On the Road to Privacy Invasion: Unmasking the Reality of Auto Surveillance

With the rise of computerized components in vehicles, a new era of auto surveillance, facilitated by one's own car, is on the horizon. The affordability of mobile communications makes it possible to send a vast amount of data from a vehicle's sensors back to manufacturers in real-time.

Image generated with Penguin AI.

In 2019, it was estimated by the Washington Post that vehicles transmit about 25 Gbytes of data per hour, and it's safe to assume that this figure has increased since then.

However, a large amount of data is collected but not sent anywhere, instead being stored in the car itself. This data is used for historical analysis during vehicle servicing and repairs. This practice, though practical, presents a privacy concern since many car owners are unaware of the depth of personal data their vehicle stores, and therefore don't know to remove it when they sell their car.

What Does Auto Surveillance Entail?

Given the invasive nature of auto data collection, Privacy4Cars has created free Android and iOS apps to help users erase the comprehensive information logged by vehicle entertainment systems. This could include dialed phone numbers, call logs, location history, and garage door codes. Privacy4Cars recently introduced a new tool that provides a Vehicle Privacy Report for individual cars:

Each Vehicle Privacy Report comprises two important components: a Vehicle Privacy Label, which features ten standard, clickable icons that summarize a manufacturer's data collection, sharing, and selling practices according to their public documents, and a Vehicle Privacy History, which documents the actions companies have taken to protect their customers' privacy.

This report provides a straightforward method to understand exactly what data cars are collecting about their drivers. Matt Burgess from Wired magazine used this tool to analyze some of the top U.S. models and revealed fascinating insights about the extent of auto surveillance. Manufacturers collect standard but personal information such as names, addresses, Social Security numbers, and driving license details. Smart cars also amass and store technical data from in-car sensors.

For instance, Burgess discovered that Toyota's Tacoma, Camry, RAV4, and Highlander models collect detailed information about driver behavior, such as acceleration, speed, steering, braking function, and travel direction. They can also log in-vehicle preferences, such as saved favorite locations, and even images from external cameras or sensors.

Honda's CR-V and Civic models also collect detailed driver behavior data, including pedal position, engine speed, and steering angle. They keep records of internet and mobile communications like search content, call history, and voice commands. The Vehicle Privacy Report revealed that the popular Ford F150 truck:

Records driving data and characteristics like speed, pedal usage, seat-belt data, travel direction, precise location, speed, and local weather. Its voice recognition systems can collect data when activated. Additionally, its "media analytics" function captures information about in-car audio preferences, including radio presets, volume, channels, media sources, title, artist, and genre.

Auto Surveillance: A Lucrative Invasion of Privacy

While media analytics may seem innocent, it can provide valuable insights into a person's interests. The additional data collected from vehicle sensors essentially equates to continuous, real-time surveillance of your travel history.

The Chevrolet Silverado gathers various vehicle data, including battery, ignition, gear status, diagnostic information, and even "window data" indicating when and how windows are used. While it's unclear why this would be necessary, it demonstrates the granular detail of information collected by car sensors. Additional data includes location, route history, speed, and instances of "braking and swerving/cornering." This last detail could be valuable to insurance companies assessing driving competency.

The final models discussed in the Wired article are the Jeep Grand Cherokee and the Ram Pickup, two widely-used vehicles in the U.S:

The manufacturer collects driving data such as usage dates and times, speed, acceleration, braking data, trip details (including location, weather, route taken), and cruise control data. Like other manufacturers, it also collects data about the car's status, including "refueling activity," battery levels, images from cameras, error codes that are generated, and even facial and fingerprint data if services that require these kinds of data, such as digital keys, are used, according to the documents.

It's noteworthy to see how much vehicle surveillance has advanced in the past five years since it was first suggested that this could become an issue. It's not far-fetched to expect an increase in the detail and volume of information collected from an expanding range of sensors, all of which will be transmitted via 4G and 5G mobile internet connections. Most of this happens without the car owners realizing they're being monitored every second they drive.

Legislation is the only plausible measure that could put the brakes on this trend. In the EU, the General Data Protection Regulation (GDPR) already provides considerable protection against the misuse of personal data. However, it remains uncertain whether the U.S. will implement a similar measure at the federal level to protect people's privacy when they're on the road.

Post a Comment