Data Privacy and Cars

By Keith Rayle

I tend to get a pretty decent discount from my car rental agency. I travel quite a bit and have focused on one rental agency, so I have built status and am very happy about the overall consumer experience. A couple of months back I was perusing the available vehicles for the $28/day rate, and low and behold….a yellow Mustang was sitting there, just waiting for me to grab it up. Which, incidentally, I did. For $28 per day who could turn down a yellow Mustang GT fastback?

Data Privacy and Cars-1

I quickly pried my luggage into the trunk and got on the road. It was a very fun car to drive, and had a strange looking instrument in the center of the console next to the speedometer. It looked almost like a gun sight, with concentric rings and a center dot. It didn’t take me long to figure out that as I braked, accelerated, or turned corners the dot in the center would sway outward according to the G forces imparted to the accelerometers placed around the car. The harder I turned, the further out the dot would go. And each time I went a little further, a dot would remain showing me how far I went in a particular direction.

Data Privacy and Cars-2

You can imagine what happened next. As I would go into a turn I would find myself trying to outdo the amount of lateral forces I had imparted on the previous turn, and the same with braking and accelerating But at this point I was wondering about the wisdom of them giving me something like this to play with…seemed like somewhat of a bad idea. It was dark and rainy, which didn’t help the situation. I abstained from the temptation to peg it to the farthest edge of the display (in all quadrants, of course) and survived the one day rental. It did make me wonder though….

Data Privacy and Cars-3

I have seen GPS trackers on rental cars, in fact, I seem to notice them more and more. But there are other sensors and components connected to the main computer using common wireless and wired connections, with many having their own Internet addresses. I was recently at a state level Division of Motor Vehicles, talking about security. The part I found interesting was that they were actually discussing how to implement tracking devices at corners that would read the IP address of a tire.

Car tires have pressure sensors to alert you when the tire is under-inflated. Those sensors are connected to the car’s main computer by a wireless connection. That means that each tire sensor is constantly broadcasting to your car….and beyond it. Think about placing wireless detectors on stop light poles. That potentially means we can soon be tracked as we drive through a city (or anywhere, really) without knowing it is happening.

Data Privacy and Cars-4

The Internet of Things, as Cisco coined it, is a term that is getting relevance in directions we couldn’t comprehend a few years ago. It means everything is connected. It means an implant in a patient’s chest doses them with the right amount of medicine while the doctor, 100 miles from them, watches vital signs and adjusts the dose accordingly. It means Radio Frequency Identification Devices (RFIDs) in currency, tracking the migration of money around the globe. It means front door locks that watch who comes knocking and provides you with a live feed from the porch to your cell phone while you shop for groceries.

Some companies tend to collect a great deal of what might be considered personal information. For instance, Uber has decided to collect information from their drivers’ cell phones:

The intent is to make sure they are driving safe, which is all fine, but who decides when to stop watching their phones? Is it being monitored only when the Uber application is running? What if the driver leaves it on all the time, deciding not to respond when ‘off duty’? The privacy implications are somewhat high. I have to wonder if the company has data protection policies and procedures baked into the technology used to scoop up the mountains of information.

Data Privacy and Cars-5

The European Commission is a regulatory body tasked with data privacy reform and law enactment throughout the Eurozone. Under EU law, personal data may be legally gathered if done so under strict conditions and only for a legitimate business or organizational purpose. Persons or organizations which collect and manage personal information must also protect it from misuse and are required to respect certain rights of the data owners. Those rights are guaranteed by EU law.

I wonder how they are dealing with the Internet of things across the pond, given their numerous statues and laws. I also wonder if those statutes will tie the hands of law enforcement while enabling criminals. I wonder what this world will look like from a data privacy perspective, in a scant 3 years.

Or so.