Hacker News new | past | comments | ask | show | jobs | submit login
Court rules automakers can record and intercept owner text messages (therecord.media)
91 points by leotravis10 on Nov 8, 2023 | hide | past | favorite | 28 comments



> In an example of the issues at stake, plaintiffs in one of the five cases filed suit against Honda in 2021, arguing that beginning in at least 2014 infotainment systems in the company’s vehicles began downloading and storing a copy of all text messages on smartphones when they were connected to the system.

> An Annapolis, Maryland-based company, Berla Corporation, provides the technology to some car manufacturers but does not offer it to the general public, the lawsuit said. Once messages are downloaded, Berla’s software makes it impossible for vehicle owners to access their communications and call logs but does provide law enforcement with access, the lawsuit said.

Ugh. Another reason to keep driving my old car.


The law-enforcement thing is inconvenient for some I'm sure, but surely that's a local recovery. The article goes on to suggest the messages are being mined and sold to advertisers.

Any insight into how they're uploading these messages? Kinda messed up if they're exfiltrating your stuff over a potentially-metered connection. That's not something you necessarily consent to...


Most new cars have cell-phone modems built in, providing telemetry back to automakers, since the mid 2010s. That is the dual purpose of the OnStar system, and the connections are paid for by the automakers. Because they buy them in such bulk, and have relatively low transmit rates, they get great deals on it.


Yep, Verizon offers machine plans as low as a couple bucks a month. We use them for ambulance data connections.


Inconvenient? As the owner of the car it is my personal property and therefore my 4th amendment rights must apply. The state & federal courts have been corrupted by Federalist appointees.


Android phones ask if you want to allow the Bluetooth device to access SMS and call logs. Simple enough to say no.


I had hoped that not being connected to the internet would protect you


How is this not a 4th amendment violation in terms of law enforcement access? Why are car owners not provided means of denying this to occur?


4A does not protect your rights against nongovernmental entities unless they are undertaking a role traditionally occupied by the government and the government knows and assents. This is typically known as the state actor doctrine. If you look it up to learn more, you will find cases about railroads drug testing their employees and FedEx searching for drugs.

Searching through your text messages in order to tune your search results is not traditionally the province of the government.


>it's OK if a corporation violates your rights

Wrong. It's that kind of shitty, just roll over, thinking that let everything get as bad as it has. The "Just let a 3rd party do it" loophole needs to be closed.


I’m not stopping you from being wrong and I’m certainly not stopping you from amending the Constitution.


“The district court properly dismissed Plaintiffs’ claim for failure to satisfy the WPA’s statutory injury requirement. See WASH. REV. CODE § 9.73.060. To succeed at the pleading stage of a WPA claim, a plaintiff must allege an injury to ‘his or her business, his or her person, or his or her reputation.’ Id. Contrary to Plaintiffs’ argument, a bare violation of the WPA is insufficient to satisfy the statutory injury requirement” [1].

This sounds like the correct ruling. What we need is (a) evidence of harm and (b) legislation defining certain absolute rights to privacy, without an injury requirement. Given these data are provided to law enforcement, finding (a) shouldn’t be impossible.

[1] https://www.documentcloud.org/documents/24133084-22-35448


> What we need is (a) evidence of harm

When corporate servers get hacked, 'harm' is simply assumed, even if the hack only copied information. Yet when that same kind of hack is perpetrated by corporations against consumers, via backdoor access they have hidden onto our devices, the courts pretend everything is fine.

I wonder if they would be as lenient if I sold phones I had backdoored to spy on calls and texts for me, out of my own backyard.


> When corporate servers get hacked, 'harm' is simply assumed, even if the hack only copied information

We’re not talking about a hack, but surreptitious recording. The legal owner of the conversation isn’t clear based on statute or case law within the context of relevant agreements. This is a case of the law needing to be tightened up.


It's a hack the same way that a locksmith making a surreptitious copies of his clients keys, then using those keys to plant listening devices through their homes, is breaking and entering.

Or my prior example of selling secretly backdoored phones from my yard - the only difference is the scale of the operation.


> my prior example of selling secretly backdoored phones from my yard

If you attached a long user agreement that discloses the back door, you’d be in roughly the same place under this statute.


As the 9th Circuit said in this case on 10/27/23:

“On appeal, Plaintiffs claim that a violation of the [Washington Privacy Act] itself is an invasion of privacy that constitutes remediable injury. But the statutory text does not support their interpretation.” [1]

So the ruling seems correct but also highlights what may be a flaw in the WPA.

[1]https://law.justia.com/cases/federal/appellate-courts/ca9/22....


What about people who might talk about personal injuries or mental illnesses that would affect their work? Wouldn't that risk damaging them if it was private information and sold?

Speaking of which, if a person had a mental illness and then started 'seeing ads' everywhere for the illness, could that exacerbate the illness? How would you prove evidence of harm?


I don't think the court would be satisfied by those, because they're both abstract hypotheticals. I think they want a specific person harmed in an explicit, documented way (e.g. Bob Smith has erectile dysfunction and had his reputation damaged because he was bombarded with ED ads in his car during a date, because the car manufacturer read his texts and used them to make an ad profile).


Why did their phone allow the messages to be downloaded in the first place ?


(Washington, US)


Why the hell is anyone actually using SMS text messages these days? It's not much different from using fax machines. The only thing SMS is good for is automated 2FA messages.



It’s not about the transport medium. My Honda also proxies iMessage and FaceTime.


I don't see how it can do that unless you give it your login details to those apps. And what about other apps, like WhatsApp, LINE, WeChat, or Messenger? I don't know anyone that uses iMessage or FaceTime; I didn't even think those were chat services.


SMS and iMessage are exposed via Bluetooth’s Message Access Profile. Facetime would use the Hands Free Profile. Access to both of those would be requested during pairing of the phone.

At least on iOS, the other apps would need permission to integrate with the necessary API to integrate with MAP. I’m not sure if this is even available with the public APIs.


What else am I supposed to use


The same thing everyone else in the civilized world uses: a chat app like Messenger, WeChat, LINE, or WhatsApp.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: