Talk:Volkswagen car-location data-exposure incident: Difference between revisions

Template:Talk header

Hello contributors. As this is one of our first articles on the Consumer Protection Wiki, I wanted to highlight several areas where we need additional information and sources to strengthen this article's accuracy and completeness as we start to define proper wiki article format/structure/sources that should be added.

This was mostly generated as from transcripts provided to Claude Pro using Sonnet 3.5 which leaves it as a skeleton/placeholder and nowhere near a final iteration. In fact, we should create a template for AI-assisted initial drafts if this will be a common practice. Something like Template:AI-Draft that could be standardized across articles.

Priority Information Needed[edit source]

Incident Specifics[edit source]

• Precise date of the incident
• Scope of exposed data
• Official Volkswagen statements
• Duration of exposure
• Discovery details

Regulatory & Legal Context[edit source]

• NHTSA letter details and citations
• Applicable data protection laws
• Any resulting investigations
• Legal requirements for customer notification

Technical Documentation[edit source]

• Details about AWS/Carad implementation
• Nature of the misconfiguration
• Industry standard security practices
• Technical safeguards typically used

Impact & Resolution[edit source]

• How Volkswagen addressed the vulnerability
• Customer impact details
• Financial consequences
• Long-term security changes implemented

Red Links Added[edit source]

Several key terms have been marked as redlinks in the main article to indicate needed sub-articles:

• CARIAD
• Automotive data privacy
• Right to Repair movement
• Vehicle telematics
• Connected car security

Collaboration Request[edit source]

If any contributors have access to reliable sources covering these aspects, please help expand the article. Remember to follow our editorial guidelines regarding factual, non-accusatory tone and proper source citation.

Next Steps[edit source]

1. Add specific dates and timeline
2. Include technical details with proper verification
3. Document regulatory responses
4. Expand the industry context section

Please add to this discussion if you identify other areas needing improvement or have suggestions for additional sections.

Travis (talk) 09:48, 14 January 2025 (UTC)Reply

17 January 2025

Do you have any further information or reference for the letter, e.g., where it was mentioned? As far as I can see, I can't find anyone called "Carrie Gules", but there is a "Carrie Giles" who works in transport but not at the NHSTA. Can't find any published letters from them though.

I have found this letter today from the FCC related to vehicle data security from Jan 2024. https://docs.fcc.gov/public/attachments/DOC-399695A1.pdf

15 January 2025

Is this the letter you were looking for? https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/nhtsa_testimony_in_response_to_ma_committee_letter_july_20_2020.pdf

There is also this letter from NHTSA. https://drive.google.com/file/d/1UInBq29yxNaLMrNWX3qEW50M-dbcYkJO/view

Response from senators to above letter. https://www.warren.senate.gov/imo/media/doc/2023.06.15%20Letter%20to%20DOT%20and%20NHTSA%20re%20Right%20to%20Repair1.pdf

Response from NHTSA to senators' letter. https://pirg.org/wp-content/uploads/2023/08/351-1.pdf

They also seem to have released a vehicle cybersecurity best practices in 2016. https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/812333_cybersecurityformodernvehicles.pdf Then updated in 2022. https://www.nhtsa.gov/sites/nhtsa.gov/files/2022-09/cybersecurity-best-practices-safety-modern-vehicles-2022-tag.pdf