What You Need to Know About Driverless Cars and Privacy
It wasn’t so long ago that people were concerned about smartphones holding on to personal information and being used to violate people’s privacy. In addition to smartphones, there are numerous ways people could be potentially vulnerable to privacy breaches. Now, there’s another way that people’s information can be gathered and possibly hacked: driverless cars. Although driverless vehicles aren’t commonplace yet, experts believe they will be soon.
Much talk surrounding driverless cars involves infrastructure and safety, especially as they relate to the recent uptick in self-driving car accidents. In addition to those concerns, critics are now sounding the alarm about the possibility for driverless cars to gather and store personal information — and a lack of knowledge about how that information will be used. These aren’t just minor concerns. Driverless vehicles have to generate and store tons of personal data so they can successfully drive people to and from desired locations.
Cars with advanced technology have already been shown to be vulnerable to hacking — not so much for their information, but hacking to gain control of them. Two hacker-researchers proved this was possible when they remotely took control of a Jeep Cherokee a few years ago. Now, however, the cars aren’t just using technology to make driving easier, they’re learning information about the people that use them, and that information can tell a lot about someone’s locations, behaviors, and preferences.
So what happens with that personal information? How securely is it stored? How is the data used outside the vehicle? How vulnerable are driverless cars to hacking? These are vital questions, and although some answers are making their way out, there’s still a lot for consumers to consider regarding driverless cars and privacy.
What Personal Information is Being Collected by Self-Driving Car Makers?
In June 2017, the Federal Trade Commission (FTC) and the National Highway Traffic Safety Administration (NHTSA) hosted a workshop with consumer groups, industry members, the government, and academic representatives to discuss privacy and security concerns related to automated vehicles. Among the topics under discussion was the type of information that connected cars — including driverless cars, cars with vehicle-to-vehicle communications technology, and cars with wireless connectivity — could generate and collect.
Take a moment to consider how smart autonomous and semi-autonomous cars are. According to an article at ECN, a connected car is the equivalent of 20 computers and 25 gigabytes of data hourly. A self-driving car could generate up to 100 gigabytes of data per second.
The first type of information is aggregate data. That’s the sort of data used to manage traffic and reduce congestion. The second type of data is non-sensitive data. Non-sensitive data is data related to how the car is performing; its gas mileage, for example. The third type is sensitive data, and this data can range from fingerprints and eye scans to real-time location information.
Companies could use this data to provide consumer benefits. For example, car manufacturers could use non-sensitive data to improve the safety features in a car or perform a diagnostic analysis. Insurance companies could use driving habits indicated by the vehicle to determine insurance rates, although this raises ethical issues about forcing consumers to allow insurance companies access to vehicle data.
There are other potential uses for this personal information, however. Are consumers okay with data collected by the vehicle’s infotainment system being sold to third parties who then might target advertisements to those people? That’s a distinct possibility. According to reports, although vehicle data monetization as a market was worth $2 billion in 2017, it’s expected to increase drastically to $33 billion by 2025. That’s a lot of money being spent on consumer information.
The risks of hacking also increase with connected vehicles, according to the FTC’s workshop. When cars are not connected to the internet, hackers need to physically access the automobile to get information from the computer network or take control of a car. When cars are connected, a hacker can access one or more cars without being anywhere near them.
Responding to Privacy Concerns with the SELF DRIVE Act
In September 2017, the U.S. House of Representatives passed the Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution (SELF DRIVE) Act. The act includes a requirement that autonomous vehicle manufacturers develop cybersecurity plans that include ways of detecting vulnerabilities and the means to control access to autonomous cars. Experts are concerned that not enough is being done to protect consumer information.
Who Should Be Concerned about Privacy Issues in Autonomous Vehicles?
When it comes to protecting personal information, everyone should be concerned. Hackers can steal your personal information and sell it. It can be used against you. Even if we’re not talking about credit card numbers or vital passwords, the data stored by your car can make you vulnerable.
How comfortable are you with someone knowing your preferred route to work? Or when you tend to go to the gym? Can someone access any in-vehicle cameras to see what you’re doing in real time? What if your car makes suggestions for stops based on sponsorships rather than your preferences? For example, what if it suggests a restaurant that paid for the recommendation, rather than suggesting your favorite eatery or a place closer to you? Does the car know your favorite places because you’ve navigated to them before, or does it go through your emails and pick up brand keywords from conversations while it was driving you places?
Consider also, domestic violence victims or people who deal with stalkers. Information about where they live, work, shop, and eat could have a significant effect on their safety and security.
“These vehicles will know where you like to frequent, which businesses, and may very well build a profile of you,” Des Butler, of the Queensland University of Technology in Australia, told The Guardian. “People will go into these things not realizing just how much data the vehicle will be generating about them and not knowing the extent to which the data can be used.”
It’s Not Just About Hacking Vehicles for Personal Information
Hackers might steal personal information, or they might use technology to take over one or many vehicles. Such hacking has already happened. In 2015, researchers hacked a Jeep Cherokee and shut it down on the highway, to show it could be done. The vehicle’s driver, Andy Greenberg, wrote about the experience for Wired and noted that when the hackers took over the vehicle through its infotainment system, they were able to control the Cherokee’s air conditioning, radio and windshield wipers. Then they cut the transmission and the car slowed to a crawl. They did so all from a remote laptop at one of the researcher’s houses.
Greenberg notes that the researchers could have killed the engine, disabled the brakes, or engaged the brakes at will had they so desired.
Why Make Autonomous Cars Connected?
Sure, we managed for a long time with cars that weren’t connected or in any way autonomous. The truth is, however, that connected cars — and autonomous vehicles — make life easier. If a vehicle can find a better route to avoid an accident scene or traffic congestion, or find the nearest coffee shop, why not use it?
An Esurance report notes that cars could even monitor a person’s health and take them to the hospital if necessary — such as in the case of a heart attack. With the potentially life-saving technology available, who wouldn’t want to use it? Of course, there’s also the additional safety promises. With autonomous vehicles, the risk of human error is either decreased or eliminated, preventing a significant number of car accidents.
Some estimates say up to 90 percent of car crashes would be eliminated thanks to autonomous vehicles. Others say up to 300,000 lives could be saved each decade thanks to safer cars. For autonomous cars to be useful, they have to continuously monitor and understand their surroundings. This allows them to make predictions about the objects and areas around them and take the appropriate action. But the cars are connected to cloud-based servers which can make them vulnerable to hacking.
Additionally, there are other connection points, including to other vehicles on the road and, potentially, infrastructure objects such as traffic lights. These additional connections increase the potential for hacking.
The information collected and stored by autonomous vehicles will allow not only for increased safety, but also personalized service. Self-driving cars could gather information about personal settings for music streaming, or route preferences. This all makes the consumer’s ride more comfortable, while at the same time opening up a whole new field of data privacy concerns.
How Can I Protect Myself from a Privacy Breach in a Self-Driving Car?
There are some steps you can take to prevent too much information about yourself from getting out.
Where Possible, Use Public Locations
For locations you frequent — such as your home or work — don’t use the exact address in your navigation tools. Use a public location nearby, such as a restaurant or mall. If you’re trying to navigate your way home from an unfamiliar location, for example, chances are it’s the early part of that trip you need help with, not the area near your house. So putting in a public address near yours that isn’t your address protects your privacy and still allows you to make it home safely.
Why is this important? Not having your address stored in your car is a smart idea in case your car’s technology is hacked. Beyond that, though, if someone manages to steal your car — at least it’ll be more difficult for them to figure out where you live to gain access to your home.
Clear the Information from Your GPS
Every so often you should clear the GPS or whatever navigation tool you use. That GPS information can be used to determine locations you visit frequently, even your home or work address. It also provides information on your behaviors and your preferences.
Clearing your GPS history isn’t a difficult thing to do — your owner’s manual will direct you — but it’s an important step in protecting your privacy.
Understand Your Car’s Technology
When you purchase a car or technology for that car, make sure you understand the technology and how vulnerable it is to hacking. Ask questions about what data is being collected and who owns, uses, or has access to that data. If you’re not comfortable with the answers you get, don’t buy the technology.
The bottom line is that if you’re nervous about the information your car generates and collects or are uncomfortable with the technology being used, you might want to consider buying something different. At the very least, however, be aware that privacy is a concern related to autonomous vehicles.
“It’s a sleeper issue because the focus on these vehicles in the public eye is on safety, not on the privacy or data production aspects of these vehicles,” Butler said to The Guardian.
Automakers will have to take notice, however. They’re already battling public perception regarding driverless cars thanks to some high-profile crashes. A survey cited by The Motley Fool noted that 31 percent of drivers are already “very concerned” about sharing the road with vehicles that have self-driving technology, while 33 percent are “somewhat concerned.” Vehicle manufacturers certainly don’t want privacy concerns added to the list of reasons people won’t trust autonomous vehicles.
Sources:
https://www.ecnmag.com/article/2018/08/data-security-and-privacy-connected-car-age
https://www.lexology.com/library/detail.aspx?g=f08958cd-c797-4a18-b091-8f62cee9f0a2
https://www.esurance.com/insights/connected-car-data-sharing-myths
https://www.fool.com/investing/2018/09/28/the-case-against-driverless-cars.aspx
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
https://www.lexology.com/library/detail.aspx?g=f08958cd-c797-4a18-b091-8f62cee9f0a2
