Internet-Connected Cars Fail Privacy and Security Tests

Mozilla found brands including BMW, Ford, Toyota, Tesla, and Subaru collect data about drivers including race, facial expressions, weight, health information, and where you drive. Some of the cars tested collected data you wouldn’t expect your car to know about, including details about sexual activity, race, and immigration status, according to Mozilla. […] The worst offender was Nissan, Mozilla said. The carmaker’s privacy policy suggests the manufacturer collects information including sexual activity, health diagnosis data, and genetic data, though there’s no details about how exactly that data is gathered. Nissan reserves the right to share and sell “preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” to data brokers, law enforcement, and other third parties.

Other brands didn’t fare much better. Volkswagen, for example, collects your driving behaviors such as your seatbelt and braking habits and pairs that with details such as age and gender for targeted advertising. Kia’s privacy policy reserves the right to monitor your “sex life,” and Mercedes-Benz ships cars with TikTok pre-installed on the infotainment system, an app that has its own thicket of privacy problems. The privacy and security problems extend beyond the nature of the data car companies siphon off about you. Mozilla said it was unable to determine whether the brands encrypt any of the data they collect, and only Mercedes-Benz responded to the organization’s questions.

Mozilla also found that many car brands engage in “privacy washing,” or presenting consumers with information that suggests they don’t have to worry about privacy issues when the exact opposite is true. Many leading manufacturers are signatories to the Alliance for Automotive Innovation’s “Consumer Privacy Protection Principles (PDF).” According to Mozilla, these are a non-binding set of vague promises organized by the car manufacturers themselves. Questions around consent are essentially a joke as well. Subaru, for example, says that by being a passenger in the car, you are considered a “user” who has given the company consent to harvest information about you. Mozilla said a number of car brands say it’s the drivers responsibility to let passengers know about their car’s privacy policies — as if the privacy policies are comprehensible to drivers in the first place. Toyota, for example, has a constellation of 12 different privacy policies for your reading pleasure.

70

Autonomous Waymo Car Runs Over Dog In San Francisco

One of Alphabet’s Waymo autonomous cars has killed a pet dog. TechCrunch spotted the public report of the incident, which says one of the Waymo Jaguar I-Pace cars ran over a dog in San Francisco while in autonomous mode with a safety driver behind the wheel.

Waymo’s collision report says: “On May 21, 2023 at 10:56 AM PT a Waymo Autonomous Vehicle (“Waymo AV”) operating in San Francisco, California was in a collision involving a small dog on Toland Street at Toland Place. The Waymo AV was traveling southwest on Toland Street when a small dog ran into the street in front of the Waymo AV. The Waymo AV then made contact with the dog, which did not survive. At the time of the impact, the Waymo AV’s Level 4 ADS was engaged in autonomous mode, and a test driver was present (in the driver’s seating position). The Waymo AV sustained damage.”

The collision was a block from Waymo’s Toland Depot, a 120,000-square-foot warehouse that houses at least 50 autonomous cars. The speed limit on Toland Street is 25 mph, according to posted signs viewable on Google Maps. From that Street View link, the road looks like a busy industrial area with many warehouses, truck delivery areas, and barbed-wire fences. The incident is Waymo’s first reported fatality.
Waymo sent along a statement: “On May 21 in San Francisco, a small dog ran in front of one of our vehicles with an autonomous specialist present in the driver’s seat, and, unfortunately, contact was made. The investigation is ongoing, however the initial review confirmed that the system correctly identified the dog which ran out from behind a parked vehicle but was not able to avoid contact. We send our sincere condolences to the dog’s owner. The trust and safety of the communities we are in is the most important thing to us and we’re continuing to look into this on our end.”

In early 2018, an autonomous Uber vehicle in Tempe, Arizona, hit and killed a woman. “According to Tempe PD, the car was in autonomous mode at the time of the incident, with a vehicle operator sitting behind the wheel,” reported Gizmodo at the time. The company went on to suspend self-driving car tests in all North American cities after the fatal accident.

128

Can Police control your self-driving car?

In 2009 GM equipped 17,000 of its units with “remote ignition block,” a kill switch that can turn off the engine if the car is stolen. But that was just the beginning.

Imagine this: You’re leaving work, walking to your car, and you find an empty parking spot — someone stole your brand new Tesla (or whatever fancy autonomous car you’re driving). When you call the police, they ask your permission for a “takeover,” which you promptly give them. Next thing you know, your car is driving itself to the nearest police station. And here’s the kicker — if the thief is inside he will remain locked inside until police can arrest them.

This futuristic and almost slapstick scenario is closer than we think, says Chief Innovation Officer Hans Schönfeld who works for the Dutch police. Currently, his team has already done several experiments to test the crime-halting possibilities of autonomous cars. “We wanted to know if we can make them stop or drive them to certain locations,” Schönfeld tells me. “And the result is: yes, we probably can.”

The Dutch police tested Tesla, Audi, Mercedes, and Toyota vehicles, he reports, adding “We do this in collaboration with these car companies because this information is valuable to them, too.

“If we can hack into their cars, others can as well.”

695

EU Ruling: Self-Driving Car Data Will Be Copyrighted By the Manufacturer

Yesterday, at a routine vote on regulations for self-driving cars, members of the European Peoples’ Party voted down a clause that would protect a vehicle’s telemetry so that it couldn’t become someone’s property. The clause affirmed that “data generated by autonomous transport are automatically generated and are by nature not creative, thus making copyright protection or the right on data-bases inapplicable.” Boing Boing reports:

This is data that we will need to evaluate the safety of autonomous vehicles, to fine-tune their performance, to ensure that they are working as the manufacturer claims — data that will not be public domain (as copyright law dictates), but will instead be someone’s exclusive purview, to release or withhold as they see fit. Who will own this data? It’s unlikely that it will be the owners of the vehicles.

It’s already the case that most auto manufacturers use license agreements and DRM to lock up your car so that you can’t fix it yourself or take it to an independent service center. The aggregated data from millions of self-driving cars across the EU aren’t just useful to public safety analysts, consumer rights advocates, security researchers and reviewers (who would benefit from this data living in the public domain) — it is also a potential gold-mine for car manufacturers who could sell it to insurers, market researchers and other deep-pocketed corporate interests who can profit by hiding that data from the public who generate it and who must share their cities and streets with high-speed killer robots.

657