What your car knows about you
San Jose, Calif. — You probably know that you should delete all the data off your phone before you give it away and wipe the hard drive on your computer before you sell it.
But have you considered all the data stored on your car, and what you should do with it when you get rid of the vehicle?
Tony Aquila, CEO of Solera Holdings, a company that collects and analyzes data from cars, thinks you ought to be focusing on the privacy threat your car represents.
“You can learn more about you from your car than you can from your house,” Aquila said.
As Aquila and others note, cars have become mobile computers. Not only do they have numerous processors within them, they also have sophisticated arrays of sensors and many now can be connected to data networks or the internet. Cars these days are constantly collecting data and in many cases are transmitting it to car manufacturers and others.
“There’s a tremendous wealth of data there about how you drive and where you go and when you go there,” said John Simpson, director of the privacy project at Consumer Watchdog, an advocacy group. “It is potentially tremendously revealing.”
Cars have been collecting data since at least the late 1970s, when environmental regulations required manufacturers to keep track of and limit vehicle emissions. The amount of data cars generate and store has grown exponentially since then.
Many of the major components in cars, like brakes, engines and even tires, now have sensors on them that collect data about how they’re being used. Many cars now have navigation systems that track where drivers go. Many have sophisticated infotainment systems that store users’ address books and include apps that may collect and store other personal information.
And cars are starting to collect even more data than that. Many now have cameras and radar systems that can detect other vehicles. Some now have cameras inside the cockpit that attempt to determine whether drivers are too drowsy to drive. The number of sensors and data collected will only increase with self-driving vehicles.
Privacy advocates worry not only about what could be done with all the data that cars are collecting, but also that much of it is being gathered without users’ explicit permission.
Car manufacturers, their partners and even policymakers have largely focused on the positive benefits of this data collection. Most cars made in the last decade have so-called “black boxes” that save pertinent information taken from sensors immediately before accidents that can be used to help determine their cause. And nearly all vehicles made since the mid-1990s also have on-board diagnostic ports that auto service providers use to diagnose problems.
Meanwhile, manufacturers have been pitching connectivity in cars as a way to provide popular apps and services and as an important service and safety tool. Manufacturers can use the information to alert owners when they’re due for a service checkup or when they ought to replace their tires or brakes.
But the information gleaned from cars could be used in other ways that many people might find troubling. It could be used in states other than California to charge people different interest rates based on how they drive. It could be used to determine whether someone was having an affair.
Similar data could also be used to revoke drivers licenses or potentially by employers in ways that could affect drivers’ employment, if you speed or regularly drive under the influence. And it could be combined with other data to market all kinds of services to consumers. And that’s not to mention that the connections used to transmit data could also be used by hackers to seize control of a car.
While a Ph.D. candidate at the University of Washington, Miro Enev showed that researchers could identify individual drivers with only five to 10 minutes worth of data from the brake sensor in a car. A data scientist who now works for Nvidia, Enev worries that so-called deep learning techniques, where artificial intelligence is applied to large databases to find interesting patterns, will be used to analyze all the data being collected from cars. What manufacturers and their third-party partners discover may not be used for the benefit of car owners.
“It becomes a very slippery slope as far as what is possible,” Enev said. “It’s basically a big can of worms.”
Unfortunately, consumers right now don’t have a lot of tools they can use to monitor what and how much data is being collected on them. They also lack easy ways to delete that data either from the vehicles themselves or from manufacturers or others who have collected it from their cars.
Sen. Ed Markey, D-Mass., raised some of these concerns two years ago when he issued a report about the amount of data cars and automakers were already collecting. His investigation led automakers to voluntarily commit to limit some of the data collection and to be more transparent about it. But they retained the right to collect data for undefined “legitimate” business purposes.
Markey subsequently proposed a bill that would go further, limiting data automakers could collect without explicit permission, but it died at the end of the last Congress. And nothing has been done since then at the federal level to limit data collection.
Solera is working on software that would allow drivers to wipe the data off their car when they sell or dispose of it. Consumers can attempt to limit some of the data collection by only using their navigation systems when they really need to or by avoiding installing apps, privacy experts say. And Aquila recommends that consumers be sure to delete what data they can when they get rid of their car, things like their address books and navigation history.
But consumers should be aware that at least right now, there’s no way to completely wipe their digital fingerprints off their cars.