips and accumulated distance;
– How and where the car was charged.
About the vehicle location:
– Latest destinations stored in navigation system;
– Last 100 parking locations;
Some examples of data continuously sent, identified in the study:
– About maintenance information:
– Maximum engine speed
– Total distance reading
– Operation time length of vehicle lighting system, specifying different light sources
– Number of times the position of the electric driver seat was changed
– Number of media inserted into the CD/DVD drive
– Personal information (!) synchronized from mobile phone, e.g. remote reading of private emails, contact addresses et cetera.
In addition, the study coincidentally discovered vulnerability of car security systems:
– Illegal remote door lock opening with mobile phone, not traceable. Remotely fixed by OEM;
– Vehicle position data not anonymized;
– Illegal remote change of stored emergency call numbers
Since over a decade vehicle manufacturer are in control of vehicle data flow and aiming to become service provider for all car-related needs, perhaps today but surely as of tomorrow. Vehicle owners are not informed about what data is collected or for what purpose data is used. In the report, ADAC and FIA identified several consumer principles:
– Informed consent by and privacy of consumer
– Non-monitoring of independent service providers
– Same capabilities to offer innovative services by Clubs to their members as the vehicle manufacturer in his new role as service provider
The position of FIA Region I and its member clubs is that:
- Vehicle manufacturers are to regularly publish a comprehensive list with all vehicle data collected, processed, stored and transmitted externally.
- Utmost transparency is needed, easily available and complete information, understandable to consumers.
- Consumers must have a choice to conveniently deactivate processing and transmission of data other than required for safety.
- Data protection must be state-of-the-art.
- The vehicle owner must have a free choice, not being locked into an OEM system. There must be an open and fair market for service providers.
To accomplish their goal, FIA region 1 has entered an alliance with other organisations, which is called the Alliance for the Freedom of Car Repair in Europe (AFCAR). The other stakeholders are organisations of repair shops, leasing federation, parts distributors, independent diagnostic tool developers etc.
The industry promotes the concept of the ‘Extended Vehicle’ server supplemented with a ‘Neutral Server’ on which the data of the ‘Extended Vehicle’ should be stored. This ‘Neutral Server’ would in their view best be owned by a Neutral Server provider that is not in business as a service provider using the data for their business model. In this scenario, the control of the data stays with the manufacturers. They claim that this is necessary to secure the protection of the data, avoid the hacking of the car data by third parties, etc. The consumer will be informed of data usage of personal data and of course must consent with the ‘right of access’, other the right of access provided by law or contract based on the General Data Protection Regulation. Third parties should also have access to the data. In ISO standards 20077-1 and 20077-2 on Extended Vehicle the dedicated terminology was set out, interrelation to other standards related to extended vehicles, specify the general rules and basic principles. ISO standard 20078 on Web Services determines the vehicle manufacturer as controller of the vehicle data, customer data and service provider data. ISO standard 20080 on Remote Diagnostic Support (RDS) describes the general requirements etc. Remote Diagnostic Support is Information provided to a remote diagnostician to assist in the performance of the remote diagnostic process of a vehicle and defines a number of limited Use Cases to access in-vehicle data. All ISO standards were published and will gradually be applied by the vehicle manufacturers. As these technical standards were not referenced in legislation (yet), it remains to the discretion of each manufacturer how and to what extend these technical standards will be applied on each vehicle in the years to come.
AFCAR proposes a specific definition of RDS that focusses on fair, direct in-vehicle data accessibility, but under the control of the consumer. The associated OTP reference model shown in Fig 2 consists of a secured Harmonized Automotive Gateway that is externally administrated by an Automotive Gateway Administrator (A-GW Admin) and includes a firewall and authorisation concept on-board of the vehicle. Through this gateway controller the car data could be send to and received from the vehicle manufacturer, insurance company, authorities and other third parties, with each being privileged with data access at different, appropriate levels. A main characteristic of the OTP is the opt-in, opt-out feature that consumer can use to accept services and associated data transfer but can also stop the data flow to a service provider and allow this data to be accessed by another competitor that offers better service and/or at lower cost. Although legislation determined that consumers are not the owners of the in-vehicle data, this opt-in, opt-out feature allows the consumer to stay in control on access to in-vehicle data, its functions and resources by remote operators.
Since July 2018 the European Commission, AFCAR, ACEA (the European car industry consortium) and CLEPA (the European consortium of automotive suppliers) are discussing the concept of the Extended Vehicle and the industry was asked to come forward with a Proof of Concept. This practical field test carried out between July 2018 and June 2019 showed the technical limits of Extended Vehicle, while another study commissioned by FIA, the international association of motorists and Mobility Clubs, has highlighted its economic flaws. Since then the discussion between AFCAR on one side and ACEA and CLEPA on the other side continuous, amongst other in the Motor Vehicle Working Group (MVWG), where FIA gets the support of other consumer-oriented organisations like BUEC. ACEM and FEMA have stayed out of the discussion, respectively because ACEM considers this as a problem for the car world and not for motorcycles and FEMA by lack of knowledge of the subject.
One of the issues that plays an important role in the discussion is the OBD (On Board Diagnostics) port closure. The size of the problem is still unknown. There is hard proof on OBD port closure for some recent Fiat-Chrysler models, The minimum OBD requirements that were set out in UN Regulation 83 are fulfilled. However, a larger share of the diagnostics is only accessible with certificates. The challenge is to find a balance between security and accessibility of in-vehicle data to diagnose, repair and maintain vehicles by other parties than those that are related to the vehicle manufacturers (‘official car dealers’) as well as for Clubs to continue to do their daily break down service as well as to offer innovative services in the future.
Security of the data is also part of the work of the new UNECE GRVA (Subsidiary Working Group on Connected and Automated vehicles). Under the GRVA an Informal Working Group (IWG) exists that deals with cyber security of automated and connected vehicles, but also with secure Over-the-Air software updates of connected vehicles. The task force works out threats and mitigations on cyber security of automated and connected vehicles as a basis for near future UNECE Regulations for automated and connected vehicles. FIA is member of the TF CS/OTA and has formulated some demands:
1. The vehicle manufacturer must ensure cyber security over the lifetime of the vehicle
2. The vehicle manufacturer shall regularly update soft- and hardware, if type approval relevant
3. The OTP reference model shall be an ideal future secure vehicle.
The demands of FIA are not shared by everyone. The global organisation of car manufacturers OICA wants vehicle manufacturers only to ensure software updates for a “reasonable” timeframe and proposes the ExVe (‘Extended Vehicle’) reference model. FIA is concerned that this means that vehicles become obsolete and may not any longer circulate once the manufacturer has decided that it is not any longer economically attractive to provide software updates. A vehicle that still is safe and roadworthy in terms of environmental protection would not any longer be safe owing to impaired security as it is not any longer protected by state-of-the art security software.
Although the motorcycle industry claims that this is not an issue for us and will not become an issue, we already see the transfer of information with any service intervention from the motorcycle to the vehicle manufacturer with BMW since 2015. History shows that new developments in the car industry sooner or later will reach the motorcycle industry. We have no reason to expect that this time it will be different. Therefore, even if the issue of data ownership is not current, it will be at some point and we must be prepared for that. Therefore, the FEMA Board has decided to contact the AFCAR consortium and see if and how we can join them.
Written by Dolf Willigers
Top photograph courtesy of Healtech Electronics