Is Your Car Connected?

For as long as automobiles have been around, manufacturers have been trying to find ways of putting more technology inside of cars, oftentimes sold as value-added services for their customers, whether that be 8-tracks of the 1960s and 1970s, the enhancement to security of central locking of the 1980s and 1990s, or the introduction of satellite navigation in the 2000s.

Today, as our technologies become ‘smarter’, so do the risks to our personal privacy. This especially true as society is on the precipice of fully autonomous transportation: leaving machines to make decisions based on information they have collected and the inferences they have made.

A Quick Look Back

The earliest example of cars making decisions of impact on their own is with the introduction of Anti-Lock Brakes (ABS) in 1970s, where the car decided how much braking force should be applied, rather than the driver making the decision. Since then, the introduction of traction control, and later full stability control have taken more direct control away from the drivers, and placed it with assistive systems. These systems, by today’s standards, are pretty basic, with little to no connectivity and no indication that the car was sending drivers’ data back to the manufacturer for learning and developmental purposes.

Cars As Computers

The cars of today are fully heterogeneous systems, with all components being connected to central processing units. What was previously an overzealous brake or throttle application is now stored in the cars telemetry, in ways similar to those of black-box flight recorders in commercial airlines. Furthermore, these systems are integrated with technologies such as satellite navigation and internet connectivity, allowing this driver data to become accessible from anywhere.

It is these concerns around driver data collection, processing, and sharing between manufacturers and third parties that has brought about an investigation by Privacy International.

So what is a ‘Connected Car’?

The ways that cars have changed over the years has led to new words to describe those changes, particularly in technology. One that is commonly discussed is the ‘connected car’, but what does this mean? And how does this changing language relate to existing understandings of technologies?

To better understand what is meant by the ‘connected car’ it is relevant to consider other ways that car technology has changed, consider the below.

Dumb Car (Pre-1970)| Cars that lack any digital processing, this would describe most cars which are classically carburated and mechanically controlled

Sensor Car (~1980s) | Cars that can sense their surrounding, this would describe cars that have electronic engine managements

Smart Car (~ late 1990s) | Cars that no only sense their surrounding but are able to make decision and take actions, which in some circumstances may be outside the drivers’ control (eg ABS)

Connected Car (~2000s)| A car which can access external devices, both first and third party, and those external devices have some level of access to the cars own subsystems (eg Bluetooth, GPS)

Inter-Connected Car (~ late 2000s) | Similar to a connected car but with the addition of inter-system communication with first and third party systems and the car being able to access the internet by some means

Internetworked Car (~late 2010s) | A car that can not only do all of the those things of the inter-connected car, but can also communicate directly with other cars on the road without any direct consent

What’s the Problem?

Little has been done to look at the privacy issues arising from these changes over the years. Black-boxes have been added to capture event data, which has led to some attention by regulators in Europe. Cases are emerging of governments tracking movements and the insurance companies are starting to monitor driving habits using sensors. Meanwhile, manufacturers have generally escaped scrutiny as they continue to apply more data generation and collection capabilities to cars. This data is not only available to other users of the cars (including after resale or loans), repair companies, investigators, third party companies such as insurers and internet firms, but increasingly also to the car manufacturers themselves, and others we don’t know.

Looking Forward

Privacy International will be focusing its investigations on cars that fall into the Connected Car category in the above table, which have been manufactured since the year 2000. There will however be a focus on more recent car models as they generally have additional technology which integrates with devices such as mobile phone handsets, along with the practicalities of better availability. We will also monitor new technology and policy developments in data exploitation as cars become integrated into ‘smarter’ cities, manufacturers seek to understand usage and events, and as industry and governments move to develop autonomous car and smart transport systems.

If you are interested please contact us at tech@privacyinternational.org.