Smartphones on Wheels
What does your car know about you, and who is it telling?
I’m not a traditional car guy, but I am a car guy: I used to run Uber’s self-driving car team, which got the first self-driving passenger-carrying fleet on the road. And I used to ride a self-driving car to work every morning. Whenever it arrived to pick me up, my son would stand by the window and say, “Baba! Robot car is here!”
These days, I just hack around for fun. A few years ago, when my family drove cross-country, I modified my Subaru to drive itself on highways. These days, I’ve been tinkering with my Tesla, adding radar detectors, ham radios and new lighting and cameras. I’m also get the data stream from my car onto my computer for post-analysis.
So I was interested to read that President Biden recently ordered the Department of Commerce to investigate the data safety risks associated with “connected vehicles” that use technology made in countries of concern, i.e., China. The President is likening cars to smart phones, meaning they’re packed with bells and whistles that are constantly connected — no news there — and are constantly collecting data on us. Wait a second…!
They know where we live, where we drive, how fast we go, even our heart rate (?!?). Today’s cars are connected to our phones and to our country’s critical infrastructure — and to the companies that made them, meaning they could be sending all this information back, potentially, to places like China.
Sure, we can view this as an attempt to protect the U.S. auto industry in an election year, as well as to retaliate for restrictions that China imposes on American and other foreign cars. But if we pull back, we see that the problem is not restricted to China. Like I’ve written in past newsletters, it often takes a hot-button issue, such as child safety, for the government to act on data privacy.
These days, all new cars constantly send and receive vast amounts of information to and from the cloud via cellular. Few of us know just how much. A survey by the Automotive Industries Association of Canada found that only 28 percent of respondents understood just what kind of information their vehicle produced. Same when it came to understanding who had access to that information.
The car manufacturers aren’t the only ones with access, though. Think about your navigation and infotainment systems, your phone company, your insurance app. A fascinating piece in The Markup tracked down 37 of the many companies with a presence in the proverbial passenger seat that seek to monetize this data, from OnStar navigation to SiriusXM to Geico. While the collection and sale of location data could be outlawed at some point, it’s not slowing down: It’s estimated that the industry could grow to $800bn by 2030.
You rent. They own.
Your data is being used in lots of ways. Insurance companies are buying it. So are companies working on fleets of self-driving cars. Cities can use it to manage traffic and propose congestion pricing.
So what happens when it’s not your car? Have you thought about what happens to you and your passengers’ data after you disconnect your Bluetooth from a rental car’s infotainment and navigation system? Most rental firms suggest that it falls on the user to delete his or her data, and that the rules on deleting it are there in the terms and conditions. But most of us are too frazzled when dropping off a car to figure out how to do a factory reset of the infotainment system, and where exactly are those terms written…? But we should learn to be safer.
Some things I do: I use Apple CarPlay whenever possible, since they don’t store your contacts and other information in the car. I always read the privacy policies in the rental agreement. And depending on the rental car, I find a YouTube video to help me hit reset.
Back to those driverless cars…
As we look into the near future — the one with driverless cars — I’m first going to quote from my testimony before the creators of the American Data Privacy and Protection Act in October. (I wrote about it here.)
Self-driving and autonomous automobiles…are equipped with a myriad of cameras, microphones, and other sensors. As they rove the streets, they are collecting personally identifiable information from pedestrians and fellow drivers without any notion of consent. Again, the expectation may be that there is no such thing as privacy in a public space, but one could also argue that nobody expected that every car driving next to you is collecting data about you. Imagine a world where a fleet of self-driving, data-collecting vehicles were capturing every single license plate, allowing them to be tracked from where they are going to what stores they go to the addresses of other homes they are visiting.
Let’s take that a step further: What if a self-driving car takes a picture of you as it goes past and sends it to that car company’s server? You probably didn’t consent. So what happens if that company is subpoenaed for that data?
At the risk of sounding corny, we have to put ourselves back in the driver’s seat. Do a little homework: Take stock of which apps and systems you use while driving, then see if you can find anything in their privacy policies that will let you have more control over your data. Switch to an offline navigation app like Open Street Map, or download offline maps from Google Maps ahead of time.
The more we know, the more we’ll want to change. And the more of us who demand transparency from these companies and write our legislators to tell them to mandate data minimization, the better our chances.
Worth the Read
This New Yorker story about voice-cloning scams is, sadly, becoming common. It’s hard to say that the best advice falls on us, but people need verification words. Because of these technologies, all of our defenses around identity verification are falling away.
Spain has banned Worldcoin, Sam Altman’s venture, which grants a digital ID and free cryptocurrency in exchange for scanning the user’s irises. According to Reuters, “Altman says Worldcoin's ID will allow users to, among other things, prove online that they are human, notably in a future world dominated by artificial intelligence.”
Nvidia CEO Jensen Huang recently said kids should stop learning to code and leave it up to AI. I absolutely disagree! Coding is only one part of it, but we need people to be computationally aware — and we need more makers and builders! Maybe AI can help us be more expressive, but we shouldn’t be stopping people from doing things; we should be enhancing them.
Student data privacy experts are warning that surveillance technologies pitched to schools to keep students safer in today’s climate of gun violence are not only unnecessary, they could usher in a host of unintentional consequences. (One proposed solution: Hire licensed mental health counselors in favor of buying edtech apps.)