Electric vehicles are sending real-time location and diagnostic data to Chinese government monitoring centers

Posted on Dec 8, 2018 by Glyn Moody

A couple of months ago, this blog noted how modern vehicles are constantly producing large quantities of data, which has important implications for privacy. An Associated Press article published in the South China Morning Post indicates that China is once more in the vanguard here, and not in a good way:

Global carmakers are feeding real-time location information and dozens of other data points from electric vehicles to Chinese government monitoring centres, potentially adding to China’s rich kit of surveillance tools as President Xi Jinping steps up the use of technology to track Chinese citizens. Generally, it happens without car owners’ knowledge, the Associated Press found.

More than 200 carmakers selling electric vehicles in China – including famous brands like Tesla, BMW, Daimler, Ford, General Motors and Volkswagen – send over 60 data points to government-backed monitoring platforms. Chinese officials say that they are merely using the analytics to improve public safety, and to aid with infrastructure planning. Those are certainly legitimate uses of aggregate data, and are similar to how Geotab’s vehicle data is being analyzed and applied in the US. However, in China’s case, the data is flowing to the Beijing Institute of Technology, which is monitoring some 1.1 million vehicles in the country. As the Associated Press article explains, the data flow is about to increase dramatically as part of a “Made in China 2025” industrial development plan.

Ding Xiaohua, the deputy director of the Shanghai Electric Vehicle Public Data Collecting, Monitoring and Research Center, which also receives data, said that “monitoring is not designed to facilitate state surveillance, though data can be shared with police, prosecutors or courts, if a formal request is made.” It’s not known how often such requests are sent through, but it’s hard to imagine the process represents much of an obstacle given the ready access to other kinds of digital data. The attitude of Western car manufacturers is noteworthy:

The carmakers gave dozens of reasons why they cannot give data to these centres, according to a government consultant who helped evaluate the policy and spoke on condition of anonymity to discuss sensitive issues. The consultant said the carmakers agreed when the government offered them incentives for sharing data.

There was concern the shared data might reveal proprietary information about, for example, how hybrids switch between gas and battery power, and eventually set carmakers up for commercial competition with a Chinese government entity.

In other words, Western companies were worried about business secrets, not the privacy of its users. And a few “incentives” apparently persuaded the manufacturers to comply. Volkswagen Group China chief executive Jochem Heizmann is quoted as offering the following defense of his company’s compliance with Chinese demands:

“It includes the location of the car, yes, but not who is sitting in it,” Heizmann said, adding that cars will not reveal more information than smartphones already do. “There is not a principle difference between sitting in a car and being in a shopping centre and having a smartphone with you.”

Justifying even more surveillance by pointing out that people’s privacy is already under attack is hardly a compelling argument. And the claim that the identity of the person driving the car is not involved is false. It’s well known that people are easy to identify from knowledge about just a few places they visit regularly, since these are likely to be their home and where they work. The rich location dataset provided to the Chinese authorities would allow a person’s identity to be discovered in seconds, by cross-referencing with other data.

Although the story in the South China Morning Post concerns only China, there are good reasons to fear that Western governments may soon press for similar access. For one, they can also plausibly claim that the data from vehicles will help prevent accidents by identifying traffic blackspots, and will aid in transportation planning. They will also doubtless point to competitive reasons why they should be allowed to collect this data. As the article notes:

China’s ability to grab data as it flows from cars gives it an edge. China tends to view technology development as a key competitive resource. Though global carmakers have received billions in incentives and subsidies from US, European and Japanese governments, they are contributing data to China that ultimately serves Beijing’s strategic interests.

Since China’s government and vehicle manufacturers will have this valuable data, Western governments will surely claim that their own industries must have access to it too, or they will fall behind. However, that will clearly lead to a race to the bottom, as authorities around the world point to their rivals to justify collecting more and more data derived from vehicles.

Once again, we run the risk of normalizing constant surveillance – this time of how we drive our cars and other vehicles. Since “everyone” is doing it, the argument will doubtless go, it can’t be a problem. But that’s really not the case. We know from past experience that the more data that is gathered and passed to centralized facilities, the greater the risk that data will leak out, often in massive quantities. And once it is out, it can never be put back.

Moreover, if these resources are created with the aim of improving road safety, or making transportation more efficient, there will be a growing pressure to use the data for other purposes. All it will take is a terrorist attack, or perhaps the high-profile kidnapping of a child, and the authorities will be able to argue that it would be “irresponsible” not to use all the means available to catch the perpetrators, or to locate the missing child. That would inevitably include searching through vehicle tracking data. And once the precedent has been set, it would be much easier to point to it in future, less pressing cases.

The key problem here is the centralized collection of personal data. The use of vehicle information for the public good is legitimate, but that doesn’t mean storing it in a form that is vulnerable to attack is equally reasonable. We need to develop decentralized systems like Tim Berners-Lee’s Solid that allow controlled aggregation of data without the risks associated with the current approaches. Unfortunately, there is still little sign that people appreciate how urgent the situation is, or that they will be willing to migrate to new approaches with privacy built in. That’s a pity. In China, it is unlikely that it will even be an option.

Featured image by Blomst.

VPN Service