Is your car a privacy risk?
New cars are far more computerized than older models. In many ways, this is a good thing. Tools like parking assist and blind-spot detection make life easier and prevent accidents. On-board GPS and navigation tools help us get where we’re going without the risk of distracted driving that comes from glancing at a map or smartphone.
But security and privacy experts warn that all of this automotive computerization comes with a cost. Modern cars produce a great deal of data — data which is already being collected and shared with third-party companies just like smartphone app data is.
Recent articles by Mashable and The Markup highlight this growing problem. Both are well worth reading in full — but for the short of time, here are some curated highlights:
What does your car know?
Newer cars produce so much data because of their extensive onboard sensors and systems. Here are some examples:
- Navigation and “infotainment” systems (perhaps somewhat obviously) have access to your location data and the destinations you’ve driven to — as well as vehicle sensor data and media use.
- Entertainment systems that work via a connection to a driver’s smartphone may copy mobile device information, such as contacts lists, to the vehicle.
- “Telematics” data, or sensor data about your driving habits, is recorded by modern cars and used by insurance companies to offer safe driver discounts to their customers. This data can also be used in investigations in the event of an accident.
Why this matters for privacy
The data recorded by a car is a privacy issue because it’s already being passed around and monetized by data brokers in the same way that app data is. In the automotive industry, these brokers are called “vehicle data hubs.” Quoting the piece from The Markup:
Vehicle data hubs ingest vehicle and movement data from several different sources: from OEMs, from other connected vehicle data providers, directly from vehicles using aftermarket hardware (such as an onboard diagnostic [OBD] dongle), or from smartphone apps. The companies normalize the data and offer it to customers in the form of a dashboard or insights derived from analysis or other data products.
In addition, carmakers, sensor manufacturers, telecoms, and insurance companies have access to your vehicle data — to use as they see fit.
If you ask the companies handling this data how they’re protecting driver privacy, they point out that data is used in aggregate or anonymized. But as we’ve seen with other kinds of data like web browser data and podcast data, data de-anonymization is often trivial for a motivated actor. In fact, there is an existing data de-anonymization industry for app and web data — and investigative reporters have already discovered at least one example of supposedly anonymous vehicle data leaking personal information.
But beyond this, there’s an even more fundamental issue at play. Vehicle data privacy is simply not on most people’s radar — and it’s not very well regulated at the moment. So even if all of the current parties handling our vehicle data were well intentioned (and that’s a big “if”), there’s nothing to stop someone from using vehicle data in a more invasive way in the future.
How to protect your privacy in cars
At the moment, there is no one solution to the problem of vehicle data privacy (other than driving old cars or choosing to walk!).
Realistically, you’re probably not going to be able to stop the government from accessing your car’s vehicle data if they really want to, as they already do with search data and smartphone location data.
But as with all things in digital privacy, there are ways to minimize your exposure and your risk. Here are a few suggestions for protecting your privacy when you drive:
Be informed
Read the privacy policies of the infotainment and navigation systems you use, and pay attention to what they say about how they’re handling and sharing your data. Some are better than others, and some carmakers are even starting to market driver privacy as a feature in much the same way that Apple does for mobile devices.
Opt Out
If your car comes with an onboard navigation system or your insurance company offers a smart driver program, you don’t have to use it. This is a trade off, of course, and some people won’t want to miss out on the convenience or the cost savings — it’s an individual choice that everyone has to make for themselves.
Compartmentalize
In general, it’s good advice to compartmentalize your digital life as much as you can. Using separate email addresses to sign up for car-related apps and services, or even a separate mobile device that you only use for driving, can help to prevent data brokers from associating data points in one area of your life with the rest of your data. This makes de-anonymization harder, and complicates the work of anyone trying to build a marketing profile based on your data.
Use navigation sparingingly
If your data. This makes de-anonymization harder, and complicates the work of anyone trying to build a marketing profile based on your data.
Use navigation sparingingly. If you’re going to get hopelessly lost without it, you may need to use your onboard navigation system. But in many cases, just looking up your route before you start your trip is enough to get you to your destination safely — which minimizes the total data that your nav system has about your activity.
Be mindful when making sensitive trips
If you’re traveling for a medical appointment or some other highly personal reason, and you don’t want your car to know about it, consider making alternate transportation arrangements or obfuscating your destination. Take public transportation if that’s an option. Drive to and park at a nearby location instead of, for example, a doctor’s office — or have a friend or a ride-hailing service drop you off at the nearest cross street.