Occasionally I
will ride shotgun with my friend Ron while he makes his scheduled rounds at
various industrial stops in the Florida panhandle and southern Georgia…it’s
just one way we keep in touch since we left the radio station some years
ago. On one recent road trip Ron pointed
to various surveillance cameras that were mounted on buildings, traffic lights,
and telephone poles and described the forecasts pointed out in “1984”, a
dystopian novel by George Orwell published in 1949.
Well Ron is
not within earshot at the moment but if he were I would probably say, “Think
gain my friend, if you thought '1984' was far out get a load of this.” ~ Norman Hooben
Driving surveillance: What does your car know about you? We hacked a Chevy to find out.
By Geoffrey A. Fowler / the Washington Post
Dec 17, 2019
Behind the wheel, it’s nothing but you, the open road — and your car quietly recording your every move.
On a recent drive, a 2017 Chevrolet collected my precise
location. It stored my phone’s ID and the people I called. It judged my
acceleration and braking style, beaming back reports to its maker General
Motors over an always-on Internet connection.
Cars have become the most sophisticated computers many of
us own, filled with hundreds of sensors. Even older models know an awful lot
about you. Many copy over personal data as soon as you plug in a smartphone.
But for the thousands you spend to buy a car, the data it
produces doesn’t belong to you. My Chevy’s dashboard didn’t say what the car
was recording. It wasn’t in the owner’s manual. There was no way to download
it.
To glimpse my car data, I had to hack my way in.
We’re at a turning point for driving surveillance: In the
2020 model year, most new cars sold in the United States will come with
built-in Internet connections, including 100 percent of Fords, GMs and BMWs and
all but one model Toyota and Volkswagen. (This independent cellular service is
often included free, or sold as an add-on.) Cars are becoming smartphones on
wheels, sending and receiving data from apps, insurance firms and pretty much
wherever their makers want. Some brands even reserve the right to use the data
to track you down if you don’t pay your bills.
When I buy a car, I assume the data I
produce is owned by me — or at least is controlled by me. Many automakers do
not. They act like how and where we drive, also known as telematics, isn’t
personal information.
Cars now run on the new oil: your data. It is fundamental
to a future of transportation where vehicles drive themselves and we hop into
whatever one is going our way. Data isn’t the enemy. Connected cars already do
good things like improve safety and send you service alerts that are much more
helpful than a check-engine light in the dash.
But we’ve been down this fraught road before with smart
speakers, smart TVs, smartphones and all the other smart things we now realize
are playing fast and loose with our personal lives. Once information about our
lives gets shared, sold or stolen, we lose control.
There are no federal laws regulating
what carmakers can collect or do with our driving data. And carmakers lag in
taking steps to protect us and draw lines in the sand. Most hide what they’re
collecting and sharing behind privacy policies written in the kind of language
only a lawyer’s mother could love.
Car data has a secret life. To find out what a car knows
about me, I borrowed some techniques from crime scene investigators.
Jim Mason hacks into cars for a
living, but usually just to better understand crashes and thefts. The
Caltech-trained engineer works in Oakland, California, for a firm called ARCCA
that helps reconstruct accidents. He agreed to help conduct a forensic analysis
of my privacy.
I chose a Chevrolet as our test subject because its maker
GM has had the longest of any automaker to figure out data transparency. It
began connecting cars with its OnStar service in 1996, initially to summon
emergency assistance. Today, GM has more than 11 million 4G LTE data-equipped
vehicles on the road, including free basic service and extras you pay for. I
found a volunteer, Doug, who let us peer inside his two-year-old Chevy Volt.
I met Mason at an empty warehouse, where he began by
explaining one important bit of car anatomy. Modern vehicles don’t just have
one computer. There are multiple, interconnected brains that can generate up to
25 gigabytes of data per hour from sensors all over the car. Even with Mason’s
gear, we could only access some of these systems.
This kind of hacking isn’t a security
risk for most of us — it requires hours of physical access to a vehicle. Mason
brought a laptop, special software, a box of circuit boards and dozens of
sockets and screwdrivers.
We focused on the computer with the most accessible data:
the infotainment system. You might think of it as the car’s touch screen audio
controls, yet many systems interact with it, from navigation to a synced-up
smartphone. The only problem? This computer is buried beneath the dashboard.
After an hour of prying and unscrewing, our Chevy’s
interior looked like it had been lobotomized. But Mason had extracted the
infotainment computer, about the size of a small lunchbox. He clipped it into a
circuit board, which fed into his laptop. The data didn’t copy over in our
first few attempts. “There is a lot of trial and error,” said Mason.
(Don’t try this at home. Seriously — we had to take the
car into a repair shop to get the infotainment computer reset.)
It was worth the trouble when Mason showed me my data.
There on a map was the precise location where I’d driven to take apart the
Chevy. There were my other destinations, such as the hardware store I’d stopped
at to buy some tape.
Among the trove of data points were unique identifiers
for my and Doug’s phones, and a detailed log of phone calls from the previous
week. There was a long list of contacts, right down to people’s address, emails
and even photos.
For a broader view, Mason also extracted the data from a
Chevrolet infotainment computer that I bought used on eBay for $375. It
contained enough data to reconstruct the Upstate New York travels and
relationships of a total stranger. We know he or she frequently called someone
listed as “Sweetie,” whose photo we also have. We could see the exact Gulf
station where they bought gas, the restaurant where they ate (called Taste
China) and the unique identifiers for their Samsung Galaxy Note phones.
Infotainment systems can collect even
more. Mason has hacked into Fords that record locations once every few minutes,
even when you don’t use the navigation system. He’s seen German cars with 300
gigabyte hard drives — five times as much as a basic iPhone 11. The Tesla Model
3 can collect video snippets from the car’s many cameras. Coming next: face
data, used to personalize the vehicle and track driver attention.
In our Chevy, we likely glimpsed just a fraction of what
GM knows. We didn’t see what was uploaded to GM’s computers, because we
couldn’t access the live OnStar cellular connection. (Researchers have done
those kinds of hacks before to prove connected vehicles can be remotely
controlled.)
My volunteer car owner Doug asked GM to see the data it
collected and shared. The automaker just pointed us to an obtuse privacy
policy. Doug also (twice) sent GM a formal request under a 2003 California data
law to ask who the company shared his information with. He got no reply.
GM spokesman David Caldwell declined to offer specifics on Doug’s Chevy, but
said the data GM collects generally falls into three categories: vehicle
location, vehicle performance and driver behavior. “Much of this data is highly
technical, not linkable to individuals and doesn’t leave the vehicle itself,”
he said.
The company, he said, collects real-time data to monitor
vehicle performance to improve safety and to help design future products and
services.
But there were clues to what more GM knows on its website
and app. It offers a Smart Driver score — a measure of good driving — based on
how hard you brake and turn, and how often you drive late at night. They’ll
share that with insurance companies, if you want. With paid OnStar service, I
could, on demand, locate the car’s exact location. It also offers in-vehicle
WiFi and remote key access for Amazon package deliveries. An OnStar Marketplace
connects the vehicle directly with third-party apps for Domino’s, IHOP, Shell
and others.
The OnStar privacy policy, possibly only ever read by
yours truly, grants the company rights to a broad set of personal and driving
data without much detail on when and how often it might collect it. It says:
“We may keep the information we collect for as long as necessary” to operate,
conduct research or satisfy GM’s contractual obligations. Translation: pretty
much forever.
It’s likely GM and other automakers only keep just a
slice of the data cars generate. But think of that as a temporary phenomenon.
Coming 5G cellular networks promise to link cars to the Internet with
ultra-fast, ultra-high-capacity connections. As wireless connections get
cheaper and data becomes more valuable, anything the car knows about you is
fair game
GM’s view, echoed by many other
automakers, is that we gave them permission for all of this. “Nothing happens
without customer consent,” said GM’s Caldwell.
When my volunteer Doug bought his Chevy, he didn’t even
realize OnStar basic service came standard. (I don’t blame him — who really
knows what all they’re initialing on a car purchase contract?) There is no
button or menu inside the Chevy to shut off OnStar or other data collection,
though GM says it has added one to newer vehicles. Customers can press the
console OnStar button and ask a representative to remotely disconnect.
What’s the worry? From conversations with industry
insiders, I know many automakers haven’t totally figured out what to do with
the growing amounts of driving data we generate. But that’s hardly stopping
them from collecting it.
Five years ago, 20 automakers signed onto volunteer
privacy standards, pledging to “provide customers with clear, meaningful
information about the types of information collected and how it is used” as
well as “ways for customers to manage their data.” But when I called eight of
the largest automakers, not even one offered a dashboard for customers to look
at, download and control their data.
Automakers haven’t had a data reckoning yet, but they’re
due for one. GM ran an experiment in which it tracked the radio music tastes of
90,000 volunteer drivers to look for patterns with where they traveled.
According to the Detroit Free Press, GM told marketers that the data might help
them persuade a country music fan who normally stopped at Tim Horton’s to go to
McDonald’s instead.
GM would not tell me exactly what data it collected for
that program but said “personal information was not involved” because it was
anonymized data. (Privacy advocates have warned that location data is personal
because it can be re-identified with individuals because we follow such unique
patterns.)
GM’s privacy policy, which the company says it will
update before the end of 2019, says it may “use anonymized information or share
it with third parties for any legitimate business purpose.” Such as whom? “The
details of those third-party relationships are confidential,” said Caldwell.
There are more questions. GM’s privacy policy says it
will comply with legal data demands. How often does it share our data with the
government? GM doesn’t offer a transparency report like tech companies do.
Automakers say they put data security first. But I
suspect they’re just not used to customers demanding transparency. They also
probably want to have sole control over the data, given that the industry’s
existential threats — self-driving and ride-hailing technologies — are built on
it.
But not opening up brings problems, too. Automakers are
battling with repair shops in Massachusetts about a proposal that would require
car companies to grant owners — and mechanics — access to telematics data. The
Auto Care Association says locking out independent shops could give consumers
fewer choices, and make us end up paying more for service. The automakers say
it’s a security and privacy risk.
In 2020, the California Consumer Privacy Act will require
any company that collects personal data about the state’s residents to provide
access to the data and give people the ability to opt out of its sharing. GM
said it would comply with the law but didn’t say how.
Are any carmakers better? Among the privacy policies I
read, Toyota’s stood out for drawing a few clear lines in the sand about data
sharing. It says it won’t share “personal information” with data resellers,
social networks or ad networks — but still carves out the right to share what
it calls “vehicle data” with business partners.
Until automakers put even a fraction of the effort they
put into TV commercials into giving us control over our data, I’d be wary about
using in-vehicle apps or signing up for additional data services. At least
smartphone apps like Google Maps let you turn off and delete location history.
And Mason’s hack brought home a scary reality: Simply
plugging a smartphone into a car could put your data at risk. If you’re selling
your car or returning a lease or rental take the time to delete the data saved
on its infotainment system. An app called Privacy4Cars offers model-by-model
directions. Mason gives out gifts of car-lighter USB plugs, which let you
charge a phone without connecting it to the car computer. (You can buy
inexpensive ones online.)
If you’re buying a new vehicle, tell the dealer you want
to know about connected services — and how to turn them off. Few offer an
Internet “kill switch,” but they may at least allow you turn off location
tracking.
Or, for now at least, you can just buy an old car. Mason,
for one, drives a conspicuously non-connected 1992 Toyota.
______