Slashdot Mirror

← Back to Stories (view on slashdot.org)

Carmakers Promise Not To Abuse Drivers' Privacy

Posted by timothy on from the how-far-can-you-throw-this-vehicle? dept.

schwit1 provides this excerpt from an Associated Press report: "Nineteen automakers accounting for most of the passenger cars and trucks sold in the U.S. have signed onto a set of principles they say will protect motorists' privacy in an era when computerized cars pass along more information about their drivers than many motorists realize. The principles were delivered in a letter Wednesday to the Federal Trade Commission, which has the authority to force corporations to live up to their promises to consumers. Industry officials say they want to assure their customers that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads for pizza parlors, gas stations or other businesses they drive past, without their permission. The principles also commit automakers to 'implement reasonable measures' to protect personal information from unauthorized access." Also at the Detroit News. Adds schwit1: "It's a meaningless gesture without being codified into law. A greedy car manufacturer or NSL trumps any 'set of principles'." The letter itself (PDF) isn't riveting, but it's more readable than some such documents, and all the promises it makes are a good reminder of just how much data modern cars can collect, and all the ways that it can be passed on.

35 of 98 comments (clear)

  1. Pinky swear? by i+kan+reed · · Score: 5, Insightful

    Will they take an oath? With they sign in blood? Will they promise their first born if they renege?

    A promise from corporations doesn't go very far.

    1. Re:Pinky swear? by ThatsDrDangerToYou · · Score: 3, Funny

      I clearly saw them crossing their fingers behind their backs, so as you know, this is all null and void. I also think I overheard one of them saying something like... "Privacy!? You? Muahahahahahah!"

    2. Re:Pinky swear? by gstoddart · · Score: 5, Insightful

      The check is in the mail. I promise I won't cum in your mouth. We promise we won't misuse your private data.

      None of these statements is worth a damn.

      The only solution is to not give it to them in the first place, and to have laws which dictate what they can and can't collect, and what they can do with it.

      This is why other countries have actual privacy legislation which spells this kind of stuff out. Because trusting promise of a corporation is moronic.

      This promise, or pledge, or PR stunt ... is neither legally binding nor particularly meaningful.

      --
      Lost at C:>. Found at C.
    3. Re:Pinky swear? by s.petry · · Score: 2

      They made the promise in the board room so they had to cross their ankles to make the "swear" null and void. Putting your hand behind your back while in a chair is way too obvious, and these people are so much smarter than you.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    4. Re:Pinky swear? by ChadL · · Score: 2

      They don't need to take an oath given what I read from the document. It doesn't really say anything, uses lots of weasel words such as "legitimate business purposes". Additionally they allow sharing of covered information to protect the "safety, property, and rights" of Participating Members (themselves), which I see as allowing them to come up with some reason to share whatever they want.

    5. Re:Pinky swear? by Dutch+Gun · · Score: 3, Insightful

      It's easy to be cynical and simply dismiss this as rubbish. Sure, most of this may be PR driven, but the fact is that ALL of the major automakers signed off on this document, and if any of them break their promise, it's also going to be a lot of PR damage for them. That equates into actual lost sales, if the damage is bad enough or sustained enough. Consumers are getting more and more privacy conscious, thanks in large part, no doubt, to some of our governments three-letter agencies.

      Here's the good news, and why we may be able to give automakers the benefit of the doubt until we spot evidence to the contrary: it's important to look at revenue models for companies when dealing with privacy and data issues. One of the big problems with Google and Facebook is that they have no product to sell other than your data. As such, you're never going to see much in the way of consumer privacy protection from these companies... ever. It's just not really possible. ISPs have plenty of revenue sources, but are generally in a non-competitive environment. As such, they've seen fit to track users for their browsing habits simply for the extra revenue, consumer privacy be damned. They can well afford to screw over their customers with high prices and horrible service, and there's little that people can do about it because there's often no real choice in providers for a given area.

      Auto-makers, on the other hand, are in a competitive market. Moreover, they're selling a high-value product for an actual profit. If an automaker decides to play fast and loose with the terms of this promise, people are likely to notice, and simply choose a make of car next time with a company they feel won't renege on their promises. Fortunately, there are plenty of carmakers to choose from. There's also a wide range of price points and features to choose from. You don't sell luxury goods by crapping all over on your customers - at least, not for the long haul.

      Most corporations are more than willing to write off a few of it's customers, although thanks to the internet, that's become more and more risky. However, in a competitive market, few corporations will screw over ALL of their customers, or they'll risk damaging their brand and risking market share. That's why they'll almost always back down when confronted with really bad PR.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    6. Re:Pinky swear? by i+kan+reed · · Score: 3, Insightful

      I too dislike unbridled cynicism.

      Of course, the problems with this line of reasoning, about PR disasters from breaking promises are:
      A. No one, not one major media organization, has a history of challenging companies on keeping promises
      B. They can abuse the data and call it non-abuse.
      C. Price and features are the driving motivators in the car purchase market, making "company PR" a pretty low concern, and even in that avenue, safety tends to matter more for PR than promise keeping.
      and
      D. Corporate promises last only as long as there's not more profit to be made from breaking them, no matter how big the cost is.

    7. Re:Pinky swear? by CanHasDIY · · Score: 2

      The problem I see is that 'permission' is very vaguely defined in the US legal system.

      Unilateral contracts and all. Basically, they'll set it up so you can't buy any car without signing something that gives them 'permission' to share your data, just like what the cell carriers have done. This isn't a move to protect consumers, its a preemptive strike.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    8. Re:Pinky swear? by CanHasDIY · · Score: 2

      Also, unilateral contracts. Consumers will have about as much say in the matter as we do with cell phone carriers and ISPs.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    9. Re:Pinky swear? by JohnFen · · Score: 2

      The problem with the statement is that it doesn't really address my major privacy concerns at all. Even if they adhered to it 100%, there are enough exceptions that I don't care. It doesn't reassure me. My car simply should not be phoning home, period. It gives me zero benefit, and exposes me to risk.

    10. Re:Pinky swear? by seven+of+five · · Score: 2

      What the carmaker says or doesn't say is virtually irrelevant. The mere possession of customer data means somewhere along the line it will leak, whether intentionally, though incompetence, accident, change of corporate heart, outside malice or other reasons.

    11. Re:Pinky swear? by TubeSteak · · Score: 2

      This promise, or pledge, or PR stunt ... is neither legally binding nor particularly meaningful.

      What'll happen is one or more States will pass laws to codify those privacy pledges.
      Then the manufacturers will push for a national standard/law so that they aren't stuck with a patchwork of 50 State laws.

      It's what happened once Massachusetts passed a Right-To-Repair law

      --
      [Fuck Beta]
      o0t!
    12. Re:Pinky swear? by Dutch+Gun · · Score: 2

      I think they're doing this precisely because they want to head off government regulation, most likely because they fear government regulation would be much stricter than what they are imposing on themselves via this document. It's probably the same reason why industries like movies and videogames set up their own rating systems. If they waited for the government to do it, it might be worse than than what they came up with themselves - at least from their perspective.

      Obviously, those companies are not doing this out of the goodness of their hearts, but likely because they see privacy as a potential hot-button consumer issue in the future, and would like to preempt the discussion if at all possible with this document. If they can self-regulate themselves reasonably well, fine. If not, we can go the legislation and regulation route.

      All I'm saying here is that it would be foolish of them to thumb their noses at their customers and piss them off, because they're more likely to either lose sales or get burdened with more regulation via the government that way, as has happened so often before. One would like to think they could eventually learn from decades of mistakes and stay ahead of the curve for once. Maybe some people think of me as naive for thinking a company would use privacy as a selling point, but I'd say there's at least one example to point to recently.

      --
      Irony: Agile development has too much intertia to be abandoned now.
  2. If a corporation has to "promise"... by James-NSC · · Score: 4, Insightful

    ... it's because they've already broken it and are acting on the advice of legal and/or PR spin.
    Seriously, when was the last time a corporation promised you anything that they stuck to?

    1. Re:If a corporation has to "promise"... by TheGratefulNet · · Score: 5, Funny

      my company promised us that there would be layoffs and they actually did make good on that promise.

      does that count?

      --

      --
      "It is now safe to switch off your computer."
  3. "Court order"? by drinkypoo · · Score: 3, Interesting

    What does "court order" mean? Are they going to require an actual warrant, or will they just cough up your data on any request by a court? Because if a warrant ain't required, I ain't interested.

    As has been pointed out elsewhere, unless it has the force of law it's useless. The FTC having the power to strong-arm corporations slightly, maybe get you a settlement for a discount off a future product, doesn't help you if the rules of evidence don't prohibit using that information against you. And unless passing that information is actually illegal, they won't do that.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:"Court order"? by pla · · Score: 5, Insightful

      What does "court order" mean? Are they going to require an actual warrant, or will they just cough up your data on any request by a court? Because if a warrant ain't required, I ain't interested.

      Even if they do require a warrant, I ain't interested. They can keep their BS extra features that require tracking me. I can call AAA on my own. I can read a map on my own. I can remember to schedule my regular maintenance without automated reminders based on telemetry data.

      Free hint, automakers - Any feature that requires data to leave my car, I will actively disable. And even any feature that requires the car to log data locally, I will minimize to the greatest extent possible. I don't trust you, I don't trust the NSA, I don't trust the state government not to retroactively issue speeding tickets in a revenue-tight year (like they've already proven they will do with EZ-Pass type toll transponders - You know, the ones they promised (just like in TFA) they'd never use for anything other than paying your tolls).

      Someone want to get rich? Develop an ODBC-II dongle that erases my car's EDR every time I turn the car off... Or for that matter, continually if possible.

    2. Re:"Court order"? by mlts · · Score: 2

      I'm also worried about data coming in. If GM and OnStar can shut down cars, then what prevents some bad guy from shutting all Chevies down on the highway during a hurricane evacuation just to cause problems.

      This already happened in Austin when a car dealer that used a "pay to play" system on their vehicles (where the buyer had to enter a code after every payment to allow the vehicle to start)... a disgruntled employee logged in via another person's account and shut down every single car, be it paid for or not. If a guy with no hacking skillz other than knowing another employee's password can do that, it wouldn't be far-fetched for a blackhat to seize control of GM's OnStar system and use it for mischief. Criminals would stand in line for this access (disable cars on a remote stretch of highway for ease of looting.)

  4. Without their permission by RandomFactor · · Score: 5, Interesting

    customer ... Information ... wont be ... all kinds of stuff ... without their permission.

    I'm told I gave permission for things that I in no way gave permission for (consciously) far to often to buy that one.

    They'll just add permissions to the shrink wrap license on your smart ignition key (or your XM radio, live maps, emergency service, or some other needed/desirable function). Pesky 'privacy' problem solved!

    --
    --- Mercutio was right.
    1. Re:Without their permission by TangoMargarine · · Score: 2

      Buying the car is giving permission, duh. Also known as the "Shrinkwrap Defense."

      "You don't like our terms of service? Then don't buy our product. What's that? Everybody else in the market does the same thing? Well then fuck you."

      --
      Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
    2. Re:Without their permission by TheGratefulNet · · Score: 2

      speaking of gps maps, I had a discussion with a guy at work about buying a gps that came with the car vs installing an aftermarket one.

      my point to him was that car companies cannot be trusted with your data, your driving locations are WAY too much info to hand over to them, their gps systems are almost always worse than even just your phone's gps and they are expensive as hell. the only upside is that they 'look good' on your dash since it was designed in from the factory.

      no, I want no bluetooth from a car company or any other networking thing. no radio uplinks, no beacons, no data logging (hard to avoid the blackboxes that are now built into every car sold to the US folks) but what stuff I am able to stop them from using, I certainly will.

      this kind of thing makes buying 10+ yr old used cars look a lot better. it also makes me want to hang onto my old car for as long as I possibly can.

      --

      --
      "It is now safe to switch off your computer."
  5. Put it in my warranty then. by Anonymous Coward · · Score: 4, Interesting

    Lifetime commitment to this promise, or else I can return the car at anytime and get exactly what I paid for it.

  6. License change? by gstoddart · · Score: 4, Insightful

    Industry officials say they want to assure their customers that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads for pizza parlors, gas stations or other businesses they drive past, without their permission.

    By continuing to use this service, you agree that your information may be provided to law enforcement at our discretion, provided to your insurer, sold to third parties, and used to provide advertising.

    See how easily they can change this?

    In an age where EULA changes by the issuer have been upheld, and when we're talking about your car (which you likely can't readily replace) ... in a few months they simply change the terms to read that you've given them permission.

    This is an entirely empty promise, and since it's software (and therefore licensed) they can change the terms any time they like.

    Tell you what, make it a law that you either have to provide a model which doesn't collect this data, or you have to remove the functionality when I take delivery if I ask you to.

    Other than that, I don't believe a damned thing you say.

    --
    Lost at C:>. Found at C.
  7. Suuuuuuuure by hooiberg · · Score: 2

    A big company... promising anything... Bwahahahahahaahahaha! Actually it is worth weeping over.

  8. They don't get what it means to SELL a car by Anonymous Coward · · Score: 3, Interesting

    My car, my data. You want it, let me opt in and pay me. The car company does not need to know anything about my vehicle - not where it is, not how fast it is going, not how long since an oil change. Nada, zip, zilch. And I won't buy any car that tries to send data back. They have too much computer crap in them anyway, at least for me. But I just like to drive (I race cars for a hobby) and not do my makeup or watch movies in my car.

  9. This Primise Is Already False by DERoss · · Score: 5, Informative

    Franchised car dealers already violate this promise; and many (most?, all?) independent service garages and body shops do, too. If you take your car to a dealer for servicing, your mileage is reported to CarFax, which then reports your mileage to your car insurance. If you have an accident and do not report it to your insurance, the accident is reported by the body shop that does the repairs. CarFax pays the dealers, garages, and shops for these data; and insurance companies pay CarFax.

    What is worse is that erroneous data are difficult to correct. In advance of an insurance policy renewal, I received an E-mail message asking me to use the insurance company's Web site to report my mileage. When I reported 25,065 miles, the entry was rejected with a message indicating I could not report an odometer reading less than the prior reading. On the Web site, there was a link to view the mileage history for my car. The immediately prior entry was for 241,080 miles, reported by CarFax on the date of the last routine servicing of my car. I checked the invoice for that servicing; it indicated 24,108 miles. A zero had been added to the end of the mileage, either by the dealer's service department or by CarFax! Working with both the service manager at the dealer and the local agent for the automobile insurance company, it took several phone calls over a month to obtain a correction.

      See http://www.carfax.com/, which will charge you for a report on a specific car. See also http://www.mycarfax.com/, from which you can get a free report.

  10. Don't get SW from your HW vendor, EVER by Anonymous Coward · · Score: 2, Interesting

    One of the most basic things every single "computer nerd" learns, is that you never want to buy your hardware and software from the same entity. IBM taught people that lesson in the 1960s, and companies like Apple and Sony (both of whom are very capable of making excellent products but always make sure to poison their offerings) are teaching it to everyone today. Sometimes you get trapped and have to (or are unable to get out of thinking that you have to, which is basically the same thing), but it always sucks. And it always sucks to an extreme, conspicuous degree, far beyond the usual variations out there.

    Sometimes the suckage is manifested as basic shoddiness, where it just obviously seems like a shitty product, which doesn't work reliably or whatever. But most often, that's not really how it sucks. The suckage is manifested not as obvious shoddiness, but as the product being subversive, where it is primarily intended to serve other parties' (usually the manufacturer) interests, at the user's expense. Your thing plays dual roles, acting both as a toy/tool, but also as a parasite. It's not so much "shoddy" as "lame" (it can't do obviously-doable things) or has some dark cloud (e.g. DRM or other arbitrary restrictions) over it.

    We don't want this in our cars. I don't want carmakers to swear to not be evil. I don't even want someone (government) pointing guns at their heads and pulling triggers whenever they're caught being evil. I want them to lack the capacity. WE, not them, should be controlling our cars. I guarantee you, whatever software comes preloaded in your car, won't be for you. And whatever competitive advantage Ford has over Chevy (or vice versa) won't be so much about how the software appeals to you, but how much money they get from their "partners" for selling you out.

  11. Voluntary agreements aren't worth a thing by JohnFen · · Score: 2

    For my part, I'll just continue to disable the car's ability to communicate.

  12. It is worth less than that by aepervius · · Score: 3, Insightful

    I take their promise as in "we will pretend to protect your privacy while working hard with our legal department to find work around, and when we get caught, then it won't matter because we will have respected the "letter" of our promise even if we broke the spirit of it, and in the mean time we avoid laws which would force us to REALLY respect privacy."

    If an industry promise self regulation, you can bet it will be in their interrest, not in the one of the customer.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  13. My promise to automakers... by Bugler412 · · Score: 4, Informative

    I will remove, shield or power down whatever transmitter and antenna you install into my car. No need for the FTC to monitor compliance with that promise.

  14. Then make it a felony criminal offense by swb · · Score: 2

    If they really are committed to this, then let's make consumer privacy black letter criminal law and violation of it a felony offense with mandatory jail time.

    My guess is that when they say they are committed to it, they just aren't that committed to it, which means they aren't committed to it at all.

  15. OnStar by TwoEyedJack · · Score: 2

    I remember when it was revealed in the trial of a gangster that GM had turned on their OnStar system and recorded hours of conversation for the government. That was a wakeup call. Lots of sites with instructions on how to disable that bit of useless technology.

  16. The reason why they did this is simple by rockabilly · · Score: 2

    The car companies see this as a major revenue engine. They do not want to see anything legislated, so they are jumping the gun by showing the government that they are capable of policing themselves.

    Its all total bullshit of course....

  17. You lost me at by WaffleMonster · · Score: 2

    that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order

    This is the problem. Record everything and everything becomes discoverable. There is no distance from the man himself standing over your shoulder noting everything you do and everywhere you go.

    Use cases for recording all this data are equally pathetic...

    "The technology uses a radio signal to continually transmit a vehicle's position, heading, speed and other information. Similarly equipped cars and trucks would receive the same information, and their computers would alert drivers to an impending collision."

    If you feel compelled to make drivers safer with computer generated warnings then do so based on observations of the world as it already is. While image/sensor processing is more difficult computationally than recording transmitted signals the supporting hardware costs nothing and software R&D costs maximally benefit from deployment at scale and general interest in image processing across a growing number of domains.

    Plus you get capabilities transmitters do not provide such as the ability to react to vehicles or obstructions not transmitting their positions.

    "As modern cars not only share the road but will in the not too distant future communicate with one another, vigilance over the privacy of our customers and the security of vehicle systems is an imperative," said John Bozzella, president of Global Automakers, an industry trade association."

    Security of vehicle systems will never happen because we have proven ourselves incapable of ever producing a secure anything. There is also a small minor problem of owners of these vehicles themselves not being trustworthy.

    Sensors which view the world as it actually is rather than blind assertions of transmitters you have no reason to trust is both more secure and more useful on the context of driving vehicles on paved roads.

    The automakers' principles leave open the possibility of deals with advertisers who want to target motorists based on their location and other personal data, but only if customers agree ahead of time that they want to receive such information, industry officials said in a briefing with reporters.

    Where have I heard this before? You agree as a condition of purchase or in some fine print most people will never read. Everyone knows the drill by now.

    "You just don't want your car spying on you," he said. "That's the practical consequence of a lot of the new technologies that are being built into cars."

    Pure bullshit this isn't about technology, the future or in any way leveraging technology to provide additional value to consumers. It is about leveraging technology to provide additional value to manufacturers and their value chain.

    You don't need to report your location to view a map of your location. You don't need to report your location to download traffic conditions. You don't need to report your location to calculate the distance to nearest charging stations. You don't need to report your location for safety reasons.

    You only need to report your location so others can profit.

  18. Re:won't share until government tells us to by cayenne8 · · Score: 2
    Here's the best thing they could do to PROVE they are respecting our privacy.

    Install a simple OFF SWITCH.

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........