Is your car spying on you?

3 min read
Lexie

Hi, I'm Lexie! I write about information security, Bitcoin, and privacy.

Car headlights appear out of a misty dark. But what's this? They have eyes!!

Unlike many other devices, cars are not prefixed with the word smart. Even if they’re connected to the internet—and have the ability to collect and sell your data to third parties. And yet, that’s exactly what most modern cars can do.

In recent years, carmakers have turned your vehicle from a product you own and control to one you merely use and license, much like software. The mechanisms of this are hidden between dozens of pages of terms and conditions.

Apart from its implications of what “ownership” really means, there is the fear that the location and personal data collected by your car infringes on your privacy as it is inevitably transferred to the car manufacturer and sold to third parties. This is similar to the practices at telecommunication providers, which have, in some of the worst examples, put people in dangerous situations by selling their location data to stalkers.

Does your rental have car spyware?

Rental car companies were among the first to seize the opportunities from readily available surveillance technology to start car tracking their customers. This was driven partly by their interest to introduce new fees, reduce insurance costs, enforce contract limits, fight theft and gather data about their clients’ behavior.

Hertz went as far as installing microphones and cameras in their cars, although the company later insisted those were never turned on. Rental companies that fined their customers for speeding (with payments that went to the company, not the local government) were found in violation of the law.

When you rent a car, you might have some choice between different rental companies and their policies regarding surveillance. But ultimately, the company owns the vehicles and can install surveillance tools at will.

Some of these tools might even go beyond simple spying, such as locking your car if you take it out of a designated zone or off-road. The renter might then have to pay a fine to regain access.

Cars leased or financed can also be subject to agreements that allow car manufacturers or the leasing companies to scoop your private data. Mercedes-Benz was caught handing this data to bailiffs in cases where drivers were behind on their payments.

The new normal

Almost all modern luxury cars are connected to the internet and have some location tracking device installed, either based on GPS or its Russian counterpart Glonass. The car tracks its location passively, though some actively send it to remote servers when a mobile internet connection is available.

These systems can be used to save lives, for example in the event of an accident, but can also allow authorities and criminals to locate you in real time whenever they desire. At the very least, the data can be obtained from your car using the on-board diagostics (OBD) systems, which have become mandatory for cars sold in most countries since the early 2000s.

Ford executives have publicly bragged about their ability to know where each of their cars is at anytime to detect traffic violations such as speeding. Some cars even have cameras pointed at the driver at all times to detect whether a driver is sleeping.

Many of these features will help make driving safer. But with a car’s software becoming the most valuable intellectual property inside a car, systems remain heavily locked down, leaving consumers unable to verify the mechanisms that control access to cameras and sensors.

Consumers instead have to trust the manufacturer and their government to respect their privacy and follow the law when accessing sensitive information. This is not acceptable.

Smart car tips: How to stop your car spying on you

While people do like buying smart surveilled electronics, surveys also show they care about privacy. Consumers have to be alert about smart car dangers and demand to be informed about their car’s capabilities and data policies.

Purchasing an older, used car without internet connection and cameras is always an option, too.

Eventually, we will either see car makers become more transparent about what they do or earn our trust in other ways.

We might see cars developing similarly as phones, for which the open-source operating system Android competes with closed-source Apple iOS. Android users are able to install their operating system themselves, while Apple users trust the manufacturer to respect their privacy.

In both cases, users often make the decision between opting in to draconian surveillance regimes and protecting their personal information.

Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.