Cars are a 'privacy nightmare on wheels'. Here's how they get away with collecting and sharing your data

bnew

Veteran
Joined
Nov 1, 2015
Messages
57,337
Reputation
8,496
Daps
160,017

Cars are a 'privacy nightmare on wheels'. Here's how they get away with collecting and sharing your data​

by Katharine Kemp, The Conversation

Cars are a 'privacy nightmare on wheels'. Here's how they get away with collecting and sharing your data
Credit: Shutterstock

Cars with internet-connected features are fast becoming all-seeing data-harvesting machines—a so-called "privacy nightmare on wheels," according to US-based research conducted by the Mozilla Foundation.


The researchers looked at the privacy terms of 25 car brands, which were found to collect a range of customer data, from facial expressions, to sexual activity, to when, where and how people drive.

They also found terms that allowed this information to be passed on to third parties. Cars were "the official worst category of products for privacy" they had ever reviewed, they concluded.

Australia's privacy laws aren't up to the task of protecting the vast amount of personal information collected and shared by car companies. And since our privacy laws don't demand the specific disclosures required by some US states, we have much less information about what car companies are doing with our data.

Australia's privacy laws need urgent reform. We also need international cooperation on enforcing privacy regulation for car manufacturers.

How do cars collect sensitive data?​

Apart from data entered directly into a car's "infotainment" system, many cars can collect data in the background via cameras, microphones, sensors and connected phones and apps.

These data include:
  • speed
  • steering, brake and accelerator pedal use
  • seat belt use
  • infotainment settings
  • phone contacts
  • navigation destinations
  • voice data
  • your location and surroundings
  • and even footage of you and your family outside your car. (Between 2019 and 2022, Tesla employees internally circulated intimate footage collected from people's private cars for their own amusement, according to reports.)

A lot of these data are used, at least in part, for legitimate purposes such as making driving more enjoyable and safer for the driver, passengers and pedestrians.

But they can also be supplemented with data collected from other sources and used for other purposes. For instance, data may be collected from your website visit, your test drive at a dealership, or from third parties including "marketing agencies" and "providers of data-collecting devices, products or systems that you use."

The latter is very broad since our TVs, fridges and even our baby monitors can collect data about us.

Mozilla points out these combined data can be used "to develop inferences about a driver's intelligence, abilities, characteristics, preferences and more."

Connected cars transmit data in real time​

While cars have been collecting large amounts of information since they became "computers on wheels", this information has generally been stored in modules in the vehicle and accessed only when the car is physically connected to diagnostic equipment.

Now, however, vehicles are being sold with connected features "in the sense that they can exchange information wirelessly with the vehicle manufacturer, third party service providers, users, infrastructure operators and other vehicles."

This means your connected car can transmit data about you and your activities, generally via the internet, to various other companies as you go about your life.

Where do the data go?​

In Australia, we have little information about how our information can be used and by whom.

In its US-based study, Mozilla found data from consumers' cars was being disclosed to other companies for marketing and targeted advertising purposes. It was also sold to data brokers.

Mozilla was able to uncover highly detailed information, largely because the laws of California and Virginia require specific disclosures about who personal data is disclosed to and for what purposes (among other higher privacy standards).

Australian privacy law doesn't require such specific disclosures. This is one reason car brands often have separate privacy policies for Australia.

A look at the privacy policies of various companies supplying connected cars in Australia reveals several vague, broad statements. Aside from using your data to provide you with connected services, these companies will:

Some may disclose your information to law enforcement or the government even when not required by law, such as when they believe "the use or disclosure is reasonably necessary to assist a law enforcement agency."

Trust us—we invented a 'voluntary code'​

It's safe to say car manufacturers generally don't want privacy laws tightened. The Federal Chamber of Automotive Industries (FCAI) represents companies distributing 68 brands of various types of vehicles in Australia.

During the recent review of our privacy legislation, the FCAI made a submission to the Attorney General's department arguing against many of the privacy law reforms under consideration.

Instead, it promoted its own Voluntary Code of Conduct for Automotive Data and Privacy Protection. This weak document seems designed to comfort consumers without adding any privacy protections beyond existing legal obligations.

For example, signatories don't say they're bound by the code. Nor do they promise to follow its terms. They only say its principles will "drive their approach to treatment of vehicle-generated data and associated personal information." There are no penalties for ignoring the code.

It even states signatories will "voluntarily notify" consumers of certain matters when the Privacy Act already requires this as a matter of law.

The code also notes third parties are increasingly interested in accessing and using consumers' data to provide services, including insurance companies, parking garage operators, entertainment providers, social networks and search engine operators.

It says companies making data available to such third parties "will strive to inform you" about this.

We need privacy law reform​

The government recently proposed important and wide-ranging privacy law reforms, following the Privacy Act Review which began in 2020. These changes are long overdue.

Proposals such as an updated definition of "personal information" and higher standards for "consent" could help protect consumers from intrusive and manipulative data practices.

The proposed "fair and reasonable test" would also assess whether a practice is substantively fair. This would help avoid claims data practices are lawful just because consumers had to provide consent.

The FCAI points out many cars aren't specifically designed for Australia's relatively small market, so increased privacy standards might result in some vehicles not being released here. But this isn't a reason to carve out vehicles from privacy law reform.

Privacy laws are also being upgraded in numerous jurisdictions overseas. Australia's government agencies should coordinate with their international counterparts to protect drivers' privacy.

Provided by The Conversation
 

Estarossa

Rosé Gold
Joined
Aug 20, 2015
Messages
6,162
Reputation
1,724
Daps
40,331
Reppin
Maryland

How do cars collect sensitive data?​

Apart from data entered directly into a car's "infotainment" system, many cars can collect data in the background via cameras, microphones, sensors and connected phones and apps.

These data include:
  • speed
  • steering, brake and accelerator pedal use
  • seat belt use
  • infotainment settings
  • phone contacts
  • navigation destinations
  • voice data
  • your location and surroundings
  • and even footage of you and your family outside your car. (Between 2019 and 2022, Tesla employees internally circulated intimate footage collected from people's private cars for their own amusement, according to reports.)

A lot of these data are used, at least in part, for legitimate purposes such as making driving more enjoyable and safer for the driver, passengers and pedestrians.

giphy.gif
 

east

Screwed up... till tha casket drops!!
Joined
Aug 5, 2012
Messages
4,946
Reputation
3,110
Daps
15,552
Reppin
The Bronx ➡️ New England
i'm never gonna buy a car with a modem, it's old schools for me from here on out :yeshrug:

here's the original report
They can collect personal information from how you interact with your car, the connected services you use in your car, the car’s app (which provides a gateway to information on your phone), and can gather even more information about you from third party sources like Sirius XM or Google Maps. It’s a mess. The ways that car companies collect and share your data are so vast and complicated that we wrote an entire piece on how that works. The gist is: they can collect super intimate information about you -- from your medical information, your genetic information, to your “sex life” (seriously), to how fast you drive, where you drive, and what songs you play in your car -- in huge quantities. They then use it to invent more data about you through “inferences” about things like your intelligence, abilities, and interests.
my car is a 2015. it's not even connected to the internet.
3g radio or nah?
 

Geek Nasty

Brain Knowledgeably Whizzy
Supporter
Joined
Jan 30, 2015
Messages
30,673
Reputation
4,786
Daps
115,497
Reppin
South Kakalaka
There's going to be a huge black market for tech wizards currently playing around online to get into the business of disconnecting stuff from that IoT nightmare.
The only thing that will fix this is national laws with strong fines. I try to protect my personal data/info from crap like this and it’s impossible. when you try you see all the shady ways they try to finesse you.

iPhone updates have these vaguely worded wizards that turn on iCloud sharing behind your back. Online email accounts are harvesting your conversations. Even credit bureaus are selling your transaction data.
 

east

Screwed up... till tha casket drops!!
Joined
Aug 5, 2012
Messages
4,946
Reputation
3,110
Daps
15,552
Reppin
The Bronx ➡️ New England
The only thing that will fix this is national laws with strong fines.
the government's not gonna do shyt, they abuse this as much as possible :mjlol:
 

Geek Nasty

Brain Knowledgeably Whizzy
Supporter
Joined
Jan 30, 2015
Messages
30,673
Reputation
4,786
Daps
115,497
Reppin
South Kakalaka
the government's not gonna do shyt :mjlol:
People have been conditioned to give up privacy. Get people educated and we’ll start moving in the direction of Europe.
 

MajesticLion

Veteran
Joined
Jul 17, 2018
Messages
29,638
Reputation
5,109
Daps
64,573
The only thing that will fix this is national laws with strong fines. I try to protect my personal data/info from crap like this and it’s impossible. when you try you see all the shady ways they try to finesse you.

iPhone updates have these vaguely worded wizards that turn on iCloud sharing behind your back. Online email accounts are harvesting your conversations. Even credit bureaus are selling your transaction data.

Agreed, except that the lawmakers are already compromised via campaign funding. :francis:

People have had a long time to get used to the idea of the need to tweak Windows - updates now turn back on privacy settings that you turned off, they don't even ask - but still haven't really clued in for the need to do it for everything else.
 

Eastbmore

Man, money ain't got no owners.
Supporter
Joined
May 24, 2022
Messages
270
Reputation
95
Daps
1,062
I wrote a paper recently and referenced this type of connection to the Internet and the Internet of Things (IoT). IoT is basically the connection of all your devices, for example: Your apple watch is connected to your phone, both of which have mics that are always on; they are connected to your car via Bluetooth, and the car is also connected to the internet; you arrive home and you are connected to your home devices like your laptop, smart thermostat, etc.

The danger in IoT security is the lack of encryption on regular transmissions. Many IoT devices don’t encrypt the data they send, which means if someone penetrates the network, they can intercept credentials and other important information transmitted to and from the device.

Vehicles have been connected to the internet since OnStar and GPS devices. Back in 2015 cybersecurity specialists hacked into a Jeep Grand Cherokee via its multimedia system. They used that connection to connect to other software in the vehicle, reprogram it, and drive the vehicle....like a remote-controlled car!!!

I'm not saying that we should all try to be disconnected. It's almost impossible. But I do want all the brehs and brehettes to be aware of how vulnerable we all are to cybercrime and how important it is that the companies we patronize prioritize the security of our data. Also, be mindful that if you are going to commit crimes, all of these devices can and will tell on you.
 
Top