A privacy policy for cars: What automakers know about you
WASHINGTON - If you use a road service like OnStar, you know that your car can track your location and send an ambulance automatically if you crash. What you might not know is that your car manufacturer stores this location information, along with the date and time of the incident and whether the air bags deployed. Little "black boxes" akin to the flight recorders on airplanes monitor your braking habits, whether you use a seat belt and how fast you go. Your car may be one of millions. But in its electronics is a unique profile of you and your decisions as a driver.
Some fear that this automotive data could someday be seized by government spy agencies or used against helpless drivers by insurers or worse. How automakers use, store and protect even the most mundane data collected from our increasingly smart vehicles is going to become even more important as cars start talking to everything around them - from other cars to sensors embedded in the road to nearby businesses. Manufacturers are taking their first steps to safeguard this information. But even they acknowledge there's a lot they don't know how to do.
Last month, two of the industry's biggest trade groups, the Alliance of Automobile Manufacturers and the Association of Global Automakers, settled on a series of privacy commitments designed to make Americans more comfortable with next-generation vehicles. The agreement will take effect Jan. 2, 2016 - in time for the 2017 model year. It outlines basic steps, such as updating owners' manuals, that each manufacturer will take to inform car buyers of the data their vehicles will be collecting. Think of it as a privacy policy for your Passat.
"There's a recognition in the industry that privacy is essential for gaining the trust of consumers for new technologies," said Christopher Wolf, a privacy lawyer who helped draft the principles. "The sooner the industry can be seen as taking privacy seriously, the better off consumers will be - and the better off the industry will be, because there'll be trust."
With little more than a year until the self-imposed deadline, the auto industry is moving speedily to implement the agreement. Manufacturers will be setting up websites informing users of the data collection and linking directly to the privacy policies of third-party commercial partners. Toyota, for instance, works with OpenTable to let drivers make dinner reservations from their vehicle's in-dash touchscreens, so informing consumers how those services may use their data only makes sense.
The privacy principles cover other in-car data, too, such as information collected when a driver routinely brakes hard at stop lights or in traffic to avoid rear-ending others. They also stipulate that manufacturers will not reveal a customer's location data to law enforcement without a warrant, which has drawn applause from privacy experts. Few other forms of digital information are protected to such a standard.
The commitments are "strong out of the gate," said Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology. But, he added, "it could use some additional work."
One is how long car manufacturers should hang onto user information before purging it from their logs. The longer they retain the data, the more useful it becomes. But it also opens up greater opportunities for abuse by lawyers, marketers and law enforcement. (As written, the privacy principles require that carmakers get drivers' explicit consent before using or sharing data for marketing purposes, but each manufacturer can interpret this commitment freely.)
Another question concerns the de-identification of data, or the process that turns specific information about you and your vehicle into anonymous statistics. Policy analysts are calling for the auto industry not only to separate driving data from the identities of the people who generate it, but also to randomly modify data points in a statistically insignificant way to make it extra difficult to trace behaviors back to specific drivers.
Other policy analysts argue that what carmakers can do with the data is described too broadly in the privacy principles. Manufacturers that commit to the voluntary agreement vow to use customer information for "legitimate business practices" only, but that's a phrase New America Foundation scholar Michael Calabrese says would permit anything that wasn't outright illegal.
The auto industry says these principles are only a baseline and that many individual companies will compete to provide the strongest protections on the market. For example, Toyota said this week that it might seek to determine consumer demand for a "private driving mode" that turns off driver tracking in much the same way that private browsing modes on Web browsers temporarily stop recording a user's Internet history.
But there are few existing guidelines from consumers, regulators or other industries for how carmakers should address the gaps highlighted by the privacy experts, said Toyota's director of technology, Hilary Cain. "We're grasping at straws here," Cain told analysts and industry officials at a recent dinner in Washington.
• Fung covers technology for The Washington Post, focusing on telecom, broadband and digital politics. Before joining the Post, he was the technology correspondent for National Journal and an associate editor at the Atlantic.