Behind "Software Defined Car": How To Find The "Balance" Between Data Convenient Application And Data Security?

On May 12, the state Internet Information Office issued the draft of several regulations on automobile data security management (Draft for comments) (hereinafter referred to as the "draft for comments"). This is another department's management measures on automobile data security after the Ministry of industry and information technology issued a notice to solicit opinions on the draft standard of "safety requirements for data collection of information security technology network connected vehicles" on April 29.

With the development of automobile intelligence, every car has become an important data collection carrier. Automobile manufacturers and software developers attach great importance to data mining. Through mobile phone data, to improve the algorithm ability and accelerate the iterative ability of products and related technologies. At the same time, car users also began to realize the importance of personal privacy protection.

Many people in the automobile industry told reporters of the 21st century economic report that the introduction of relevant regulations on automobile data security management is very necessary. The release of the draft will form a certain constraint on the overseas automobile enterprises in the data background.

On the evening of May 12, Tesla was the first to respond, saying through its official microblog that it supported and responded to the industry's further standardization and jointly helped technological innovation. We welcome all of you to make suggestions and suggestions to the relevant departments to promote the healthy and orderly development of the automobile industry.

The release of the draft will form a certain constraint on the overseas automobile enterprises in the data background. Visual China

The problem of vehicle data security is very complex

With the voice of "software defined car" gradually rising, from the traditional car enterprises to the new forces of car manufacturing, the competition with intelligent Internet connection + automatic driving as the core has been launched in an all-round way. The core components of the car have gradually changed from the engine, gearbox and chassis to the "car brain" composed of chips, software and data.

The blessing of intelligent Internet connection and automatic driving has brought users a more convenient travel experience, integrating a large number of cameras, radars, tachometers, navigators and other sensors. Now, every car with intelligent network function is equipped with a large number of sensor devices, collecting a large number of vehicle data, user data, environmental data, etc.

Through these data, automobile companies continue to improve the algorithm, so as to promote the rapid iteration of products and technologies, which has become the underlying logic of intelligent vehicles. Take Tesla as an example, hundreds of thousands of Tesla vehicles in China have collected a large number of China's road data and environmental data in the past few years, and directly transmitted them to the Silicon Valley headquarters in the United States.

This is similar to the development path of smart phones, but the car is more related to personal safety and even national security. In extreme cases, it's not impossible for hackers to remotely control and operate a car. These scenes in science fiction movies are very likely to appear.

In fact, as early as this year, during the two sessions, Chen Hong, chairman of SAIC Group, Zeng Qinghong, chairman of GAC group, Yin Tongyue, chairman of Chery Automobile, and Zhou Hongyi, chairman of 360 group, all proposed data security for intelligent vehicles.

Chen Hong, chairman of SAIC Group, estimates that the maximum amount of data generated by an automatic driving test vehicle can reach 10TB per day. Data types include vehicle driving data, body data, manipulation data, video data, image data, coordinate data and so on. In the process of data acquisition and use, there are some problems, such as unclear responsibility and standard requirements of data collection and storage, unclear requirements of data commercial use constraints, insufficient prevention of data leakage, and insufficient punishment for data violation.

On May 11, Professor Yang diange, President of the school of vehicles and transportation of Tsinghua University, told the 21st century economic report that the data security of smart cars involves three aspects.

On the one hand, it is related to the car itself, whether the functional safety of the car and the information security of the car will produce the driving safety risk. Second, it involves personal privacy, especially the target in the car, which can obtain some information about the driver or passenger in the car. The third aspect involves the issue of national security. The sensors on smart cars collect big data during driving. These data may involve some sensitive data. If not handled properly, this data will bring some security risks to the country. In particular, there may be some cross-border data transmission, which will have a greater impact on national security.

It is very complicated to solve the problem of data security. It not only needs to ensure that the data is not leaked through technical means, but also needs to specify what data can be collected, what data can be used and how to use it through a perfect management mechanism.

It is understood that the cross-border process of data has many links, wide paths and difficult traceability, and the transmission process may be interrupted. In the face of telecom network fraud caused by data interception, tampering, forgery and leakage, it is also faced with the risk of improper use of information data and infringement of intellectual property rights of technical data.

The release of the draft provides a clear specification for the data security management of intelligent vehicles, which enables the data security of intelligent vehicles to be effectively managed in the future, and enables all automobile enterprises to have laws to abide by when processing data.

The draft defines the types of vehicle data to be managed, the main principles that operators adhere to in the process of processing personal information and important data, and the use of data.

It is worth noting that the draft clearly points out that personal information or important data should be stored in China according to law. If it is really necessary to provide it overseas, it should pass the data exit security assessment organized by the state network and information department.

Technological progress also needs rules to follow

In fact, in the process of using smart cars, personal information and data generated by users are not of great value to users in most cases. But for the vehicle enterprises and operators, it is an important foundation to improve the intelligent level of products.

Some industry insiders told 21st century economic reporter that the core reason why Tesla has a super high share price is that it has collected a lot of data in the past few years. Moreover, with the increase of its global car ownership, the scale of data collection will be higher and higher.

Prior to this, Tesla's data security risk has caused high public concern. During this year's Shanghai auto show, the issue of female car owners' rights protection eventually aroused the attention of the outside world for the protection of users' privacy.

Tesla, on the other hand, has repeatedly stated that it will prudently handle the collected data.

In March, Elon Musk, Tesla's chief executive, told the China development forum that Tesla would never provide the US government with any vehicle and user data it collects in China or other countries.

At the 2021 Shanghai International Auto Show, which opened on April 19 this year, Tao Lin, Tesla's global vice president and responsible for China's foreign affairs, said in an interview with 21st century economic reporter that Tesla only collects data related to safe driving, so as to facilitate automatic driving construction and related computing development.

She stressed that first, only the necessary data need to be collected, and secondly, the collected data are actually within the scope of supervision and internal control.

In addition, according to Tao Lin, Tesla is building a domestic data center, which should be completed in the second quarter of this year. Tesla owns the data center, but some of them will cooperate with Chinese enterprises.

Through the collection and processing of data, improve the ability of the software, which will become the bottom development logic of the whole automobile industry reform. The release of data security related management measures can reduce the security risk of the whole industry while making technological progress.

?