|
|
Chapter 2 |
There was a time, not so long ago, when the idea of a talking car was confined to movies and TV programs. Now Siri uses positional and personal data to let you know where to find the closest pizza joint, where to locate gas on the interstate, and the best route to take home. While these are all wonderful applications of data, there is some not-so-wonderful intelligence your car gathers and provides to others. This chapter explores some of the ways your car gathers significant information about you and your habits.
How Your Car Spies On You
License Plate Scans
Until articles started showing up in newspapers and magazines, very few people realized that their local police department might be keeping close track of where they go, who they see, and what businesses they frequent. For the average person, the concept behind license plate scans might seem like a good idea, since the police claim that once they load the license plate data into a state or national database, they can be on the lookout for stolen cars or people involved in criminal acts. And it is a good idea, but what about the rest of us who are not criminals and don’t want dozens, and sometimes hundreds, of pictures of our license plates, along with the GPS co-ordinates that indicate where we were when the picture was taken, stored in some database indefinitely? The vast majority of the plates being scanned, estimated at 99 percent27, can reveal things that innocent, law-abiding citizens might expect to remain private. Many police departments are collecting and storing location information about everyone who drives a car. Some police have defended this practice by arguing, essentially, that “you never know when or what we might need to solve a crime”.28
License plate scanning occurs as police drive their cars in their normal course of duties. The scans are immediately matched against a database of known stolen vehicles. If a match is detected, a beeping noise or siren goes off inside the police car.29 License plate scanning cameras can be mounted on the trunk or the hood of a police car, or they can be installed inconspicuously in the light bar on the roof of the car. In some cases, plate scans can be combined with other data to flesh out a sharper profile of a suspect. Even when police have only a partial scan of a license plate, historical scan data can reveal the full plate number, and eventually, the owner of the vehicle. Plate scans can yield more than just the number; the images often include a large portion of the car surrounding the license plate as well as a GPS tag of the exact location of the scan and a time stamp. All this information can be sent back to a database in milliseconds. Because the cameras are continually scanning, the same vehicles show up over and over again. When these scans are plotted on a map, individual license plate numbers can begin showing up in clusters revealing the places a person frequents. 30
In the 1980s, London earned the dubious distinction of becoming the city with the most surveillance cameras in the world.31 Mass license plate scanning became one of their techniques and was used as a way of keeping track of terrorists from the time they entered the city limits to the time they left. Law enforcement bodies around the world quickly saw the appeal of this and adopted the technology to find criminals and hunt down stolen vehicles. As plate scanning technology matured, it became a major law enforcement tool for finding criminals. By 2000, police in the United States were routinely using the technology. After 9/11, police departments nationwide suddenly had a lot more federal funding from the Department of Homeland Security for all kinds of surveillance gear including license plate scanning devices.
As far back as 2007, the American Civil Liberties Union (ACLU) was reporting that “the government is compiling some data, not for the purposes of any kind of immediate scrutiny, but in order to build up a sea of information to have on hand just in case analysts want to ‘swim through it’ on a particular investigation. That would let them skip the trouble of having to go to a judge and request approval for specific data—in essence, a shortcut around the Constitution. It is now clear that this is exactly what the NSA is doing with phone records, and who knows what other kinds of records—and what some local police departments are doing with license plate data. We now have technologies that enable the creation of very detailed data on our activities. Those technologies are only going to get more powerful and more pervasive. We need to make a choice as a society about the extent to which we want to allow the government to store up that data so that it has the power to hit ‘rewind’ on everybody’s lives.”32
“They have really ramped up the number of cameras in the last few years. And they’re using longer retention times for the data.” says Electronic Freedom Foundation staff attorney Jennifer Lynch.33
How do license plate scan readers, referred to by the acronym LPSR, work? Mounted on police cruisers and using an array of high-speed cameras snapping pictures, these systems are designed to capture up to 2,000 plates per minute, even at high speeds and in difficult driving conditions. The date, time, license plate number, and GPS coordinates are stored each time a license plate is read. The data is then loaded onto a server where it is compared to plate numbers of all known stolen vehicles in the United States. If the system finds a plate that is in the stolen car database, it alerts the officer.34 While this is a new and effective way for the police to help fight crime, many people are leery of a new technology that has the potential to scan a million license plates a year with a single device.
License plate reader systems allow anyone with access to these systems to track his boss, his ex-wife, his romantic or workplace rivals, friends, enemies, neighbors, or family. An agent could target the owners of vehicles parked at political meetings, gay bars, gun stores, or abortion clinics.35
Right now there are few standards or written policies, and state legislatures are just getting around to thinking about restricting the use of scanners or enacting laws for disposing of license plate pictures after a set amount of time. Under consideration are policies such as prohibiting use of camera scanners to intimidate or harass; to infringe on free speech; or to conduct discriminatory surveillance based on race, gender, sexual orientation, disability, or other protected characteristics.
As the technology spreads, the ACLU has called for the adoption of legislation and law enforcement policies adhering to the following principles:
- License plate readers may be used by law enforcement agencies only to investigate those license plates that match stolen cars and in other circumstances in which law enforcement agents reasonably believe that the plate data are relevant to an ongoing criminal investigation.
- The government must not store data about innocent people for any lengthy period. Unless plate data has been flagged, retention periods should be measured in days or weeks, not months, and certainly not years.
- People should be able to find out if plate data of vehicles registered to them are contained in a law enforcement agency’s database.
- Law enforcement agencies should not share license plate reader data with third parties that do not follow proper retention and access principles. They should also be transparent regarding with whom they share license plate reader data.
- Any entity that uses license plate readers should be required to report its usage publicly on at least an annual basis.36
The Associated Press reported that plainclothes NYPD officers used readers to scan license plates of people worshipping at a mosque in 2006 and 2007, under a program that was partially funded by a federal drug enforcement grant.37
In Washington, D.C., nearly every block is captured by one of the more than 250 cameras scanning over 1,800 images per minute. In Los Angeles, more than two dozen different law enforcement agencies operate license plate readers to collect over 160 million data points. This surveillance is untargeted, recording the movements of any car that passes by. In cities that have become partners in the FBI’s Joint Terrorism Task Force, or which have entered into another data-sharing agreement, this location information is at the fingertips of those federal agents.
The Chicago Tribune revealed that additional installations of stop sign enforcement cameras are being tested in Washington, D.C., Chicago and cities in California.38 Just one more way to capture license plate information in our surveillance society. Police argue that since license plates are mounted on the outside of the car, they are not protected and can be photographed by anyone. They also contend that stationary plate-scanning cameras have been used for some time at the sides of busy thoroughfares or at state or national border crossings. What authorities haven’t disclosed is that images of drivers captured by police cameras at stoplights can be matched with plates to attach a face with a plate number.
What Can You Do?
It is encouraging to see that articles are being written to alert the public to this new threat on personal data. Until laws are enacted, however, one thing you can do is to ask your local police department if they use license plate scanners --and if they do—how long the records are kept. You can also ask what type of policies your local law enforcement agencies have enacted to prevent discriminatory surveillance.
Once it is known that people are asking questions, it will hasten the enactment and enforcement of standards and policies. While most police departments have rules about how the scan data can be used, there’s no way to know how and if the rules are actually enforced. And these rules vary widely from department to department. One police department, documented in an ACLU report, says the use of the scan database is limited “only by the officer’s imagination.”
A number of organizations and individuals filed amicus briefs in September 2013 in support of the ACLU’s constitutional challenge to the government’s collection of the call records of virtually everyone in the United States. An amicus brief is a document filed by a party that is not involved in a particular litigation but that is allowed by the court to advise it on a matter of law directly affecting the litigation. If you feel you are being unfairly targeted, you can file a FOIA (Freedom of Information Act) request for patrol scans on your vehicle. You can also call or write your state or local government representatives and ask them to consider legislation that will balance legitimate use of license plate scans for crime prevention or criminal apprehension with the people’s expectation of privacy.
There are a range of groups joining the protest against mass government surveillance, not to mention the bipartisan storm that has swept Congress since the recent NSA disclosures. Americans from every political party think that the government’s dragnet surveillance practices are offensive. The FBI has had some of its domestic surveillance activities curtailed (but not eliminated) in the wake of the landmark 2013 Supreme Court decision in United States v. Jones. In Jones, a unanimous court held that federal agents must get a warrant to attach a GPS device to a car to track a suspect for long periods of time, which was the FBI’s previous go-to surveillance technique. This ruling, however, did not include the tracking of cars and their occupants by cell phone transmissions and/or license plate scans.39
Telematic Devices
The police aren’t the only ones collecting your data. Insurance companies have a new gimmick—a telematic device for your car. Using catchy names such as “Snapshot” and “Drivewise,” insurance companies are asking drivers to install a device that would monitor their driving habits in exchange for lower rates. In a recent survey, the Chicago Tribune reports that 40 percent of drivers said “no way in hell.”40
The recent disclosure that the NSA routinely violated individual privacy has had the effect of keeping people from being sold on the benefits of telematic monitoring, yet insurance companies are betting that at least six million of the devices will be installed each year. Dave Pratt, Progressive’s general manager for usage-based insurance, acknowledged that “car devices are a sensitive issue and motorists deserve to know what data is being collected, how it’s being used and with whom it is being shared.”41
The National Association of Insurance Commissioners said that it expects 20 percent of insurance companies will incorporate some form of telematics within a few years. A big factor is that today’s younger generations are more open to sharing personal information on social media and therefore will be less concerned about privacy issues involving telematics.
Insurance companies see telematics as good for both underwriting and claims. Telematics promise to fundamentally change auto insurance pricing because the information contained in black box technologies measures risk characteristics in the form of actual driving behavior data (miles traveled, average speed, and much more), in contrast to traditional rating factors such as miles driven to work, age, and other factors. Telematics data will likely be used to build next-generation scoring models and analytics, too.
We are already going down a slippery slope when it comes to personal privacy and liberty. While I recognize driving is a privilege, not a right, I still think this is going too far. There are all sorts of privacy threats floating around out there pertaining to your vehicle and your travel habits. You just wait and see where this leads. Over time this ‘black box’ will be mandated to capture more and more data that WILL BE USED AGAINST YOU, you can count on that.42
Pinnacle Actuarial Resources Inc. shared results of an analysis of about 2,000 sentiments expressed on Twitter about Progressive’s Snapshot telematics device over a recent ten-month period. People not using Snapshot were the most negative. Their biggest concern was privacy, particularly the belief that insurers might track their locations despite assurances that the technology monitors only mileage, braking, and other driving habits. The tweets were nearly evenly split between people who weren’t using Snapshot and those who were in various stages of using it. In tone, 55 percent were negative, 26 percent were positive and 19 percent were neutral.43
Unfortunately you may have an electronic data recorder in your vehicle right now. You don’t even have to agree to install a “driving behavior” device. Electronic Data Recorders (EDRs) collect raw vehicle data and overlay this information with geographic information and system mapping data such as road type and speed limits. As the cost of enabling technologies such as Wi-Fi, GPS, Bluetooth, 3-axis accelerometers, and mobile broadband communications have fallen—and as original equipment manufacturers are increasingly embedding telematics in vehicles—the result is that telematics are now in an estimated 70 percent of post-2011 vehicles. 44
These electronic data recorders are of primary interest to insurance companies because of the potential information they can get from them in case of an accident. Greg Horn, former VP at GMAC Insurance says “Most EDRs gather data during a full frontal collision that causes visible damage to the vehicle, when there is sufficient damage to deploy the air bags. Potholes, curb hits, and the like do not generate data of interest to most EDRs at the moment, but as vehicles become more sophisticated and costly to repair, these seemingly minor bumps and bruises can set off a significant claims event. Side-impact air bags and rollover sensors collect more information, and these advancements are making their way into more vehicles.” 45 These black boxes, after being deployed by a significant bump, will record the date and time when triggered, the vehicle speed, engine speed, steering angle, throttle position, braking status, force of impact, seat belt status, and airbag deployment. Thank goodness they cannot tell who was driving and where—yet!
Monitoring of fleet vehicles has shown that vehicles can easily be tracked as to location, movement and behavior. Using a combination of a GPS and an EDR, the data is then turned into information on a visual display on computerized mapping software. Even speed can be controlled by adaptive cruise control.
While making EDR data usable can be a real challenge, some vehicle manufacturers have licensed third parties to develop tools to download data from an EDR. Today, few—including most professional accident reconstructionists—can retrieve EDR data. The data retrieval requirements are different from service technicians’ diagnostic equipment, too. The challenge for insurance adjusters is that some manufacturers have ensured that only their own engineers can retrieve the data which limits how much data the insurance companies can realistically collect.
What Can You Do?
In the event of an accident, how the data on the event data recorder (EDR) is used is not standard across states nor across insurance companies. Some carriers assert in their policy contracts that the insured agrees to data collection from such devices under an “Agreement to Cooperate” clause. However, some states have statutes that nullify these clauses, and there is plenty of potential for litigation. Currently, several states have statutes that regulate who owns the data from a car’s EDR and who can gain access to it. In many states, a warrant is required to access the data without the owner’s consent. But as with any law, exceptions exist, and a court order can be used to force a car owner to hand over black box data in legal proceedings. Insurers need a state-specific handling procedure to identify a potential vehicle with an EDR, and the insured needs to know if their insurance company claims it has a right to their car’s data recorder.
Courts can subpoena EDR data through court orders, and some states collect data under their existing laws governing crash investigations. There is a body of court cases where EDR data has been accepted in the proceedings. Also, there is a loophole as to who owns the data. When a car is totaled, it becomes the property of the driver’s auto insurance company. The insurer then owns the EDR and could possibly use it as evidence in a court case.46
Federal legislation is pending that would institute a legal standard nationwide. The proposed law would allow only emergency personnel, such as police, firefighters, and paramedics, access to the data without a court order if it helps them better respond to an accident. As with all legislation, you should make your voice heard by writing to your elected officials if you feel “black boxes” are an invasion of your personal privacy.
The Little Black Box and Taxes
According to a Chicago Tribune report from Oct. 27, 2013, another threat to personal data looms as officials ponder the use of EDR devices as a way to supplement falling motor vehicle taxes based on how far each person drives. Unlikely as it seems, Libertarians have joined environmental groups in lobbying for a system where the government would use the boxes to keep track of how many miles you drive and possibly where you drive. Naturally the ACLU is against this proposal, but several states are exploring how they can charge drivers for every mile they drive. The environmentalists think fees could be staggered to help reduce congestion and greenhouse gases, and the Libertarians feel people could choose how much they want to drive if they have to pay for each mile. They feel it would be a more direct tax. There are already test markets up and running in Oregon, Nevada, and California, but there are major concerns about “big brother.”
There are some positive aspects to having a black box in every car. In New York City, transportation officials are thinking of a taxing device that could pay parking meters and toll road fees, provide “pay as you drive” auto insurance, and collect data that could re-route traffic from congested areas. But at what cost to personal freedom? The automobile gave people the ability to escape the narrow confines of their immediate area by letting them travel when and where they choose. Now that freedom may be restricted in ways not even contemplated by today’s mobile society.
What Can You Do?
Many people feel that the problem of falling fuel taxes could be addressed with a less radical approach than monitoring every driver and how much he drives. Raising gas taxes has been suggested, as have more toll roads that could pay for themselves. Once again, the best way to stop any new legislation is to write or telephone your congressman and voice your opinion. As much as we sometimes think our officials don’t care about the “average” person, they care about your vote—so make it count. Monitoring drivers will only mean that more of your personal information is collected and shared with many more agencies.
Can My Car’s Operating System Be Hacked?
Of course it can. Anything that uses a computer to operate it or any of its systems can be hacked, but the potential for harm has been largely swept under the rug by car manufacturers. The fact that criminals can either remotely or directly take control of your car from their laptop was demonstrated at Defcon in 2013 by security engineers from Twitter and IOActive, a Seattle consultancy company. Much of this work had been funded by the Pentagon (for what purpose we can only guess), and tests have shown that attack software can kill power steering, slam on brakes, blast horns, and disrupt GPS and odometers.47 If hackers can do all that, you can be sure that they can also gather data from various automobile functions and use it to flesh out your profile—or, in extreme cases, for blackmail purposes.
At the Black Hat Asia security conference in Singapore in March 2014, Spanish security researchers Javier Vazquez-Vidal and Alberto Garcia Illera presented a small gadget they built for less than $20 that can be physically connected to a car’s internal network to inject malicious commands affecting everything from its windows and headlights to its steering and brakes. Their tool, which is about three-quarters the size of an iPhone, attaches via four wires to the Controller Area Network bus of a vehicle, drawing power from the car’s electrical system and waiting to relay wireless commands sent remotely from an attacker’s computer. They call their creation the CAN Hacking Tool, or CHT.48
Troels Oerting, the director of the Europe’s Cybercrime Centre, a body within the European Union’s law enforcement agency Europol, told CNBC that the potential for in-car technology to be hacked and used for organized crime, revenge, profit, and competitive advantage was great.
“We are very concerned about the direction of car hacking,” Oerting told CNBC. “Everyone [in the car industry] wants to make cars more helpful—for them to help with steering, parking, breaking, and even driving—but if you do this, the downside is that someone will try to use this to their advantage and for criminals, this would generally be for profit or revenge.”49 Scary stuff, and although the car companies are assuring the public that they are aware of the threats and are working to make their cars’ computer systems “hacker-proof”, there is no guarantee. Oerting stated that “The best we can do right now is to make consumers aware of the downside to technological developments, and to make people able to drive using this technology without fear every five seconds that your car will be taken over.”50
Accept the Reality
So in answer to the question posed at the beginning of this chapter, yes, your car is spying on you. But why be surprised? As you read through the chapters of this book you will find that your phone, your computer, your credit card company, your social media chat room, and even that friendly merchant you do business with in your own home town, are all gathering and selling your personal data. Our best salvation may be that consumers are getting wise to these tactics and are pushing back.