[Infowarrior] - Fwd: Your car is watching you
Richard Forno
rforno at infowarrior.org
Thu Aug 11 07:36:37 CDT 2016
--
It's better to burn out than fade away.
> Begin forwarded message:
>
> From: dan
>
> http://www.bbc.com/autos/story/20160809-your-car-is-not-your-friend
>
> How connected car tech is eroding personal privacy
>
> Your car is watching you -- tracking your driving style, your
> whereabouts, and even your favourite songs. Can it be trusted?
>
> * By Erin Biba
>
> 9 August 2016
>
> BILL SCANNELL FELL DOWN A RABBIT HOLE. All he wanted was to
> disable a device in his car: An always-on, net-connected "helper"
> that provides the car's driver with app connections, turn-by-turn
> navigation, and roadside assistance... at the expense of personal
> driving data. Similar devices track how fast you're going, how
> hard you ride the brakes, even your final destination. And all
> that info gets sent back to the manufacturer. Scannell wanted
> out. Unfortunately, it was easier said than done.
>
> You see, Scannell is a security guy. And, while Scannell thought
> these features of the Car-Net system in his new Volkswagen Golf
> were pretty neat, for him the system was a lot more than the
> "partner" that VW advertises. But he's been in privacy for years.
> In fact, it's literally his job -- he's an adviser for security
> start-ups. And he knows all too well how simple it is to hack
> into a system with an open internet connection. For him, Car-Net
> wasn't a helper. It was an opening for companies to spy on him.
> For a hacker to take control over his steering wheel. To find
> himself in a potentially dangerous situation.
>
> It's a reality that is present in basically every single new car
> that hits the market these days. Our cars are all waking up and
> coming online. The companies that manufacture them are filling
> each one full of hundreds of sensors that capture endless amounts
> of data about us and how we drive. It's the last bastion of
> consumer information.
>
> And just like your mobile phone, which has been spying on you
> for years, your car is not your friend.
>
> Your car forgets nothing
>
> Unfortunately for Scannell -- and all car owners, for that matter
> -- disabling systems like Car-Net is no easy task. Sitting in
> his brand new car at the dealership, watching the system's light
> flashing (even though he never asked for it to be enabled)
> Scannell was concerned. And then he started reading the manual.
> He soon decided: The system had to go.
>
> "[Car-Net] is this two way microphone into your entire life. You
> never know when it's on or off. Your life is not your own," he
> says. "At this point my concern is about control. And who controls
> what. Do I believe VW would shut my car off while I'm driving?
> No. Do I believe there's potential, just because it's America
> and things are weird... that someone [could] decide to shut my
> car off? Yes."
>
> And his fear doesn't come out of nowhere. Hackers have already
> proven that they're capable of this feat. Last year, Manchester-based
> NCC Group told the BBC that they had found a way to take control
> of a car's brakes and a variety of its systems through the car's
> radio. In fact, they said, it would even be possible for them
> to take control of several cars at once using the same technique.
> All it would take was one stream of code to infiltrate a weakness
> in the system.
>
> "I don't think I should have to worry about these things,"
> Scannell says. "I'm a great believer in privacy, but I'm not a
> privacy nut. I didn't want this thing activated. It was important
> to me that it not be activated."
>
> These devices have microphones and video cameras. The on-board
> entertainment and navigation systems keep track of what music
> you're listening to and where you physically go in your car.
>
> The insidious part of these systems is that their potential to
> do harm isn't as big or scary as a stranger taking over control
> of your wheel. It's the smaller, less obvious forms of data
> collection and tracking that are starting to make privacy experts
> very nervous.
>
> Ever since General Motors introduced the OnStar telematics system
> in 1995, car makers have been busy filling vehicles with a whole
> slew of devices that track, sense, and communicate. Most new
> cars are equipped with about 100 electronic actuators that are
> distributed throughout the vehicle's various systems. It's their
> job to notice what's happening in the steering wheel, the throttle,
> and the brakes. They sense weight on the seats and they keep
> track of how fast the car is going. Then they log all this data,
> store it, and send it back to the manufacturer.
>
> The dealership or the manufacturer will then use this data for
> a variety of purposes. The main reasons -- at least the ones
> that they share publicly -- are to assist the vehicle's owner
> with car maintenance and protect their safety. Hit a certain
> number of miles on your odometer? Your car will let you know
> it's time for an oil change. System notices your brake rotors
> have started to wear down? Your car will tell you it's time for
> a fix. In 2009 OnStar introduced Stolen Vehicle Slowdown, a
> feature that allows the company to remotely manipulate a moving
> vehicle's throttle response, gradually cutting the power. The
> company touted the feature -- which is part of a security suite
> that includes a remote engine ignition blocker and a theft-alarm
> notification function -- as a way to safely disable a stolen
> vehicle that was in sight of law enforcement, thereby ending a
> high-speed chase before it started. But to privacy experts, it
> was further proof that telematics systems could override every
> vehicle control short of the steering wheel. And if an OnStar
> operator could do it, they feared, couldn't a hacker?
>
> Beyond the actuators, there's data collection going on in the
> OnStar and Car-Net-like systems as well. These devices have
> microphones and video cameras. The on-board entertainment and
> navigation systems keep track of what music you're listening to
> and where you physically go in your car.
>
> In fact, in the US, there's a federally mandated "black box" --
> an elusive device known officially as an Event Data Recorder,
> or EDR -- that has been installed in every new car since 2014.
> It logs much of this data, like whether or not you're wearing
> your seatbelt, for use in law enforcement and post-accident
> assessment. There is basically no aspect of the driving experience
> that can't be measured, quantified, and logged.
>
> "It's the field of dreams approach to privacy and surveillance,"
> says Lee Tien, a senior staff attorney at the Electronic Frontier
> Foundation, a non-profit organisation that is dedicated to
> protecting civil rights in the digital world. "If there are
> sensors in cars collecting data that pertain to what people are
> doing then there will be a law enforcement interest. We start
> there. But we recognise that it's all of the companies, whether
> car vendors or third party vendors, that also have a lot of use
> for that data. It's the car analogue to data on the internet.
> You go to Facebook and they're sucking in data. Google -- they're
> sucking in data. If you build it, they will come."
>
> No easy way out
>
> After being met with blank stares and shrugs by salesmen at the
> VW dealership when Scannell asked if his Car-Net system was
> running or not, he ultimately decided the best bet would be to
> try and get it removed. And, because he's tech guy, he turned
> to the Internet to see if anyone had attempted the task on their
> own. Car-Net, he found, was a lot more than just a little module
> that could be yanked out. In an online forum for Golf owners,
> he found someone who had tried to remove the system.
>
> A step-by-step photo essay on the forum shows user "shoku"
> dismantling their entire dashboard and finally teasing out the
> Car-Net box, which is marked with a label that notes opening the
> box voids the warranty. "Inside we find a pretty dense multi-layer
> circuit board. Compared to my Nexus 5 cell phone, it has way
> more components," shoku writes. "Under the board is a loose
> plastic bit with some terminals. Definitely the cell antenna.
> Just removing the antenna did not disable the communications.
> It was able to connect as if nothing was wrong, even after I
> tried shorting the leads together."
>
> There is basically no aspect of the driving experience that
> can't be measured, quantified, and logged.
>
> This is the part that Scannell says is the most concerning. Even
> when the system's antenna was physically disconnected, the car
> was still online. He says that buried deep in the dashboard is
> Verizon cell phone 3G hardware that's always on. "Whether you've
> provisioned it or not," he says. "You can still wirelessly connect
> to the car."
>
> According to Dorothy Glancy, a professor of law at Santa Clara
> Law School, and a nationally known expert on transportation and
> privacy security law, all of this data collection and wireless
> connectivity is perfectly legal. "The government isn't doing
> anything about this," she says. There are few laws that protect
> the privacy of the information that you generate inside your
> car. The only real auto-related privacy protections the US federal
> government affords are for the records held by the Department
> of Motor Vehicles.
>
> And this has some nerve-wracking implications for consumer
> protection that go beyond a little snooping. For example, US-based
> Progressive Insurance recently introduced Snapshot, a biscuit-sized
> device that plugs into a car's standard onboard diagnostics port.
> During the sample period (usually at least 75 days), the module
> tracks vehicle speed, time of day and location -- thanks to
> integrated GPS, included "for research and development purposes".
> The module uses this data to extrapolate acceleration rates and
> braking force. (The device actually beeps during hard braking,
> to evoke a sort of Pavlovian response to "bad" driving.) The
> company then provides all the data in a handy, easy-to-access
> online page on your Progressive account. Progressive says voluntary
> use of the device will allow the user to "get a personalised car
> insurance rate based on how you drive."
>
> And Progressive isn't the only US insurance company that has
> started providing this service. Allstate also has a similar
> device called Drivewise, Nationwide has SmartRide, and StateFarm
> has DriveSafe and Save, which actually collects its data through
> customers' pre-existing OnStar systems. Glancy says that, while
> these services are elective, it's not completely clear what
> exactly insurance companies are doing with all the information
> they're gathering. "I've been concerned about this being misleading
> to consumers," she says. And because there are no laws to protect
> consumer privacy in this arena, she continued, it would be very
> difficult to use legal measures to reveal how the data is being
> processed.
>
> A spokesperson for Progressive says they try to be clear about
> how they manage data, but that policy is not necessarily the
> norm industry-wide. According to Progressive's terms of service,
> the company says they don't use the data to resolve an insurance
> claim unless you ask them to. Though they do say they will share
> it in response to a legal subpoena, or "to a state department
> of insurance to support renewal rates, to service providers who
> are contractually required to maintain its confidentiality;
> and/or as otherwise required by law." Lastly, the terms of service
> do state they share non-identifiable forms of the data "more
> broadly" -- "de-personalising the data means that we remove
> personally identifiable information so that the data cannot be
> associated with a particular driver or policyholder."
>
> Spilling secrets
>
> Five car gadgets that could invade your privacy
>
> some text
>
> STANDALONE GPS NAV UNITS Most basic dash-top GPS devices are
> strictly receivers, using satellite-provided location data to
> drive internal mapping software. But even the simplest of them
> still record detailed location information -- data that could
> be harvested when the unit is connected to a computer for annual
> map updates or, if the unit has a Bluetooth chip or an FM radio
> transmitter, snagged out of thin air.
>
> TOLLWAY TRANSPONDERS Intended to allow motorists to breeze past
> the cash-carrying plebes lined up at toll booths, these radio
> frequency identification (RFID) modules transmit user data to
> antennae above the roadway. These pulses of information confirm
> the identity of the module's owner and deduct funds from a prepaid
> account, logging time and location in the process. What else
> can such transponders do? Measuring the time it takes a car to
> move from one antenna to the next gives an accurate indication
> of vehicle speed. And if that speed is higher than the posted
> limit...
>
> DASHBOARD CAMERAS Dashcams are purchased on the optimistic
> assumption that in the event of a collision, somebody else will
> be at fault and the video evidence will provide courtroom triumph
> for the cam's owner. But dashcam data -- which along with a video
> record includes location, speed, braking, and impact-force data
> -- works both ways, and you can be assured that deleting an
> incriminating clip will not be looked upon favourably by the
> court.
>
> GPS TRACKING DEVICES Aftermarket gadgets like the LoJack GPS
> tracker were created to allow law-enforcement agencies to locate
> and recover stolen vehicles in real time. But there is no denying
> that such real-time data could be quite useful to a variety of
> parties: parents with driving teenagers, spouses with trust
> issues, insurance companies, rental-car agencies, even employers
> with field employees.
>
> OBD-II BLUETOOTH MODULES Once the sole purview of service
> technicians with special training and expensive gear, the data
> that flows to a car's onboard diagnostics port - engine fault
> codes, fuel consumption and more -- can now be tapped and broadcast
> via Bluetooth-equipped modules like the Automatic dongle, which
> pairs to a free smartphone app. The setup allows users to
> scrutinize their car's internal workings, and combine this info
> with location data to track trips, find a parked car, or locate
> a fuel station. And all of that information -- the mundane and
> the sensitive -- is pumped into the cloud. What happens to it
> up there, well... -- Matthew Phenix
>
> Allstate, on the other hand, has been pretty boisterous in its
> excitement about the possibility of monetising consumer data.
> To incentivise their Drivewise program, they give customers
> rewards points just for enrolling. And then, as they use the
> device, customers earn additional points towards rewards like
> merchandise and gift cards. In May last year, according to a
> Bloomberg story, the company's CEO Tom Wilson, while speaking
> at a conference in New York, noted several companies that are
> currently making money by collecting their customer's data:
> "Could we, should we, sell this information we get from people
> driving around to various people and capture some additional
> profit source, and perhaps give a better value proposition to
> our customers? ... It's a long-term game," he said.
>
> In fact, both Glancy and the EFF's Tien agree that marketing
> companies are desperate to get inside your vehicle and figure
> out what the heck you do there. For generations, the only way
> marketers have been able to get at us in our cars have been
> passively, through billboards or radio ads.
>
> Being in the car, says Tien, "it's alone time. Whether I sneeze
> or fart or yell, it's very private in a weird way. From a
> marketer's perspective they're really curious. They want to know.
> It's an area they haven't been able to get much data on. Now
> that [data is] going to be available and it completes the
> profiling. It's one of the last frontiers for areas where you
> can get data about people." The incentives to spy on people, he
> says, are very strong.
>
> Drive carefully -- marketers are watching
>
> When Scannell decided he didn't want to void his warranty by
> tearing out Car-Net on his own, he turned to Volkswagen to help
> him deal with the device. After what he calls a "Terry Gilliam
> Brazil-like" experience of being told the system would need to
> be turned on before it could be disabled, the company eventually
> said removing the system would be impossible. In a letter sent
> to him by their CARE customer service division, the Region Case
> Manager wrote: "Volkswagen is unable to meet your request to
> remove the Car-Net system or module from your vehicle. Doing
> this would void certain warranties and may interfere with some
> safety features on your Golf, such as the immobilizer system."
>
> According to Tien, safety is always going to be at odds with
> consumer privacy and protection when it comes to manufacturers.
> "Pretty much everything we want socially we can get without
> having to give up privacy. But it's very easy to not protect
> privacy. The only people who care are ordinary people. Because
> neither the companies nor the government really care very much.
> They may pay lip service to it, but it's always going to be
> overwritten by safety, or collision avoidance, or emissions
> standards. All these grand good things," he says.
>
> How customer privacy is treated varies. According to Glancy, the
> German car manufacturers avoided installing the black box tracking
> devices into their cars for years. And Ford, meanwhile, recently
> created a program called the Driver Behaviour Project in the UK.
> That project would provide drivers with a plug-in device much
> like the Progressive Snapshot, that would assign drivers a
> personal score based on their driving behavior. And Ford says
> that they believe customers own their own data.
>
> According to Don Butler, Ford's executive director of Connected
> Vehicles and Services, respecting people's privacy in their cars
> preserves their trust in the company. And there are few things
> more important for a car brand then to ensure that their customers
> trust them. "I want to be very, very clear that we don't track
> customers. We value and treasure the data on behalf of the
> customer," he says. Ford has set up an internal council that
> makes policy recommendations and decisions throughout the company
> to ensure the protection of privacy.
>
> That said, this January Ford announced it had entered into a
> partnership with Amazon to allow its drivers to connect to their
> cars and Ford's technology through the cloud. This new feature
> effectively turns the car into an Amazon Echo on wheels. The
> Echo is an always-on device that has already sparked huge privacy
> concerns as it sits in your living room quietly and passively
> listening for you to give it a command. And now it will quietly
> listen to you in your car as well.
>
> As our vehicles become more and more automated, that sense of
> trust and security Ford is attempting to cultivate will become
> even more important. After all, if humans hand their control
> over their vehicles to self-driving cars, then manufacturers
> will be responsible for individual lives on a level they never
> have before.
>
> In the end, Scannell says he never got any sort of positive
> resolution with VW. "There's no where I can go with this," he
> says. "We get to drive our VW Golf SportWagen [and hope that]
> someone doesn't shut it off on us. We are not given legal recourse.
> There's no remedy for us to have control over our vehicle."
>
> Whether I sneeze or fart or yell, it's very private in a weird
> way. From a marketer's perspective they're really curious.
> They want to know.
>
> Volkswagen, however, says that Scannell wasn't given the full
> story by the CARE letter he received. According to Frank Weith,
> General Manager of Connected Services at Volkswagen Group of
> America, "What the letter doesn't outline is that we do have the
> capability to completely sever the connection from the car to
> the cellular network. The customer would have to bring their
> vehicle to the dealer where it would be put into 'flight mode'.
> The result is the same as if the module were removed from the
> vehicle. This can only be done at the dealer."
>
> Once this "flight mode" is enabled the Car-Net system, he says,
> effectively becomes a "brick in the car" and the dealer will
> also perform a test to ensure that the vehicle is not capable
> of sending or receiving information.
>
> In some ways, it's consumers themselves that can partly take on
> blame for this state of affairs. Much like what happened with
> our phones and location tracking, people "see what the want to
> see," says the EFF's Tien. "It's a lack of imagination -- or
> lack of technical literacy. People are used to things being a
> certain way. When things get upgraded their expectations tend
> to stay with them even when [devices] are evolving under their
> noses. As long as it gives them what they want to get out of it
> the idea that it's capturing information doesn't seem terrible."
>
> That means ultimately it will be up to consumers to demand privacy
> from manufacturers before they will give up access to our data,
> because there's no incentive for them to do otherwise -- especially
> when only security experts like Scannell are the types of consumers
> that are calling for it.
>
> "Some manufacturers may be more friendly to your privacy than
> others," says Glancy. "But we ought to have more friendly cars.
> The car shouldn't be a rat or an adversary. It's supposed to be
> a tool for us to have personal mobility. But it's kind of turned
> on us in odd ways."
>
> Marketing companies are desperate to get inside your vehicle
> and figure out what the heck you do there.
>
> And, while it may feel like Volkswagen is the bad guy of this
> story, they're not even close to being the only car manufacturer
> that has equipped their vehicles with on-board systems that send
> and receive data. BMW, Mercedes-Benz, Audi, Lexus, Toyota, Nissan,
> Infiniti, Honda, Acura, Mini, Hyundai, and Chrysler/Dodge/Jeep
> cars all come with their own versions of Car-Net. And, of course,
> every single new car that hits the road is federally mandated
> in the US to have a little black box.
>
> These snooping systems aren't going to get less intrusive over
> time. Unless, of course, consumers start calling for privacy.
> As Scannell's example clearly highlights, even though the
> manufacturers may be building in an off-switch, the consumer
> desire to protect their own privacy is so low that even knowledge
> of the switch's existence appears to have been a mystery to the
> dealer, the customer service team, and the technicians they
> consulted with. Only Weith, a top executive at the company,
> managed to have a solution to Scannell's problem. It's likely
> that wouldn't have been the case if more customers had been
> asking to have their Car-Net systems disabled.
>
> Once cars become fully driverless they will rely entirely on
> their outgoing and incoming data connection to function properly.
> And that means we are currently laying the groundwork for what
> the future of privacy in our cars will look like. If people
> actually do care about protecting themselves from manufacturers
> and marketers that want to watch their every vehicular move, the
> time to speak up is now. Otherwise it could very, very quickly
> become too late.
>
More information about the Infowarrior
mailing list