Our parents told us toddlers to share our toys, saying “Sharing is caring.” In today’s high-tech world, we as adults use caution and protect our personal and business information against both inadvertent sharing and outright theft by bad actors. It’s not that we don’t “care” anymore; we just recognize that these days our data may need protection.
Now the U.S. Department of Commerce, through its Industry and Security Bureau, has recognized the need for data protection in vehicle technologies (“Securing the Information and Communications Technology and Services Supply Chain: Connected Vehicles” https://www.federalregister.gov/documents/2024/09/26/2024-21903/securing-the-information-and-communications-technology-and-services-supply-chain-connected-vehicles). Commerce proposes a ban on connected vehicle technology originating in or controlled by China (including Hong Kong), the Russian Federation, and other “foreign adversaries.”
Specifically, Commerce proposes regulations to:
- Prohibit Vehicle Connectivity System hardware importers from knowingly importing into the United States certain hardware for connected vehicles.
- Prohibit connected vehicle manufacturers from knowingly importing into the United States completed connected vehicles incorporating certain software.
- Prohibit connected vehicle manufacturers from knowingly selling within the United States completed connected vehicles that incorporate covered software.
- Prohibit connected vehicle manufacturers who are owned by, controlled by or subject to the jurisdiction of China or Russia from knowingly selling in the United States completed vehicles that incorporate covered hardware or software.
Recently PrePass discussed the balance which proposed government regulations concerning new technology must strike between individual and business privacy, on the one hand, and potentially beneficial uses of shared data, on the other. For example, in the ongoing consideration of Level VIII inspections, fed by the electronic transmissions of a UID (Unique Identification Device) on the truck, the desired improvement in truck inspections must be paired with protections for driver personally identifiable information (PII) and proprietary business data (https://www.prepassalliance.org/the-past-and-future-of-truck-inspections-part-3/).
Similarly, while V2X technology offers a future of improved road safety, unless data protections are incorporated, competitors, marketers and litigators may take the opportunity to track truck routes and locations. Once more, a balance must be struck between the advantages of technology and privacy (https://www.prepassalliance.org/the-benefits-and-safety-considerations-of-smart-roads/).
The Commerce proposal, by contrast, is clearly aimed at international “bad actors” whose technologies may potentially steal data, override vehicle operations, impact our supply chain, and threaten national security.
PrePass customers can breathe easy – all PrePass technologies, software and data systems are produced and manufactured right here in America by trusted employees and partners. Similarly, PrePass protects customer identities, dates and times when their trucks utilize PrePass for weigh station bypass.
But, as the Department of Commerce proposal indicates, carriers should closely examine the origin of any connected vehicle technology intended for their trucks.
The Commerce notice of proposed rulemaking (NPRM) was published in the Federal Register on September 26. The public has until October 28, 2024, to comment. To file comments, go to Regulations.gov, enter Docket No. 240919-0245, and follow the instructions to write or attach your comments.