Privacy Please is an ongoing series exploring the ways privacy is violated in the modern world, and what can be done about it.
The car you drive says more about you than you think.
Over the last few decades, technology has given drivers remarkable improvements in both safety and convenience — but it has also turned cars into data-gathering machines. What information is collected, and where it ends up, is not always clear to car owners.
That’s a potential privacy disaster waiting to happen.
As Jon Callas, the Electric Frontier Foundation’s director of technology projects, explained to Mashable, newer cars — and Teslas in particular — are in many ways like smartphones that just happen to have wheels. They are often WiFi-enabled, come with over a hundred CPUs, and have Bluetooth embedded throughout. In other words, they’re a far cry from the automobiles of even just 20 years ago.
If your car knows where you go, and how long you stay there, it, like your cellphone, also hypothetically knows whether you’re a churchgoer, attend AA, or made a recent trip Planned Parenthood. And, depending on what features you’ve enabled, it may not keep that information to itself.
But that’s just the tip of the iceberg.
What data your car collects
To understand just how completely cars have gone full computer, it’s worth considering an ostensibly simple action taken by drivers every time they get behind a wheel: engaging a turn signal.
“Things that used to be done by running wires are actually done over this [internal car] network,” explained Callas. “So, you turn your turn signals and it used to be there was a switch and then electricity would go to a light, but now a message goes over the car network.”
How hard you brake or accelerate, when you turn your headlights on, if you turn your windshield wipers on, when you open your driver’s side door — these are all now digital data points in a profile of you as a driver.
“All of these things are at least theoretically able to be logged,” cautioned Callas. “And there is a port that you can connect something to — and there’s lots of hardware and software that you can connect to your car and get all sorts of telemetry information about how the car is running — and just like there are people who hack their computers there are people who hack their cars.”
In fact, there’s an entire industry built around monitoring, logging, analyzing, and monetizing this type of data. Dubbed telematics, the average consumer may know it as the technology insurance companies use to provide good-driver discounts.
Progressive calls its driver-tracking program Snapshot. Allstate’s program is branded as Drivewise. And Farmers Insurance dubbed its version — which comes in the form of an app with access to drivers’ location data — Signal.
In 2016, the Wall Street Journal highlighted the public’s aversion to the then burgeoning industry.
“I know some people say, ‘What do you have to hide,’ but I don’t want big business or Big Brother being involved in my personal life,” one San Diego driver told the paper. “It just creeps me out.”
“Telematics (or a telematics system) is a method used to collect information about your mileage and driving habits,” Allstate said on its website in 2020. “Telematics data is typically captured by a mobile app or a small telematics device provided by your insurance company.”
Cambridge Mobile Telematics, a Massachusetts telematics company, makes both a physical sensor designed to be installed in cars and a mobile app.
Credit: Lane Turner / getty
“Our high-frequency sensors can identify phone distraction, classify drivers or passengers, recognize speeding and hard braking, all without complicated installation,” explained the company on its website.
Amazon uses an app called Mentor to track driver behavior, according to a CNBC story from earlier this year. In 2019, Business Insider reported the app was used to track things like “whether [delivery drivers] are wearing a seat belt while their vehicle is moving faster than 6 mph and record how many times the van reverses more than 5 yards.”
An Amazon spokesperson confirmed that the company uses still uses the Mentor program, but has also “incorporated new telematics and camera tech that has improved safety.”
It’s not just corporate vehicles that have this sort of tracking built in. OnStar, a roadside-assistance system owned by General Motors, is available on most Chevrolet, Buick, GMC, and Cadillac vehicles. Buyers of used cars may find themselves with OnStar systems pre-installed.
Subscribers may not realize that in addition to roadside assistance, they’re signing up to have their every move behind the wheel logged and scrutinized. According to OnStar’s privacy policy, the company “may” collect reams of vehicle data, including, but certainly not limited to:
GPS location, speed, air bag deployments, crash avoidance alerts, impact data, safety system status, braking and swerving/cornering events, event data recorder (EDR) data, seat belt settings, vehicle direction (heading), audio or video information such as information collected from camera images and sensor data, voice command information, stability control or anti-lock events, security/theft alerts, and infotainment (including radio and rear-seat infotainment) system and WiFi data usage.
In 2021, General Motors announced its intention to extend its OnStar service beyond its own line of vehicles.
And then there’s the infotainment system. Most modern cars allow drivers to connect their smartphones directly to the car itself. This is handy if, say, you want to play music or make hands-free calls. It’s less handy, however, if you’re worried about what secrets are being passed between the devices.
Connecting your phone to your car can, in some cases, automatically copy your contact list and all text messages over from your phone to your vehicle. As the Intercept reported in March of 2021, Berla, an American company, manufactures and sells devices that allow police to suck all kinds data out of cars’ infotainment systems.
Berla’s founder, Ben LeMere, summed up why this data is so powerful, and problematic, in a June interview highlighted by NBC News.
“People rent cars and go do things with them and don’t even think about the places they are going and what the car records,” he noted.
This problem hasn’t gone unnoticed. One company, Privacy4Cars, claims to offer at least a partial solution: an app that it says provides model specific, step-by-step directions to help drivers wipe some of their personal data from cars.
The EFF’s Callas explained that some cars now have the equivalent of airline black boxes, which are constantly storing up-to-the-second data in the case of a crash. This would, in theory, allow an insurance agent or police officer the ability to look at the data and decide who’s at fault.
Which, of course, sounds good in the abstract. Who wouldn’t want to be able to prove, with data, that the driver who swerved into your lane was at fault in a crash?
But the uses don’t stop there.
Data is more than just numbers
When it comes to many forms of modern tech, there’s a fine line between convenience and mass surveillance. And, thankfully, it’s one that Callas suggests we haven’t crossed — yet. But surveillance doesn’t have to done on a mass scale for it to inspire concern.
“This is a kind of slippery slope, boil the frog sort of thing,” he explained. “You start with something that is some combination of cool and reasonable and we get to now all of the sudden a company knows where you are and is selling it to anybody who wants it, including a lot of cases the government.”
This is a kind of slippery slope, boil the frog sort of thing.
But of course the government already has a means to access the reams of data generated by your vehicle — no purchase necessary.
Indeed, telematic data has helped send people to jail. In 2016, the technology was used by authorities in the United Kingdom to prove a driver was speeding and lying about the lead up to a deadly 2014 crash. And in 2015, telematic data pointed to a teen who allegedly stole a car.
Things have gone the other way, too. In 2013, telematic data helped prove a man’s innocence in a murder case.
And remember OnStar? As Forbes reported in April, Customs and Border Protection (CBP) and Immigrations Customs Enforcement (ICE) used OnStar to gather location data on suspects.
That is to say, what your car knows has the power to fundamentally alter your life and the lives of those around you.
Law enforcement takes the data your car generates seriously. You should, too.
What happens next
So your new car is tracking, and potentially logging, everything that you do. Unfortunately, there are only so many steps you can take — other than buying and driving older cars, many of which lack modern safety features — to mitigate the potential privacy harms.
“A lot of it is going to be choice,” explained Callas.
At a basic level, privacy-conscious drivers can opt out of participating in insurance companies’ telematics programs. They can not subscribe to services like OnStar, and seek out used cars that don’t come with the technology embedded. And, of course, they can avoid many of the flashy infotainment features offered by car companies.
In other words, there aren’t a host of settings or features a driver can flip off or on to suddenly regain privacy behind the wheel. The data is being collected, whether you like it or not — meaning best bet is to minimize that collection in the first place.
SEE ALSO: Why you need a secret phone number (and how to get one)
Because once data gets collected, it has a way of getting used. Callas sees this trend only accelerating in the near future.
“I think that there are going to be more and more connected cars, because there are reasons why people want connected cars,” he observed. “There are going to be more misuses of data.”
So buckle up, because when it comes to the future of cars and your privacy, it’s going to be a bumpy ride.