Vehicles have become rolling data collectors. Fitted with telematics systems, which allow vehicles to communicate with the outside world, the family crossover now has the capacity to monitor our behavior as faithfully as any computer or electronic-surveillance instrument. And as with other modern threats to privacy, we arrived here out of a desire to improve safety.
General Motors spearheaded the first widespread deployment of in-vehicle data recorders, or “black boxes,” in the 1990s, coincident with new airbag regulations. The technology was developed to capture crucial information about real-world crashes to help engineers and researchers improve automotive safety. Today, however, insurance and law-enforcement investigators commonly use the data for crash reconstruction and as evidence in legal cases. You can prove your innocence or be found at fault in an accident with the information captured by a black box. Indeed, event-data recorders (EDRs) installed in Toyota vehicles cleared the company from liability in NHTSA’s 2011 unintended-acceleration investigation.
EDRs save a steady stream of data to memory, the old constantly overwritten by the new, until a crash freezes the record from a few seconds before until after it’s over. Federal standards that began with the 2013 model year say vehicles with black boxes must record a minimum of 15 data points, including vehicle speed, engine rpm, throttle angle, brake use, seatbelt status, and changes in velocity, among others. Rules for 30 additional and optional elements are also part of the NHTSA requirement. But carmakers are not forbidden from recording more data, or doing so for longer periods than the five seconds required by the government. Indeed, another proposed standard would have required 85 variables.
EDRs are not yet required equipment, but a proposed change to the Federal Motor Vehicle Safety Standards would have mandated the devices in all cars and light trucks starting in September. NHTSA, however, delayed its final ruling amidst public criticism over privacy rights and pushback from carmakers. Any celebration by privacy advocates would be premature, however, as insiders expect NHTSA to move forward with a mandate eventually. For most consumers, it won’t matter much. Some 96 percent of new vehicles sold in the U.S. today already contain black boxes, with the notable exception of Volkswagen Group models and low-volume exotics.
Questions remain over the efficacy of the technology for uses beyond the initial aim of assisting crash researchers. The contents of an EDR can be read by anyone with the proper tools and access to the diagnostic port on a vehicle. And if you can access the data in an EDR, you can alter it. Among many comments to NHTSA’s proposal are concerns from attorneys that criminal convictions or civil judgments can be obtained based on falsified crash data.
“It is possible to tamper with this stuff,” says Tom Kowalick, an EDR expert who contributed to NHTSA’s standards-making group. “NHTSA is saying you can’t erase crash data, and they are wrong.”
Less insidious, but perhaps more concerning, are allegations from forensic investigators that the devices themselves are fallible. Despite NHTSA’s rulemaking, different commercial systems do not perform identically and data retrieval from the boxes is not standardized. Rollover accidents present challenges to recording accurate data not only because these events last longer than a frontal collision, but because their physics are so different. And in some cases, the data pulled from the boxes is wrong. One attorney’s comments on NHTSA’s proposal included examples where EDR reports contained incorrect information, such as stating that airbags had been deployed when they hadn’t, or claiming a deceleration rate in the single digits from a car that had been completely demolished in a collision.
While 14 states have enacted laws requiring an owner’s consent to access the data, they universally include exemptions for court orders, safety research, and vehicle service. NHTSA’s position is that a vehicle’s owner also owns the black-box data, but the agency also says it has no regulatory authority to ensure such rights.
The specter of black boxes is less chilling than the one raised by telematics, though. While EDRs basically just take notes, cellular-linked technology such as Ford’s Sync or GM’s OnStar can transmit any onboard data stream in real time. And the nature of their two-way communication means that telematics systems will become tempting targets for hackers, says Nate Cardozo, a staff attorney for the Electronic Frontier Foundation, a technology-focused civil-liberties group.
But a more immediate concern is that these systems can also transmit GPS-derived location information. And while we subscribe to the belief that you are what you drive, the reality is that you are really defined by where you drive.
“Location data is one of the most sensitive kinds of data about us,” says Cardozo. “Anyone who has this data can figure out an amazing array of things about a person.”
And “anyone,” in this case, means the automakers. A December 2013 report issued by the U.S. Government Accountability Office (GAO) investigated 10 telematics companies—including Chrysler, Ford, GM, Honda, Nissan, and Toyota—all of whom collect location data.
Collecting is one thing, but acting on that data is another. There is an expectation that automakers would like to use it for marketing, tapping into the one area of everyday life that Google and Apple have yet to invade (not that they aren’t trying). Their plans extend beyond creating 21st-century Burma-Shave campaigns. John Ginder, manager of systems analytics and environmental sciences for Ford’s research and advanced engineering group, said in a 2012 interview that Ford sees an “opportunity to grab that data and understand better how the car operates and how consumers use the vehicles and feed that information back into our design process.”
A Ford spokeswoman insists it doesn’t track drivers “without their consent” and points to its end-user license agreement as proof. GM told us that as a matter of policy it does not grant interviews concerning OnStar and data collection. Car manufacturers are generally reticent about the operation of their telematics systems.
- Federal Legislation Introduced to Limit Access to Data from Vehicle Black Boxes
- Senate Passes Bill Mandating Vehicle Data Recorders, House Expected to Do Same
- 2015 Ford Mustang GT Tested: More Refined—But Still a Stallion at Heart
The aforementioned GAO report warned that “9 of 10 companies also provide reasons for collecting location data that are broadly worded and potentially allow for unlimited data collection and use.” Further criticism included “not allow[ing] consumers to request that their data be deleted,” and the fact that “none of the selected companies disclose to consumers how they hold themselves and their employees accountable.”
We came across this phrase courtesy of the American Civil Liberties Union: “Capability is driving policy,” that is, technology moves faster than regulations. It was written in reference to the National Security Agency’s wiretapping and other recent surveillance abuses, but it is appropriate here. Just as nobody understood how black boxes intended to diagnose airbag-system problems might one day serve as evidence in trials, we don’t know the extent of carmakers’ plans for building databases sourced from within the vehicle. The technology to do so, however, is already on the road.
The car used to be the device that granted freedom—from your routine, your responsibilities, your small town. By 2025, it seems clear that such notions will have vanished completely from the average driver’s mind.
from Car and Driver Blog http://ift.tt/1wyKZSU
via Agya
