The future of transport looks like a sensor-riddled computer
Security problems with connected cars became clear through the 2015 hacking of a Jeep Cherokee that allowed an attacker to remotely control the engine and brakes through its uConnect network connection. Chrysler introduced this in 2009 to put its “infotainment” systems online.
Elon Musk’s semi-autonomous carmaker Tesla has gone much further, with the high-end cars sending back data on their locations – “such access is restricted to a limited number of personnel within Tesla,” says the company’s privacy policy – speed, braking, camera images and video clips, among many others. It’s possible to opt out of data sharing, but the company warns that this may cause “reduced functionality, serious damage, or inoperability”, including the disabling of software and firmware updates.
Smartphone users may be used to having everything they do tracked, but to some extent this is part of the deal – mobile devices only work when they are connected to a network that knows where they are, and many apps rely on sharing a user’s location, images and contacts. But present-day cars do not need a network connection to operate, although autonomous vehicles are generally being designed to rely on one. Drivers have increasingly been tracked for specific reasons, such as policing and parking by automatic number plate recognition (ANPR) cameras, for emergencies by locator devices and by insurers if they choose policies based on how they drive. But connected cars collect all this and more and send it back to their manufacturers.
Lauren Smith, policy counsel for US think-tank Future of Privacy Forum, says the question is whether the smartphone model, where users expect to download apps and get services for free in exchange for their data, transfers to cars. “In some ways there’s a little bit more friction because consumers often have a different relationship with their car. We’ve often thought of cars as guaranteeing our autonomy and freedom, but the reality is they are becoming computers on wheels,” she says.
Vehicle manufacturers appear to recognise the importance of privacy to their customers, having come up with a set of principles (PDF) on this as early as 2014. “At the same time, they want to keep pace with the times and provide services,” Smith says. “They are learning and adapting. There’s a sense that consumers see cars a little bit differently than they see other technologies.”
Some see big opportunities in making connected cars work like smartphones, in particular targeted advertising. In November, analysts at Morgan Stanley answered the question “What if Ford were run like a tech company?” by saying it would “turn the car into a sensor, and harvest all the data”, then “turn vehicle owners into service and experience subscribers”. Transport would be charged for at cost or a small loss, with profits coming from “paid search, content and other areas”. The analysts estimated that each “immersive transport service” would yield $300-$1,500 (£210-£1,060) annually.
John Ellis, who has worked as a technologist for Ford and Motorola, reckons that the likes of Google will turn car data into money, rather than the vehicle makers. Volvo and Audi are already planning to use Google’s Android Auto operating system in some cars.
In his book The Zero Dollar Car, Ellis discusses how drivers can benefit. “I’m of the belief that we will see the end of the individually owned car business model,” he says, with the rise of long-life electric engines, autonomy and increased sharing as reasons for people to move from outright purchase to subscription contracts. Already, four-fifths of new cars in the UK are bought with personal contract plans, where drivers pay a monthly charge to lease the vehicle.
Ellis thinks driver-dealer contracts should state how much car-generated data is shared – with drivers getting a subsidy for the data they allow to be passed on. Refusing would be an option: “In essence, by asking for full price, you ask to purchase privacy,” he says. Contracts would also set limits, such as ruling out the use of car data to derive drivers’ religion from which place of worship they park near on a regular basis.
Who would buy data from cars? Weather services could use cars as mobile weather stations through their on-vehicle thermometers, windscreen wipers and headlights, while road authorities could gather real-time data on traffic speeds and potholes. Ellis reckons both are worth several thousand dollars over the 11-year life of the typical car.
Personalised, location-targeted advertising could be more contentious, but also valuable. Ellis says this would particularly apply if drivers were willing to take a short detour to a specific outlet: “What would Starbucks pay to know you’re in car and moving?” He thinks many drivers would agree to this in return for cheaper transport and coffee, but need to have agreed to this consciously: “When things start to get creepy, people take notice,” he says.
Lisa Joy Rosner, chief marketing officer of US-Israeli startup Otonomo, says that other uses could include locations of parking spaces; automation of on-demand fuelling, a service already offered via smartphone app in some parts of the US; and software fixes when data from cars show a part is reacting to certain temperatures, based on location. More generally, the data can be used for predictive maintenance, so when a battery is near to failing the dealer can invite the owner in to get it fixed. “It strengthens the relationship between the brand and the driver, the consumer,” she says. Otonomo aims to provide a marketplace for such data.
Rosner says the strongest reasons for car users to stay connected are safety related. In an accident, cars could transmit information to emergency medical responders such as whether the vehicle had turned over, whether seat belts were worn and biometric information from connected devices worn by passengers. She draws a parallel with people wanting privacy except when they want a company to pay rapid attention to a complaint: “Don’t listen to me in my car, but if God forbid I’m in an accident, make sure you have all the data to save my life.”
She adds that privacy concerns appear to be fading, based on surveys she has carried out for technology companies over two decades and her children’s relaxed attitudes. “I would argue that the people, the demographic who are really nervous about privacy are going to stop driving pretty soon, and the people getting behind the wheel are more digital natives,” she says. “People have become so dependent on their smart devices that they expect that experience from the car.” Autonomous vehicles will take these expectations even further, she adds.
Even if this is true of many individuals, in Europe at least the legal system looks likely to constrain the use of data from cars, although Thomas Kahl, a specialist lawyer in IT at law firm Taylor Wessing, sums up the picture as “complex”.
The General Data Protection Regulation (GDPR) coming into force this May stresses the importance of privacy being designed into products and services and transparency for consumers. “GDPR requires data subjects like a driver have to be aware of what is going on in the car, especially what data is passed on to third parties,” Kahl says – which raises questions of how this takes place, whether at the time of purchase, through material in the manual, on the car’s screen or by other means.
“Looking at GDPR, we’re just at the start of it,” says Kahl. “It will take some time before we have developed really clear rules on how to deal with data from connected cars under the new legal framework – but we will manage.” National laws and regulators across Europe will also affect how data from connected cars is used. Kahl says that some countries including Germany have laws that regulate marketing, which will also have a big impact on in-car advertising.
Privacy campaigners have so far focused on problems with the relatively limited data already stored by infotainment systems, which may download contacts from Bluetooth-connected mobiles. UK-based Privacy International recently researched whether hire car companies wipe personal data from such systems when a car is returned – and found they generally put the responsibility on the hirer. “As they clean the physical inside of the car they should clean the infotainment system too,” says Millie Graham Wood, a solicitor for the group of hire car companies.
The Future of Privacy Forum, in a guide (PDF) developed with the US National Automobile Dealers Association, recommends those handing back or selling a vehicle check they have wiped phone contacts, mobile apps used with the car’s systems, the vehicle’s hard drive, favourite locations on navigations systems, plugin devices – and anything that opens the garage door.
Privacy International passed its report to UK regulator the Information Commissioner’s Office, which says it will respond in due course. The ICO adds that makers of connected cars need to be clear with users about the use of their data and provide options to control it. “A key way this can be done is by considering privacy issues at the design stage, and by taking appropriate actions to address them. However, it isn’t just about data protection compliance – it’s about building trust among consumers, giving them good customer service and treating them with respect,” a spokesperson says.
So how much should drivers and passengers fear for their privacy when in connected cars? They are designed to store and transmit data that previously didn’t exist. Contacting the emergency services automatically in a crash is beneficial, and spotting parts that need maintenance may be useful. But some of the possible uses of connected car data look potentially invasive – while location-targeted advertising could be distractingly dangerous.
“There’s no theoretical reason why drivers shouldn’t get offers that are to their benefit,” says Steve Gooding, director of the RAC Foundation, a UK transport research charity. “However, there are practical issues. While a 10 per cent discount at the next service station might encourage people to take a break rather than push on through their fatigue, we don’t want them studying their mobiles or built-in screens every time the latest enticement to spend money pings up.”
This assumes cars can connect in the first place. RAC Foundation research in 2015, based on data from regulator Ofcom, found that 4,561 miles (2 per cent) of the British road network has no mobile network coverage for voice calls, never mind data. Just under half of the network has full 3G coverage and only 18 per cent has full 4G coverage.
“Perhaps a more valuable benefit of being able to target motorists in precise locations is that the authorities can better inform them of traffic and travel conditions, so that those about to drive into a blizzard or join the end of a tailback know what’s going on, ideally in time to make an alternative plan before it is too late,” adds Gooding.
Privacy International’s Millie Graham Wood adds that those wanting to protect their privacy at present would probably be best “to buy a really old car that isn’t super-connected”, adding: “If people start asking more questions and being more demanding on this, then retailers and manufacturers might have to change their tune. Ultimately, they are dependent on customers.” ®