How Bike-Sharing Services And Electric Vehicles Are Sending Personal Data To The Chinese Government
from the why-we-can't-have-nice-things dept
A year ago, Techdirt wrote about the interesting economics of bike-sharing services in China. As the post noted, competition is fierce, and the profit margins slim. The real money may be coming from gathering information about where people riding these bikes go, and what they may be doing, and selling it to companies and government departments. As we warned, this was something that customers in the West might like to bear in mind as these Chinese bike-sharing startups expand abroad. And now, the privacy expert Alexander Hanff has come across exactly this problem with the Berlin service of the world's largest bike-sharing operator, Mobike:
data [from the associated Mobike smartphone app] is sent back to Mobike's servers in China, it is shared with multiple third parties (the privacy policy limits this sharing in no way whatsoever) and they are using what is effectively a social credit system to decrease your "score" if you prop the bike against a lamp post to go and buy a loaf of bread.
Detailed location data of this kind is far from innocuous. It can be mined to provide a disconcertingly complete picture of your habits and life:
through the collection and analysis of this data the Chinese Government now likely have access to your name, address (yes it will track your address based on the location data it collects), where you work, what devices you use, who your friends are (yes it will track the places you regularly stop and if they are residential it is likely they will be friends and family). They also buy data from other sources to find out more information by combining this data with the data they collect directly. They know what your routines are such as when you are likely to be out of the house either at work, shopping or engaging in social activities; and for how long.
As Hanff points out, most of this is likely to be illegal under the EU's GDPR. But Mobike's services are available around the world, including in the US. Although Mobike's practices can be challenged in the EU, elsewhere there may be little that can be done.
And if you think the surveillance made possible by bike sharing is bad, wait till you see what can be done with larger vehicles. As many people have noted, today's complex devices no longer have computers built in: they are, essentially, computers with specialized capabilities. For example, electric cars are computers with an engine and wheels. That means they are constantly producing large quantities of highly-detailed data about every aspect of the vehicle's activity. As such, the data from electric cars is a powerful tool for surveillance even deeper than that offered by bike sharing. According to a recent article from Associated Press, it is an opportunity that the authorities have been quick to seize in China:
More than 200 manufacturers, including Tesla, Volkswagen, BMW, Daimler, Ford, General Motors, Nissan, Mitsubishi and U.S.-listed electric vehicle start-up NIO, transmit position information and dozens of other data points to [Chinese] government-backed monitoring centers, The Associated Press has found. Generally, it happens without car owners' knowledge.
What both these stories reveal is how the addition of digital capabilities to everyday objects -- either indirectly through smartphone apps, as with Mobike, or directly in the case of computerized electric vehicles -- brings with it the risk of pervasive monitoring by companies and the authorities. It's part of a much larger problem of how to enjoy the benefits of amazing technology without paying an unacceptably high price in terms of sacrificing privacy.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bike sharing, china, electric vehicles, gdpr, location, location info, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
Alexander Hanff
[ link to this | view in chronology ]
Re: Alexander Hanff
He never lost any years, the lawsuit was unenforceable in the U.K. so he just ignored it. For the last 12 years he has been fighting for stronger privacy laws with significant success.
[ link to this | view in chronology ]
And do you think...
[ link to this | view in chronology ]
Re: And do you think...
[ link to this | view in chronology ]
Anonymized and controlled transmissions
The big issue I see with all these IoT devices (bikes, cars, vehicle to vehicle and vehicle to infrastructure communications, etc) is twofold:
a) *nothing* is anonymous -- I can't think of a protocol that doesn't require some kind of unique address somewhere
b) *complete* loss of control over the datalinks to the endpoints. (not that ALPR isn't the same issue).
Looking at you Tesla, but I don't *want* your remote software updates or real-time tracking. And I don't want the vulnerability surface that the remote RF/Cellular/Internet data link presents. I can bring my own "infotainment"/"smartphone"/whatever for that.
[ link to this | view in chronology ]
Re: Anonymized and controlled transmissions
[ link to this | view in chronology ]
Re: Anonymized and controlled transmissions
Don't think I'm not aware that just carrying a smartphone means that I'm tracked. I'm not comfortable with it, though I know that the data would (should) just prove that I'm one of the most boring people in the world and clear me if there were ever in the need. Still, we should have some privacy.
[ link to this | view in chronology ]
Really sucks to be a spook these days. First thing, give up your Pokemon Go account...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
no such thing as a free lunch, er cheap bike sharing.
[ link to this | view in chronology ]
Re: no such thing as a free lunch, er cheap bike sharing.
[ link to this | view in chronology ]
Nope.
So go on, ask me whether I would use this service...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I am worried to hear it. Is it risky for us?
[ link to this | view in chronology ]