Vehicular privacy is one of those things we never thought we'd have to gripe about but, as automotive connectivity becomes the norm, it's become one of the most nagging issues in the industry.
Taking a cue from tech giants like Google, Facebook, and pretty much every other website you've ever connected to, automakers have begun leveraging customer data on a massive scale. Always-on internet connections exacerbated this problem (feature?), but it's extremely difficult to tell exactly what kind of information is being shot up into the cloud before ending up at a manufacturer's data center.
While we've seen cars hacked for the purpose of assessing how they'd stand up to malicious entities bent on wreaking havoc, few have attempted to decode the surplus of information emitted by your vehicle. We know this because people would probably be pretty upset to learn of the pathetic level of anonymity currently afforded to them. Despite spending tens of thousands of dollars on a new vehicle, privacy is rarely considered standard equipment.
Borrowing some techniques from crime scene investigators, The Washington Post recently attempted to figure out what kind of information automakers are most interested in. It contacted Jim Mason, an ARCCA engineer that helps reconstruct vehicle accidents, and chose a 2017 Chevrolet Volt.
General Motors has a substantial lead in data acquisition, and it's been pretty open about its interest in vehicular connectivity. (We've covered the evolution of OnStar, the rise of Marketplace, and GM's research into customer behavior before.) And that background is why The Post went with a Chevy for its tests.
Mason gave the outlet a rundown on how modern vehicles utilize multiple computers and often have an array of sensors (thanks to advanced driving aids) that can store information on internal hard drives in order to be transmitted back to base when convenient. Getting that data as the manufacturer is easy. However, doing so at home requires loads of expertise, time, special equipment, and enough sweat to disassemble part of the car.
From The Washington Post:
![]()
The vehicle's owner, Doug, contacted GM to see what kind of data was being transmitted from his vehicle and was simply directed to examine the company's privacy policy. Following up with dual written request to see his data under California's "Shine the Light" law (passed in 2003), he was reportedly met with silence.
Many automakers, including General Motors, claim they've found a way to protect customers by using "anonymized data." But it's practically meaningless when all the information being collected is building a user profile as distinct as a fingerprint - which is then shared with third parties GM can't tell you about.
The Washington Post article goes into additional detail about how these changes are impacting right-to-repair laws, government surveillance concerns, targeted advertising, unsavory insurance programs, and a bunch of other stuff we've already complained about. It wants you to be weary of data acquisition and address the need for more transparency within the industry. Right now, we've basically given automakers the ability to access the same information phone carriers and social media firms do with less protection.
Mason recommended those interested in maintaining their privacy simply drive an older vehicle assembled before connectivity was a concern. More realistically, one could purchase a lighter adaptor to charge their phone - as simply connecting it to a USB port would be enough for most vehicles to sweep up every scrap of data you had on it. He also suggested telling the dealer you want to become an expert on turning off connected services. However, this would only stop automakers from collecting certain kinds of data (usually location) and isn't a feature most newer models possess.
first published by TTAC
Taking a cue from tech giants like Google, Facebook, and pretty much every other website you've ever connected to, automakers have begun leveraging customer data on a massive scale. Always-on internet connections exacerbated this problem (feature?), but it's extremely difficult to tell exactly what kind of information is being shot up into the cloud before ending up at a manufacturer's data center.
While we've seen cars hacked for the purpose of assessing how they'd stand up to malicious entities bent on wreaking havoc, few have attempted to decode the surplus of information emitted by your vehicle. We know this because people would probably be pretty upset to learn of the pathetic level of anonymity currently afforded to them. Despite spending tens of thousands of dollars on a new vehicle, privacy is rarely considered standard equipment.
Borrowing some techniques from crime scene investigators, The Washington Post recently attempted to figure out what kind of information automakers are most interested in. It contacted Jim Mason, an ARCCA engineer that helps reconstruct vehicle accidents, and chose a 2017 Chevrolet Volt.
General Motors has a substantial lead in data acquisition, and it's been pretty open about its interest in vehicular connectivity. (We've covered the evolution of OnStar, the rise of Marketplace, and GM's research into customer behavior before.) And that background is why The Post went with a Chevy for its tests.
Mason gave the outlet a rundown on how modern vehicles utilize multiple computers and often have an array of sensors (thanks to advanced driving aids) that can store information on internal hard drives in order to be transmitted back to base when convenient. Getting that data as the manufacturer is easy. However, doing so at home requires loads of expertise, time, special equipment, and enough sweat to disassemble part of the car.
From The Washington Post:
Mason said he's also hacked into Fords that recorded positional data every few minutes, regardless of whether you're using the navigation system, and German models with 300 gigabyte hard drives exclusively used for data storage. He also referenced Tesla Model 3s that collected video clips from the cameras used for Autopilot. Creepily, Mason added that, in most instances, he's really only able to get a fraction of the data these cars collect.
The vehicle's owner, Doug, contacted GM to see what kind of data was being transmitted from his vehicle and was simply directed to examine the company's privacy policy. Following up with dual written request to see his data under California's "Shine the Light" law (passed in 2003), he was reportedly met with silence.
While we absolutely believe the latter claim, the former borders on a bald-faced lie. "Not linkable to individuals?" Get real. Not only does this hacking experiment prove that the data GM is shifting is personal data (names, addresses, emails, locations, etc.), its corporate privacy policy explicitly says it can do this. The OnStar privacy statement claims GM can store and share your information "for as long as necessary."
This would feel a lot less ominous if automakers kept their promises. In 2014, twenty of the world's largest automotive manufacturers collectively agreed to meet or exceed commitments contained in the Automotive Consumer Privacy Protection Principles and protect personal information collected through in-car technologies. Unfortunately, it hasn't amounted to much. Carmakers are collecting more data than ever and feverishly attempting to find ways to monazite it in the coming years.
Many automakers, including General Motors, claim they've found a way to protect customers by using "anonymized data." But it's practically meaningless when all the information being collected is building a user profile as distinct as a fingerprint - which is then shared with third parties GM can't tell you about.
The Washington Post article goes into additional detail about how these changes are impacting right-to-repair laws, government surveillance concerns, targeted advertising, unsavory insurance programs, and a bunch of other stuff we've already complained about. It wants you to be weary of data acquisition and address the need for more transparency within the industry. Right now, we've basically given automakers the ability to access the same information phone carriers and social media firms do with less protection.
Mason recommended those interested in maintaining their privacy simply drive an older vehicle assembled before connectivity was a concern. More realistically, one could purchase a lighter adaptor to charge their phone - as simply connecting it to a USB port would be enough for most vehicles to sweep up every scrap of data you had on it. He also suggested telling the dealer you want to become an expert on turning off connected services. However, this would only stop automakers from collecting certain kinds of data (usually location) and isn't a feature most newer models possess.
first published by TTAC
