Shostack + Friends Blog

 

Automotive Privacy

[no description provided] Car Sensors

[Update: clarified a sentence about whose privacy is touched, and where.]

I had missed the story "Big Brother on wheels: Why your car company may know more about you than your spouse." There are surprising details, including that you might be able to shut it off, and the phrase “If a customer declines, we do not collect any data from the vehicle.” I do wonder how a customer can decline — does it involve not buying a GM car?

When we did a privacy threat model at the Seattle Privacy Coalition, we found [link to https://seattleprivacy.org/threat-modeling-the-privacy-of-seattle-residents/ no longer works] these issues. We also were surprised that the defense, taking a car driven by someone else (a taxi, or a Lyft/Uber) makes such a big difference, leaving the owner of the car associated with the trip via license plate, toll beacons, tire pressure monitors, traffic sensors, maps, and other technologies with tracking implications. And the passenger is associated if payment is by card, or the ride is booked via an app. splits/confuses the difference. It may also be that driving for Lyft/Uber acts as a defense, by classifying a car as a carshare, but it seems pretty easy to see through that to where the car is parked (especially overnight) and to repeated trips to dis-ambiguate between paid and personal rides.