Auto Makers Are Selling Data On Your Driving Habits To Your Insurer Without Properly Informing You
from the I-can't-drive-55 dept
Last September, Mozilla came out with a privacy study indicating that the auto industry was the worst tech industry the organization tracked. Mozilla found that not only does the industry hoover up a ton of data from your use of vehicles, it collects and monetizes most of the data on your phone. Often without transparency or adequate safeguards:
“All 25 car brands we researched earned our *Privacy Not Included warning label — making cars the official worst category of products for privacy that we have ever reviewed.“
Fast forward to this week, and the New York Times’ Kashmir Hill has a new story exploring how the auto industry is also collecting reams of personal driving data, then sharing it with your insurance company. More specifically, automakers are selling access to the data to Lexis Nexis, which is then crafting “risk scores” insurance companies then use to adjust rates. Usually upward.
If consumer approval is even obtained, it’s obtained via fine print buried deep in user agreements either in automakers’ car apps or road-side assistant apps:
“Automakers and data brokers that have partnered to collect detailed driving data from millions of Americans say they have drivers’ permission to do so. But the existence of these partnerships is nearly invisible to drivers, whose consent is obtained in fine print and murky privacy policies that few read.”
Even law professors, who are surely used to reckless treatment of consumer data at this point, were somehow surprised at the cavalier behavior by the auto industry:
“I am surprised,” said Frank Pasquale, a law professor at Cornell University. “Because it’s not within the reasonable expectation of the average consumer, it should certainly be an industry practice to prominently disclose that is happening.”
This is the same auto industry that has been fighting tooth and nail against “right to repair” reforms — in a bid to protect their lucrative repair monopolies — often under the pretense that they’re just that concerned about the consumer privacy ramifications.
Please notice that the absolute bare minimum that the auto industry could be doing here is making this tracking and monetization of your data transparent, and they’re not even doing that. Because they know Congress and U.S. federal regulators, lobbied into apathy over decades, are too corrupt to take meaningful action. At least not at any real, consistent scale.
Again, like countless past scandals, this is the direct byproduct of a country that has proven too corrupt to pass even a baseline privacy law for the internet era. Too corrupt to regulate data brokers. And obsessed with steadily defanging, defunding, under-staffing and curtailing the authority of regulators tasked with overseeing corporations with a broad and reckless disdain for U.S. consumer privacy and safety.
Senator Edward Markey of Massachusetts has urged the Federal Trade Commission to investigate. And California regulators are purportedly investigating automaker privacy standards. But a grotesquely corrupt Congress means federal inquiries will likely go nowhere (also keep in mind looming Supreme Court rulings are poised to erode federal regulatory authority further). And any inquiries that do materialize will feature fines that are miniscule compared to the money made from the abuses.
The data-hoovering surveillance economy we’ve created is so lucrative, all the financial incentives point in the wrong directions. And the only thing likely to shake U.S. politicians out of their corrupt stupor is a scandal so extreme — potentially involving mass fatalities or the leaked data of the rich and powerful — that the problem is no longer easy to ignore. And even then, we’ll still probably try.
Filed Under: automakers, cars, consumer protection, data brokers, ftc, privacy, security, surveillance, tracking, vehicles
Comments on “Auto Makers Are Selling Data On Your Driving Habits To Your Insurer Without Properly Informing You”
If they’re going to harvest and then sell our data, they should be giving away the cars for free.
Re:
No…no… my friend.
Soon, you’ll be charged for the privilege of getting your activity monitored and sold to anyone with a heartbeat.
It’ll be a mandatory subscription model, enforced by laws Republicans pass, to “protect the kids” or some such fallacy.
Re: Re:
And that subscriptiobn model can be hacked and circumvented.
Just cross the border into Mexico and find a shop that can do it.
US laws do not apply in Mexico.
The one thing in cars now where the engine stops at a light and then starts again when you relase the brake can be hacked, just take your can into Mexico and have it done down there.
I had that done with one car I had. U drove 500 plus to Tijuana and had that done, and no U.S. laws were broken because I am only subject to MEXICAN laws in Mexico. The DMCA has NO jurisdiction in Mexico. Shops in Mexico do not have to follow American laws, even with American registered cars.
Features like kill switches or this “tattle tale” devices can also be hacked, south of the border where American laws do not apply.
You can drive from anywhere in central or southern California within a a day.
Re: Re: Re:
Under the DMCA, you can get done for being in possession of a circumvented device no matter where the circumvention occurred or who carried it out, ignoramus.
Re: Re: Re:2
Not for personal use
Tfat is why, over 20 years ago, I could plug a tape recorder into the back of my computer and record drm encased tracks to cassette tapes to be able to play in my car
That did not violate the dmca because I was doing it fur personal use a d not for financial gain.
That means making money.
Using a crack to bypass windows activation up through Vista did not break the dmcs because I was doing it my own private use and not doing it to make money.
“Commercial or private financial gain” means making money
That is why plugging a tape recorder into the back of my computer and recording from protected tracks to casettes did not break the dmca when I did that.
Re: Re: Re:3
Now I know you’re being disingenuous, since circumvention of technological measures for personal use is not exempted from the DMCA. Read it, dipshit.
Re: Re:
It’ll be a mandatory subscription model, enforced by laws Republicans pass, to “protect the kids” or some such fallacy.
divide and conquer
they are winning. dividing us every way imaginable.
Re:
What they should do: [above].
What they will do: introduce a new “premium” subscription tier for ad-free driving. Vehicle account holders at the “standard” tier will now see ads every five minutes. Please assume the monetization position, consumer.
Re: Re:
I wish them luck with this. I’ll rig up a fucking 8-track player from 1982 to avoid ads while I drive..lol
Re: Re: Re:
Just find a shop somwwhere in Mexico where you get that circumvented. The DMCA does not have jurisdiction in Mexico
Re: Re: Re:2
Then run the circumvented car in the US, where the DMCA is in full effect, and where you can get done for being in possession of a circumvented vehicle? Good luck with that, ignoramus.
Re: Re: Re:3
If anyone tried to arrest me I would resist.
I have a what I like to call w big brute SUV at 3 tons of weight.
That is enough to smash any police roadblock to hell if my run. Just floor it and crash right through it.
My SUV could turn any squad car used to block the road into scrap metal. The only thing the cops could do is get the hell out of the way.
That squad car woukd be totalled and then that department woukd have a new one to replace it.
Re: Re: Re:4
Detained on charges of resisting arrest. Nice going.
And now held without trial as a terrorist. You’re really going for the gold medal for dipshittery, aren’t you?
Re: Re: Re:3
Again, not for personal use
The felony provisions only apply it you do it forbthr purpose of making money, “commercial or private financial gain”
If I had the skills and I did it myself I would not be breaking the dmca because I wish he be doing it my my own personal non commercial use.
Circumvention for your own private use is not a felony because it is not being done to make money.
That is why I could use cracks to bypass windows product activation in windows versions up through Vista and not be breaking the law as I was only doing it for my own personal use and not doing it to make money.
The crack sites like astalsvista have disappeared because they were breaking the law where I was not. Since they carried ads, that became fir financial gain.
Gotta pay for that server somehow
That is also why I can use one gps that circumvents Google’s android auto restriction that Google maps be the only gos app in Android auto
They cracked that and charge about $15 a year at current exchange rates for that to work
I am not breaking the law using it because I am doing it for my own private use.
And because the company doing this is in Slovenia, they are not subject to the dmca, so they can never be prosecuted in the United States.
Our laws do not apply in Slovenia
Re: Re: Re:4
100% true. Finally.
Re: Re: Re:3
How are they going to know anyway?
What I like to call a “tattle tale” device can be defeated.
Back in the 90s when credit card transactions were not as secure as they are now I used a crack to use cyber sitter for free and I shut down their tattke tale system to alert them if a fake registration key was used
I just blocked that address at the firewall level and it never got back to Solid Oak Software
I had a housekeeper whode kids wouid get my computer started, and I put that on there so they could not access porn on my machine. One son of hers was the type who wouid try access porn on the net so I needed that
Blocking oaktree.solidoak.com to prevent their software from reporting back the fake registration hey even after the dmca was passed.
Re: Re: Re:4
Why do you think that bill was passed, criminal dipshit?
Re: Re:
How do I get my Verified blue check mark and will it then stop any possible cloning of my license plate?
/s
International incident
Now I’m reading that China is pissed about the TikTok thing… our leadership’s corruption is going to put us at war. Sh*tnozzles couldn’t care less about us.
Re: Replay
Where does it say that? Because the only thing worse than Mass Surveillance is War.
Re: Re:
https://www.bbc.com/news/world-us-canada-68554075
“China says TikTok ban would ‘come back to bite’ the US”
Re: Re: Re:
There’s this yawning chasm between “come back to bite us” and “we will declare actual, bullets and bombs, war if you do this”.
While it would likely influence their foreign policy (cough cough United Fruit Company), not even China has the incentives to go to war over the sad, sad fate of a single company.
Re: Re: Re:2
On a mere technicality, they don’t have the capability to go to war.
But the fact that China is reacting like this to Tiktok, while expected, is still mildly concerning.
Re:
And TikTok, or any other website is blocked, which the President will have power to do under this law, just set up your own private VPN abroad.
Until a few years ago, I did my home brew sports commentary by using the karaoke feature on one sound card I had, which would eliminate the commenters’ voice, allowing me to do my own play by play, but still have the natural sounds in the arena or stadium.
I was a quasi-pirate. Since I was doing my own commentary, the first amendment applied, but to be safe, I took payments for my online radio station in bitcoin, which I have been sitting on for years, and someday I will be very rich man. I am waiting for all 21 million bitcoins to be mined, then bitcoin will skyrocket in price, at which time I will become one of the richest men in America.
I am aleady looking at buying property, someday, in Mexico, where I can have a computer, and my own private VPN on a home computer there, where I can circumvent goverment blocking of any website.
There was a youtube video I listened to going to sleep saying that the TikTok ban will allow the government to ban any website it does not like.
Having a second home in Mexico, and using my owbn private VPN on any computer I place there, to bypass this blocking does not violate any provision of this bill, nor does it violate any other existing laws in the United States.
Also, a home computer in Mexico is not subject to the jurisdiction of the United States, even if the owner of that house is an American citizen.
it is not unlike I do now when I go on road trips to Mexico and “echo” off my computer to get iHeart or YouTube music while I am down there.
There are no laws in either Mexico or the United States that make it illegal.
Rolling your own VPN is the best way to avoid any ban on VPN providers in the future. With your own VPN for your own private use, you will fly under the radar.
And private VPNs cannot be banned, because business needs VPNs to for secure access to their network.
The rich people who can afford to do this will always have unfettered access to the Internet and cannot be stopped from using a VPN in a second home in a foreign country. That will never happen
Even countries like Italy, the UAE, Russias, or China that bans providers, does not ban private use VPNs.
"Monetize the digital exhaust"
“Monetize the digital exhaust” is an actual phrase for this used by an actual car company that I indirectly worked for. As in, like exhaust, cars are creating all of this data as a side effect of driving. And also, I suppose, like exhaust, you can get briefly high by huffing it, before dying?
(at the time they were also talking about selling access to customer driving data via NFTs, which gives you a very precise idea of the level of forethought and planning that went into that idea)
Ya know what would be funny? If car companies sold data on a politician and they got killed by a terrorist act using that data.
I am so fucking tired of idiot fucking americans accepting that using something YOU BOUGHT and in this case need to work comes with forced agreements that violate your rights or your privacy in order to use it.
Re:
After all the dust settled, it would still be a pittance fine, because the laws have been fucked for the highest bribe.
Source: The fucking world we live in.
There must be an angle here where children are adversely affected by this wanton disregard for the privacy of individuals.
More than just platforms
Cory Doctorow created the term enshittification to describe platform decay, but it clearly applies to automobiles as well.
Re: More than just Internet platforms
Yes, enshitification definitely applies to more than just Internet platforms. It seems like it applies to just about every aspect of our current society.
From the Wikipedia article:
I think we are fast approaching the “and then they die.” stage in many aspect of our society, ie serious societal collapse due to rampant enshittification.
Re:
Yes, and not just related to electronics. Some decades ago, a neighbor was bitching about how their car manufacturer had made the oil port/filter needlessly difficult to access—as if no mechanic had been consulted during the design, or they just didn’t want people doing this themselves.
Why is this bad and TikTok good
Can someone explain why data brokers or car companies selling your data is bad but it’s ok if TikTok does it?
Re:
It’s not. It’s all bad. But banning TikTok alone doesn’t fix the problem (hell, it doesn’t even really make a dent), because of shit like this.
Re:
It’s all bad.
With tiktok what you have is a bunch of liars trying to punish tiktok for behavior that could and should be stopped by blocking it for everyone.
Re:
No one said it was ok if Tik Tok does it.
There’s enough pollution already without setting your stupid strawman on fire like that.
Re: Re:
Not a strawman! Literally yesterday, on this website there was an article defending TikTok.
I’m just trying to understand why banning brokerages is good while banning TikTok is bad. TikTok collects location data, just like the car companies. So why is it cool for TikTok to do it and not car companies?
Re: Re: Re:
Nobody has claimed that it is.
The only claim that’s been made is that banning Tiktok solves nothing when data privacy in general is a shitshow.
Re: Re: Re:2
Actually, that’s not a claim. It’s a statement of fact.
Re: Re: Re:
Saying that it’s bad to ban a company does not imply the company is in any way “good”, “cool”, or “okay”. Kind of like how courts have repeatedly said it’s legal for those “god hates fags” assholes to protest at the funerals of strangers—not okay, just legal.
Re:
“Can someone explain why data brokers or car companies selling your data is bad but it’s ok if TikTok does it?”
I don’t have to use tiktok.
Re: Re:
You don’t have to buy a car either.
Re: Re: Re:
Depending on where you live, yes, you pretty much have to.
At least if you want to do things like “have a job” and “participate in society”.
Re: Re: Re:
Yeah, this is true.
There are other things I do not need, like modern dentistry.
I suppose I do not need to eat either.
It is true that you do not need to comment, wont matter much tho.
Re: Re: Re:
Says a fucking ignoramus that clearly doesn’t live in an American suburb.
It's much, MUCH worse than it appears
1. Once this data exists, and once it enters the data broker ecosystem, anyone – ANYONE – who can afford to buy it, can buy it. Or they can hack it. Or they can just download it when it’s incorrectly secured in someone’s cloud. Or they can buy it under the table from a freelancing employee. Or…
2. This enables collection of data about third parties — for example, children. Consider a car that’s driven for 15 minutes Mon-Fri at 8:15 AM and 2:45 PM, except on school holidays (easily correlated by referencing the calendar of the school district that co-geolocates with the owner’s address). That’s someone taking one or more kids to school and picking them up. Which means that the driving data from the car allows someone to ascertain who has children and who doesn’t.
3. Similarly: this data is a goldmine for stalkers, kidnappers, assassins, burglars, and everyone else who’d like to know where someone is…and where they aren’t.
4. It’s also a goldmine for governments, and any government intelligence agency worthy of the name will avail themselves of it, one way or another.
5. When correlated with cell tower records — another data source that’s badly in need to restriction and regulation — this will (in some, but not all cases) facilitate identifying who traveled with who from where to where and from when to when.
6. And so on. It just keeps getting worse. But Congress is, as noted, utterly incapable of grasping this problem and well beyond incapable of crafting and passing effective legislation to deal with it. So all we can do is wait for the inevitable tragedies to happen followed by the equally-inevitable denial of responsibility by the people who are responsible.
Re:
Yes, but somehow Right to Repair could potentially maybe allow some mysterious evil hackers, who strangely don’t know they can just buy your data dirt cheap, to get to your data from your car or devices.
Re: Re:
Why would they bother? Sure, someone who handed over physical control of their vehicle to a third party runs the risk that the third party could access all this data, but: for one vehicle. It’s far more sensible and economically viable to buy (or otherwise acquire) the data for all the available vehicles. This not only scales far better, but it doesn’t require physical presence or the consent of the owner.
Re: Re: Re:
*whoooosh*
Re:
“6. And so on. It just keeps getting worse. But Congress is, as noted, utterly incapable of grasping this problem and well beyond incapable of crafting and passing effective legislation to deal with it. So all we can do is wait for the inevitable tragedies to happen followed by the equally-inevitable denial of responsibility by the people who are responsible.”
More likely Congress will either exempt themselves or will be offered special “privacy” vehicle options.
Exactly how do they access the data?
Can you avoid this if you never take your car to a dealership? Or if you never use a map app? Or if you turn your phone off while you drive? Or if you don’t bring your phone with you while you drive? Is there any way to ensure that your data is not being gathered?
Re:
Many modern cars have built in modems utilizing cell networks for example, one such system is OnStar by GM.
Re:
Well, how do you feel about owning a car that dos not meet emissions standards?
Re: Re:
afaik there are many older vehicles that are still operational and meet the emission regulations for that model year.
It might be less expensive to purchase an older vehicle as opposed to a new purchase and subsequent removal of select electronics.
But your data will still be collected, any holes may be filled in with bullshit.
Re:
Best thing you can do is turn all their connectivity settings off.
If you want to be really extreme (and can live without AM/FM radio and GPS) take out the antenna.
Re: Re:
Congress can’t, they are passing laws to make sure that AM is in every car if the owner wants it or not!!!
Its all about the secret plot to silence conservative voices & thats only covered up by the AM signals screwing with electric cars which are all pointless & evil anyways.
Re: Re: Re:
And automakers want to charge a subscription for you to access AM radio.
Of course that be circumvented
And contrary to popular opinion, circumvention for personal use does break the DMCA, as it does not meet the requirements that it be for financial gain.
Re: Re:
Just use a GPS jammer, problem solved
Well you braked hard 20 times and had quick starts 5 times so we are raising your insurance $3000.
Missing from the data…
15 of the hard stops were in parking lots where dipshits reversed without looking resulting in the driver slamming the brakes.
3 of the quick starts were them moving the car out of the way of an emergency vehicle.
Data removed from context isn’t useful, but hey Chevy’s making millions so we don’t need laws making sure data can’t be gathered without informed consent (people discovering their brand new car is already opted in should have some sort of recourse) but that gets in the way of corporate profits & even more data in the haystack so we can keep looking for the terrorist in every pot & surveillance in every part of our lives.
This tracking, at least in the United States, can defeated with a jammer to prevent your data from being sent out.
Jamming data is not illegal in the United States, as long as you do not use too much power.
Just beware that jammers are illegal in Canada and Mexico, so leave that jammer at home if you are driving across the border.
Whatever device is used could be jammed. Just get a jammer that jams wireless data.
Jamming data is not illegal in the United States is not illegal.
It is illegal in Canada and Mexico so leave that jammer at home if you are going to Canada or Mexico
As long as you don’t use toouch power jamming the wireless data link to the insurance company is not illegal in the USA, at least at the federal level.
Another way is pull out the right fuse and shut down the device that way.
There is no law in Canada, Mexico, or the USA that makes that a crime
Oh no!
Someone selling your criminal reckless bad lawbreaking driver data.
Let’s see,
If you drive properly your rates stay the same, or go down. If you break the law regularly, even without being caught, your rates go up. Sounds like justice.
There’s a reason rates are MUCH lower for those that install devices from the insurance company.