We’ve been telling you about the lack of data security in your car for some time now. Police investigators are increasingly taking notice of the flimsy security in cars and are now using that in-car data to solve crimes. There’s another side to this coin, though: As critics argue, that openness of the onboard computers in cars is a burgeoning privacy nightmare.
A new report from NBC highlights just how much information the police can access from your car:
Law enforcement agencies have been focusing their investigative efforts on two main information sources: the telematics system — which is like the “black box” — and the infotainment system. The telematics system stores a vehicle’s turn-by-turn navigation, speed, acceleration and deceleration information, as well as more granular clues, such as when and where the lights were switched on, the doors were opened, seat belts were put on and airbags were deployed.
The infotainment system records recent destinations, call logs, contact lists, text messages, emails, pictures, videos, web histories, voice commands and social media feeds. It can also keep track of the phones that have been connected to the vehicle via USB cable or Bluetooth, as well as all the apps installed on the device.
Together, the data allows investigators to reconstruct a vehicle’s journey and paint a picture of driver and passenger behavior. In a criminal case, the sequence of doors opening and seat belts being inserted could help show that a suspect had an accomplice.
Police are taking full advantage of this data to investigate crimes, like the 2017 murder of Ronald French, a Michigan man. The man charged in French’s killing was arrested after a recording of him using the hands-free radio tuning feature was pulled from the voice-controlled infotainment system of French’s Chevy Silverado.
One company, Berla, a Maryland-based cybersecurity firm, offers forensic software that gives law enforcement access to over 14,000 car models across multiple brands, according to NBC. I didn’t even know there were that many models with advanced infotainment systems.
While finding the guilty and exonerating the innocent is all well and good, this openness of the software is a huge problem for anyone concerned with privacy (which should be everyone). It has already done real-world harm. From NBC again:
Just as the trove of data can be helpful for solving crimes, it can also be used to commit them, Amico said. He pointed to a case in Australia, where a man stalked his ex-girlfriend using an app that connected to her high-tech Land Rover and sent him live information about her movements. The app also allowed him to remotely start and stop her vehicle and open and close the windows.
“These crimes have made me feel unsafe,” the victim told the court, according to ABC News Australia, which named neither the victim nor the accused. “Made me fear the technology I once embraced and left me with a deep distrust of the cybersecurity protections and laws currently in place, now I know they can be exploited.”
No federal laws regulate what automakers can collect or do with the vast majority of our driving data. The Driver Privacy Act of 2015 regulates a vehicle’s event data recorder, a computer that stores a snapshot of information from immediately before, during and after a crash. However, privacy activists are calling for protections to extend to data collected by many of the other computers in an automobile, including the infotainment system.
That’s the major problem with data in general: There just isn’t the legal framework to protect citizens from having their personal information used and abused. Just two years ago GM admitted to collecting radio-listening data on 90,000 cars for advertising data purposes. Last year, journalists at the Washington Post took apart a Chevy Volt to see what information they could glean:
Among the trove of data points were unique identifiers for my and Doug’s [the car’s owner] phones, and a detailed log of phone calls from the previous week. There was a long list of contacts, right down to people’s address, emails and even photos.
...
In our Chevy, we probably glimpsed just a fraction of what GM knows. We didn’t see what was uploaded to GM’s computers, because we couldn’t access the live OnStar cellular connection.
Even Teslas, cars that strive to be recognized as the most technologically advanced on the market, contain a wealth of easily accessible data. With cars becoming more connected as we inch closer to a world with higher levels of computer-assisted driving, privacy concerns will only increase.
Economists and policy wonks have been saying for years that data is the new oil in terms of what will be the driving force in our economy. If that’s true, our cars are goldmines; they can report back not just where we go but who we’re talking to and about what. If that’s true, than it is up to all of us millions of data points to demand protections limiting access to our most lucrative resource.