Please note that all submissions to the site are subject to the wiki's licence, CC 4.0 BY-SA, as found here

Talk:Volkswagen car-location data-exposure incident

From Consumer Action Taskforce
Jump to navigation Jump to search

Information Gaps and Needed Sources

Template:Talk header

Hello contributors. As this is one of our first articles on the Consumer Protection Wiki, I wanted to highlight several areas where we need additional information and sources to strengthen this article's accuracy and completeness as we start to define proper wiki article format/structure/sources that should be added.

This was mostly generated as from transcripts provided to Claude Pro using Sonnet 3.5 which leaves it as a skeleton/placeholder and nowhere near a final iteration. In fact, we should create a template for AI-assisted initial drafts if this will be a common practice. Something like Template:AI-Draft that could be standardized across articles.

Priority Information Needed

Incident Specifics

  • Precise date of the incident
  • Scope of exposed data
  • Official Volkswagen statements
  • Duration of exposure
  • Discovery details

Regulatory & Legal Context

  • NHTSA letter details and citations
  • Applicable data protection laws
  • Any resulting investigations
  • Legal requirements for customer notification

Technical Documentation

  • Details about AWS/Carad implementation
  • Nature of the misconfiguration
  • Industry standard security practices
  • Technical safeguards typically used

Impact & Resolution

  • How Volkswagen addressed the vulnerability
  • Customer impact details
  • Financial consequences
  • Long-term security changes implemented

Red Links Added

Several key terms have been marked as redlinks in the main article to indicate needed sub-articles:

  • CARIAD
  • Automotive data privacy
  • Right to Repair movement
  • Vehicle telematics
  • Connected car security

Collaboration Request

If any contributors have access to reliable sources covering these aspects, please help expand the article. Remember to follow our editorial guidelines regarding factual, non-accusatory tone and proper source citation.

Next Steps

  1. Add specific dates and timeline
  2. Include technical details with proper verification
  3. Document regulatory responses
  4. Expand the industry context section

Please add to this discussion if you identify other areas needing improvement or have suggestions for additional sections.

Travis (talk) 09:48, 14 January 2025 (UTC)Reply

NHTSA letter

17 January 2025

Do you have any further information or reference for the letter, e.g., where it was mentioned? As far as I can see, I can't find anyone called "Carrie Gules", but there is a "Carrie Giles" who works in transport but not at the NHSTA. Can't find any published letters from them though.

I have found this letter today from the FCC related to vehicle data security from Jan 2024. https://docs.fcc.gov/public/attachments/DOC-399695A1.pdf


15 January 2025

Is this the letter you were looking for? https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/nhtsa_testimony_in_response_to_ma_committee_letter_july_20_2020.pdf


There is also this letter from NHTSA. https://drive.google.com/file/d/1UInBq29yxNaLMrNWX3qEW50M-dbcYkJO/view

Response from senators to above letter. https://www.warren.senate.gov/imo/media/doc/2023.06.15%20Letter%20to%20DOT%20and%20NHTSA%20re%20Right%20to%20Repair1.pdf

Response from NHTSA to senators' letter. https://pirg.org/wp-content/uploads/2023/08/351-1.pdf


They also seem to have released a vehicle cybersecurity best practices in 2016. https://www.nhtsa.gov/sites/nhtsa.gov/files/documents/812333_cybersecurityformodernvehicles.pdf Then updated in 2022. https://www.nhtsa.gov/sites/nhtsa.gov/files/2022-09/cybersecurity-best-practices-safety-modern-vehicles-2022-tag.pdf