Your personal driving and car data could be at risk

Your personal driving and car data could be at risk
Your personal driving and car data could be at risk
Jim Travers

Your car’s computer systems are constantly tracking your driving behavior, your speed, seat belt use, and much more. And your vehicle now has the ability to share that data wirelessly. These advances are bringing not only new conveniences but also new concerns about privacy and security.

The data collection began decade ago with Event Data Recorders, or EDRs, for tracking air bag effectiveness. (EDRs are often used to help reconstruct car crashes.) Today, your car can collect and share much more data. For instance, some cars’ computers use algorithms to calculate when an oil change is needed, based on not only your mileage but also your driving style. The car might send a service reminder sooner, for example, based on frequent hard acceleration or extended periods of high-speed travel.

Navigation and telematics systems such as OnStar have the ability to track your car’s specific location, and OnStar makes it no secret that it can remotely disable a stolen vehicle. It is hard to argue that stopping a carjacked vehicle with a child inside would not be a helpful feature

However, the implications of this kind of technology can also be disturbing. For instance, with navigation and emergency telematics systems, the potential exists for things similar to the spam you get in your e-mail inbox—a coupon for an oil change poppping up on your display or a voice suggestion that you stop for a cappuccino since your favorite coffee chain is just around the corner. More ominous, and very real, possibilities include surprise speeding tickets arriving in the mail, higher insurance rates, disabling your car due to a missed payment, and more.

Unless you trade in your car for an old model that lacks this technology, there’s no way to avoid sharing driving data. Carmakers are generally mum about the specifics of what they collect, but they say the purpose is only to provide maintenance reminders and such. Some carmakers, including Chrysler and Volvo, insist the data belongs to the customer and will share it only with permission. Other car companies are less clear in their privacy policies.

But what about the possibility of that data being hacked?

Automakers claim they’re making every effort to keep data secure. Trade groups representing nearly two dozen carmakers recently adopted a series of privacy guidelines that they agree to abide by.

That’s not enough for Sen. Ed Markey (D-Mass.), whose office recently wrote to 20 automakers regarding their privacy policies and security precautions. Markey’s office recently completed a study of the 16 responses that it received. The resulting report concludes that although modern cars have adopted wireless technologies such as Bluetooth connectivity and even wireless Internet access, they lack security protections common on home computers. As a result of these findings, Markey plans to introduce legislation to toughen vehicle security and privacy standards.

“Drivers have come to rely on these new technologies, but unfortunately the automakers haven’t done their part to protect us from cyber-attacks or privacy invasions,” Markey said. “Even as we are more connected than ever in our cars and trucks, our technology systems and data security remain largely unprotected.”

You might have seen recent news coverage and videos of reporters sitting helplessly behind the wheel as a hacker with a laptop takes control of their car. While that’s a theoretical possibility, it is extremely difficult and expensive to do, requiring a lot of expertise and time. It’s unlikely that the effort would be worth it to attack an individual. A more immediate concern is personal information being compromised or shared with anyone.

Consumer Reports believes that any data collected by a vehicle is the sole property of the vehicle’s owner, and we have long been concerned about automotive privacy issues.

"As cars include more technological and computer advancements, concerns about the privacy of consumer data become even more pressing," said Ellen Bloom, senior director of federal policy for Consumers Union, the policy and advocacy arm of Consumer Reports. "Drivers should have meaningful choices about how their information is collected and used. Federal regulators and automakers need to address this issue now. That's why we are pleased that lawmakers like Senator Markey are shining a spotlight on the problem."

We are creating a petition to the National Highway Traffic Safety Administration and Federal Trade Commission in support of this important consumer legislation, and we will work diligently to see that it becomes law.

—Jim Travers



More from Consumer Reports:
Worst cars of 2014 in Consumer Reports’ tests
Best & worst car values
Do-it-all family sedans

Consumer Reports has no relationship with any advertisers on this website. Copyright © 2006-2015 Consumers Union of U.S.