by Michael Dean Thompson

While it is true that Americans tend to carry their cellphones as grafted appendages, it may be that their cars know even more about them than their cellphones. Consider the following scenario: Jane sees that her car is iced over, so she uses her remote key to start the engine. The event is logged with a GPS precision location and timestamp by her car’s computers to be uploaded to the manufacturer. A little later, she and her kids get into the car, which diligently logs that the driver’s side door and two rear doors were opened and closed. It also notes the weight of the driver and passengers, seatbelt notices, and tags GPS locations and timestamps. Her phone, meanwhile, syncs with the infotainment system, which downloads her contacts, texts, search history, and more. She backs out of the driveway and drives out of the neighborhood. Each gear change is logged with her velocity, acceleration, max velocity, and GPS location with date and time. When she drops the kids off, it records the doors opening and closing, the change in weight again, and location and time. It continues logging as she answers a call, tracks who called and for how long, and again as she adjusts her route. As she selects a new playlist, that is also logged. Each of the logged items is forwarded to the manufacturer.

The numbers vary, but cars have been estimated to generate up to 25 gigabytes per hour (about 5 DVD movies of data), or even four terabytes per day (about 800 DVD movies). That much data has tremendous value, and an increasing amount of it is being uploaded to manufacturers and telematics vendors through cellular networks. All of that data is being held by your car, generally without a password to protect it, making it much more vulnerable to snooping than that encrypted cellphone but with access to much more data about you. Any devices that have connected to the car, as well as the data accessed, may be logged. Navigation data is saved, including logs of previous destinations, saved locations, routes, Wi-Fi and USB connections, system reboots, GPS time syncs and recalibrations, odometer readings, gear changes, hard braking and acceleration, traction events, distracted driver warnings like lane drift, and more. It can also record biometric data such as images, video, and audio while tracking and saving SMS (text) messages, call lists, contact lists, Wi-Fi access points, and passwords.

How It Works

Unlike the cellphone with which we are most familiar, the car is not a monolithic system. It is an array of systems that interact with each other, sometimes the lines between them can blur. It is also fairly common to see some of the names used as synonyms, which can make them seem even more monolithic, particularly if they have a common access point (e.g., through the USB port). In these cases, the context in how they are used can help to illuminate the system in question.

The On-Board Diagnostics (“OBD”) allows for a rapid understanding of how the vehicle is functioning and has its own access port. It may record readings from the 02 sensors, actuators, and electronic control units (like cruise control). From the OBD, a technician might learn that a fuel filter is clogged or that a specific brake line is not functioning well. That a specific strut is failing may also be recorded. What exactly is monitored by the OBD can vary across models, and that is also true for each of the systems mentioned here.

The Event Data Recorder (“EDR”) is the “black box” of the vehicle. By 2012, 96% of all vehicles sold in the U.S. had them. Then, in 2015, Congress mandated that all cars have EDRs. Much like the black box we hear of in aviation, the EDR records a series of data points from just before an accident, through the event, and the moments after. A total of about 30 seconds of data is stored, including some of the driver’s actions such as whether seatbelts were in use, the horn was activated, and if the airbags were deployed. Like a black box on an airplane, the data is stored in the box itself so that the system is self-contained. Unlike in aviation, it does not store voice. Also, since the EDR has been around longer than the other systems, it receives more protections than the remaining telematics components.

An Electronic Control Unit (“ECU”) exists for various systems in the car. They may collect sensor data specific to that system and make changes to vehicle operations accordingly. One example might be the cruise control which monitors vehicle velocity via a sensor, typically on the driveshaft, and adjusts accordingly. It may also monitor for traction events and, if necessary, disengage altogether. New adaptive cruise control systems may also adjust for traffic conditions rather than simply disengaging due to events like proximity warnings.

Telematics, sometimes called “infomatics,” provide the continuous feedback that interests the insurance companies, among others. At the heart of the vehicle (or fleet) telematics is the Global Positioning Satellite system (“GPS”). Through the GPS, an interested party can track your movements and velocity. In addition, the telematics system can receive data from the OBD and ECUs. The convergence of sensor and location data presumably enables cost savings through better maintenance and increased safety.

Related to telematics is “infotainment.” Most modern vehicles readily integrate music, phone, text, and email services. They may also offer gaming and video capabilities. All that information is recorded in addition to the typical telematics data in order to get a better idea of the person driving the vehicle. With any given infotainment system it may be virtually impossible to know how much of that data is being uploaded and to which companies. For example, the Google Ways app is likely logging your location data to Google’s massive SensorVault. Likewise, you and your passengers’ search histories, texts, social media, and much more may be uploaded to better feed the profit margins of automotive manufacturers, insurance companies, and app developers.

Throughout this article, telematics can be used to refer to any of these technologies.

How Telematics Can Help

There are several burgeoning technologies that work together with telematics and may soon allow each of the cars on the road to assist urban traffic planners with increasing safety, reduce idling, and in doing so contribute to a cleaner, safer, and more sustainable urban transport. Every year 1.35 million people are killed in vehicle collisions worldwide. Similarly, another 60 million people are seriously injured. By changing the ways vehicles interact with urban transport systems, it may be possible to make significant gains against these pernicious problems.

In August of 2023, the Associated Press published an article, “GM’s Cruise autonomous vehicle unit agrees to cut fleet in half after 2 crashes in San Francisco.” The reduction in fleet size rapidly followed Cruise and Google’s Waymo being granted the ability to provide 24-hour service in San Francisco with the driverless taxis. The most recent accident happened at 10:00 p.m. The Cruise had a green light and entered the intersection, where it was hit by an emergency vehicle responding to a call. For many people who feel this sort of thing indicates driverless vehicles are not ready for prime time, if ever, there are some caveats – though the injured passenger in this case may find that little comfort.

Greg Dieterich, Cruise’s general manager in San Francisco said on the company’s website that the autonomous vehicle (“AV”) almost immediately identified the emergency vehicle as it came into view. The problem, however, was two-fold: the buildings in the area abut the streets and block the view. Dieterich add, “The AV’s ability to successfully chart the emergency vehicle’s path was complicated by the fact the emergency vehicle was in the oncoming lane of traffic, which it had moved into to bypass the red light.” The AV also noted the sound of the siren as soon as it was audible over the ambient noise. The Cruise did brake but could not avoid the accident. According to the company, the Cruise autonomous vehicles have driven more than 3,000,000 miles and encountered emergency vehicles more than 168,000 times.

There are several telematics related technologies that could have assisted in preventing the crash, including signalized intersections and vehicle-to-vehicle communication networks (“V2V”). The simplest solution would have been for the emergency vehicle to have overridden the traffic signal, preventing cross-traffic from gaining a green light. That is not even complicated technology, though it may be relatively simple to hack, depending on the implementation. In either case, the autonomous vehicle would not have entered the intersection and the emergency vehicle likely would not have attempted to cross the intersection in the wrong lane of traffic.

The V2V technology, while a bit more complicated, provides a better solution. A challenge for any driver, including autonomous vehicles, is the reliance on line-of-sight for threat identification. Rounding a corner where vision is blocked by buildings or trees, or mounting a steep hill, has led to dicey encounters for all drivers. Who has not come over a hill to find some hazard far too close for comfort? Horns and sirens are helpful, but they do not always round corners well either.

The advantage of V2V is the opportunity to send messages to other vehicles, which forward the information to other vehicles, with timestamped locations and some manner of hazard classification derived from the telematics of the affected cars, such as visual identification of the threat, harsh braking, rapid unplanned turns, etc. In such a scenario, a car encountering an emergency vehicle would be able to notify other cars outside the line-of-sight as well as the traffic lights of its presence and apparent route (assuming the emergency vehicle has not updated the cars itself). Had the emergency vehicle both been equipped with some form of V2V technology, they would not have been dependent on the line-of-sight LIDAR.

V2V technology can also help reduce time spent idling through features like Cooperative Adaptive Cruise Control (“CACC”). CACC allows for vehicles to manage for congestion better because vehicles can communicate beyond line-of-sight and reduce the number of abrupt changes in velocity that increase risk and emissions while lowering fuel efficiency.

V2V and Traffic Light to Vehicle Communications (“TLVC”) both run the potential to suffer from poor privacy protections, however. Given the propensity of telematics manufacturers to save and upload data, it is not hard to imagine them collecting V2V and TLVC messages along with vehicle identifiers and using that information to increase the number of vehicles from which they can extract data well beyond their own customers. Essentially, each message becomes a bread crumb that allows an interested party to follow it. For example, a hacker who gains access to a telematics provider’s data could track unique identifiers and GPS locations to acquire the real-world identities of individuals far beyond those intentionally tracked by the telematics provider.

There are solutions to address the lack of privacy, such as blind signatures that could cryptographically seal a message without identifying the sending vehicle. With blind signatures, the messages could share GPS locations so that traffic lights and other vehicles could anticipate traffic flow without leaving behind a unique identifier that would single out the car. This is of most concern in dealing with TLVC, where the messages sent to the traffic lights may be used in forensic investigations. An officer investigating an incident near a traffic light could ask for a log of all unique identifiers that passed the light at a given time, creating an effective geofence equivalent to Cell Site Location Information in a tower dump (where police ask a cell tower operator to provide a list of all cellphones that were connected to a specific tower at a given time).

Insurance and Telematics

Telematics may be most familiar to people with respect to insurance. The common commercials offer that a driver can receive discounts for plugging a small device into their car. This device then monitors the driver and uploads the data to the insurance company. The company will use the data to analyze the driver’s style of driving and try to determine the risk that driver poses. Insurance policies that are based on a driver’s habits rather than age, home address, the number of times the driver has been stopped by the police, etc. have the potential to provide a more equitable system where race and class are no longer a factor through either direct or indirect measures. Nevertheless, there are still some extant challenges to that ideal.

Classic insurance policies examine covariates (metrics) such as the driver’s age, years since the driver acquired a license, the brand of the vehicle, engine power, etc. The challenge for them is determining which of the covariates are predictive of risk. Even where the vehicle is garaged is one covariant that can have a strong effect on assumed risk. However, region of residence can fail as an indicator of risk for many reasons. For example, a person who lives in a low-risk area may frequently commute to high-risk regions, or even out of the country, without reporting it. It is likely that a specific region has higher risk because of the prevalent driving conditions, such as poor road conditions or few street lights. So, a driver who exhibits low risk driving habits may spend the majority of the time in what is traditionally a low-risk area, even if the car is garaged in a high-risk area. Furthermore, traditional self-reported covariates like region of employment change over time with additional reporting lagging far behind.

Location-based metrics can also be a source of racial bias, forcing people to pay more for insurance for factors outside their ability to control. Black and Indigenous People of Color (“BIPOC”) face substantial inequities when purchasing insurance. Determining risk based upon a home address, which can in some cases be a proxy for race, can also penalize people for being poor despite having excellent driving habits. Measuring any covariate other than a driver’s specific habits and the quality of the roads driven (through various vehicle sensors) runs the risk of inserting biases that have nothing to do with the insured’s driving style. Another biased metric used to determine risk in traditional auto insurance policies is the number of times the driver has been stopped by the police. The problem is that we live in a country where BIPOC people are stopped more often than their white peers. If all other variables were equal, police stops might be a valid metric, but that is not the case today.

Telematics in insurance offers the potential to eliminate some, if not all, of such biases in automotive insurance policies, offering what some have labeled Pay How You Drive (“PHYD”) policies. In the past, policy holders were able to exert very little control over their premiums through behavior, generally by purchasing alarm systems or policies in which they agreed to drive no more than a certain number of miles in a given policy period. Policy holders using telematics gain the potential power to exert more control over their premiums by establishing strong defensive driving habits. And most drivers do exhibit better driving habits once they are aware the telematics devices are in place, at least for a short while. Known as the Hawthorne effect, the improved driving habits usually last about two to four weeks before the older habits return. Unfortunately, the ability to limit biases through telematics may itself also be limited because the demographics of those who are willing to participate in the programs may be different than those who are not. There will be people who are effectively penalized with higher rates for failing to agree to allow the insurance companies to monitor their every move. In other words, the classic policy covariates still manage to have an effect on PHYD policies as the driver earns discounts from the existing policy rather than the policy pricing being based on the driver pattern.

Most PHYD policies work by using traditional covariates then allowing the driver’s apparent driving habits to provide discounts against the traditional rates. The rather opaque regression models used by the insurance companies still insert metrics which the driver cannot affect. Because the discounts are applied against the traditional rates, they are performed after the fact. If people were consistent drivers and the effects of racial biases minimized in the regression models, that might be adequate, but past driving performance may not be predictive of future behavior. PHYD programs are necessarily calculated post-trip, as well, so that they provide pricing adjustments to lower risk drivers after-the-fact.

Telematics, however, might enable a true PHYD policy where each trip is charged based on the risk it presents. A driver on a bad road who engages in hard accelerations or stops and uses the phone would be charged accordingly. Such policies would encourage low-mileage, low-risk driving far better than current PHYD policies where the base rate is established on covariates like credit score. A policy where telematics purposefully removes location information before it is sent to the insurer would also eliminate even accidental racial and class biases by eliminating most of the identifying information for the liability risk portion of the policy.

The collection of data via telematics may not be as straightforward as it seems. One study that looked at telematics found problems in creating meaning from the data. For example, when collecting driving circuits (“DCs”) for urban planning, the frequency of data points can cause problems in achieving an “accurate spatial and temporal representation of normal driving,” said the authors of Vehicle Telematics for Safer, Cleaner, and More Sustainable Urban Transport. DCs are formed by measuring movements between periods of idling, rather than from key-on to key-off. So, DCs are not representative of what most people would consider a trip. A single trip from a driver’s perspective then, may result in thousands of DCs in a high-traffic area, making them somewhat useless in terms of measuring urban mobility.

For truly equitable solutions, location should be taken out of the equation. Virtually every data point, however, includes a GPS location. Edge computing, which processes the data at the source to generate only the needed summary information rather than the collection of data points, offers a wonderful solution because it can summarize the key measures and strip the location data before the telematics leave the vehicle. For example, trips can be packaged as a series of DCs where the kinematics (distance, average velocity, maximum velocity, maximum acceleration, etc.) provide the important metrics. An adjuster reading the data would have all that is needed to understand the risk profile – including road conditions – without as much information that indicate identity, race, or social class.

Telematics and Privacy

GPS can tell far more about you than just where you are at this moment. In People v. Weaver, 909 N.E.2d 1195 (N.Y. 2009), Judge Lipman said with regard to a GPS device planted by the police: “Disclosed in the data returned from the transmitting unit … will be trips the indisputably private nature of which takes little imagination to conjure: trips to the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour motel, the union meeting, the mosque, synagogue or church, the gay bar and on and on.”

It is a compelling argument and was quoted by Justice Scalia in delivering the unanimous opinion of the U.S. Supreme Court in United States v. Jones, 565 U.S. 400 (2012), which ruled that placement by police of GPS trackers on a suspect’s vehicle constitutes a search under the common-law trespassory test of the Fourth Amendment.

Since the cases above, Americans have been purchasing their own GPS trackers and unwittingly (in most cases) transmitting their own GPS locations to corporations. Those corporations are free to sell the data to whomever they want. Even if they claim to anonymize the data by stripping your account information but maintain some form of unique identifier, you cannot anonymize GPS data.

In United States v. Chatrie, 590 F. Supp. 3d 901(E.D. Va. 2022), the defense was able to identify some of the devices returned by the geofence warrant issued to Google despite Google’s efforts to anonymize the data. The Google location information in question extended across just one hour for the first 19 devices, then two hours for nine of them. In 2019, the New York Times was able to easily identify phone users from supposedly anonymized data based on their timestamped GPS locations. Prior to that, a 2013 study in Nature found that just four timestamped coordinates provided by GPS were enough to identify 95% of the individuals with whom they were associated when using a dataset that contained 1.5 million people. The study also found that the only way to truly anonymize the data was to reduce the accuracy of the GPS locations.

A 2017 study by the University of Ontario Institute of Technology examined how often GPS locations are tagged, stored, and potentially transmitted. A 2013 Ford F-150 captured GPS coordinates every time the doors were opened and closed. With the Ford Sync infotainment system installed, the “vehicle and system generated events also generated GPS coordinates which can further be used to prove the vehicle user’s exact locations at specific times.”

A study by the Washington Post of the 2018 Chevrolet Volt showed the car generated the previously estimated number of up to 25 gigabytes per hour that included GPS locations. Interestingly (or disturbingly), it was capturing GPS data even when the GPS was not engaged by the user. By purchasing a used Volt navigation system off of eBay, the Post researchers were able to reconstruct not just the owner’s identity but the owner’s daily life. Every bit of the owner’s daily routine, from their home, workplace, and even their most frequented gas station was available to the researchers or to anyone else who might have acquired the system.

Telematics systems grab far more data than just the vehicle’s location. The data uploaded can include the vehicle’s condition (faults, fuel consumption, diagnostics, etc.) which will assist mechanics with troubleshooting any problems. But with regard to consumer vehicles, how important is it that the information be uploaded to the telematics company rather than just made available to a mechanic with a direct connection? Vehicle telematics also may upload face measurements and images, voice recordings, even fingerprint data.

Rather than relying on a user’s phone, telematics providers even include their own modems to upload the data via cellular or satellite networks. If it used the phone a user attached to the car, there might be some chance to stop the upload of data – even if by no other means than never allowing anyone to attach a phone. Currently, users have little to no control over how much data or what types of data is uploaded. Likewise, they may find it nearly impossible to delete the stored data. This means vehicle sensor and telematics data are only available to those with the skill and low risk aversion necessary to hack the cars.

Every major manufacturer selling vehicles in the U.S. includes a telematics system in their vehicles. General Motors has OnStar. Toyota has the neutral sounding Connected Services. Nissan telematics is simply called Connect. Ford has its aforementioned SYNC. And Mercedes has Mercedes Me Connect. The Original Equipment Manufacturers (“OEMs”) have been placing telematics systems into as much as 90% of cars sold in the U.S., with goals of 100% by 2030. Third party telematics systems, as might be found in a corporate fleet or in an insurance company’s end user device, likely also updates the telematics company servers in real time.

Once the data is transferred from the vehicle, the car’s owner/driver has no idea how long it will be stored, how it will be used, or to whom it will be sold. Most insurance companies store the data for as long as 10 years. Telematics companies like Cambridge Mobile Telematics, Geotag, and GoFleet argue they can store the data as long as they want. Indeed, they may also choose to sell it to any buyer. The telematics systems are not just sending car data. Any device that attaches to the vehicle infotainment system is eligible to have its data cataloged, copied, and uploaded to the cloud to be shared with others without most users’ knowledge or knowing consent.

It might be easy to justify individual parts of the data being uploaded. For example, sensor readings at certain odometer marks, say every 5,000 miles, might be justifiable for a manufacturer to want, or need, to track. The manufacturer may also want immediate notification of faults, to which they would also attach various sensor readings as well as mileage. That data does not need any unique identifiers beyond make and model. An aggregation of the anonymous data can help the manufacturer understand lifetime issues for each individual model and quickly root out any problems that may require a recall. None of these require location information. At best, they might claim an interest in sending individual owners alerts if some threshold is met. Yet again, this is best done as an edge computing solution where the notifications are pushed out and the vehicle and/or service technician decides the threshold has been met.

It is hard to justify with that logic why manufacturers need not just identifying information like the VIN and GPS locations but also why they need to download, store, and potentially upload your phone data. That information serves no business purpose except to extract private information from the consumer (simply because companies can) that it can give to its marketing department and sell to data brokers who can use it for any reason they desire. At that point, not only has the manufacturer invaded the consumer’s privacy, it has then broadcast what it has learned to the world.

Likewise, absent specific types of emergencies or a warrant, there is no obvious reason the telematics providers should be able to listen to conversations within a vehicle without some obvious visual and/or audio notification. Even without an ongoing discussion of a drug deal, there are plenty of conversations of which a curious OnStar representative need not be privy just because a passenger may have pressed a button no one realized worked. Should a car owner need to step out of the car and leave her phone behind just to have a reasonable expectation of privacy during a conversation about women’s health that her state might find offensive (or even criminal)? Recall the glasses developed by Google which contained a video camera. The earliest Google Glass implementations had no external visual notification that the wearer was recording, which unnerved people because they never knew when they were being recorded. Google’s response was to add an LED to tell people Glass was recording. A vehicle that can listen to its occupants should be no different.

The Legal Landscape

The Supreme Court unanimously ruled in Riley v. California, 573 U.S. 373 (2014), that the search of a cellphone requires a warrant because cellphones carry so much private information. “Most people cannot lug around every piece of mail they have received for the past several months, every picture they have taken, or every book or article they have read.… And if they did, they would have to drag behind them a trunk of the sort held to require a warrant,” the Court reasoned. Other decisions have concluded that tracking a cellphone through Cell Site Location Information (“CSLI”), also called Tower Dumps, similarly require a warrant. Unfortunately, the protections that extend to the cellphone may not be available to the automobile.

In 1925, the Supreme Court established the “automobile exception,” allowing police to search a vehicle without a warrant. The idea was simple enough: In Carroll v. United States, 267 U.S. 132 (1925), Justice Taft wrote, “it is not practicable to secure a warrant because the vehicle can be quickly moved out of the locality in which the warrant must be sought.” As shown here, today’s vehicles are far more than simple modes of transportation. It is more akin to the cellphone but with even more data. For this reason, experts are calling for Congress to act. Otherwise, it could be years, even decades, before the Supreme Court weighs in. With millions of cars on the road tracking so much information, that could result in innumerable searches.

Tools like the devices from Berla make it easier for the police to extract the data from the vehicles they encounter. A detective with the Michigan State Police Computer Crimes Unit, Chris Prevette, told NBC News in 2020 that his agency’s troopers were grabbing data without a warrant from cars for “smaller, everyday felonies” two or three times a week.

There has been some movement toward warrant requirements. Senator Ron Wyden, a Democrat from Oregon, has introduced a bill to require a warrant, though it has not been brought up in committee. Nevertheless, Phil Mayor of the ACLU in Michigan would like to see legislation to help clarify the rules but “in the meantime, courts can and should find that the extraction and search of data requires a warrant – just as courts have held that searches of cellphones generally require a warrant.”

Police and Telematics

The police are quickly gaining awareness of what these systems and their data can do. However, since most carmakers do not disclose when police request vehicle data, we can only gather sporadic examples of how police are using telematics. The very police who want to know your every move also are notorious for their secrecy. Much like their efforts to obscure their use of cell-site simulators – even to the point of dismissing some cases rather than revealing its use – it seems likely we have only a small understanding of how they are using the data today.

StopSpying.org pointed out how Uber and Lyft, together, received over 7,000 law enforcement requests in 2020 while representing around 2 million cars between them. There were around 84 million connected cars on the road in the U.S. as of 2021. If police requests to telematics companies, insurers, and manufacturers were proportional, there should have been over 280,000 such requests. As StopSpying said, “If this reasonable estimate is even roughly accurate, it is staggering as it more than triples the number of police requests Google entertained in the same period. Even if it is a vast overestimate, it is at least illustrative of the potential for growth, especially since the number of connected cars grows each year.

As early as 2001, ATX Technologies (later joining the company Ager) was ordered to provide “roving interceptions” of a Mercedes Benz S340V, a practice often called cartapping. For 30 days, ATX allowed the FBI to listen in to the conversations of its customer. However, when the FBI asked for an extension, ATX declined as the requirement was overly burdensome. The FBI responded by pushing the court to find them in contempt.

A Chevy Tahoe’s OnStar system was activated by an occupant in 2007, but the vehicle owner was unaware, allowing an OnStar employee to eavesdrop enough of their conversation to determine the Tahoe’s occupants were discussing a drug deal. The OnStar employee subsequently allowed the Fairfield County Sheriff’s Office to listen to the conversation. The vehicle was searched as a result, and marijuana was found. The Tahoe’s owner had not even signed up for the service.

OnStar helped law enforcement in another notable case in 2009. A suspected cocaine dealer rented a Tahoe and took a trip from Houston, Texas, to Ouchita Parish, Louisiana. The police, who had not seen the vehicle and had no idea what it looked like, were able to use OnStar to track it “among the many that were on Interstate 20 that evening.” With OnStar’s help, they located and stopped the Tahoe, where they found cocaine, ecstasy, and a gun.

Most notably among this tiny sample is how police in Kalamazoo, Michigan, used a 2016 Chevrolet Silverado’s informatics to solve a cold murder case. Over two years after the murder of an automobile mechanic, police turned to the Silverado, which had been stolen about the same time of the murder. Another person’s voice was found in the system where a man had used the voice control to play Eminem. That voice belonged to a man who had worked on some vehicles with the victim, which the suspect’s wife verified when the recording was played to her.

One company, Berla, makes a product that is capable of accessing the data of more than 14,000 vehicle models on the road today. Its primary customers are the police and other law enforcement agencies. A border patrol agent using Berla’s product recently wrote that a 2019 Dodge Charger’s infotainment system and telematics data were especially useful to them. The agent pointed out how the systems could provide information on the suspect’s location, email addresses, IP (internet) addresses, and phone numbers. It even could help them determine the suspect’s state of mind. To the agent, the data collected was all “used to facilitate the transportation or movement of noncitizens without legal status into and throughout the United States.” Beyond the ability to identify the location of each of the stops the car made, Berla’s tool could also illuminate “the knowledge, motive and voluntariness, regarding the offenses under investigation.”

An agent of the Bureau of Alcohol, Tobacco, Firearms, and Explosives (“ATF”) in October of 2022 added that Berla’s tool could also identify passwords – a claim also made by the border patrol agent. Even without access to the phone itself, they can recover much of the information within the device because it has shared it with the car. Berla, meanwhile, has openly floated the idea of creating apps for automotive systems that would eliminate the need for an external device. Instead, the apps would just upload the data to Berla’s servers, bypassing typical red-tape concerns like court orders and allowing the police to take more proactive and intrusive efforts.

Hacking Telematics

Anyone who has locked their keys inside their vehicle is probably familiar with the ability of services like OnStar to unlock the car for them. In computing, no system connected to a network is considered secure. That is just as true for an automobile. Cybersecurity researchers pointed to a hack in 2022 that allowed them to unlock vulnerable Hondas and Nissans. They could also start the car, download the data stored inside, honk the horn, and determine the vehicle’s location – all using only a laptop. Honda’s Acura and Nissan’s Infinity models were also impacted by the hack.

The hack took advantage of the vehicle’s telematics systems created by Sirius XM. Armed with the laptop, a “simple” program, and the Vehicle Identification Number – which can be found by looking in the windshield – they were able to trick Sirius XM’s servers into believing they were the car’s owner. The hack was quickly addressed by Honda and Nissan, and it is not believed that it had ever been used outside of research. But it highlights a problem with connected automotive systems. When your car knows so much about you, how much knowledge are you comfortable with strangers possessing, whether they are the police, international conglomerates, auto or identity thieves, or hackers intent on nothing more than creating chaos.

A case in Australia illustrates the worries about telematics falling into another set of hands. One man’s ex-girlfriend (ABC Australia does not identify victims or suspects) drove a high-tech Land Rover, which allowed the man to use an app to follow her movements. He also used the app to start and stop her vehicle and open and close the windows. It is hard to fully imagine how confused, then terrified, the woman must have been as his actions became more persistent. ABC News Australia said she told the court, “These crimes made me feel unsafe.” She added, “Made me fear the technology I once embraced and left me with a deep distrust of the cybersecurity protections and laws currently in place, now I know they can be exploited.”

A hacker known as GreenTheOnly was able to show how he could access personal details and passwords by purchasing used infotainment systems from Teslas on eBay. Andrea Amico, whose company Privacy4Cars provides free software to individuals to help them remove some of their data, sent out “mystery shoppers” to 72 dealerships. The shoppers used the test drives to see what information had been left behind by the previous owners and the dealerships. He says 88% of the shoppers found personal data such as home addresses and phone numbers. Amico said, “One of the most common crimes in the United States is identity theft. But even without that, would you feel comfortable knowing that your home address, text messages, contacts, and call history are all in someone else’s hands?”

Third Parties

The Canadian company Geotab is one of the major providers in telematics. Among its fleet of telematics includes the Department of Homeland Security’s vehicles. Along with the many telematics devices it monitors of its own customers, it has also partnered with GM and Ford to process data for them. As a result, Geotab claims to process over 40 billion records a day. Furthermore, it claims that the resulting data forms “the richest telematics data set in the world consisting of engine data, accelerometer data, and more.”

There is a grave problem when corporations store personal data such as that provided by vehicle telematics. Although many such companies claim they share the data with other companies only with the customer’s consent, it is likely the customer could have given consent without understanding the nature of the data that was being given away. Consider how many End User License Agreements are clicked through unread. It’s likely no different when a person purchases a car, and among the myriad documents the buyer must sign, there is a consent to the release of telematics data that’s slipped in. Furthermore, it is conceivable that some non-conformists slip through the cracks so that the telematics company logs their data without realizing no consent was signed. Until something like a warrant or anti-abortion advocate comes to the door, it is unlikely the customer would ever know. Nor is it clear how easily the data could be retrieved once it has been sold.

Neither is it always clear how a used car buyer may cancel a previous owner’s consent without disabling the modem(s). One young man in Arizona, Jorge Molina, was arrested because a geofence against Google’s Location History placed his phone at the scene of a murder. As it turned out, his mother’s ex-boyfriend had a phone that had once belonged to Molina, but Molina’s Google account on the phone had never been removed. Simply for having handed over a phone, he was arrested for murder and lost his job and car. If that can happen so easily with a phone, how much easier will it be with a car containing many distinct systems that may be broadcasting information to numerous corporations without the customer’s knowledge or consent?

Consent is not the same as control either. Once it is given, the corporation such as GM’s OnStar is capable of delivering the data to whomever it pleases. One such potential customer might well be Ulysses, a company that plans to format the data to be sold to the military. That begs the question of why any military might want domestic vehicle driving circuit data. Yet another company called SafeGraph had an altogether different use of driver data. One product it offered identified location data for visitors to abortion clinics. This data was sold to anti-abortion groups as well as government agencies seeking to prosecute women seeking abortions, as well as the people helping them, as the data even tracked where they were from and their hosts. Fortunately, the program ended when it was brought to light in May 2022. Nevertheless, given the ability to geofence abortion clinics with third party location data and that the location data is coupled with a unique identifier, the process of determining the identity of the woman already struggling with a difficult life decision is simple. What would keep any other company like SafeGraph from selling the same data but in a different package?

California is the only state that does not allow auto insurers to use telematics to determine driver risk profiles. The entire process in any state is usually less than transparent whether or not the driver chose to allow their telematics data to be applied. Given that lack of transparency, how would a driver outside California know that the insurer has not applied a risk analysis against telematics data acquired from a data broker rather than a device under the dashboard? With the growing availability of telematics data among data brokers and the many other types of brokered data the insurance companies are willing to use, such as credit scores, it is a growing possibility.

Geotab told Forbes that it believes the customer owns the data and has rights over it. Geotab’s privacy policy, Forbes notes however, says that it has the right to share the data with the customer’s consent. GM OnStar’s privacy policy says it shares the data across GM subsidiaries, research institutes, business partners, and other third parties “with consents.” General Motor’s privacy policy says, “We have disclosed or sold Personal Information to third parties for a business or commercial purpose in the preceding 12 months in the following categories: Identifiers and internet or similar network activity.” Honda told The Drive that it does collect trip information, including location, that the data is transmitted automatically regardless of whether the driver used Honda Link, and that the data can be shared with third parties.

Mary Stone Ross, the chief privacy officer at OSOM, a technology firm focused on privacy, and a former CIA employee, told The Drive, “I saw how powerful information was from a government perspective [at the CIA], where there actually was quite a bit of oversight and regulation. And then, what these companies had was so much more intrusive and they could do whatever they want.” She later added, “The tech companies are spending so much money, and any sort of privacy regulation they see as an existential threat to their business model, whether it is or isn’t.”

It is an unfortunate fact that most of these technologies today make little use of privacy guarding technologies. The cellphone is a clear example of a technology that has very little privacy. Even companies that wish to enable privacy run into roadblocks in the very standards used to create the systems. Similarly, current telematics are uploaded with identifiers that single out each vehicle in addition to their GPS locations. It appears, then, the only way privacy can be enabled is by the courts and/or legislation. The corporations creating the technology have little impetus to enable privacy when big data helps to inflate the corporate bottom line.

Telematics may indeed be the future of commuting. It is almost inevitable that we will all one day be passengers in cars that drive for us. When that day comes, however, given all that our cars will know about us, we should demand that our data will be as safe and secure as our bodies. We need Congress to step up and outline a set of regulations that guide future technologies and strengthen the security of existing tech. And, unless one is an accomplished hacker who can disable their car’s modems, that pre-2000 beater rusting in the driveway may be the most secure option.  

Sources: samsara.com, ruggedtelemetry.com, arity.com, businessnewsdaily.com, mixtelematics.com, getjerry.com, gpstechnologies.com, abforensics.com, forbes.com, stopspying.org, governing.com, eff.org, nbcnews.com, researchgate.net, rollcall.com, cbsnews.com, latimes.com, nypost.com, tech.co, fortune.com, autorentalnews.com, axel.org, thedrive.com, jacksonlewis.com, Associated Press

Subscribe today

Already a subscriber? Login