Your ‘networked computer on wheels’ has a privacy problem – when it comes to your data, you may not really be in the driver’s seat.
The CES 2021 conference heralds the natural progression of car-spying apps built directly into the car and tied directly to insurance companies. Originally slated to assist drivers in an emergency, the systems are baked into the car platform telemetry itself and know everything about how you drive. How are your premiums calculated? Black box. What happens with your information? Black box, too. What happens when things go wrong? You get the idea.
This creeping blight oozing all over the last vestiges of our privacy in the interest of some thinly-perceived benefit was something tech was supposed to liberate us from – provide new degrees of freedom from. But there is this feeling that the walls of surveillance are closing in on our ability to do what we want, how we want, with things we own.
Only, we own less and less. We rent the things we “buy” from companies, and only borrow what is specified in take-it-or-leave-it licenses heavily favoring the vendor. No? Try opting out of tying into the cloud for basic functionality in the latest e-thing you bought. This will be really hard in the cars of the future.
RELATED READING: Connected cars: How to improve their connection to cybersecurity
If privacy pundits bark vociferously, there may be a tiny checkbox allowing you to opt out, but it will be buried in fine print, and couched in obtuse terms, like “opt out of personalized experiences” or some such phrase. This is not privacy by default – it’s privacy by great effort.
But the cloud knows best, or so we’re told. Even though the cloud is subject to change, we should trust it, whatever it becomes.
Maintaining proxy ownership of your devices via licensing through the cloud doesn’t seem like ownership, really, it feels like renting. Now, with baked-in insurance spies, it feels like always driving with your driving instructor taking notes. So much for the freedom of the road.
Speaking of the road, new cars know how many miles you drive, which leans into by-the-mile licensing and taxing of your car. Someone else determines how much you pay, but once again your private life is the fuel to feed the machine.
Going to court? They can know exactly where you were and when: just ask your car. No need for an alibi – they already know with mind-numbing precision where you were that night. Driving too fast? That will be worse. Stopped outside a bar? Even worse. Both? Well… ”.
And imagine weight sensors in the seats. Then it’s not difficult to guess who the passengers were – or weren’t.
RELATED READING: Connected car hacking: Who’s to blame?
The good news is that auto theft will be very difficult indeed. Unless on the approved driver list, the would-be operator won’t be able to force the car to do anything, other than be hauled off on a flatbed tow truck. Even then, you’d know where it is. And maybe that’s good. But at what price?
Is there a world where consumers can understand what they truly own, and maybe even modify or fix it if they see fit, or opt out of third-party interaction altogether?
The “right to repair” what you own is a long, hard-fought cause shouldered by farmers who wanted to be able to work on their farm equipment out in the middle of nowhere. If your tractor is five hours from the dealer broken in a muddy field, it would be nice to fix it yourself instead. Manufacturers said ‘no’. Baked into the low initial sale prices were the expectation of a long tail of revenue from semi-forced service dependency. Violate that and rouse the ire of the dealers and manufacturers.
What will happen if you opt out of vehicle telemetry? At the grocery store I have to pay more if I don’t use a rewards card; will this happen with my next car? Will you eventually be able to get affordable insurance at all? You can bet the car manufacturers (and their insurance company partners) will have something to say about it.
by Cameron Camp, ESET We Live Security