CHOICE membership

Where does your car's data go?

Hi – I am a reporter with the ABC.

I am looking into incidents where the data collected in a car has been used or exposed inappropriately – especially in second-hand cars, car shares or rentals.

To explain: Many cars today have on-board computers or infotainment systems that could store anything from smartphone contact lists and app logins, to home address and garage door codes, if connected by the driver. Likewise, most cars contain Telematics Control Units with GPS receivers that calculate and provide precise vehicle location. This information may not always be deleted or securely stored, and it’s not always clear who owns it.

It would be great to know if anyone has experiences with this! If you’d like to speak offline, happy to discuss over email: bogle.ariel@abc.net.au or via encrypted email: abogle@protonmail.com

7 Likes

Welcome @ArielB, look forward to seeing if anyone has had an experience of this nature. I’ve heard off-road hire is one area where this type of data can be used against the consumer.

6 Likes

When I purchased my last vehicle it was a demo driven by a personal friend of mine . He is a manager at the dealership I patronise . On opening the sat- nav and info- tainment system it showed me his address and all private phone numbers he had loaded into the system .

The system stores the data on an SD card . I dropped into see him and had the SD card changed over .

No doubt the card could have had the personal data of my friend deleted but your post made me wonder just how many cars slip through with private information still on their sat-nav info-tainment systems .

8 Likes

Even then, is it really deleted? This is a longstanding “flaw” in most computers i.e. that when you delete a file, the file is no longer there but its contents are still on the disk (and readily-available recovery software can get the contents back).

However the entertainment etc. system is only one half of the problem. The engine management computer is the other half of the problem.

8 Likes

You make a good point there @person

3 Likes

Having read the article in the Weekend Australian Magazine (last weekend), about the updated XE Jaguar model, it mentioned that this car and potentially others in the future are collecting and using biometric data on its drivers. This biometric data is supposed to be used for determining emotions of the driver and reading between the lines, also to determine driver preferences when more than one driver uses the vehicle.

As cars are becoming IoT, it does raise the question what happens to the collected data that is either stored in the vehicle or send to the manufacturer. Will they be mandated in the future to report traffic infringements (e,g. parking too long, speeding, illegal turns etc)?

The article also indicated that car manufacturers have indicated that 30% of their income will be generated from vehicle collected data…this seems to suggest that the data will be onsold or become a valuable asset to the manufacturer.

I wonder if cars should come with privacy agreements that one has to consent to before purchasing the vehicle. What happens if one doesn’t give consent…can the data collection be turned off and how would the consumer know. How about hiring vehicles or work (pool) vehicles, should one be consenting to tbe collection of such data when using such vehicles?

It appears that vehicles may be going the way of Facebook, Apple or Google where data collection becomes more value to a business than the actual products they sell or platforms they market.

This is a little concerning as more and more will be known about individuals lives, what they do, where they go etc than possibly one would like the rest of the world to know.

Food for thought.

8 Likes

Will Metadata Retention be extended to cover cars?

Will the car refuse to operate if you disable its network connection to the manufacturer? (with the understanding that that connection may be hypothetical for most cars on the road today)

It’s only really going to work if the law protects consumers but as far as privacy goes the government is part of the problem, not part of the solution - so not much hope there.

8 Likes

Looks very much like a default to ‘Opt In’ will be the norm.

Perhaps there will simply be only one ‘Opt Out’ condition. IE you don’t have to buy the car, will be the only way to opt out.

Would government ever legislate or force manufacturers to provide purchasers with the option to disconnect? On recent form it appears unlikely!

8 Likes

I think you’ve all buried the lede on this… THE Ariel Bogle?! For those of us who listen to ABC RN (and I suspect there is quite a lot of overlap between our communities), that’s a name that definitely resonates in all the right ways.

My vehicle is a 2001 model. While I have installed a stereo with Bluetooth connectivity, as far as I know the only information that it stores is about how to connect to my phone - which I will of course instruct it to forget before I eventually replace it.

Modern vehicles have some very useful digital tools, from navigation to diagnostics - but there are many ways in which these can (and have been) abused. There are also issues with remote unlock signals being intercepted, although if you want to go in that direction there is no end to the rabbit hole (from hotel room keys to ‘very personal entertainment devices’ that use Bluetooth connections).

P.S. have you looked at Simjacker yet?

7 Likes

https://www.itwire.com/security/simjacker-australians-are-safe.html

… hopefully.

8 Likes

Mine stores phone numbers as well, if I choose to put them in. That allows outbound calls using only the car’s entertainment system (but executed of course by the Bluetooth-paired phone).

8 Likes

While these are not yet standard fittings in a car they are still possibly of interest to the topic creator in regards to the data that may still be part of your car usage:

The following site may also be useful as the company helps extract and interpret vehicle data and contact with them may provide some decent leads (the site also has a list of vehicles that have Event Data Recorders built in up to 2014…later years you need to contact the company):

4 Likes

Makes me glad I have a dumb car.

7 Likes

That’s interesting, dealership owners probably see this more than anyone – I wonder if you could email me so I could ask some more questions? I’m bogle.ariel@abc.net.au.

4 Likes

Thank you! That’s very kind. Have you ever used a rental car where this has been an issue?

4 Likes

The answer to Ariel’s question albeit simplistic is ‘to whoever pays the most for it or can steal it without getting caught’. It’s just the extent that’s the question.

You can bet this is only going one way. Car companies will collude with others to capture and sell every piece of data on you and your passengers that they can wrap their obsessive money making mitts around, see above from @grahroll. Welcome to the ‘enabled’ world, where you can pay for a phone/car/fridge/tv that captures your data (speech and behaviours) and sells it to third parties so they create more effective marketing campaigns to sell you things you’ll pay for all over again. This might sound conspiratorial but precedence has been set and the fact that folks like Ariel are asking supports this. And then there are hackers ranging from neighbouring voyeristic nerds to criminals trying to work out if you’re home or not. Does everyone with smart devices reading this topic fully and honestly understand their vulnerabilities?

Companies will be going bonkers in their eagerness to harness this ‘big brother reality TV for marketers’ effect to its full extent given the time people spend in their cars, and of course the features in your new car that you’ll be paying for to facilitate this are only to 'understand your preferences and assist you better awwww :hugs::hugs:.

Think the conversation you’re having with your passenger is private? Think again… if your phone apps can listen and transmit without you knowing so can your voice controlled car, ironically in many cases through the phone connection your paying for. And shutting off the ignition won’t stop it.

Government is the least of our concerns unless you’ve got some reason to fly under the radar; they don’t make money out of it and the chance of them sneaking something past when it needs to be publicly debated in both houses is slim. Companies by contrast can generally do as they please, have very little scrutiny placed upon them, and consider getting caught as a risk of doing business which is why the community at large is often surprised at the things they get away with while you’re paying them for the pleasure.

As @mark_m says, you can opt out. Of course it’s easier said than done when big companies invest the GDP of a small country on getting you and your kids hooked for life on their products (MacDonald’s and social media anyone?). Consumers know phones and apps listen in and collect data but they still buy them, they know online bullying has led to misery and multiple suicides but they don’t demand more regulation of social media, and they still feed themselves and their kids fast food from chains even though they know it’s a road to life-long illness and disease.

/rant

Have a good day!

6 Likes

Except when they sell us out … errr … privatise the management of our data.

8 Likes

I’m not catching on…as in you’d prefer it if they managed our data in house?

1 Like

May be a reference to something like the sale of the Land Title Registry (WA, NSW, maybe others).

4 Likes

I agree the Govt are not the least of our problems. They enact laws which can affect our liberty and privacy, then when they sell the management of their data to third parties (which then are protected & enabled by the Laws of Govt) we lose any hope of containment.

7 Likes