German carmakers are facing stiffer headwinds when it comes to managing vehicle data: in addition to insurers, the tuv is now also taking a stand against the industry’s approach. This is a matter of both security and the business with vehicle data, which is considered a rough future market.
"From our point of view, however, three aspects must be guaranteed: the operational safety of the vehicle, data security and data protection or the privacy of the car driver," said richard goebelt, member of the executive board of the umbrella organization vdtuv, to the german press agency.
Modern cars with their many electronic control units are, according to widespread opinion in specialist circles, susceptible to hacker attacks. According to the car industry’s concept, the data from the vehicle is to be transferred to the manufacturer’s secure servers, and other companies are then to gain access to the data via these servers. Tuv doesn’t think much of it: "from our point of view, data processing has to take place in the vehicle and must not be outsourced to backend servers," said goebelt.
"The car is an everyday object and cannot be compared to an industrial plant."In goebelt’s opinion, the data was not safe from manipulation on external servers: "if the data was only accessed via servers and not directly via electronic or digital interfaces on the vehicle, we as a tuv could no longer ensure, for example during the exhaust emission test, that the data stored there was really neutral or whether it had been altered in any way."
The insurance industry also has major reservations about the concept of the auto industry, because it would then have quasi-first access to all data. Klaus-jurgen heitmann, spokesman for the huk coburg board of management, warned against a "data monopoly" by car manufacturers. Even the top management of germany’s largest insurance company, allianz, is not impressed.
The tuv is countering this with its own concept, called the "automotive platform": "we are proposing a high-security communications platform installed uniformly in all vehicles," said goebelt. This would be comparable to a "safe that can only be opened and closed with a key". The safe is where the access authorizations for the vehicle data are stored."The car owner should decide on access rights.
The central platform is intended on the one hand to link all the electronic control units in the car with each other – and on the other hand to separate the components of the car that are important for operational safety from the service services for the workshop and the data transfer for infotainment offers by means of separate locking in each case.
No solution promises one hundred percent safety, goebelt said. "But our model had the advantage that an entire fleet of vehicles could not be hacked, as would be conceivable in the case of a cyber attack on a manufacturer’s backend server."