Automakers Like TOTALLY Promise Not To Abuse The Ocean Of Location Data Their Cars Now Collect
from the trust-us,-we're-the-auto-industry dept
Hoping to assuage growing fears that vehicle data won’t be abused, nineteen automakers recently got together and agreed to a set of voluntary principles they insist will protect consumer privacy in the new smart car age. Automakers promise that the principles, delivered in a letter to the FTC (pdf), require that they “implement reasonable measures” to protect collected consumer data, both now and as the industry works toward car-to-car communications. The principles “demonstrate the industry’s commitment to its customers” and “reflect a major step in protecting consumer information” insists the industry.
Should you bother to actually read the principles, the promised revolution in privacy protection quickly become less apparent. While the principles do require that automakers clearly communicate with customers (and by clear they mean “hey, here’s some fine print saying we’re selling your location data now”), many don’t appear to actually do much of anything. Like this particular gem:
“Data Minimization, De-Identification & Retention: Participating Members commit to collecting Covered Information only as needed for legitimate business purposes. Participating Members commit to retaining Covered Information no longer than they determine necessary for legitimate business purposes.”
With “legitimate business purposes” being whatever they see fit, that doesn’t mean much. Similarly, the industry’s “groundbreaking” promises are also heavily peppered with the ambiguous word “reasonable,” which can of course mean whatever they’d like it to mean:
“Participating Members commit to implementing reasonable measures to protect Covered Information against unauthorized access or use.”
Aka, we’ll make some kind of ambiguous effort to secure your data. As with most efforts of this type, the goal is to preempt government from crafting new (or enforcing existing) privacy protections as the industry moves into more aggressive ways of monetizing location data. Said promises unsurprisingly aren’t easing the worries of both safety and privacy advocates as we move into the vehicle black box age, notes the Associated Press:
“Industry officials say they oppose federal legislation to require privacy protections, saying that would be too “prescriptive.” But Marc Rotenberg, executive director of the Electronic Privacy Information Center, said legislation is needed to ensure automakers don’t back off the principles when they become inconvenient. “You just don’t want your car spying on you,” he said. “That’s the practical consequence of a lot of the new technologies that are being built into cars.”
With many parts of this technology DRM locked, users won’t have much control over or access to their own data (something the EFF is trying to fix with their latest slate of DMCA exemption requests). It’s also worth noting this supposed circle of automotive trust was already quite rusted before cars became more intelligent; most car dealerships and garages are paid by Carfax to report vehicle mileage and accident repair, with Carfax in turn being paid for that data by insurance companies. Similarly most of the in-car infotainment systems rely on cellular chipsets from companies like AT&T and Verizon, who quite happily sell any and all location data that isn’t nailed down, and consistently experiment with creative new privacy violations (despite very similar promises they’d be on their best behavior).
So while it’s very sweet that the auto industry is promising to respect your privacy as they push into brave new data snoopvertising and location data tracking territory, like so many self-regulatory promises before it they likely aren’t worth the paper they’re printed on.
Filed Under: automakers, cars, privacy, self-regulations, smart cars, tracking
Comments on “Automakers Like TOTALLY Promise Not To Abuse The Ocean Of Location Data Their Cars Now Collect”
Finally, my preference for the 240Z over the Veyron is justified.
Me Too!
Hey, like I totally agree to behave in a reasonable manor. You can go ahead and declare me exempt from law enforcement now.
I’m happy this is being covered on Techdirt.
This continuing creep toward collect-it-all needs more attention. There is no reason everything needs to be ‘smart’ and phone-home every detail of my person, house, papers, and effects.
I feel as if nearly every moment of my day is subject to wiretaps, and other forms of surveillance.
It no longer appears that “each man’s home is his castle”, as the government turns a blind eye to corporations filling in the moat, tearing down the buttresses, and raiding the larders. I suppose that makes perfect sense given the government ultimately gets an inventory of what was contained within, if not buying the scraped material outright.
Digging into the online marketing hierarchy of companies such as the primary crediting agencies which collect it all, sell the raw non-anonymized information to data aggregators for analysis / bucketing, who put access up to bid for ‘targeted marketing’ opportunities makes this all the more unnerving.
We need a massive public push toward recognition of fourth-amendment rights to our digital footprint. This unrestricted data grab creates enormous liability risk for everyone rolled into the database.
Not to mention value to appending DROP TABLES somewhere in childrens’ name. https://xkcd.com/327/
Re: OT: xkcd & Bobby Tables
I’m also an xkcd fan, but I’ve got to say he got that one wrong. The last line is about sanitizing database inputs. That’s not the lesson that should be learned from this. What should be learned is the utility of regular and ongoing testing of backup procedures.
If you can pull it off the backup tapes, it won’t matter that there are still umpteen billion programmers out there who’ve never heard of input data sanitization. If you can’t pull it off the backups, all the data sanitization in the universe won’t save you from any number of just as bad practices as failing to sanitize data, such as failing to regularly make and test backups.
This also means that any failure to pull data off backups should lead to instant job termination for everyone involved, and likely law suits.
Re: Re: OT: xkcd & Bobby Tables
What actually surprises me about that is that he made a serious technical error: if you are sanitizing inputs at all, you are Doing It Wrong. (Just look at the myriad iterations of PHP’s escape_sql_properly_no_really_we_swear_we_got_it_right_this_time functions!)
The only way to do it right is with parametrized queries, which don’t require any escaping.
Re: Automakers abuse info.
In NOT trusting corporations and their political pets you are less protected from them than if you really trusted them…. that is, to be exactly what they are! I do trust them to lie, cheat and steal whenever it is in their financial benefit to do so. It is more than ‘in their nature’ to lie steal and cheat. It is necessary if they are to maximize their profits. Corporations are completely amoral. Corporations are the organizational vehicles through which the 5% wealthiest (economic criminals) individuals, who own 80% of all corporate shares and control corporations, operate to plunder the working class. In the case of the American government, Wall Street now owns the legislators (operational fascism), the media, the agenda and the outcomes. Democratic government is not the problem; corporate controlled fascist government is the problem. The solution is not to throw out democratic government and directly throw ourselves completely at the mercy of elitist fascist corporations. The answer is to have democratic governance in the first place. The elites of the thirteen colonies promised democracy but delivered and created a form of governance which had the trappings of democracy (what were they going to promise? Reality?! Corporate elitist control of government and government tyranny which benefits the wealthiest and leaves the bills to be paid by workers???) but was really a fascist government controlled by the ultra wealth few! If one had real democratic governance and divided democratic power up into 50- to-hundreds of pieces and have elections every two years, the political system becomes incapable of governing in the interests of the vast majority and far easier to control by the elite few in their own interests. If America had perhaps a dozen states and governance where the political victor (as determined by a majority of votes) has say five years with which to respond to the majority of voters interests, democracy could have the ability to change the outcomes to be far less elite serving and produce outcomes which actually benefit the vast majority. The current system gives effective governance over to Wall Street whose interests greatly diverge from those of the vast majority of Americans. So when you cry out for economic justice do not rail against real democratic governance, rail against the elite controlled fascist government currently afflicting Americans. In addition corporations should not be “people” and should be disallowed from participating in politics in any way to truly achieve insulation from elitist corporate dictatorship.
I’d still trust them more than the current or previous US administrations.
That should give you a clue of how little I trust the US Government.
Can I opt out of the hive-mind now? I don’t like it any more.
Re: Re:
That’s just a glitch in the hive mind making you think like that. It will be corrected soon.
And now Techdirt will rail on Google for doing the same and worse for the past decade.
Oh wait, no they won’t.
Re: Re:
The difference is that it’s pretty easy to avoid Google. Don’t open an account there. Don’t use their search engine. Don’t allow their domains to run Javascript (NoScript). Don’t allow their ads. (AdBlock). Heck, firewall their network allocations out, it’s not hard.
But it’s getting more and more difficult to avoid having a car that spies on you.
Re: Re: Re:
Damn your facts getting in the way of a good circle jerk.
Re: Re: Re:
Buy an older car?
Re: Re: Re: Re:
Jay Lenno must be a terrorist since he owns so many classic, non-smart cars. What’s he hiding?
Sure, just like Uber has "legitimate business practices"
It seems that Uber is staffed by vengeful stalkers who like spying on their customers and threatening journalists:
http://www.cnet.com/news/god-view-under-spotlight-as-uber-investigation-intensifies/#ftag=CAD590a51e
http://techcrunch.com/2014/11/19/we-are-watching-too/?ncid=rss
http://www.buzzfeed.com/johanabhuiyan/uber-is-investigating-its-top-new-york-executive-for-privacy
http://www.buzzfeed.com/bensmith/uber-executive-suggests-digging-up-dirt-on-journalists
Of course no car company would ever do such a thing. It’s unthinkable. Just like they would never cover up known engineering or manufacturing defects that kill people. No, their extremely high ethical standards absolutely prevent this from ever happening at a car company.
Re: Sure, just like Uber has "legitimate business practices"
Holy shit give some warning before you go careening off into left field like that.
Re: Re: Sure, just like Uber has "legitimate business practices"
Left field? This is exactly the sort of stuff people with their feet firmly on the ground have been warning about ever since a few people started getting carried away singing Uber’s praises. The company’s run by an Objectivist, which alone is essentially prima facie evidence that it’s going to be sleazy and abusive. We’ve known about their illegal price gouging in crises (coming down straight from the top!) since Sandy hit New York, and now this.
Re: Re: Re: Sure, just like Uber has "legitimate business practices"
I suppose, the article is about auto makers and Uber’s business does involve using automobiles…
Re: Re: Re:2 Sure, just like Uber has "legitimate business practices"
…Uber’s business does involve using automobiles…
Does Uber own those automobiles?
If they do, fine. If they don’t: that’s reason enough to scrutinize their business.
This type of data collection will continue
until people stop buying “garbage” products that track one’s every move. Tech is cool, but enough with the obsession of the “internet of things” and having every fucking thing interconnected…its a goddamned solution in search of a problem.
Fight surveillance
Ride a bike!
Re: Fight surveillance
Yeah: https://www.electricbike.com/smart/
I suppose they will not mind if I make some kind of ambiguous effort to secure my data. Electronics are not flawless – shit happens.
I assume that if the vehicle is taken in for servicing, one can decline to have the part replaced. They may whine about some silly DRM violations but I do not feel compelled to fix failed parts on my vehicle that I do not need. Proper maintenance of vehicle function, safety and emissions is understandable – however, I doubt one can be compelled to spend money in the maintenance of these needless intrusion devices.
Re: Re:
Good luck finding and disabling all of the tracking and monitoring devices in a modern car without disabling the car entirely.
Re: Re: Re:
You don’t need to disable any of the sensors. You only need to disable the communications link. That’s easy to do and won’t stop the car from operating.
Re: Re: Re: Re:
Do that and the next you’ll see is you need to be connected to the mother ship for the car to operate, as many computer games are doing now. After all, they’ve signed agreements to give your data to their partners, and if they can’t do that you’re stealing from them. They’ll also void your warranty, and your insurance rate will skyrocket.
What a great century this is turning out to be.
Oh, well being able to of out of their data collection program seems pretty good…
Nevermind
“Use our cars and you agree to allow us to scoop up your data.”
Someone please tell me I’m reading this wrong.
“Use our cars and you agree to allow us to scoop up your data AND share it
with other companies to do with as they please.”
Please, please, please… someone… tell me I’m reading this wrong.
This is all on Page 8 just encase you want to check to see if I missed anything.
Re: Re:
“Use our cars”
Is what they want you to believe you are doing when you buy and use one.
“Own my car”
Is the reality of the situation.
Until the technology companies get it rammed through their heads that they do not own the device once they sell it, this mentality is going to lead us to a very dark place.
Re: Re: Re:
Thank you! I’ve been saying this for years: my property is my property! When I buy it, I own it, and the company that made it has no more claim on it. This is just another of the many reasons why DRM needs to be outlawed.
Re: Re:
You’re reading this wrong. I think.
When they say certain things require “affirmative consent,” that means they can’t just scoop it up – they need your permission first. (Anything NOT covered by the affirmative consent, on the other hand, they WILL just scoop up.)
Re: Re: Re:
“Your continued use of the product will be assumed to be consent …
Stun guns fix data collection, apply to the cretin authorizing it.
I’m sure if the drooling cretin coming up with the data collection idea was given a personal karma visit from every person the retard affected they would wise up quick.
The first car to be hacked should be the ceo’s.
Great, now we will have to jailbreak our cars too.
Re: Re:
That voids the warranty. I hope your car wasn’t built on a Friday (or is it Monday?).
Yet another
… wonderful consequence of copyright. Abolish copyright. It’s the only way.
data security
Even if you trust the car companies (I don’t), you can’t trust them to keep the data secure. It will be intercepted in flight, or hacked away as part of the protocol.
If you car has to share travel data with other cars for safety (e.g. “look ahead traffic jam avoidance”) then there will be fake “stingray” devices along the roads pretending to be cars, collecting your info.
If the data travels back to the car companies over the network, it will be lifted via the existing taps.
None of their #$@$&%/ business
I buy a relatively new vehicle and the manufacturer wants to track my location after the vehicle is well paid for? What is the matter with this picture?
Its NONE OF YOUR F-U-C-K-I-N-G BUSINESS where I drive.
Calling Holley!
Introduce a “retro-fit” (pun intended) kit to remove all electronics and put a Holley Carb back on OUR cars…
Then we need long-life 12v batteries – plug in the gear, and ship it UPS to friends around the country (or overseas). Ship it back and forth while you enjoy driving the car – then put it back in when you take the car in for service.
Let’s see ’em figure out how we were driving across the Atlantic.. or travelling cross-country at 500MPH …
Re: Calling Holley!
It will then fall upon you to explain yourself when the cops come calling with Felony Speeding and Reckless Drivibg charges.
Re: Re: Calling Holley!
Yes, that is coming soon. Who needs photo radar when the cops can simply run a weekly report on all cars and simply mail out speeding infractions for EVERY SINGLE TIME YOU EXCEED THE SPEED LIMIT no matter how minimal.
Re: Re: Re: Calling Holley!
“Yes, that is coming soon. Who needs photo radar when the cops can simply run a weekly report on all cars and simply mail out speeding infractions for EVERY SINGLE TIME YOU EXCEED THE SPEED LIMIT no matter how minimal.”
Then don’t break the law! If you have nothing to hide, then you have nothing to fear!
Re: Re: Re:2 Calling Holley!
Idiot troll
Re: Re: Re:2 Calling Holley!
“Then don’t break the law! If you have nothing to hide, then you have nothing to fear!”
Idiot troll
Re: Re: Re: Calling Holley!
“Yes, that is coming soon. Who needs photo radar when the cops can simply run a weekly report on all cars and simply mail out speeding infractions for EVERY SINGLE TIME YOU EXCEED THE SPEED LIMIT no matter how minimal.”
Or everytime you fail to come to a complete stop for a full 3 seconds. Each and every trip could end up costing you many hundreds of dollars!!
With "promises" like that.....
Then maybe this will be my next new car…………
http://en.wikipedia.org/wiki/AMC_Gremlin
Nope. At this point it should be abundantly clear to everyone, that you should never trust your information to anyone under any circumstances.
Your car?
It might be your car, but the claim will be that disabling the sensors and data sharing would be like disabling your brake lights: it makes you a dangerous person, unsafe to share the road with the rest of us.
Re: Your car?
Yes, because not divulging data is exactly like not having brake lights. They may attempt such lame arguments but they will be laughed out of the county.
Even better than cutting off the data stream would be sending fake data. It would be fun to send them location data that shows you driving across the Atlantic outlining dickbutt figures.