March 23, 2012 • By Paul Vachon
The Chevrolet Vega of 1975 came equipped with an electronic control unit underneath the hood. Through a network of sensors this unit monitored the vehicle’s essential systems: throttle position, idle speed, coolant temperature and most importantly, the fuel injection system — a first for an American car. The device synthesized the data and adjusted these systems to achieve maximum efficiency. It functioned inconspicuously—no dashboard touch screen or “driver interface” — and it was purely self-contained. Neither the control unit nor the Vega communicated with the outside world.
What a difference a few decades makes. At the 2012 North American International Auto Show in Detroit, Ford proudly unveiled the latest edition of MyFord Touch, an in-car communication and entertainment system available in most of its models. An amazing technical achievement, the system can do fun things — like seamlessly integrate a smartphone or mobile media player with the vehicle’s audio system to facilitate hands-free operation — as well as arguably more vital things like accessing traffic and road construction information in real time through an Internet-based system operated by a company, INRIX, that specializes in delivering current traffic info.
Information provided by “black boxes,” telematics, environmental monitoring, automated tolling devices like EZpass and (in the future) vehicle integration infrastructures all have the ability to make driving safer, more convenient, and more enjoyable.
But while drivers become more accustomed to and even demanding of “connectivity” behind the wheel, each advance can pose a threat to privacy. While users of MyFord Touch are likely fine that their car’s experience helped INRIX deliver a more complete traffic picture to others, they might not be so forgiving if their personal data ever were shared with third parties, ranging from say, a marketer to a divorce lawyer to law enforcement. (INRIX, to be clear, is not selling that information. “Unlike others who are trying to create ancillary business out of [personal identifiable information],” says the company’s Jim Bak, “who is sending us data is unimportant to us. What’s important is getting an accurate understanding of how fast traffic is moving in a given direction, on a given road at a particular time.” )
Watchdogs such as the Electronic Frontier Foundation and the Electronic Privacy Information Center are concerned with these issues. They include such vehicle privacy issues, along with questions ranging from tracking mobile phones to Google Street View, in what they term locational privacy.
Vehicle “telematics” is a newly coined term that, broadly defined, refers to the collection, transmission, and analysis of data derived from motor vehicles. So far, its use has related mostly to commercial activity — monitoring semis to ensure they’re on schedule, looking at the travel of sales reps in the field, etc.
But most cars sold to the public come equipped with similar technology, and these capabilities have given birth to networks such as GM’s OnStar and Ford’s Sync, which offer services such as navigation, hands-free calling, remote diagnostics, and “in-vehicle security” (including the ability of a service adviser to unlock the car if the driver locks the keys inside).
The amount of data gathered by these systems is extensive and includes location, speed, and distance traveled — all of which a driver may prefer be private. INRIX, for one, asks its customers to strip out “personal identifiable information” as it leaves the vehicle, explains Bak, while feeding the location, heading and speed data into the algorithms that in turn provide breaking traffic data.
“A vehicle’s location is potentially the most sensitive piece of driver information,” says Jay Stanley, senior policy analyst at the American Civil Liberties Union. “Location can reveal what businesses a person frequents, where they worship, who they associate with, etc.” The legal precedent set by Section 215 of the Patriot Act, which authorizes the FBI to search public library records, Stanley explains, can be used to access automotive telematics data. That information, in the same vein as library records, consists of archived data that is held by a third party and thus ineligible for Fourth Amendment protection.
Additionally, the patchwork of state laws offers uneven levels of protection, which likely accounts for vague language used in providers’ privacy policies.
This level of legal ambiguity was revealed in 2004 in the District of Columbia when police — without a warrant — attached a GPS tracking device on a car driven by suspected drug dealer Antoine Jones. By tracking his movements, law enforcement was able to gather evidence, which led to his conviction on cocaine trafficking. The appeal ultimately went to the U.S. Supreme Court, which in January unanimously ruled against the police, stating that a driver could presume a reasonable expectation of privacy while driving and therefore covered under the Fourth Amendment.
The Jones case, while it focused on a bolted-on device, nonetheless provided the motivation for the Geolocation and Privacy Surveillance Act, introduced in Congress in June 2011. In addition to clearly spelling out the need for a warrant in such circumstances, the bill would prohibit businesses from sharing information (either real time or historical) with third parties without the explicit permission of the vehicle owner. The bill, however, has been in the Senate Judiciary Committee since last July.
These concerns are especially relevant in the case of OnStar, whose system is built around a cell phone connection installed in to the car’s rearview mirror, and has led to longstanding fears it could be used as an electronic “bug” to eavesdrop on conversations in the car. More recently, concerns were raised about OnStar continuing to track customers who have cancelled the service but not specifically told OnStar to stop tracking them. Sen. Charles Schumer called the policy “one of the most brazen invasions of privacy in recent memory.”
OnStar’s privacy policy, posted on its website, states it lacks the capability of listening to in-car conversations without the occupant’s knowledge. The policy also lists circumstances under which the vehicle’s speed and location are tracked. These generally include user-initiated access of OnStar services or instances when the car is involved in an accident, after which first responders are summoned. It also states this information is disclosed when “required by law” — language Stanley sees as intentionally vague.
Then there are event data recorders, colloquially known as “black boxes.” They serve a purpose similar to that of black boxes that appear on aircraft, which pop into the public consciousness after plane crashes. In the case of cars, these boxes record data on vehicle speed, seat belt and brake usage, and air bag deployment. Originally intended to gather these numbers to better engineer enhanced safety features (when the information is anonymized), the devices are being installed on large trucks and the information used — a la aircraft — in a post-crash investigation.
Black boxes in cars have not yet been the subject of significant law enforcement scrutiny, explains Bruce Belzowski, assistant research scientist at the Transportation Research Institute of the University of Michigan, but that could soon change. “The police must already have a reasonable level of suspicion of wrongdoing, just as they would in any investigation. They cannot go on a fishing expedition.”
Looking to the future, vehicle integration infrastructure may be on the horizon as a way of allowing all the cars in an area, as well as the local roads, to be talking with each other to avoid accidents or reduce congestion.
So far, the projects have been advanced to promote safety and fuel efficiency, and not as an intrusion. Barbara Wendling, Chrysler’s manager of advanced safety technology and rulemaking explains that the data will be anonymized while conceding that behavior of individual drivers could be isolated.
Such a system will undoubtedly create new privacy issues should it be implemented. As the ACLU’s Stanley points out, “maintaining effective legal safeguards in the face of ever changing technology will continue to be a huge challenge.”
The Chevrolet Vega of 1975 came equipped with an electronic control unit underneath the hood. Through a network of sensors this unit monitored the vehicle’s essential systems: throttle position, idle speed, coolant temperature and most importantly, the fuel injection system — a first for an American car. The device synthesized the data and adjusted these systems to achieve maximum efficiency. It functioned inconspicuously—no dashboard touch screen or “driver interface” — and it was purely self-contained. Neither the control unit nor the Vega communicated with the outside world.
What a difference a few decades makes. At the 2012 North American International Auto Show in Detroit, Ford proudly unveiled the latest edition of MyFord Touch, an in-car communication and entertainment system available in most of its models. An amazing technical achievement, the system can do fun things — like seamlessly integrate a smartphone or mobile media player with the vehicle’s audio system to facilitate hands-free operation — as well as arguably more vital things like accessing traffic and road construction information in real time through an Internet-based system operated by a company, INRIX, that specializes in delivering current traffic info.
Information provided by “black boxes,” telematics, environmental monitoring, automated tolling devices like EZpass and (in the future) vehicle integration infrastructures all have the ability to make driving safer, more convenient, and more enjoyable.
But while drivers become more accustomed to and even demanding of “connectivity” behind the wheel, each advance can pose a threat to privacy. While users of MyFord Touch are likely fine that their car’s experience helped INRIX deliver a more complete traffic picture to others, they might not be so forgiving if their personal data ever were shared with third parties, ranging from say, a marketer to a divorce lawyer to law enforcement. (INRIX, to be clear, is not selling that information. “Unlike others who are trying to create ancillary business out of [personal identifiable information],” says the company’s Jim Bak, “who is sending us data is unimportant to us. What’s important is getting an accurate understanding of how fast traffic is moving in a given direction, on a given road at a particular time.” )
Watchdogs such as the Electronic Frontier Foundation and the Electronic Privacy Information Center are concerned with these issues. They include such vehicle privacy issues, along with questions ranging from tracking mobile phones to Google Street View, in what they term locational privacy.
Vehicle “telematics” is a newly coined term that, broadly defined, refers to the collection, transmission, and analysis of data derived from motor vehicles. So far, its use has related mostly to commercial activity — monitoring semis to ensure they’re on schedule, looking at the travel of sales reps in the field, etc.
But most cars sold to the public come equipped with similar technology, and these capabilities have given birth to networks such as GM’s OnStar and Ford’s Sync, which offer services such as navigation, hands-free calling, remote diagnostics, and “in-vehicle security” (including the ability of a service adviser to unlock the car if the driver locks the keys inside).
The amount of data gathered by these systems is extensive and includes location, speed, and distance traveled — all of which a driver may prefer be private. INRIX, for one, asks its customers to strip out “personal identifiable information” as it leaves the vehicle, explains Bak, while feeding the location, heading and speed data into the algorithms that in turn provide breaking traffic data.
“A vehicle’s location is potentially the most sensitive piece of driver information,” says Jay Stanley, senior policy analyst at the American Civil Liberties Union. “Location can reveal what businesses a person frequents, where they worship, who they associate with, etc.” The legal precedent set by Section 215 of the Patriot Act, which authorizes the FBI to search public library records, Stanley explains, can be used to access automotive telematics data. That information, in the same vein as library records, consists of archived data that is held by a third party and thus ineligible for Fourth Amendment protection.
Additionally, the patchwork of state laws offers uneven levels of protection, which likely accounts for vague language used in providers’ privacy policies.
This level of legal ambiguity was revealed in 2004 in the District of Columbia when police — without a warrant — attached a GPS tracking device on a car driven by suspected drug dealer Antoine Jones. By tracking his movements, law enforcement was able to gather evidence, which led to his conviction on cocaine trafficking. The appeal ultimately went to the U.S. Supreme Court, which in January unanimously ruled against the police, stating that a driver could presume a reasonable expectation of privacy while driving and therefore covered under the Fourth Amendment.
The Jones case, while it focused on a bolted-on device, nonetheless provided the motivation for the Geolocation and Privacy Surveillance Act, introduced in Congress in June 2011. In addition to clearly spelling out the need for a warrant in such circumstances, the bill would prohibit businesses from sharing information (either real time or historical) with third parties without the explicit permission of the vehicle owner. The bill, however, has been in the Senate Judiciary Committee since last July.
These concerns are especially relevant in the case of OnStar, whose system is built around a cell phone connection installed in to the car’s rearview mirror, and has led to longstanding fears it could be used as an electronic “bug” to eavesdrop on conversations in the car. More recently, concerns were raised about OnStar continuing to track customers who have cancelled the service but not specifically told OnStar to stop tracking them. Sen. Charles Schumer called the policy “one of the most brazen invasions of privacy in recent memory.”
OnStar’s privacy policy, posted on its website, states it lacks the capability of listening to in-car conversations without the occupant’s knowledge. The policy also lists circumstances under which the vehicle’s speed and location are tracked. These generally include user-initiated access of OnStar services or instances when the car is involved in an accident, after which first responders are summoned. It also states this information is disclosed when “required by law” — language Stanley sees as intentionally vague.
Then there are event data recorders, colloquially known as “black boxes.” They serve a purpose similar to that of black boxes that appear on aircraft, which pop into the public consciousness after plane crashes. In the case of cars, these boxes record data on vehicle speed, seat belt and brake usage, and air bag deployment. Originally intended to gather these numbers to better engineer enhanced safety features (when the information is anonymized), the devices are being installed on large trucks and the information used — a la aircraft — in a post-crash investigation.
Black boxes in cars have not yet been the subject of significant law enforcement scrutiny, explains Bruce Belzowski, assistant research scientist at the Transportation Research Institute of the University of Michigan, but that could soon change. “The police must already have a reasonable level of suspicion of wrongdoing, just as they would in any investigation. They cannot go on a fishing expedition.”
Looking to the future, vehicle integration infrastructure may be on the horizon as a way of allowing all the cars in an area, as well as the local roads, to be talking with each other to avoid accidents or reduce congestion.
So far, the projects have been advanced to promote safety and fuel efficiency, and not as an intrusion. Barbara Wendling, Chrysler’s manager of advanced safety technology and rulemaking explains that the data will be anonymized while conceding that behavior of individual drivers could be isolated.
Such a system will undoubtedly create new privacy issues should it be implemented. As the ACLU’s Stanley points out, “maintaining effective legal safeguards in the face of ever changing technology will continue to be a huge challenge.”
Pacific Standard Online, March 23, 2012.
