Automotive “Black Boxes” — A Regulatory Issue where Cybersecurity and the Data Quality Act Meet

Editor’s Note:  Two key issues will need to be resolved before the automotive “black box” regulation discussed in the story below could be implemented: 1) ensuring that the practical utility and burden minimization requirements of the Paperwork Reduction Act are met; 2) NHTSA would need to demonstrate that the mandates of the Data Quality Act — including the integrity requirements, are adhered to before the agency could release, even in summary form, any data collected.  OMB, in their government-wide guidelines define Integrity to mean “the security of information —protection of the information from unauthorized access or revision, to ensure that the information is not compromised through corruption or falsification.” 

Thus, the federal government already has a cybersecurity regulatory requirement appliacable to virtually all rulemakings that involve the electronic collection/transmission of data which results in an eventual federal information dissemination.  NHTSA’s regulatory plans for “black boxes” will provide an early test of the DQA as a cybersecurity “good government” law.

From: The Hill’s Floor Action Blog

‘Black box’ standards coming for cars

By Pete Kasperowicz

New federal standards for “black boxes” that record information leading up to auto accidents will will take effect Sept. 1, the National Highway Traffic Safety Administration (NHTSA) ruled on Tuesday.

The decision means the new standards for the devices will not be delayed by one year, as automakers had requested.

The federal standards will apply only to cars that are voluntarily outfitted with event data recorders (EDRs), also known as black boxes. But while the government does not yet require all cars to have black boxes installed, NHTSA is still thought to be considering a federal mandate as a next step, possibly this year.

NHTSA standards for black boxes were proposed in 2006, but have been delayed since then. In 2009, the Alliance of Automobile Manufacturers suggested a delay to Sept. 1, 2013, arguing that this would give auto companies more time to work with original equipment manufacturers to ensure the standard can be met.

But NHTSA rejected this, arguing that the rule has already been delayed, and that it has already adjusted the standard in a way that should make it easier for companies to comply.

“The petitioner suggested that the delay would enable vehicle manufacturers to retain current EDR functionality across all vehicle models and avoid disabling legacy EDR systems for a limited number of vehicle models,” NHTSA said in its Tuesday decision. “The agency is denying the petition since the implementation of the August 2006 final rule has already been delayed by two years and we have recently published a final rule responding to the remaining petitions for reconsideration.”

NHTSA has been considering the next step — a requirement that all cars are built with black boxes — since 2011. In anticipation of this requirement, some in Congress have proposed legislating the mandate ahead of time.

The initial version of the highway bill that the Senate approved in April included language that would have required the secretary of Transportation to evaluate event data recorders and ultimately require their installation on all cars within a few years.
But due to Republican opposition and concerns about privacy, that language was eventually stripped out in a House-Senate conference that passed in late June.


Leave a Reply

Your email address will not be published.

Please Answer: *