back to article When it comes to personal data, we're on a highway to hell

Far gone are the days when a car was a dumb machine you turned on and drove from A to B. Today it's a smartphone on wheels, and your data is possibly being taken for a ride. In a judgment affecting multiple class-action lawsuits, a US court has ruled automakers can harvest the data exchanged when owners sync their phones with …

  1. ecofeco Silver badge

    Wiretapping

    Remember when wiretapping was illegal?

    But somehow "digital" makes it OK now?

    Oh well, not much longer to go before it all falls gloriously to bits.

    1. Eclectic Man Silver badge

      Re: Wiretapping

      Those old Nokias are looking more attractive by the hour

  2. jake Silver badge

    Whose data?

    "Today it's a smartphone on wheels, and your data is possibly being taken for a ride."

    YOUR data might be. None of my cars are owned by the enemy.

    1. Alumoi Silver badge

      Re: Whose data?

      I take it your cars are at least 10 years old, right? And none has a CAN bus or you've never visited a service which connected to your car.

  3. drankinatty

    Woe Be The Professional That Loses Control of Confedential Patient/Client Data In A Rental

    The Court in dismissing the case simply got it wrong.

    There are a whole host of considerations beyond data simply being kept in a vehicle system where the user has no way to deleting and the data may be harvested by third-parties over which the user has no control. This is particularly true if the poor user is part of a profession that has a legal duty to protect and prevent disclosure of information to third-parties. Or when disclosure would vitiate a privilege attached to that information (like attorney-client, patient-physician, etc...)

    There is a valid argument to be made that a physician or lawyer would be "grossly negligent" in using any system where they lose control of patient/client information and would be subject to being disciplined by the bar or medical board. Oh what a tangled web we weave...

    1. dirtygreen

      Re: Woe Be The Professional That Loses Control of Confedential Patient/Client Data In A Rental

      Sounds like such professionals should do as I do then. Never ever sync your phone with your car.

      FWIW, I never use my phone for anything financial, so there can be no risk to my finances through it. It sounds like these professionals should do the same with client/patient data - never let it near their phone. Or keep a separate phone just for that purpose with no other apps or uses and never synchronised etc.

    2. veti Silver badge

      Re: Woe Be The Professional That Loses Control of Confedential Patient/Client Data In A Rental

      Can you show how such data might leak?

      Asking because phones in my experience have ways of classifying data and controlling what leaks how. Can you show that a car is likely to have access to (data that would be considered illegal to leak, however that's defined in your jurisdiction)?

      1. veti Silver badge

        Re: Woe Be The Professional That Loses Control of Confedential Patient/Client Data In A Rental

        Downvoted for asking for specifics. Typical.

        Look, we can sit around here moaning all we like about how iniquitous it is and should be stopped, but to stop it we would need to persuade a court, or a government, to do something. And for that we need specifics.

        If you can say "$CAR downloads $DATA from $PHONE_APP", where $DATA is legally protected, then you've got an argument we can make to a court. Then we can take it to the next step, which is demanding accountability from car manufacturers and phone users. But as long as you're just wringing your hands saying "they could be taking anything, we don't know", you've got the square root of sweet fuck all.

        (Note that the specific items of data that qualify for protection will vary by jurisdiction. A single phone number, for instance, probably doesn't qualify, but a list of them might. A number plus an accompanying name might. That's why we need to be very clear and specific about what data is being taken.)

      2. Aleph0

        Re: Woe Be The Professional That Loses Control of Confedential Patient/Client Data In A Rental

        A doctor receiving a message from one of his patients about some embarrassing disease while he's streaming music from his phone to his car via Bluetooth? AFAIK cars can read aloud incoming messages from connetted devices, so they must necessarily have access to the text thereof.

        Perhaps the car syncing the address book / calendar? Plenty of sensitive data can be stored there...

  4. NXM Silver badge

    Slurpage

    I made the mistake of pairing my phone with our Evoque, which immediately slurped the entire contact list and goodness knows what else. De-paired now, but the damage is done.

    Oh and BTW, it has an emergency button which can phone 999 and another for a Land Rover helpline, so it can probably send the phone contents to Skynet for all I know.

    1. ecofeco Silver badge

      Re: Slurpage

      After buying my last used car, I had to clear 14 phone numbers from the system left there by previous users.

  5. Piro Silver badge

    But the people love it

    Someone at work today showed me how he can see a destination history and complete map of driving from his Tesla.

    Uh, no thanks

    1. Anonymous Coward
      Anonymous Coward

      Re: complete map of driving from his Tesla

      As you have a Tesla then you have given your soul to Emperor Musk the Great. Teslas send literally everything you do in the car to Musk's minions. It all gets used for what? They say 'helping to improve their Autopilot'. Yeah right. Pull the other one.

      Then.... Elon Musk can brick your car at will. Piss him off and suddenly, your Tesla computer on wheels won't go anywhere and there is nothing that you can do about it.

      You might have paid good money for your tin can on wheels but you obviously do not own it.

      Other cars collect journey data but none are anyway as near as comprehensive as a Tesla.

      Don't buy/lease or rent a Tesla if you care about privacy.

      1. BillG
        Devil

        Re: complete map of driving from his Tesla

        AC, I don't think you've been paying attention. Everything you just wrote - sending literally everything you do with your car to the manufacturer, bricking your car remotely, collecting journey data - every manufacturer can do this today. And if you are financing/leasing your car it's worse, the bank/agency that holds your loan/lease has its own module (independent of the manufacturer) installed on your car that also knows your location at any given moment, and if you miss a payment can brick your car without due process.

        Don't buy/lease or rent a connected car if you care about privacy.

        1. I could be a dog really Bronze badge

          Re: complete map of driving from his Tesla

          the bank/agency that holds your loan/lease has its own module (independent of the manufacturer) installed on your car that also knows your location at any given moment

          Citation ? In general, no they won't. What's more, in the EU it would be ILLEGAL to fit such a unit without the owner's permission. Having a requirement for such a unit as a pre-requisite for getting the finance is a bit of a grey area as data protection laws are clear that (to paraphrase) you cannot use lack of permission for slurpage as a reason to refuse provision of a service.

          The only situation I'm aware of where the fitment of an extra unit is routinely done is in the insurance market where some insurers offer a product aimed at younger/inexperienced (and I imagine, those with a bad history) where the premiums are lowered in return for fitment of a monitoring black box - thus allowing the insurer to reduce it's risk and hence justify a lower premium.

          can brick your car without due process

          Citation ? Again, in general no they can't.

          Of course, across the pond where the population have clearly not questioned their prospective votees on this enough for it to be of more importance than the "requests" from their corporate sponsors, it would seem that corporations can do this sort of stuff with impunity.

          bricking your car remotely

          It will be interesting to see the first manufacturer to actually do this in Europe or the UK. It would definitely be a popcorn event to see the manufacturer being sued for damages - plus criminal damage and.or unauthorised access to a computer system would be two potential criminal charges that come to mind.

          And don't forget, there are many things that cannot be waived by signing a contract - we have laws that effectively say "if you put this sort of thing in a consumer contract then it's void BY LAW even if the consumer apparently agreed to it". It's there specifically to stop dodgy contractual terms being used to remove consumer rights.

  6. b1k3rdude

    For years people used to look at me like I was crazy for having a rooted phone with Xprivacy to block this sthit from being pilfered from my phone, whos laughing now.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like