
Car Owners Should Control Data Collected by Cars - mwexler
https://www.nytimes.com/2019/05/20/opinion/car-repair-data-privacy.html
======
js2
> Modern cars collect as much as 25 gigabytes of data per hour.

Links to this McKinsey study as a source:

[https://www.mckinsey.com/industries/automotive-and-
assembly/...](https://www.mckinsey.com/industries/automotive-and-assembly/our-
insights/whats-driving-the-connected-car)

Which says:

> Today’s car has the computing power of 20 personal computers, features about
> 100 million lines of programming code, and processes up to 25 gigabytes of
> data an hour.

McKinsey doesn't cite any sources. But more importantly, _processing_ 25
GB/hour is not exactly the same as _collecting_ it. The later, in the context
of this article, is definitely trying to imply that the data is stored in some
sort of semi-permanent record. So, the piece is at least a little
disingenuous. That said, I agree with the premise that to the extent data is
saved, it should belong to the vehicle owner, not the manufacturer.

Tangent: "the computing power of 20 personal computers." What are they trying
to say here? I've got a 2017 Chevy Volt and 2016 Mazda CX-9 and I'd be shocked
if there were half that much computing power between the two of them. Maybe
they are trying to say there's 20 CPUs among the various systems in a modern
car? Still that seems like a lot.

~~~
fit2rule
Processing means some conclusion was reached. You don't have to transmit 25gb
of data to be spied on - only the results of having processed it.

~~~
kbenson
Processing also means it passed through the system. If I use the camera app on
my phone, and it shows me a real-time video of what the camera is seeing, all
that data is "processed" even if I'm not actively recording or taking a
picture at that moment. It's not saved, it's just passed through and
discarded. That's not nothing, because there's the possibility of it being
collected, but it's not exactly the same either.

------
agentofuser
If I'm a pedestrian getting my body filmed, 3D-scanned, with potential facial
recognition and internal-organs-penetrating sensors added on top, _I'm_ the
one who should own that data (and the right to not consent to its collection
in the first place). Why are people weirded out by some Google Glass-wearing
rando filming them on the sidewalk but ok for everyone behind a wheel to be
suddenly promoted to a CCTV omnisensing recorder?

~~~
dsfyu404ed
>Why are people weirded out by some Google Glass-wearing rando filming them on
the sidewalk but ok for everyone behind a wheel to be suddenly promoted to a
CCTV omnisensing recorder?

Pedestrians are promoting dense and walk-able cities, environmentally
sustainable transportation, healthy lifestyles and are generally virtuous.
Drivers are wasting space, killing the planet, promoting a sedentary lifestyle
and are generally evil.

Yes I'm being a bit absurd and over the top here but the point is that most
people aren't disciplined enough to stick to their principals when a group
they don't like is the one getting screwed.

~~~
stcredzero
Principles. The principal is your "pal."

 _most people aren 't disciplined enough to stick to their principals when a
group they don't like is the one getting screwed_

For most people, it's hard to keep out of group-think mode 100% of the time.
It's especially hard to do when emotions are involved. As a consequence, most
are only too happy to screw the members of the groups they don't like.

This is why one should stay away from politics where one is labeling another
group as inferior or bad, based on how they were born, or based on what they
believe. It's better to convince than to condemn.

------
bhauer
What?

> _We know our smartphones, Nests and Alexas collect data, and we’ve come to
> accept an implicit contract: We trade personal information for convenience.
> With cars, we have no such expectation ... What carmakers are doing with the
> collected data isn’t clear._

At least Tesla has demonstrated that their data collection is for training
their full self-driving capability. That represents tremendous end-user value,
in my opinion.

To me, this NY Times article is an argument that smartphones and smart agents
should exfiltrate _less_ data than they do. It's the purported end-user value
of smartphone and smart agent data collection that I find less credible. Yes,
they should collect data, but it's quite unclear why so much of the data needs
to be hoarded and used by cloud motherships. That data can be stored and
worked with on-device; the premise that on-device computation is too limited
is just flimsy.

Frankly the value of smart agents as a whole is a bit murky, especially when
lined up against full self-driving cars.

~~~
danso
The data collected by phones are used to train systems like web/voice search,
voice translation, and routing algorithms, all which ostensibly (or, at least,
purportedly) benefit billions of end users on a daily basis. I don’t see how
you can say Tesla’s case is so obviously a more justified example. In any
case, this article is about all cars — Tesla vehicles are still a sliver of
the user base.

~~~
wool_gather
Maybe (some of) the information collected _by the OS vendor_ is used for these
purposes. The majority of it, the stuff sent by third-party SDKs back to that
third party, is just to enable customer profiling or "analytics".

~~~
danso
Sorry, what’s this straw man argument that you’ve attributed to me? That I’ve
asserted every piece of data collected by Android goes toward a public good?

------
nimbius
disclosure: im a full-time engine mechanic for a chain of midwestern diesel
repair shops.

Quite a bit of this data is already at your fingertips! open source OBD
readers exist for linux. I use this one regularly to pull and reset codes for
older mercedes: [https://samhobbs.co.uk/2015/04/scantool-obdii-car-
diagnostic...](https://samhobbs.co.uk/2015/04/scantool-obdii-car-diagnostic-
software-linux)

the OBD is the computer in your car for sensors but has turned into a massive
repository for anything CAN (car network) related. Some newer cars store radio
station presets, seat positions, and even dimmer settings in the OBD alongside
their battery-backed RAM. some models of BMW even store the unlock codes for
their pricy radios in the OBD tables.

hardware like onstar is stored in a dedicated metal box usually under the
glove compartment in most cars. it includes a harness for the OBD data, and a
small modem usually mated with a riser. That modem also controls any wireless
features and of course cellular transmissions. if you dont like your car
phoning home, you can pull the riser or clip the antenna leads, but this will
likely also affect wifi. Bluetooth pairing is generally part of the head unit
in older cars, but if you have onstar this is commonly being added to the
daughterboard for wifi.

as for processing? absolutely. sensor samples are sometimes taken thousands of
times per second for things like airbag state and seatbelt pretensors. i guess
if you counted up the bits and bytes over the CAM as your datapoint, then yeah
its 25GB of data...but its not meaningful...unless youre in the process of a
crash.

onstar is always my biggest gripe. anything that can remotely stop my car or
unlock my doors makes me a little too paranoid, and ive never once pressed
that stupid button expecting to speak to anyone who can help do anything
meaningful.

but what about emergencies? onstar uses data triggers from the OBD/CAM to
sense airbags in the deploy state, and that apparently triggers an automatic
dial out to onstar whether you like it or not. If youre removing or replacing
airbags, that means you have to disconnect onstar first or youll wind up with
firetrucks and ambulances outside your garage. Speaking from experience.

------
the_snooze
Something that bothers me is why are companies so casual about attaching
fragile networked software to long-lived durable goods like cars? The
manufacturer has no economic or legal incentive to keep that patched over the
life of the hardware.

This is the rotten shortsighted mindset of modern-day tech: all the benefit
for the company, none of the responsibility.

~~~
Silhouette
_Something that bothers me is why are companies so casual about attaching
fragile networked software to long-lived durable goods like cars? The
manufacturer has no economic or legal incentive to keep that patched over the
life of the hardware._

Indeed. See also: almost all new TVs are now "smart" TVs, almost all new
phones are now "smart" phones, a high proportion of "smart home" and IoT
devices simply stop working if some remote service is discontinued (or your
Internet connection is slow or down), and so on.

Without reaching much further, mobile operating systems, Windows 10 and a
significant amount of locally run desktop software are also practically built
around phoning home and relying on remote services by design now, and doing
some shady things around tying security or compatibility updates in with other
changes you might not want or need.

I came around to the view some time ago that some sort of fairly draconian
regulation is the only way to stop this. It simply shouldn't be a prerequisite
for using normal, everyday devices that you have to give up your privacy, nor
a prerequisite for continuing to use something with a software element the
same way as when you bought it that you have to accept arbitrary changes in
the software or legal terms later.

~~~
brokenmachine
My own little soapbox is that if you buy a product, it should always be
possible for the consumer to return it to exactly the state it was at the time
of purchase.

So no forced or unrevokable updates that ruin (or even change) things.

I have a TV that has on multiple times broken things with firmware updates,
and there is no known way to downgrade. I'd name and shame the company but I'm
sure that almost every manufacturer gets away with the same bullshit. Same
with cellphone manufacturers.

------
Pfhreak
Why limit this to just cars? Is there something unique about cars? Why not
phone users? Or internet users?

~~~
lmkg
I think the big thing is that people _expect_ their phones to leak some data.
It communicates by definition, and that is essential to its operation. The
fact that your _car_ leaks such a large volume of sensitive data is
surprising, and because it doesn't "need" to collect this data to perform its
main function, which is converting dinosaurs into motion.

A car also holds a different place in the American consciousness, although
that may be shifting. We see our car as an extension of self, while the phone
is a connection to other people. We have greater expectations of control and
privacy from the first than the second.

But to your point: I think the same statement should also be true of other
data as well.

~~~
jimktrains2
To be fair though, our phones leaking our location data to our carrier is
expected given how the cell network works.

Our phones leaking our location and browsing habits to advertisers is/should
be less expected and acceptable.

------
stefan_
I'm all for retaining ownership of your Spotify playlists, Bluetooth synced
contact list and location data.

But given the number of vehicular deaths, I'm all for having authorities
access blackbox-style data like pedal state, acceleration vectors etc. that
some controllers already keep around. If you are operating a 100 kW machine in
public, _how you do it_ isn't a privacy concern.

~~~
jchrisa
Agree. Any activity that is so hostile to other people should be monitored
aggressively, and privileges revoked for the slightest reason. By the same
token, you should need to file an individual route permit anytime you want to
exceed 20 mph in a multi-ton vehicle. The externalized social costs of
designating ~25% of our cities' surface area to violent human exclusion zones
is hard to overstate. For one example, it's become rare for children to walk
(to school or anywhere.) How much is that worth?

~~~
rootusrootus
My children walk all the time, including to/from school every day. And there
are plenty of their friends on the sidewalk with them.

It's also difficult to overstate how much value universal transportation has
brought to the human race. Maybe more than enough to justify the surface area
dedicated to it.

------
doctorRetro
Why stop at cars? How about:

[Device] owners should control data collected by [the device]

~~~
bradknowles
Who said you own the device?

You may have paid your money, but with most software it's a license to use or
a lease, but not actual ownership.

The same is becoming more and more true for other cases as well.

------
lifeisstillgood
I think that the ideas of Personally _identifying_ information and Personally
_generated_ information need to be clearer. Information that exists because I
pass through the digital world is still about _me_.

Then we can envisage some changes in the law - the presumption in law should
be that data about or generated by me should be _owned_ by me - in the same
way copyright is presumed to belong to me.

If we then add in a public commons right to access such data royalty free (ie
health researchers get a free pass at my data presuming they follow normal
protocols) _and_ chuck in any commercial or other licence I might grant is
time limited an automatically runs out after a year and needs to be renewed
with my consent, and I think we can sort this data privacy problem out.

(in short - I agree )

~~~
JohnFen
> Personally identifying information and Personally generated information need
> to be clearer

The problem is that with Big Data, there isn't much difference between those
two things. Almost all unique data can be combined with other data points to
become personally identifying.

------
cjensen
I have a new ford. There is a clearly labeled switch in the settings to
disable data collection.

I leave it enabled because they display critical parts of the data to me
through a phone app.

------
stuart78
One thing I'm confused on from this article is which car brands might be more
or less egregious in this dimension. For example, I drive a VW, and my car is
Car-Net capable, though I have not enabled the service. Is Car-Net (or some
similar service) collecting data despite my not having enabled it? Clearly the
car has the ability to transmit data since Car-Net is an option.

Secondarily, is data transmitted during tune ups?

------
oldjokes
One of the reasons I didn't buy a Tesla was because I didn't want Elon
tweeting about my actions if something happened and I died on the road. The
salesman laughed at me when I said this.

While I acknowledge this is extremely unlikely, I'm still not interested. I
want to be in control of all my data, all the time, in all situations. I don't
want any third party to benefit from studying my behavior, ever. If you try to
build a business model around mining people they are going to start fighting
back sooner or later.

~~~
m463
I agree with you - their public disclosure of details of incidents over the
years lacked... class.

Also, you can opt-out of all tesla data collection.

There are a few levels of this. One is in the car's UI, LITERALLY hidden at
the bottom of "safety and security" there is a [Data Sharing] screen that you
have to scroll to see. It supposedly prevents video clips from being uploaded
to tesla. Other parts of the UI ask for permission, such as traffic-aware
routing. I don't know about the new chrome-based browser - we know google has
baked tracking baked into chrome.

Level two is basically "disable the SIM" no online access. Stuff doesn't work,
like the map tiles won't load from google and loads of other data can't be
transferred to tesla.

It's still not clear what happens with level two when you enter a service
center, because onboard wifi will auto-connect to tesla APs.

------
jakubp
(X) owners should control data collected by (X)

I'd add: at least possess this data, maybe also control (but not necessarily
100% e.g. I would want to be able to say, as the nation-state, that some data
must be made available to others, e.g. safety related, accident related,
energy efficency related)

Sounds like a fairly obvious rule. Doesn't make it easy for the business to
sell the value added services things or to make moat vs competition...

------
umvi
> Today’s car has the computing power of 20 personal computers

Then why does the touchscreen still lag as if powered by a Pentium 4?

~~~
dwrowe
This. Also - I have doubts about how much data is collected, and by whom - who
is paying for the bandwidth on a cellular network to send this
data...somewhere?

------
webninja
While working in technology design & specs at Toyota HQ, I was told that one
day, it might, in theory, be able to make cars free just funded by all the
data it generates from you. Whether that will ever pan out is speculative but
that’s a startling concept nevertheless.

------
wiggler00m
"What carmakers are doing with the collected data isn’t clear."

Carmakers will reduce the mortality rate from motor vehicle accidents to
almost zero (with full autonomy), using the collected data.

There were 37,133 MV deaths in the USA in 2017 (more than 0.01% of the
population) according to Wiki.

~~~
michaelt
Car makers will get data they can use to simulate and test their self-driving
cars.

But car makers will _also_ get full GPS traces - showing where you live, where
you work, where you shop and every time you speed. And they'll probably get
what phone was seen on bluetooth, how many seats were occupied, and what radio
station was listened to. All identifiable by vehicle, and very close to
identifiable by driver.

Will they manage to make good use of the former, while avoiding the temptation
to monetise the latter?

Of course, Google gets a bunch of data from Android users already, so one
might very well argue most users aren't concerned about such things.

~~~
agentofuser
Most users are concerned, they just feel powerless to do anything about it.

~~~
dzader
lol no they aren't

------
xfitm3
Crash data recorders typically store ~5 seconds of control inputs and are
designed to survive a crash. This evidence can either hurt or help you. What
should be done here?

------
leptoniscool
Isn't the logical next step to collect massive data from airplanes, which
should be easier to automate too. But the limiting factor is still trust.

~~~
kevas
...this has been happening for a long time already.

~~~
salawat
Under the radar. Without visibility.

How does it come as a surprise when things that were only recognized as having
gone on underneath layer after layer of technical jargon are finally brought
to general public awareness?

You don't get in trouble for doing things, you get in trouble for getting
caught doing them. It's been a long time in coming, but awareness is finally
starting to hit tipping points in meaningful ways.

~~~
lutorm
_Under the radar._

No, literally _by_ the radar... I'm confused what you mean. Surely it's not
news to a pilot that ATC facilities save radar data. For how long is a
different question.

~~~
salawat
Sorry. My apologies. I think I see the misunderstanding.

Under the radar is an idiom. It is used to describe things that occur in areas
not typically subject to observation, or widespread acknowledgement/general
awareness. In this case by regulators, or the public in general.

I think you might have misunderstood the poster above you when they suggested
trying to fully automate airplanes; maintaining the analog of every sensor
required to fully enable totally automated operation would require the
installation of full suites of broadband sensors on the plane, allowing it to
collect all information with regards to the environment it is working in, and
sending it "back home". Admittedly, this is less problematic, because planes
don't operate within the confines of everyday life, and thus are not
omnipresent, capable of acting as a ubiquitous surveillance platform.

When I say this has been going on "Under the radar", I'm referring to the slow
adoption of increasingly more varied and densely packed sensor packages in
vehicles offered to provide some token discount, but with very little
oversight into what type of data is generated, communicated, stored, or
otherwise.

Planes being tracked by radar is fine. That comes with the mode of transport.
It's an air transport's version of a Stop light or signage.

Long term persisted data collected by cars, however, is not, and should not
be.

------
OrgNet
I wish that there was a manual for how to turn any car into a dumb-car (or at
least how to disconnect them from the internet).

~~~
JohnFen
There are instructions for how to disable the comms antenna for a lot of cars
out there.

~~~
OrgNet
Do you have any link by any chance?

~~~
JohnFen
I don't know of any one-stop shop for such instructions (they vary according
to the make and model of the car). The last time I needed to learn this was a
number of years ago, and I just searched the web for "<car make and model>
disable antenna" or "disable telemetry cell".

------
LinuxBender
I agree with the article and I am voting with my wallet. My next vehicle will
be a 1970 Chevy truck.

------
schintan
unrelated to this particular article, but it seems nytimes coverage is tending
more and more towards tech Luddite category these days. It is one thing to
inform the readers but they seem to be bent on spreading fear about all things
tech.

~~~
pixl97
This is exactly what you should expect when tech companies get to run
roughshod over any regulations or consumer protections.

This isn't fear mongering against technology. This is bringing up absolute
points about corporations completely out of control. I mean, for all that is
good, the phone companies are still fighting the government on why it is good
they can sell our cellphone/location data to whoever they want.

~~~
brokenmachine
> tech companies get to run roughshod over any regulations or consumer
> protections.

Lol, what consumer protections?

------
sys_64738
Collecting my car data as a sanitized way of saying a creepy auto manufacturer
is constantly spying on us. In what scenario did it suddenly become okay for
corporate America to spy on us constantly?

------
gpvos
In Europe, the GDPR should protect against this. Is that actually the case,
and is an opt-out possible for all EU car owners? And would, e.g., a Tesla
whose owner has opted out still get software updates?

------
jjellyy
Good luck with that

------
bwb
Why?

Why not have that data go someplace it could do real good in informing better
safety systems, better traffic management and so on.

Privacy is a spectrum, I am getting kinda tired how people think data about
them is "theirs". In some cases maybe it should be, in other cases, it should
not be. Now maybe you should have a right to see it, download it, and remove
identifying markers but I am so tired of this extreme privacy movement.

~~~
ocdtrekkie
Hey, if the car manufacturer wants my data, fine. But they should have to buy
it from me, not be allowed to build a system that gives them my data for free
by default.

What Tesla does in particular is extremely egregious: Even if you don't pay
for Autopilot and hence can't use those sensors, Tesla still collects data
using sensors you own on your car!

~~~
dominotw
> not be allowed to build a system that gives them my data for free by
> default.

What do you mean by 'not allowed'. you have the option to not buy tsla if its
such a concern to you. There are tons of ppl who are ok with giving out their
data for free why shouldn't they be 'not allowed'.

Weird agrument, I don't like it so noone else should either.

~~~
inetknght
> _What do you mean by 'not allowed'. you have the option to not buy tsla if
> its such a concern to you._

This is a dangerous way of thinking. Transportation is a requirement for
getting ahead in life. Signing away your rights to privacy should not _ever_
be a requirement to obtain transportation.

~~~
dominotw
> Signing away your rights to privacy should not ever be a requirement to
> obtain transportation.

Lets talk about this when this is actually a thing. Creating preemptive 'not
allowed' laws would be throwing baby out of bathwater.

~~~
danso
The U.S. federal gov’t, via HIPAA, took a stance on what health providers
could do with patient data, rather than settling for a stance of “just find
the nearest hospital with your preferred terms and conditions” or “keep in
mind you don’t _need_ to see a doctor”

~~~
dominotw
> you don't need to buy a tesla

> you don’t need to see a doctor

Totally ridiculous strawman.

