Smart cars are savvy, technologically advanced, and computerized devices connected to navigation and entertainment systems, but they also record personal data and have the potential to be hacked. Who owns that information, how it is shared, and how manufacturers can protect against hacking remains unregulated, which is why Sen. Edward Markey (D-Mass.) wants drivers protected.Last month, Sen. Markey a member of the Commerce, Science and Transportation Committee released the report,\u00a0Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk, in which he argues that, \u201cthe automakers haven\u2019t done their part to protect us from cyber-attacks or privacy invasions.\u201d\u00a0A firestorm of new segments from, \u201c60 Minutes\u201d to \u201cCBS This Morning\u201d cautioned \u201cnearly all new cars on the road are vulnerable to hacking.\u201d The question remains, are smart cars putting sensitive data at risk?If a hacker is able to break into the computer system of a particular car, it is possible to virtually govern the car. Scott Morrison, distinguished engineer at CA Technologies agreed, \u201cIf you lose control of the car or car features to someone else over the internet, it is a safety issue.\u201dJoshua Corman Co-Founder of www.iamthecavalry.org contended that the physical risks are a growing concern in automobile security. \u201cI love my privacy, I\u2019d like to be alive to enjoy it,\u201d he said. Recognizing the real potential for physical harm is paramount to Corman, whose 5 star automotive cyber safety framework asks auto industries, among other questions, \u201cDo you have a published attestation of your Secure Software Development Lifecycle, summarizing your design, development, and adversarial resilience testing programs for your products and your supply chain?\u201dIf you lose control of the car or car features to someone else over the internet, it is a safety issue.Scott Morrison, distinguished engineer at CA TechnologiesChris Valasek, director of Vehicle Research Security at IO Active said, \u201cThe question I like to ask is, \u2018Are you afraid of being assassinated now?\u2019 If the answer is no, physical harm from an auto attack is very unlikely.\u201d Access to personal data is common, but access to the car\u2019s electronic control units (ECU) is far less likely. According to Valasek. \u201cThe barrier of entry is really high\u201d because the collecting and sharing of information \u201cdoesn\u2019t work universally.\u201dHowever, Corman argued that the claim that hacking is expensive is too dismissive. \u201cMost security concerns have been about credit cards and financial adversaries,\u201d said Corman, \u201cbut I like to remind people that we are now exposed to the whole spectrum of human capabilities. It\u2019s not an \u2018if\u2019 it\u2019s a \u2018when\u2019 one should expect a failure. All computers get compromised.\u201d Cars can be hacked, but \u201cAll cars are different,\u201d Valasek said, \u201cFord has a different message than BMW.\u201d Hacking into a car\u2019s computer system is very difficult and very costly, which is in part why there isn\u2019t a lot of hard evidence on the physical risks to consumers.Corman disagreed referencing an investigative report in which auto hacker Craig Smith used a dongle to allow a hacker in New York to hack into a car 3,000 miles away in Seattle. Though Corman agreed that physical safety isn\u2019t an imminent threat, he said, \u201cI\u2019d like to rely more on \u2018they can\u2019t\u2019 [hack into my car]. I don\u2019t want to rely on a hope that they won\u2019t.\u201d[ Once your car's connected to the Internet, who guards your privacy? ]While the use of technology in smart cars affords consumers a variety of conveniences and luxuries, \u201cmany don\u2019t understand what the implications [to their privacy] are,\u201d Markey contended. In his report, Markey identifies several concerns beyond physical safety.Scott Morrison agreed that \u201cthe car is a powerful data collection point and its connectivity may link it to even more sensitive data than your location, how you drive and what you listen to on the radio.\u201d Data is collected in smart cars and is being kept by the automotive industry and can be shared with third parties.\tPersonal information is more accessible, particularly because computers can see a Bluetooth address which could then be broadcast to the world. Depending on how data is being collected and with whom it is being shared, it is possible, according to Markey\u2019s findings, for third parties to \u201cutilize information on drivers\u2019 habits for commercial purposes without the drivers\u2019 knowledge or consent.\u201dAutomotive manufacturers need to be more transparent with the consumer, providing clear and comprehensible facts on how their private information is being tracked and stored. Morrison said, \u201cThe [privacy] risk comes around the data: who owns the data and how you create a relationship with who is seeing the data. We need to understand who the custodian is of our private information. One of the biggest challenges we have around data and protection is creating very narrow controls around it.\u201dSome of the uses for that data might protect consumers, such as road side assistance, but there are no clear guidelines on how that collected data can be shared. Morrison explained that \u201cBeyond roadside assistance, one example is seen in the insurance industry. If your automobile is sharing data with the insurance company about your driving habits, such as speed and operations, it can result in a discount or rebate on insurance.\u201d While a discounted rate on insurance might save consumers some money, Morrison also pointed out that, \u201cDepending on the application, data shared from your vehicle may connect to or transmit information that includes your Social Security number and address, and that information can be used for fraud or other nefarious purposes.\u201dThe conversations about privacy protection are ongoing, but the second part of Markey\u2019s report highlights the inconsistencies that exist among the automotive industry. Markey found that, \u201cautomakers offer technologies that collect and wirelessly transmit driving history information to data centers, including third-party data centers, and most did not describe effective means to secure the information,\u201d and he wanted to know what manufacturers are doing to protect the privacy and physical safety of consumers.Morrison recognized, \u201cThe manufacturers are trying to make life better for the consumer. An approach of 'inform and consent' may put consumers more at ease. And the recently formed automobile ISAC (information sharing and analysis center) will help to gain a better understanding of the threats and how to combat them.\u201d Morrison said, \u201cTo me the biggest question is how to ensure our personal data is being secured and that the manufacturers and their partners are being good custodians of our information.\u201d \u00a0The one commonality that all automotive manufacturers have is the growing concern about safety and privacy protection. Many including Morrison argued that, \u201cThe industry needs to establish a 5-star data protection rating to complement its 5-star crash rating. Then being a good custodian of information almost becomes self-regulating just to stay competitive.\u201dBeing proactive will help to combat current and future threats for the consumer. \u201cWe want to start thinking about security\/privacy before it becomes an eminent threat,\u201d Valasek said. Automotive industries want to build in security measures as they are designing new products. Valasek said, \u201cwe need to create security measures as we build rather than dealing with them later.\u201d Corman wants more. \u201cWe need to be prepared for the inevitable fact that computers on wheels will be hacked,\u201d he said, and he contended that, \u201ca merging of the foundational capabilities proposed by www.iamthecavalry.org with a driver\u2019s bill of rights\u201d would be an elegant solution toward protecting consumers.Kacy Zurkus is a freelance writer based in Massachusetts.