Another worthy example of the need to rethink privacy for the IoT comes from the connected vehicle market. Just as with the wearables discussed previously, the ability to track someone's vehicle persistently is a cause for concern. 

A problem arises, however, when we look at the need to sign all messages transmitted by a connected vehicle digitally. Adding digital signatures to messages such as Basic Safety Messages (BSMs) or infrastructure-generated messages (for example, traffic signal controller Signal Phase and Timing (SPaT) messages) is essential to ensure public safety and the performance of our surface transportation systems. Messages must be integrity-protected and verified to originate from trusted sources. In some cases, they must also be confidentiality-protected. But privacy? That's needed, too. The transportation industry is developing privacy solutions for connected vehicles:

For example, when a connected vehicle transmits a message, there is concern that using the same credentials to sign messages over a period of time could expose the vehicle and owner to persistent tracking. To combat this, security engineers have specified that vehicles will be provisioned with certificates that:

• Have short life spans
• Are provisioned in batches to allow a pool of credentials to be used for signing operations

In the connected vehicle environment, vehicles will be provisioned with a large pool of constantly rotated pseudonym certificates to sign messages transmitted by On-Board Equipment (OBE) devices within the vehicle. This pool of certificates may only be valid for a week, at which point another batch will take effect for the next time period. This reduces the ability to track the location of a vehicle throughout a day, week, or any larger time period, based on the certificates it has attached to its own transmissions.

Ironically, however, a growing number of transportation departments are beginning to take advantage of widespread vehicle and mobile devices by deploying Bluetooth probes along congested freeways and arterial roadways. Some traffic agencies use the probes to measure the time it takes for a passing Bluetooth device (indicated by its MAC address) to traverse a given distance between roadside-mounted probes. This provides data needed for adaptive traffic system control (for example, dynamic or staged signal-timing patterns). Unless traffic agencies are careful and wipe any short-or long-term collection of Bluetooth MAC addresses, correlative data analytics can be used potentially to discern an individual vehicle's (or its owner's) movement in a region. Increased use of alternating Bluetooth MAC addresses may render useless future Bluetooth probe systems and their use by traffic management agencies.