Automakers Like TOTALLY Promise Not To Abuse The Ocean Of Location Data Their Cars Now Collect

from the trust-us,-we're-the-auto-industry dept

Hoping to assuage growing fears that vehicle data won't be abused, nineteen automakers recently got together and agreed to a set of voluntary principles they insist will protect consumer privacy in the new smart car age. Automakers promise that the principles, delivered in a letter to the FTC (pdf), require that they "implement reasonable measures" to protect collected consumer data, both now and as the industry works toward car-to-car communications. The principles "demonstrate the industry's commitment to its customers" and "reflect a major step in protecting consumer information" insists the industry.

Should you bother to actually read the principles, the promised revolution in privacy protection quickly become less apparent. While the principles do require that automakers clearly communicate with customers (and by clear they mean "hey, here's some fine print saying we're selling your location data now"), many don't appear to actually do much of anything. Like this particular gem:
"Data Minimization, De-Identification & Retention: Participating Members commit to collecting Covered Information only as needed for legitimate business purposes. Participating Members commit to retaining Covered Information no longer than they determine necessary for legitimate business purposes."
With "legitimate business purposes" being whatever they see fit, that doesn't mean much. Similarly, the industry's "groundbreaking" promises are also heavily peppered with the ambiguous word "reasonable," which can of course mean whatever they'd like it to mean:
"Participating Members commit to implementing reasonable measures to protect Covered Information against unauthorized access or use."
Aka, we'll make some kind of ambiguous effort to secure your data. As with most efforts of this type, the goal is to preempt government from crafting new (or enforcing existing) privacy protections as the industry moves into more aggressive ways of monetizing location data. Said promises unsurprisingly aren't easing the worries of both safety and privacy advocates as we move into the vehicle black box age, notes the Associated Press:
"Industry officials say they oppose federal legislation to require privacy protections, saying that would be too "prescriptive." But Marc Rotenberg, executive director of the Electronic Privacy Information Center, said legislation is needed to ensure automakers don't back off the principles when they become inconvenient. "You just don't want your car spying on you," he said. "That's the practical consequence of a lot of the new technologies that are being built into cars."
With many parts of this technology DRM locked, users won't have much control over or access to their own data (something the EFF is trying to fix with their latest slate of DMCA exemption requests). It's also worth noting this supposed circle of automotive trust was already quite rusted before cars became more intelligent; most car dealerships and garages are paid by Carfax to report vehicle mileage and accident repair, with Carfax in turn being paid for that data by insurance companies. Similarly most of the in-car infotainment systems rely on cellular chipsets from companies like AT&T and Verizon, who quite happily sell any and all location data that isn't nailed down, and consistently experiment with creative new privacy violations (despite very similar promises they'd be on their best behavior).

So while it's very sweet that the auto industry is promising to respect your privacy as they push into brave new data snoopvertising and location data tracking territory, like so many self-regulatory promises before it they likely aren't worth the paper they're printed on.

Filed Under: automakers, cars, privacy, self-regulations, smart cars, tracking


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 20 Nov 2014 @ 9:35pm

    Finally, my preference for the 240Z over the Veyron is justified.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Nov 2014 @ 9:39pm

    Me Too!

    Hey, like I totally agree to behave in a reasonable manor. You can go ahead and declare me exempt from law enforcement now.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Nov 2014 @ 10:56pm

    I'm happy this is being covered on Techdirt.

    This continuing creep toward collect-it-all needs more attention. There is no reason everything needs to be 'smart' and phone-home every detail of my person, house, papers, and effects.

    I feel as if nearly every moment of my day is subject to wiretaps, and other forms of surveillance.

    It no longer appears that "each man's home is his castle", as the government turns a blind eye to corporations filling in the moat, tearing down the buttresses, and raiding the larders. I suppose that makes perfect sense given the government ultimately gets an inventory of what was contained within, if not buying the scraped material outright.

    Digging into the online marketing hierarchy of companies such as the primary crediting agencies which collect it all, sell the raw non-anonymized information to data aggregators for analysis / bucketing, who put access up to bid for 'targeted marketing' opportunities makes this all the more unnerving.

    We need a massive public push toward recognition of fourth-amendment rights to our digital footprint. This unrestricted data grab creates enormous liability risk for everyone rolled into the database.

    Not to mention value to appending DROP TABLES somewhere in childrens' name. https://xkcd.com/327/

    reply to this | link to this | view in chronology ]

    • icon
      tqk (profile), 21 Nov 2014 @ 9:01am

      OT: xkcd & Bobby Tables

      Not to mention value to appending DROP TABLES somewhere in childrens' name.

      I'm also an xkcd fan, but I've got to say he got that one wrong. The last line is about sanitizing database inputs. That's not the lesson that should be learned from this. What should be learned is the utility of regular and ongoing testing of backup procedures.

      If you can pull it off the backup tapes, it won't matter that there are still umpteen billion programmers out there who've never heard of input data sanitization. If you can't pull it off the backups, all the data sanitization in the universe won't save you from any number of just as bad practices as failing to sanitize data, such as failing to regularly make and test backups.

      This also means that any failure to pull data off backups should lead to instant job termination for everyone involved, and likely law suits.

      reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 21 Nov 2014 @ 10:25am

        Re: OT: xkcd & Bobby Tables

        What actually surprises me about that is that he made a serious technical error: if you are sanitizing inputs at all, you are Doing It Wrong. (Just look at the myriad iterations of PHP's escape_sql_properly_no_really_we_swear_we_got_it_right_this_time functions!)

        The only way to do it right is with parametrized queries, which don't require any escaping.

        reply to this | link to this | view in chronology ]

    • identicon
      Michael Warhurst, 17 Jan 2015 @ 1:01pm

      Re: Automakers abuse info.

      In NOT trusting corporations and their political pets you are less protected from them than if you really trusted them.... that is, to be exactly what they are! I do trust them to lie, cheat and steal whenever it is in their financial benefit to do so. It is more than 'in their nature' to lie steal and cheat. It is necessary if they are to maximize their profits. Corporations are completely amoral. Corporations are the organizational vehicles through which the 5% wealthiest (economic criminals) individuals, who own 80% of all corporate shares and control corporations, operate to plunder the working class. In the case of the American government, Wall Street now owns the legislators (operational fascism), the media, the agenda and the outcomes. Democratic government is not the problem; corporate controlled fascist government is the problem. The solution is not to throw out democratic government and directly throw ourselves completely at the mercy of elitist fascist corporations. The answer is to have democratic governance in the first place. The elites of the thirteen colonies promised democracy but delivered and created a form of governance which had the trappings of democracy (what were they going to promise? Reality?! Corporate elitist control of government and government tyranny which benefits the wealthiest and leaves the bills to be paid by workers???) but was really a fascist government controlled by the ultra wealth few! If one had real democratic governance and divided democratic power up into 50- to-hundreds of pieces and have elections every two years, the political system becomes incapable of governing in the interests of the vast majority and far easier to control by the elite few in their own interests. If America had perhaps a dozen states and governance where the political victor (as determined by a majority of votes) has say five years with which to respond to the majority of voters interests, democracy could have the ability to change the outcomes to be far less elite serving and produce outcomes which actually benefit the vast majority. The current system gives effective governance over to Wall Street whose interests greatly diverge from those of the vast majority of Americans. So when you cry out for economic justice do not rail against real democratic governance, rail against the elite controlled fascist government currently afflicting Americans. In addition corporations should not be "people" and should be disallowed from participating in politics in any way to truly achieve insulation from elitist corporate dictatorship.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Nov 2014 @ 10:57pm

    I'd still trust them more than the current or previous US administrations.

    That should give you a clue of how little I trust the US Government.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 12:00am

    Can I opt out of the hive-mind now? I don't like it any more.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 12:07am

    And now Techdirt will rail on Google for doing the same and worse for the past decade.

    Oh wait, no they won't.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Nov 2014 @ 3:09am

      Re:

      The difference is that it's pretty easy to avoid Google. Don't open an account there. Don't use their search engine. Don't allow their domains to run Javascript (NoScript). Don't allow their ads. (AdBlock). Heck, firewall their network allocations out, it's not hard.

      But it's getting more and more difficult to avoid having a car that spies on you.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 3:05am

    Sure, just like Uber has "legitimate business practices"

    It seems that Uber is staffed by vengeful stalkers who like spying on their customers and threatening journalists:

    http://www.cnet.com/news/god-view-under-spotlight-as-uber-investigation-intensifies/#fta g=CAD590a51e

    http://techcrunch.com/2014/11/19/we-are-watching-too/?ncid=rss

    http://www.buzzfeed.com/jo hanabhuiyan/uber-is-investigating-its-top-new-york-executive-for-privacy

    http://www.buzzfeed.com/bens mith/uber-executive-suggests-digging-up-dirt-on-journalists

    Of course no car company would ever do such a thing. It's unthinkable. Just like they would never cover up known engineering or manufacturing defects that kill people. No, their extremely high ethical standards absolutely prevent this from ever happening at a car company.

    reply to this | link to this | view in chronology ]

    • icon
      Blue Sweater (profile), 21 Nov 2014 @ 9:57am

      Re: Sure, just like Uber has "legitimate business practices"

      Holy shit give some warning before you go careening off into left field like that.

      reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 21 Nov 2014 @ 10:28am

        Re: Re: Sure, just like Uber has "legitimate business practices"

        Left field? This is exactly the sort of stuff people with their feet firmly on the ground have been warning about ever since a few people started getting carried away singing Uber's praises. The company's run by an Objectivist, which alone is essentially prima facie evidence that it's going to be sleazy and abusive. We've known about their illegal price gouging in crises (coming down straight from the top!) since Sandy hit New York, and now this.

        reply to this | link to this | view in chronology ]

        • icon
          Blue Sweater (profile), 21 Nov 2014 @ 11:33am

          Re: Re: Re: Sure, just like Uber has "legitimate business practices"

          I suppose, the article is about auto makers and Uber's business does involve using automobiles...

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 21 Nov 2014 @ 1:27pm

            Re: Re: Re: Re: Sure, just like Uber has "legitimate business practices"

            ...Uber's business does involve using automobiles...

            Does Uber own those automobiles?

            If they do, fine. If they don't: that's reason enough to scrutinize their business.

            reply to this | link to this | view in chronology ]

  • identicon
    Hector Comacho-Valdez, 21 Nov 2014 @ 3:53am

    This type of data collection will continue

    until people stop buying "garbage" products that track one's every move. Tech is cool, but enough with the obsession of the "internet of things" and having every fucking thing interconnected...its a goddamned solution in search of a problem.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 4:37am

    Fight surveillance

    Ride a bike!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 5:12am

    I suppose they will not mind if I make some kind of ambiguous effort to secure my data. Electronics are not flawless - shit happens.

    I assume that if the vehicle is taken in for servicing, one can decline to have the part replaced. They may whine about some silly DRM violations but I do not feel compelled to fix failed parts on my vehicle that I do not need. Proper maintenance of vehicle function, safety and emissions is understandable - however, I doubt one can be compelled to spend money in the maintenance of these needless intrusion devices.

    reply to this | link to this | view in chronology ]

    • identicon
      Michael, 21 Nov 2014 @ 5:39am

      Re:

      Good luck finding and disabling all of the tracking and monitoring devices in a modern car without disabling the car entirely.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 21 Nov 2014 @ 9:12am

        Re: Re:

        You don't need to disable any of the sensors. You only need to disable the communications link. That's easy to do and won't stop the car from operating.

        reply to this | link to this | view in chronology ]

        • icon
          tqk (profile), 21 Nov 2014 @ 11:29am

          Re: Re: Re:

          You only need to disable the communications link. That's easy to do and won't stop the car from operating.

          Do that and the next you'll see is you need to be connected to the mother ship for the car to operate, as many computer games are doing now. After all, they've signed agreements to give your data to their partners, and if they can't do that you're stealing from them. They'll also void your warranty, and your insurance rate will skyrocket.

          What a great century this is turning out to be.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 6:23am

    "Participating Members commit to offering Owners and Registered Users with
    certain choices regarding the collection, use, and sharing of Covered Information.
    "

    Oh, well being able to of out of their data collection program seems pretty good...

    "Certain safety, operations, compliance, and warranty
    information may be collected by necessity without choice.
    "

    Nevermind
    "When Participating Members provide notices consistent with the
    Transparency principle, an Owner’s or Registered User’s acceptance and use
    of Vehicle Technologies and Services constitutes consent
    to the associated
    information practices, subject to the Affirmative Consent provisions below.
    "

    "Use our cars and you agree to allow us to scoop up your data."

    Someone please tell me I'm reading this wrong.
    "Participating Members understand that the sharing and use of Geolocation
    Information, Biometrics, and Driver Behavior Information can raise concerns
    in some situations, therefore Participating Members also commit to obtaining
    Affirmative Consent expeditiously for the following practices:
    • using Geolocation Information, Biometrics, or Driver Behavior
    Information as a basis for marketing; and
    • sharing Geolocation Information, Biometrics, or Driver Behavior
    Information with unaffiliated third parties for their own purposes,
    including marketing.
    "

    "Use our cars and you agree to allow us to scoop up your data AND share it
    with other companies to do with as they please."

    Please, please, please... someone... tell me I'm reading this wrong.
    This is all on Page 8 just encase you want to check to see if I missed anything.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Nov 2014 @ 6:38am

      Re:

      "Use our cars"

      Is what they want you to believe you are doing when you buy and use one.

      "Own my car"

      Is the reality of the situation.

      Until the technology companies get it rammed through their heads that they do not own the device once they sell it, this mentality is going to lead us to a very dark place.

      reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 21 Nov 2014 @ 10:30am

        Re: Re:

        Thank you! I've been saying this for years: my property is my property! When I buy it, I own it, and the company that made it has no more claim on it. This is just another of the many reasons why DRM needs to be outlawed.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Nov 2014 @ 8:43am

      Re:


      Please, please, please... someone... tell me I'm reading this wrong.


      You're reading this wrong. I think.

      When they say certain things require "affirmative consent," that means they can't just scoop it up - they need your permission first. (Anything NOT covered by the affirmative consent, on the other hand, they WILL just scoop up.)

      reply to this | link to this | view in chronology ]

      • icon
        tqk (profile), 22 Nov 2014 @ 5:47pm

        Re: Re:

        When they say certain things require "affirmative consent," that means they can't just scoop it up - they need your permission first.

        "Your continued use of the product will be assumed to be consent ...

        reply to this | link to this | view in chronology ]

  • identicon
    Reality bites, 21 Nov 2014 @ 6:55am

    Stun guns fix data collection, apply to the cretin authorizing it.

    I'm sure if the drooling cretin coming up with the data collection idea was given a personal karma visit from every person the retard affected they would wise up quick.

    The first car to be hacked should be the ceo's.

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 21 Nov 2014 @ 7:16am

    Great, now we will have to jailbreak our cars too.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 7:19am

    Yet another

    ... wonderful consequence of copyright. Abolish copyright. It's the only way.

    reply to this | link to this | view in chronology ]

  • identicon
    RR, 21 Nov 2014 @ 7:31am

    data security

    Even if you trust the car companies (I don't), you can't trust them to keep the data secure. It will be intercepted in flight, or hacked away as part of the protocol.

    If you car has to share travel data with other cars for safety (e.g. "look ahead traffic jam avoidance") then there will be fake "stingray" devices along the roads pretending to be cars, collecting your info.

    If the data travels back to the car companies over the network, it will be lifted via the existing taps.

    reply to this | link to this | view in chronology ]

  • identicon
    Dan G Difino, 21 Nov 2014 @ 8:14am

    None of their #$@$&%/ business

    I buy a relatively new vehicle and the manufacturer wants to track my location after the vehicle is well paid for? What is the matter with this picture?

    Its NONE OF YOUR F-U-C-K-I-N-G BUSINESS where I drive.

    reply to this | link to this | view in chronology ]

  • icon
    TheResidentSkeptic (profile), 21 Nov 2014 @ 8:27am

    Calling Holley!

    Introduce a "retro-fit" (pun intended) kit to remove all electronics and put a Holley Carb back on OUR cars...

    Then we need long-life 12v batteries - plug in the gear, and ship it UPS to friends around the country (or overseas). Ship it back and forth while you enjoy driving the car - then put it back in when you take the car in for service.

    Let's see 'em figure out how we were driving across the Atlantic.. or travelling cross-country at 500MPH ...

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Nov 2014 @ 8:32am

      Re: Calling Holley!

      It will then fall upon you to explain yourself when the cops come calling with Felony Speeding and Reckless Drivibg charges.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Nov 2014 @ 8:35am

        Re: Re: Calling Holley!

        Yes, that is coming soon. Who needs photo radar when the cops can simply run a weekly report on all cars and simply mail out speeding infractions for EVERY SINGLE TIME YOU EXCEED THE SPEED LIMIT no matter how minimal.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 Nov 2014 @ 11:19am

          Re: Re: Re: Calling Holley!

          "Yes, that is coming soon. Who needs photo radar when the cops can simply run a weekly report on all cars and simply mail out speeding infractions for EVERY SINGLE TIME YOU EXCEED THE SPEED LIMIT no matter how minimal."

          Then don't break the law! If you have nothing to hide, then you have nothing to fear!

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 21 Nov 2014 @ 11:47am

          Re: Re: Re: Calling Holley!

          "Yes, that is coming soon. Who needs photo radar when the cops can simply run a weekly report on all cars and simply mail out speeding infractions for EVERY SINGLE TIME YOU EXCEED THE SPEED LIMIT no matter how minimal."

          Or everytime you fail to come to a complete stop for a full 3 seconds. Each and every trip could end up costing you many hundreds of dollars!!

          reply to this | link to this | view in chronology ]

  • identicon
    Isma'il, 21 Nov 2014 @ 1:05pm

    With "promises" like that.....

    Then maybe this will be my next new car............

    http://en.wikipedia.org/wiki/AMC_Gremlin

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Nov 2014 @ 1:18pm

    Nope. At this point it should be abundantly clear to everyone, that you should never trust your information to anyone under any circumstances.

    reply to this | link to this | view in chronology ]

  • identicon
    RR, 21 Nov 2014 @ 10:53pm

    Your car?

    It might be your car, but the claim will be that disabling the sensors and data sharing would be like disabling your brake lights: it makes you a dangerous person, unsafe to share the road with the rest of us.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Nov 2014 @ 7:06am

      Re: Your car?

      Yes, because not divulging data is exactly like not having brake lights. They may attempt such lame arguments but they will be laughed out of the county.

      Even better than cutting off the data stream would be sending fake data. It would be fun to send them location data that shows you driving across the Atlantic outlining dickbutt figures.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.