Smartphones with wheels: how modern transportation brings new privacy problems

Posted on Oct 26, 2019 by Glyn Moody

Tracking vehicles as a way of carrying out surveillance has been used by governments around the world for years. When exactly it should be allowed is still a hot topic, in the US at least. And it’s not just the police that use tracking devices. Recently it emerged that the car manufacturer Mercedes has covertly installed them in all its new and used cars. They’re employed for a rather striking purpose – in what the company calls “extreme circumstances”: when finance customers have defaulted on their payments. The company shares vehicle location information with recovery firms who then try to seize the cars. Although clearly an unacceptable infringement of people’s privacy, it’s primitive compared to what is coming. Here’s why vehicle-based surveillance is about to get much worse, as outlined by McKinsey:

Today’s cars have up to 150 electronic control units; by 2030, many observers expect them to have roughly 300 million lines of software code. By way of comparison, today’s cars have about 100 million lines of code. To put that into perspective, a passenger aircraft has an estimated 15 million lines of code, a modern fighter jet about 25 million, and a mass-market PC operating system close to 40 million. This overabundance of complex software code results from both the legacy of designing electronics systems in specific ways for the past 35 years and the growing requirements and increasing complexity of systems in connected and autonomous cars.

The more code, the more data that is produced and analyzed, and the more details about how a connected vehicle is used are potentially available. Companies in several industries are well aware of this fact, and are fighting to become the gatekeepers. Last year the CEO of Ford caused ripples when he suggested the company might start using the data that it gathers for other purposes to boost profits. Google is currently locked in a battle over electric car data. It involves the Italian utility Enel, which is setting up a network of charging stations for electric vehicles. It has an app that helps users locate nearby charging points. Google is refusing to integrate the app into its car control software. Instead, it wants people to use Google Maps to find Enel’s charging stations. The key difference is that in the latter case, Google gains streams of valuable data about what Enel’s drivers are doing. A recent article in the New York Times spelled out the kinds of data that are potentially available from digital cars:

Your location data will allow companies to advertise to you based on where you live, work or frequently travel. Data gathered from voice-command technology could also be useful to advertisers.

The data on your driving habits – how fast you drive, how hard you brake, whether you always use your seatbelt – could be valuable to insurance companies. You may or may not choose to share your data with these services.

The author, Bill Hanvey, who is president and chief executive officer of the Auto Care Association, rightly says: “Cars produced today are essentially smartphones with wheels”, but adds: “while you can turn off location data on your cellphone, there’s no opt-out feature for your car.” That’s why transportation data is potentially even more valuable than the kind derived from smartphones.

Despite that, it is still possible to use cars to help fight back against surveillance. For example, Nexar allows people to use their smartphones as a dashcam, recording everything that happens as they drive along. At least that means people have their own record of what is happening, and can use it to provide context for any version produced by the authorities. The security researcher Truman Kain has taken that a stage further with his Surveillance Detection Scout, reported here by Wired:

The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car’s built-in cameras – the same dash and rearview cameras providing a 360-degree view used for Tesla’s Autopilot and Sentry features – into a system that spots, tracks, and stores license plates and faces over time. The tool uses open source image recognition software to automatically put an alert on the Tesla’s display and the user’s phone if it repeatedly sees the same license plate. When the car is parked, it can track nearby faces to see which ones repeatedly appear.

That’s a neat reversal of the usual dynamics, where the car spies on you, but is only possible if you own the vehicle. It’s not an option for buses, ships – or planes:

Aerospace giant Airbus has announced this week that it has begun in-flight tests of its ‘connected cabin’ aboard its A350-900 wide-body aircraft. The plane is bristling with sensors that can track passenger behaviour and movements, including how often and for how long the toilet is being used.

This exposes a general problem with public transportation. You are essentially trapped inside someone else’s private property. If they choose to equip that with various kinds of surveillance systems, there’s not much you can do about it, unless there are local personal data protection laws – such as the EU’s GDPR – that are designed to prevent precisely this kind of progressive erosion of privacy. In their absence, the increasing digitization of transport is likely to bring with it new opportunities for pervasive and unavoidable surveillance.

Featured image by Alf van Beem.