
Is your connected car spying on you? - joosters
http://www.bbc.co.uk/news/business-29566764
======
pmoriarty
_" All the data we collect is anonymous and we only sell anonymised data."_

But there have been numerous violations of such "anonymised" data that caused
the identities of the people ostensibly protected by this anonymization to be
revealed.

There is ongoing research in to how to make more robust, mathematical
guarantees of anonymity in such datasets. Until this research comes to
fruition and becomes widely deployed in industry (something that's probably
decades away), I would not take much comfort in assurances from industry reps
that the data the companies they represent collect or release are
"anonymised".

~~~
hackuser
> Until this research comes to fruition and becomes widely deployed in
> industry (something that's probably decades away), I would not take much
> comfort in assurances from industry reps that the data the companies they
> represent collect or release are "anonymised".

Even if the technology existed I would not rely on it being deployed and used
correctly: 1) There is no incentive to do it because there is little penalty
if they fail; and 2) IT security in general is completely unreliable; why
would this be any different?

The only secure data is data that doesn't exist. Already there are government
agencies that automatically delete internal communication (e.g., emails)
within 30 days. If that's important for the security of their government data,
which arguably should be open, why isn't it done with my data, which should be
private?

~~~
pmoriarty
_" Already there are government agencies that automatically delete internal
communication (e.g., emails) within 30 days."_

Or they claim to have deleted it. And maybe, technically speaking, it has been
deleted from _their_ servers. But by then, who knows where it's been copied
to. By then it might be on systems completely out of their control.

I think you hit the nail on the head: _" The only secure data is data that
doesn't exist."_

No guarantees or assurances from the corporations or the government can change
that.

------
dreamweapon
The fun part is, in a couple of years it basically won't be possible to drive
a car (on a public road, anyway) that _isn 't_ "connected." If the legislators
don't bring this bold new tomorrow down on us, the insurance companies will do
so on their own.

------
kylec
About six months ago I bought a VW with their "CarNet" integration. I am
concerned about my car relaying information about where I go and how I drive -
at a minimum, I know that it notifies the dealership when I cross over a
10,000 mile boundary because I've received an email reminding me to take it in
for service. I've tried to find a way to disable it, but I can't find anything
online or in the user manual.

I suspect that this story will become more and more common - ordinary people
buying cars equipped with such systems that are unaware of the privacy
implications.

~~~
opendais
Are you 100% sure it wasn't coincidence?

I don't have a connected system [e.g. it doesn't report anything because its a
certified used car I got for $11k where damn near everything is manual :P] but
the dealer was able to guestimate within a few months of when I would hit the
mileage amount I'd need to take it in for service.

~~~
kylec
100% sure? No. However, I got the email a day or two after I crossed 10,000,
about 5 months after I bought the car, which is a bit sooner than average I
would imagine. It's also one of the advertised features of CarNet
([http://www.vw.com/features/vw-car-net/](http://www.vw.com/features/vw-car-
net/))

~~~
opendais
Ah, well if its an advertised feature it isn't like you weren't informed. I
was thinking you thought it was something shady they snuck in w/o your
knowledge.

------
gambiting
I am really worried that insurance companies will push for those tracker
devices for everyone. If they simply make insurance policies without the
trackers twice as expensive as ones with them, they will quickly become
widespread, and this surveillance will become the norm. I hate this and I
dread the day when it happens.

~~~
at-fates-hands
You should hold out hope for every company which does this, there will be one
acting with your privacy in mind and offer lower rates without the possibility
of collecting your data.

I think the Snowden revelations have had a huge impact on how people view
their privacy now.

------
bsilvereagle
And your car leaks information that can be used to create GUID:
[http://www.reddit.com/2kj10q/](http://www.reddit.com/2kj10q/)

------
at-fates-hands
_" At the time, chief executive Harold Goddijn promised his company would
prevent the data being used in that way again."_

This is the crux of the issue. Companies will continue to reap the financial
benefits of selling the information and then back off if they get caught.

This is a very dangerous game of, "It's easier to ask for forgiveness than for
permission"

~~~
c0ur7n3y
A "promise" by a CEO about what his company will or won't do in the future is
completely worthless.

------
Istof
That reminds me of a Ford exec that said: 'We Know Everyone Who Breaks The
Law' Thanks To Our GPS In Your Car

Read more: [http://www.businessinsider.com/ford-exec-
gps-2014-1](http://www.businessinsider.com/ford-exec-gps-2014-1)

------
kator
Sometimes when I rent a car I'll poke around in the navi and sync menus. I
often can see where people went in the car before from the nav history and
you'd be surprised how many people sync their address book with a rental car!

------
lmedinas
There will be an interesting battle in the future for the Car Data. Will be
the manufacturer or the services available in the car which will own the data
?

~~~
spacefight
The owner of the car is and should stay the owner of the data. He should also
be able to decide what and where to put his data, at any time.

~~~
Silhouette
Indeed.

One of the more dangerous potential outcomes of all this data recording and
telemetry is that everyone winds up with a black box monitoring their driving
full-time, which becomes _de facto_ obligatory because you can't get something
mandatory such as insurance without it.

Then, because there are exactly zero perfect drivers in the world, every
driver becomes subject to effectively arbitrary fines and/or increases in
their insurance premiums, providing a convenient revenue stream with a captive
market for both big businesses and governments.

In an ideal world, such monitoring could instead lead to official recognition
that no-one is perfect but interventions should be aimed at people with a
sustained pattern of risky behaviour or deteriorating driving standards rather
than immediately penalising a driver who made a small mistake and was unlucky
to be in front of a camera at the time. But sadly I have little faith that
anything so constructive would ever actually happen, given the track record of
the government, the police, and the insurance industry in my country when it
comes to abusing new technologies and outright lying about what they are
doing/going to do. :-(

~~~
backlava
No, you should immediately punish bad driving but the punishments can be much
lower.

~~~
Silhouette
The trouble with that argument is that _every_ driver is guilty of "bad
driving" at least momentarily from time to time. What good does it do to
punish someone who is reasonably skilful, reasonably responsible, but only
human?

The inconsistency and selective enforcement is part of the problem here. If
our driving laws were routinely and universally enforced to the letter, with
every infraction punished as the law provides, then there would be no-one left
entitled to drive within a few weeks and the absurdity of the system would be
clear for all to see.

As it stands, there seems to be an element of lottery: I know plenty of people
who are basically responsible drivers but have picked up the odd ticket for
doing 35 past a camera at the bottom of a hill or something, and I also know
plenty of people who I literally won't ride with any more on account of their
crazy driving yet who have completely clean licences. Evidently the system is
not currently effective at promoting safer, more considerate driving, which in
the end is what it should be doing.

~~~
backlava
I assume that you're a software guy so I would hope that you would naturally
understand the benefit of simplicity. Let's assume that a speeding ticket
currently costs $200. What percentage of speeding instances do you think are
currently fined? I'm going to guess far less than 1%. That means you can lower
the fine to $2 per instance or probably much less and still be meting out the
same expected punishment for speeding.

The goal of this fine is not to partition drivers into good and bad drivers.
It's to incentivize good driving. Yes, good drivers are going to get fined
occasionally but it will be a very small fine. Why try to make a more
complicated rule that never fines "good" drivers? That will sometimes lead to
drivers who decide to speed this once because it's free.

~~~
Silhouette
> Yes, good drivers are going to get fined occasionally but it will be a very
> small fine. Why try to make a more complicated rule that never fines "good"
> drivers?

For one thing, any law that inherently penalises innocent people for a crime
they did not commit is abhorrent to me. The scale does not matter. This is
simply a basic principle of justice and fundamental to the state having any
moral authority to enforce any law at all.

Even were that not the case, you have to deal with the practical problems of
overheads. What are you going to do when someone inevitably disputes their $2
charge? Either you have a punishment without any due process at all, or you
incur vastly disproportionate expenses prosecuting a case in court, or you
cause the innocent person vastly disproportionate damage contesting their
guilt. None of these is an attractive option.

You also have to deal with the practical problem that any such system _will_
be cracked very quickly, and the worst drivers will be the ones most likely to
get away with it.

My views have somewhat softened on technical driving offences over the years,
in that I accept as a practical matter that having a black and white
definition of what is permitted removes wriggle room for bad drivers who might
otherwise tie the system up contending that their actions were not in fact
dangerous or otherwise inappropriate. Nevertheless, the goal of road traffic
laws should be to take the dangerous or inconsiderate off the road, and it is
not always the case that things like exceeding a speed limit or driving
through a red light necessarily have (or have any significant potential to
have) actual negative consequences.

So while the laws prohibiting these actions are a pragmatic choice, it is not
one that has any inherent moral basis to me and already one that sometimes
prohibits perfectly reasonable actions that a responsible driver might
otherwise perform. Abusing such laws so that even those who try to comply with
them, while also driving safely and considerately, are still victimised is a
big step too far in my book. And of course the systems we're talking about
might not only be used to enforce technical laws to the letter, but could also
be used to provide wriggle room for insurance companies after an incident.

~~~
backlava
The innocent until proven guilty approach to traffic violations is already a
farce. If you have a job, it costs more to dispute a ticket than to pay it.
I'm in favor of changes to the legal system that would allow rapid turn around
in low stakes cases. Start with something very informal and quick and have an
appeals process where the loser pays.

Cracking the local monitoring device can be disincentived just like speeding.
If an officer sees you speeding and you're not self reporting it, bam. Bigger
offense.

The thing about more effective enforcement in any setting is that it can
increase justice (lower the lottery effects) but it makes it that much more
important that you got the laws right to begin with.

~~~
Silhouette
_The innocent until proven guilty approach to traffic violations is already a
farce. If you have a job, it costs more to dispute a ticket than to pay it._

Yes, it is, and that situation is a real problem for some people, such as
someone whose car registration has been cloned, resulting in a whole series of
tickets about something like the London Congestion Charge even though they
live in the north and haven't been as far south as London in years.

That is why I am personally in favour of courts defaulting to awarding
realistic compensation to successful defendants in all prosecutions, combined
with the abolition of automated fixed penalty notices generated by any sort of
machine.

Basically, if something is serious enough to merit a criminal prosecution, I
think the authorities should show up with real evidence and if necessary real
police officers as witnesses, make a proper case in court, and suck it up if
they bring too many cases that fail and it costs them a lot in compensation. I
think there is considerable merit in the argument that anything where you
don't feel such a comprehensive response is justified and instead resort to
some sort of automated penalty regime and mass punishments shouldn't be dealt
with through criminal proceedings at all. (Edit: The flip side of this is that
if a police officer pulls you over and in court you really are then found
guilty of, say, driving at dangerous speeds, don't expect to get away with 3
points on your licence and a token fine. Only prosecuting serious offences
cuts both ways.)

------
Spooky23
Tl;dr version: Yes we caan, but we "promise" not to.

------
glathull
Huh. From the title I would have guessed this was a Wired article.

