PyrPatriot
Well-Known Member
- Thread starter
- #1
https://www.washingtonpost.com/tech...-car-know-about-you-we-hacked-chevy-find-out/
Selected excerpts
On a recent drive, a 2017 Chevrolet collected my precise location. It stored my phone’s ID and the people I called. It judged my acceleration and braking style, beaming back reports to its maker General Motors over an always-on Internet connection.
We’re at a turning point for driving surveillance: In the 2020 model year, most new cars sold in the United States will come with built-in Internet connections, including 100 percent of Fords, GMs and BMWs and all but one model Toyota and Volkswagen. (This independent cellular service is often included free or sold as an add-on.)
There are no federal laws regulating what carmakers can collect or do with our driving data. And carmakers lag in taking steps to protect us and draw lines in the sand. Most hide what they’re collecting and sharing behind privacy policies written in the kind of language only a lawyer’s mother could love.
Modern vehicles don’t just have one computer. There are multiple, interconnected brains that can generate up to 25 gigabytes of data per hour from sensors all over the car. Even with Mason’s gear, we could only access some of these systems.
Among the trove of data points were unique identifiers for my and Doug’s phones, and a detailed log of phone calls from the previous week. There was a long list of contacts, right down to people’s address, emails and even photos.
Infotainment systems can collect even more. Mason has hacked into Fords that record locations once every few minutes, even when you don’t use the navigation system. He’s seen German cars with 300-gigabyte hard drives — five times as much as a basic iPhone 11. The Tesla Model 3 can collect video snippets from the car’s many cameras. Coming next: face data, used to personalize the vehicle and track driver attention.
My volunteer car owner Doug asked GM to see the data it collected and shared. The automaker just pointed us to an obtuse privacy policy. Doug also (twice) sent GM a formal request under a 2003 California data law to ask who the company shared his information with. He got no reply.
GM spokesman David Caldwell declined to offer specifics on Doug’s Chevy but said the data GM collects generally falls into three categories: vehicle location, vehicle performance and driver behavior. “Much of this data is highly technical, not linkable to individuals and doesn’t leave the vehicle itself,” he said.
The company, he said, collects real-time data to monitor vehicle performance to improve safety and to help design future products and services.
GM would not tell me exactly what data it collected for that program but said “personal information was not involved” because it was anonymized data. (Privacy advocates have warned that location data is personal because it can be re-identified with individuals because we follow such unique patterns.)
GM’s privacy policy, which the company says it will update before the end of 2019, says it may “use anonymized information or share it with third parties for any legitimate business purpose.” Such as whom? “The details of those third-party relationships are confidential,” said Caldwell.
Selected excerpts
On a recent drive, a 2017 Chevrolet collected my precise location. It stored my phone’s ID and the people I called. It judged my acceleration and braking style, beaming back reports to its maker General Motors over an always-on Internet connection.
We’re at a turning point for driving surveillance: In the 2020 model year, most new cars sold in the United States will come with built-in Internet connections, including 100 percent of Fords, GMs and BMWs and all but one model Toyota and Volkswagen. (This independent cellular service is often included free or sold as an add-on.)
There are no federal laws regulating what carmakers can collect or do with our driving data. And carmakers lag in taking steps to protect us and draw lines in the sand. Most hide what they’re collecting and sharing behind privacy policies written in the kind of language only a lawyer’s mother could love.
Modern vehicles don’t just have one computer. There are multiple, interconnected brains that can generate up to 25 gigabytes of data per hour from sensors all over the car. Even with Mason’s gear, we could only access some of these systems.
Among the trove of data points were unique identifiers for my and Doug’s phones, and a detailed log of phone calls from the previous week. There was a long list of contacts, right down to people’s address, emails and even photos.
Infotainment systems can collect even more. Mason has hacked into Fords that record locations once every few minutes, even when you don’t use the navigation system. He’s seen German cars with 300-gigabyte hard drives — five times as much as a basic iPhone 11. The Tesla Model 3 can collect video snippets from the car’s many cameras. Coming next: face data, used to personalize the vehicle and track driver attention.
My volunteer car owner Doug asked GM to see the data it collected and shared. The automaker just pointed us to an obtuse privacy policy. Doug also (twice) sent GM a formal request under a 2003 California data law to ask who the company shared his information with. He got no reply.
GM spokesman David Caldwell declined to offer specifics on Doug’s Chevy but said the data GM collects generally falls into three categories: vehicle location, vehicle performance and driver behavior. “Much of this data is highly technical, not linkable to individuals and doesn’t leave the vehicle itself,” he said.
The company, he said, collects real-time data to monitor vehicle performance to improve safety and to help design future products and services.
GM would not tell me exactly what data it collected for that program but said “personal information was not involved” because it was anonymized data. (Privacy advocates have warned that location data is personal because it can be re-identified with individuals because we follow such unique patterns.)
GM’s privacy policy, which the company says it will update before the end of 2019, says it may “use anonymized information or share it with third parties for any legitimate business purpose.” Such as whom? “The details of those third-party relationships are confidential,” said Caldwell.
Sponsored