
How connected car tech is eroding personal privacy - walterbell
http://www.bbc.com/autos/story/20160809-your-car-is-not-your-friend?ocid=ww.social.link.twitter
======
DoubleGlazing
My old boss had a fancy top of the line Audi with all the trimmings.

One day a fault developed with the seatbelt sensors on the rear seats. He kept
getting the warning beeps to fasten the belts when no one was on those seats.

It was still in warranty so he took it get fixed. The dealer pulled his
driving logs from the on board computer/data recorder and said his driving was
too aggressive and that violated the warranty.

Truth be told his driving was terrible. I accepted a lift home from him once,
and only once because his driving scared the bejeesus out of me. But that
being said how could that affect the pressure sensors in the rear seats?

It took some solicitors letters to get the dealer to agree to a warranty
repair.

I think its inevitable that manufacturers are going to use all this data to
stop you claiming under your warranty. "Oh dear you slammed your door too hard
one day, I'm afraid that invalidates your warranty". Insurers will demand this
data in before giving you a quote. Its also likely that there will come a time
when this data will be used to help price your car if you sell it or trade it
in. And of course the government will want to use positioning data to
automatically issue parking fines.

And this ignores all the obvious security risks that come along with this sort
of stuff, for example all those BMW keyless car thefts.

~~~
forgetsusername
> _My old boss had a fancy top of the line Audi with all the trimmings._

I'd love to know how the dealer could justify saying a high-end Audi, a car
(and company) with an established racing pedigree, was driven "too
aggressively".

Look at their commercials for crying out loud.

~~~
throwanem
I imagine it was quite easy, given the typical automobile dealer's complete
lack of shame.

------
throwaway2016a
IoT in general has this problem.

I live a highly automated life and my database has when I woke up, where I
drive, when I get home, what TV shows I watch, how long I spend on Hacker News
and when, when I enter the house it is recorded... and then more benign stuff
like how long my air conditioner has been on. And and I do this voluntarily.

Overall it's a gig of data a day.

The weird thing is my wife has access to this data too and I have access to
her's (which is less extensive but still there... for example, if her code is
used to disarm the alarm, it is stored that way).

I also might be crazy, most people would be disturbed with this level of data.

As a side note, I store the database on my own server and I am very
comfortable with the security on said server. Firewalls, tripwires, multi-
factor auth, encryption, the works. Even I wouldn't trust that database with a
third party.

~~~
TeMPOraL
I wouldn't be disturbed with this level of data - I would be _delighted_.
Being disturbed signals lack of touch with how reality works.

That said, I absolutely, positively don't want this data to be owned by third
parties. It should be my data, for my perusal.

~~~
k-mcgrady
>> "Being disturbed signals lack of touch with how reality works."

Could you explain what you mean by this? That level of data collection
disturbs me for privacy reasons. I don't see how I lack touch with reality.
It's interesting and I would like to have all that data on myself too but the
privacy risks make it not worth it for me.

~~~
TeMPOraL
I was talking about being disturbed by existence/collectability of such data -
not by collection by third parties, which is disturbing for privacy reasons.
You radiate tons of data every second of your life. Your every interaction
with every thing is recorded in the fabric of reality, and progress of
technology gives us ways to access more and more of that information.

My point is - existence of such data should not be disturbing. How much of it
is being collected by third parties - that's another story.

------
jariyakariya
Since the company I co-founded at YC S11 (Automatic) was called out in the
article, I want to share a few thoughts here.

It’s absolutely true that connected cars and the wider IoT space has miles to
go in terms of security and privacy. Far too many companies treat security as
an afterthought, and then we see everything from Jeeps to Barbie dolls being
compromised. Those same firms then treat privacy as a winner-take-all game,
where they expect the customers to give them maximum access with minimal
accountability. And frankly, it pisses us off.

At Automatic, we’ve laid out our security procedures and privacy policies
incredibly clearly. No firm is perfect, but I think we’ve done an outstanding
job at creating systems that are difficult to penetrate, and in setting
precise expectations with our customers about how we’ll use their data. You
can read about those here: [https://blog.automatic.com/security-at-automatic-
how-we-keep...](https://blog.automatic.com/security-at-automatic-how-we-keep-
you-safe-bdaf3f74e00f#.xp2nb9vlh) and [https://blog.automatic.com/our-privacy-
principles-4d2fd93654...](https://blog.automatic.com/our-privacy-
principles-4d2fd9365489#.b11az3152)

To get back to the article - car manufacturers that hide what they’re doing
from consumers should knock it off. I don’t think they’re necessarily being
nefarious, I just think they’re being foolish. In this age where consumers are
waking up to the risks and rewards of connectivity, obscuring the data you’re
collecting and how you’re using it is only going to become more untenable.

------
blub
All cars sold in the EU come with eCall:
[https://en.m.wikipedia.org/wiki/ECall](https://en.m.wikipedia.org/wiki/ECall)

Edit: sorry, I extrapolated too much from my own experience. It's still not
legally mandatory until 2018, however some manufacturers do indeed make it
mandatory today.

Due to privacy protections I don't think marketers and insurers have access to
driving data, but the security concerns remain. Their back-ends can be hacked,
rogue employees could listen in, etc.

~~~
jessaustin
It's only a matter of time before insurers get that data. They'll even have
some plausible safety arguments to bolster their bribery.

For freedom, ride a bike.

~~~
TeMPOraL
Until GPS with GSM module embedded in frame becomes a viable countermeasure
against bike thefts that is.

~~~
jessaustin
Haha, I meant freedom to ride your _own_ bike, although perhaps Proudhon would
disagree...

~~~
sevensor
I worry that it's only a matter of time until cyclists are required to carry
transponders "for our safety" on streets full of self-driving cars.

------
Animats
_" Once cars become fully driverless they will rely_ entirely _on their
outgoing and incoming data connection to function properly._ "

Not true. Chris Urmson, former head of Google's self-driving car project,
before he left Google, made that point at a "connected car" conference.
Google's self-driving cars don't rely on car-to-car communications. They rely
on sensors. Lots of things a self-driving car needs to know about aren't
"connected", and you can't trust the ones that are.

Google's own cars download their logs when they get back to the barn, but
that's for debugging purposes. A production vehicle would not need that
feature.

On the other hand, the Event Data Recorder in most cars isn't a big deal. It's
a crash recorder. After a crash that caused airbag deployment, someone can dig
into the wreckage, plug into the box, and look at the last 15 seconds before
the crash. Useful for accident analysis, but not Big Brother. OnStar type
systems are much more of a concern; they run all the time and have GPS inputs.

~~~
dragonwriter
One can imagine a data connection being used to share routing-related
information (traffic, road closures, etc. -- basically, the same thing a human
driver would do with Waze/GMaps/etc.) for higher level planning, but, yeah, it
makes little sense to rely on such a connection for basic operation rather
than route optimization and cooperative traffic management.

------
tantalor
> He says that buried deep in the dashboard is Verizon cell phone 3G hardware
> that's always on.

Who pays for this? Can you pull out the radio and use it for general purpose
internet access?

~~~
pjc50
The manufacturer will have bought a SIM for the lifetime of the car. You
_could_ potentially pull it and use it until they notice and shut you down,
although it may (ought to!) be limited to a VPN tunnel.

------
nsns

        I have a taste for the secret, 
        it clearly has to do with not-belonging; 
        I have an impulse or fear or terror in the 
        face of a political space, for example, 
        a public space that makes no room for the secret. 
        For me, the demand that everything be paraded in 
        the public square and that there be no internal 
        forum is a glaring sign of the totalitarianization 
        of democracy. [. . .] if a right to the secret is 
        not maintained, we are in a totalitarian space.

(Jacques Derrida, in Roudinesco, Jacques Lacan & Co., II, p. 599.)

------
Broken_Hippo
Some of these sorts of issues are simply going to be standard and not so
avoidable. I'm all for it if it means that we get autonomous cars everywhere,
even better if it means that one public transportation option is to call up a
pod to travel in. But regardless of the future, most of these things are still
positives from a broad view.

Things such as improved emergency response (so long as equipment is upgraded),
tips on how to improve your own driving (upon request) to make your car last
longer, aggrevate data on different things to teach new drivers, and how
common behavior x, y, and z are. I have little problem with the auto-
ticketing, provided the state tests the system once a year or two to make sure
it is functional (and when it is contested). This stuff makes the roads safer.

Though folks _could_ hack into his brakes or disable his vehicle, right now
that doesn't happen often to actually fear, and safeguards could be put on the
vehicle to keep him safe.

The bigger threats he mentions are private firms and law enforcement.

The biggest factor with law enforcement is to have safeguards to check the
honesty and things like that. Make sure the laws are fair and that law
enforcement isn't tempted to bend them.

Private companies, such as insurance companies, are slightly different. While
I believe this could be changed with legal protections, I believe there is
very little hope of such legal protections being made with the current
political climate. I don't think the information is bad per se, as we could
learn quite a bit about normal driving habits, but the companies could decide
to lobby for things like better enforcement of traffic violations, lower legal
BAC levels, and other such things to gain the same sort of safety.

------
douche
I predict a thriving market in grandfathered-in vehicles in the not-so-distant
future. In many ways, I miss the '85 F150 I drove in high school. If there was
a computer chip anywhere in it, it had shorted out long ago, but the thing
just kept rolling along. It's become the truck of Theseus now, but it is still
on the road, 300k+ miles later.

------
tantalor
What does "at the expense of personal driving data" mean?

~~~
ebbv
It means previously you had some expectation that where and when you drive is
private data that nobody else has unless they are tailing you.

Now your car is broadcasting its location at all times via cell signal, and
that data may be (almost certainly is) being recorded.

~~~
chatmasta
How is that any worse than driving with your cellphone in your pocket?

~~~
TeMPOraL
Different set of parties having access to the car-originating data.

That, and you can always drive _without_ a cellphone if you so desire.

~~~
smartbit
IMHO you can always travel without a car if you want to

~~~
waterphone
Maybe in some places. In most of the non-urban U.S., it simply isn't feasible
to live a normal life without driving.

~~~
therealidiot
This is a fact that so many people like to conveniently forget

~~~
waterphone
Where I live, the closest store is 5 miles, but it's just a very basic and
small general store. To reach an actual store with fresh produce and more,
it's a 100 mile round trip. That may be on the somewhat extreme end of things,
but variations on that are a normal way of life for people in rural areas.

------
benologist
Connected cars are going to create a much safer world .... the other month
someone was in the news after a hit-and-run, the vehicle phoned the police and
reported it itself. Eventually when all the cars have cameras, sensors,
autonomous power to report to police things like speeding, reckless driving,
hit and runs etc will go instinct as every vehicle around you is recording,
reporting...

~~~
rmxt
Undoubtedly some aspects of life will become safer, but the interesting
question is "At what expense does that safety come?"

Just because something is the new normal, doesn't mean it is "right".

~~~
benologist
In terms of traffic control it's probably going to be mostly beneficial for
people. Bad drivers will surely be annoyed, just as they were when running red
lights and speeding became things that could be enforced 24/7.

If it spread to security cameras ... consequences could be a grave new world
where a young Dennis Leary is caught in his very first act of subversion.

~~~
sliverstorm
_Bad drivers will surely be annoyed, just as they were when running red lights
and speeding became things that could be enforced 24 /7._

I like to consider myself a good driver, I'm mostly concerned about black-and-
white application, where we had officer discretion in the past. (Discretion is
hard to teach computers)

The traffic light I "ran" yesterday springs to mind. Second in line at
stoplight (behind a cop no less). Light turns green, we roll into
intersection. Light changes to yellow, then red, before either of us exit the
intersection. An officer would not ticket me, but a computer that was not
meticulously programmed probably would.

~~~
Grishnakh
I don't know what the law is in your state, but in some states (like AZ), the
law is that you only have to enter the intersection when it's green or yellow.
If it turns red while you're still in the intersection, that's no problem for
you, but other drivers have to wait for you to clear the intersection. So it's
perfectly normal for turning drivers to enter the intersection and wait there,
and then after the lights turn red and the straight-through drivers clear the
way, the people turning will finish their turn, and the oncoming traffic with
a green light has to wait for them to do this.

------
dreamcompiler
All cars should come with the equivalent of an "airplane mode" switch--easily
accessible to the owner--that disables all RF emissions and receptions. Since
car companies are certainly not going to provide the switch voluntarily, it's
probably going to require regulations to make it happen.

------
dgax
I had the same issue with my VW where it was activated without me signing the
paperwork. The official line I got from VW was that it couldn't be removed or
deactivated because it is 'safety equipment'.

VW is shady.

