New York
There’s a good chance your car knows all about you. Where you’ve been. How fast you drive. If you could’ve been a little easier on the brakes. Even what you look like, thanks to cameras pointed right at your face.
This kind of data collection has been going on for years. And, in some cases, the data has been sold by automakers to third parties, such as insurance companies, which have used the data on driving habits to hike insurance rates for some customers.
It also has been used by law enforcement, with the most recent prominent example being the Tesla Cybertruck that was exploded outside of the Trump International Hotel in Las Vegas on New Year’s Day. Law enforcement officials investigating the incident have thanked Tesla for turning over data quickly about the suspect, who killed himself while in the truck.
“I have to thank Elon Musk specifically,” Las Vegas Sheriff Kevin McMahill said at a news conference, noting that the Tesla CEO gave authorities “quite a bit of additional information,” including directly sending them video from Tesla charging stations to help with their efforts to track the driver.
But while law enforcement praises corporations for handing over driver data, others are concerned that most of the information collected could be violating people’s privacy. They’re concerned that without limits, potential privacy invasions will only get worse, with automakers standing to make money off the treasure trove of information they now possess.
General Motors sold data in recent years to third-party data companies, which then sold information on drivers’ driving habits to insurance companies. The company halted the sales after a New York Times story about the practice in April prompted backlash, saying it created what it dubbed its “Smart Driver” program to “promote safer driving behavior for the benefit of customers,” but that customer feedback prompted the program’s discontinuation.
That action didn’t stop it from being sued in August by the Texas Attorney General, with the company having already sold data from more than 14 million vehicles, including 1.8 million Texans. That suit is still pending.
And it doesn’t mean that the practice of selling data has stopped, said auto analyst Sam Abuelsamid at communications firm Telemetry. He said more than 90% of new cars can send information back to their respective manufacturers, with the only notice to drivers buried deep in vehicle manuals or the fine print in sales agreements.
“Technically, they had permission,” Abuelssamid said. “But it’s something that people should be aware of, but are not.”
Some states and federal lawmakers have called for more controls on the collection and sale of data as well. Privacy experts say it’s a growing area of concern, since so few car owners realize how much information is being collected about them.
“There’s a lot of useful services that come from having cars connected,” said David Choffnes, executive director and a founding member of the Cybersecurity and Privacy Institute at Northeastern University. “But as a consumer you don’t get to choose what data gets sent.”
He said even when car owners are aware that data is being collected, most don’t think about the uses of all the information, or the financial value that it provides to the automakers.
“Car companies aren’t collecting data just for fun,” he said. “It’s going to come down to using the data for profit.”
Massachusetts Democratic Senator Ed Markey wrote a letter to automakers a year ago asking about their data collection, and the companies defended their practices. They portrayed the collection of information on their cars’ drivers as a lofty attempt to improve the vehicles and part of their dream of a better world, rather than addressing the financial benefit they received from their efforts.
GM said the data was being used to create “our vision of a world with zero crashes, zero emissions and zero congestion. Central to that vision is utilizing vehicle connectivity to bring safety and convenience to our customers.”
But while the company said the data collection was only being done for customers who “opt in,” that statement came before the New York Times revelations of its practices forced it to change its policy.
The Alliance for Automotive Innovation, a trade group that represents most major automakers other than Tesla, has defended the practice across the industry.
“No, your car isn’t spying,” is the title of a memo the group prepared on the topic. “It’s keeping you safe.” Rather than an intrusion, the data collection was, in fact, a “feature,” the group emphasized in italics.
“Vehicle telematic data supports the proper functioning of a vehicle and its onboard computer systems,” said the group. “It produces information that affirmatively improves safety, can help support compliance with government safety rules, and enables a range of (optional) connectivity and personalization features for customers.” And it said the information collected could facilitate better emergency response in the event of a vehicle crash.
The group wrote that automakers are following voluntarily adopted guidelines that require even greater protection than required by law for particularly sensitive data, including where a vehicle goes and driver behavior information. And it wrote that it would support federal legislation that puts those kinds of guidelines into law.
However, privacy advocates say there would be problems with national legislation that could restrict states from passing tougher regulations, like state privacy protections and prohibitions on driving data being given to insurance companies, as California does. And they are concerned about what would be considered “consent” from drivers.
“GM customers did not think they were selling the data to third-parties and that it would affect their insurance rates,” said Choffnes. He said there should be stricter rules over “what form of consent is required, and whether consumers get to choose what data does or does not get sent.”
