Automakers Like TOTALLY Promise Not To Abuse The Ocean Of Location Data Their Cars Now Collect
from the trust-us,-we're-the-auto-industry dept
Hoping to assuage growing fears that vehicle data won't be abused, nineteen automakers recently got together and agreed to a set of voluntary principles they insist will protect consumer privacy in the new smart car age. Automakers promise that the principles, delivered in a letter to the FTC (pdf), require that they "implement reasonable measures" to protect collected consumer data, both now and as the industry works toward car-to-car communications. The principles "demonstrate the industry's commitment to its customers" and "reflect a major step in protecting consumer information" insists the industry.Should you bother to actually read the principles, the promised revolution in privacy protection quickly become less apparent. While the principles do require that automakers clearly communicate with customers (and by clear they mean "hey, here's some fine print saying we're selling your location data now"), many don't appear to actually do much of anything. Like this particular gem:
"Data Minimization, De-Identification & Retention: Participating Members commit to collecting Covered Information only as needed for legitimate business purposes. Participating Members commit to retaining Covered Information no longer than they determine necessary for legitimate business purposes."With "legitimate business purposes" being whatever they see fit, that doesn't mean much. Similarly, the industry's "groundbreaking" promises are also heavily peppered with the ambiguous word "reasonable," which can of course mean whatever they'd like it to mean:
"Participating Members commit to implementing reasonable measures to protect Covered Information against unauthorized access or use."Aka, we'll make some kind of ambiguous effort to secure your data. As with most efforts of this type, the goal is to preempt government from crafting new (or enforcing existing) privacy protections as the industry moves into more aggressive ways of monetizing location data. Said promises unsurprisingly aren't easing the worries of both safety and privacy advocates as we move into the vehicle black box age, notes the Associated Press:
"Industry officials say they oppose federal legislation to require privacy protections, saying that would be too "prescriptive." But Marc Rotenberg, executive director of the Electronic Privacy Information Center, said legislation is needed to ensure automakers don't back off the principles when they become inconvenient. "You just don't want your car spying on you," he said. "That's the practical consequence of a lot of the new technologies that are being built into cars."With many parts of this technology DRM locked, users won't have much control over or access to their own data (something the EFF is trying to fix with their latest slate of DMCA exemption requests). It's also worth noting this supposed circle of automotive trust was already quite rusted before cars became more intelligent; most car dealerships and garages are paid by Carfax to report vehicle mileage and accident repair, with Carfax in turn being paid for that data by insurance companies. Similarly most of the in-car infotainment systems rely on cellular chipsets from companies like AT&T and Verizon, who quite happily sell any and all location data that isn't nailed down, and consistently experiment with creative new privacy violations (despite very similar promises they'd be on their best behavior).
So while it's very sweet that the auto industry is promising to respect your privacy as they push into brave new data snoopvertising and location data tracking territory, like so many self-regulatory promises before it they likely aren't worth the paper they're printed on.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: automakers, cars, privacy, self-regulations, smart cars, tracking
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Me Too!
[ link to this | view in thread ]
This continuing creep toward collect-it-all needs more attention. There is no reason everything needs to be 'smart' and phone-home every detail of my person, house, papers, and effects.
I feel as if nearly every moment of my day is subject to wiretaps, and other forms of surveillance.
It no longer appears that "each man's home is his castle", as the government turns a blind eye to corporations filling in the moat, tearing down the buttresses, and raiding the larders. I suppose that makes perfect sense given the government ultimately gets an inventory of what was contained within, if not buying the scraped material outright.
Digging into the online marketing hierarchy of companies such as the primary crediting agencies which collect it all, sell the raw non-anonymized information to data aggregators for analysis / bucketing, who put access up to bid for 'targeted marketing' opportunities makes this all the more unnerving.
We need a massive public push toward recognition of fourth-amendment rights to our digital footprint. This unrestricted data grab creates enormous liability risk for everyone rolled into the database.
Not to mention value to appending DROP TABLES somewhere in childrens' name. https://xkcd.com/327/
[ link to this | view in thread ]
That should give you a clue of how little I trust the US Government.
[ link to this | view in thread ]
[ link to this | view in thread ]
Oh wait, no they won't.
[ link to this | view in thread ]
Sure, just like Uber has "legitimate business practices"
http://www.cnet.com/news/god-view-under-spotlight-as-uber-investigation-intensifies/#fta g=CAD590a51e
http://techcrunch.com/2014/11/19/we-are-watching-too/?ncid=rss
http://www.buzzfeed.com/jo hanabhuiyan/uber-is-investigating-its-top-new-york-executive-for-privacy
http://www.buzzfeed.com/bens mith/uber-executive-suggests-digging-up-dirt-on-journalists
Of course no car company would ever do such a thing. It's unthinkable. Just like they would never cover up known engineering or manufacturing defects that kill people. No, their extremely high ethical standards absolutely prevent this from ever happening at a car company.
[ link to this | view in thread ]
Re:
But it's getting more and more difficult to avoid having a car that spies on you.
[ link to this | view in thread ]
This type of data collection will continue
[ link to this | view in thread ]
Fight surveillance
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Fight surveillance
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
I assume that if the vehicle is taken in for servicing, one can decline to have the part replaced. They may whine about some silly DRM violations but I do not feel compelled to fix failed parts on my vehicle that I do not need. Proper maintenance of vehicle function, safety and emissions is understandable - however, I doubt one can be compelled to spend money in the maintenance of these needless intrusion devices.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Oh, well being able to of out of their data collection program seems pretty good...
Nevermind
"Use our cars and you agree to allow us to scoop up your data."
Someone please tell me I'm reading this wrong.
"Use our cars and you agree to allow us to scoop up your data AND share it
with other companies to do with as they please."
Please, please, please... someone... tell me I'm reading this wrong.
This is all on Page 8 just encase you want to check to see if I missed anything.
[ link to this | view in thread ]
Re:
Is what they want you to believe you are doing when you buy and use one.
"Own my car"
Is the reality of the situation.
Until the technology companies get it rammed through their heads that they do not own the device once they sell it, this mentality is going to lead us to a very dark place.
[ link to this | view in thread ]
Stun guns fix data collection, apply to the cretin authorizing it.
The first car to be hacked should be the ceo's.
[ link to this | view in thread ]
[ link to this | view in thread ]
Yet another
[ link to this | view in thread ]
data security
If you car has to share travel data with other cars for safety (e.g. "look ahead traffic jam avoidance") then there will be fake "stingray" devices along the roads pretending to be cars, collecting your info.
If the data travels back to the car companies over the network, it will be lifted via the existing taps.
[ link to this | view in thread ]
None of their #$@$&%/ business
Its NONE OF YOUR F-U-C-K-I-N-G BUSINESS where I drive.
[ link to this | view in thread ]
Calling Holley!
Then we need long-life 12v batteries - plug in the gear, and ship it UPS to friends around the country (or overseas). Ship it back and forth while you enjoy driving the car - then put it back in when you take the car in for service.
Let's see 'em figure out how we were driving across the Atlantic.. or travelling cross-country at 500MPH ...
[ link to this | view in thread ]
Re: Calling Holley!
[ link to this | view in thread ]
Re: Re: Calling Holley!
[ link to this | view in thread ]
OT: xkcd & Bobby Tables
I'm also an xkcd fan, but I've got to say he got that one wrong. The last line is about sanitizing database inputs. That's not the lesson that should be learned from this. What should be learned is the utility of regular and ongoing testing of backup procedures.
If you can pull it off the backup tapes, it won't matter that there are still umpteen billion programmers out there who've never heard of input data sanitization. If you can't pull it off the backups, all the data sanitization in the universe won't save you from any number of just as bad practices as failing to sanitize data, such as failing to regularly make and test backups.
This also means that any failure to pull data off backups should lead to instant job termination for everyone involved, and likely law suits.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
That voids the warranty. I hope your car wasn't built on a Friday (or is it Monday?).
[ link to this | view in thread ]
Re: Sure, just like Uber has "legitimate business practices"
[ link to this | view in thread ]
Re: OT: xkcd & Bobby Tables
The only way to do it right is with parametrized queries, which don't require any escaping.
[ link to this | view in thread ]
Re: Re: Sure, just like Uber has "legitimate business practices"
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Calling Holley!
Then don't break the law! If you have nothing to hide, then you have nothing to fear!
[ link to this | view in thread ]
Re: Re: Re:
Do that and the next you'll see is you need to be connected to the mother ship for the car to operate, as many computer games are doing now. After all, they've signed agreements to give your data to their partners, and if they can't do that you're stealing from them. They'll also void your warranty, and your insurance rate will skyrocket.
What a great century this is turning out to be.
[ link to this | view in thread ]
Re: Re: Re: Sure, just like Uber has "legitimate business practices"
[ link to this | view in thread ]
Re: Re: Re: Re: Calling Holley!
[ link to this | view in thread ]
Re: Re: Re: Re: Calling Holley!
Idiot troll
[ link to this | view in thread ]
Re: Re: Re: Calling Holley!
Or everytime you fail to come to a complete stop for a full 3 seconds. Each and every trip could end up costing you many hundreds of dollars!!
[ link to this | view in thread ]
With "promises" like that.....
http://en.wikipedia.org/wiki/AMC_Gremlin
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Sure, just like Uber has "legitimate business practices"
Does Uber own those automobiles?
If they do, fine. If they don't: that's reason enough to scrutinize their business.
[ link to this | view in thread ]
Your car?
[ link to this | view in thread ]
Re: Your car?
Even better than cutting off the data stream would be sending fake data. It would be fun to send them location data that shows you driving across the Atlantic outlining dickbutt figures.
[ link to this | view in thread ]
Re:
You're reading this wrong. I think.
When they say certain things require "affirmative consent," that means they can't just scoop it up - they need your permission first. (Anything NOT covered by the affirmative consent, on the other hand, they WILL just scoop up.)
[ link to this | view in thread ]
Re: Re:
"Your continued use of the product will be assumed to be consent ...
[ link to this | view in thread ]
Re: Automakers abuse info.
[ link to this | view in thread ]