Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Privacy Businesses Transportation

Carmakers Promise Not To Abuse Drivers' Privacy 98

schwit1 provides this excerpt from an Associated Press report: "Nineteen automakers accounting for most of the passenger cars and trucks sold in the U.S. have signed onto a set of principles they say will protect motorists' privacy in an era when computerized cars pass along more information about their drivers than many motorists realize. The principles were delivered in a letter Wednesday to the Federal Trade Commission, which has the authority to force corporations to live up to their promises to consumers. Industry officials say they want to assure their customers that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads for pizza parlors, gas stations or other businesses they drive past, without their permission. The principles also commit automakers to 'implement reasonable measures' to protect personal information from unauthorized access." Also at the Detroit News. Adds schwit1: "It's a meaningless gesture without being codified into law. A greedy car manufacturer or NSL trumps any 'set of principles'." The letter itself (PDF) isn't riveting, but it's more readable than some such documents, and all the promises it makes are a good reminder of just how much data modern cars can collect, and all the ways that it can be passed on.
This discussion has been archived. No new comments can be posted.

Carmakers Promise Not To Abuse Drivers' Privacy

Comments Filter:
  • Pinky swear? (Score:5, Insightful)

    by i kan reed ( 749298 ) on Thursday November 13, 2014 @11:10AM (#48377839) Homepage Journal

    Will they take an oath? With they sign in blood? Will they promise their first born if they renege?

    A promise from corporations doesn't go very far.

    • by ThatsDrDangerToYou ( 3480047 ) on Thursday November 13, 2014 @11:20AM (#48377945)
      I clearly saw them crossing their fingers behind their backs, so as you know, this is all null and void. I also think I overheard one of them saying something like... "Privacy!? You? Muahahahahahah!"
      • by s.petry ( 762400 )
        They made the promise in the board room so they had to cross their ankles to make the "swear" null and void. Putting your hand behind your back while in a chair is way too obvious, and these people are so much smarter than you.
    • Re:Pinky swear? (Score:5, Insightful)

      by gstoddart ( 321705 ) on Thursday November 13, 2014 @11:21AM (#48377947) Homepage

      The check is in the mail. I promise I won't cum in your mouth. We promise we won't misuse your private data.

      None of these statements is worth a damn.

      The only solution is to not give it to them in the first place, and to have laws which dictate what they can and can't collect, and what they can do with it.

      This is why other countries have actual privacy legislation which spells this kind of stuff out. Because trusting promise of a corporation is moronic.

      This promise, or pledge, or PR stunt ... is neither legally binding nor particularly meaningful.

    • by geekoid ( 135745 )

      Which is why they sent it to the FTC who can use legal means to make them keep their promise.

      • That would be cool. I would to see how they can pull that off. It will have to be some David Copperfield thing. Make their corporate charters disappear *poof*

      • The problem I see is that 'permission' is very vaguely defined in the US legal system.

        Unilateral contracts and all. Basically, they'll set it up so you can't buy any car without signing something that gives them 'permission' to share your data, just like what the cell carriers have done. This isn't a move to protect consumers, its a preemptive strike.

    • by ChadL ( 880878 ) *
      They don't need to take an oath given what I read from the document. It doesn't really say anything, uses lots of weasel words such as "legitimate business purposes". Additionally they allow sharing of covered information to protect the "safety, property, and rights" of Participating Members (themselves), which I see as allowing them to come up with some reason to share whatever they want.
    • Re:Pinky swear? (Score:4, Insightful)

      by Dutch Gun ( 899105 ) on Thursday November 13, 2014 @12:05PM (#48378353)

      It's easy to be cynical and simply dismiss this as rubbish. Sure, most of this may be PR driven, but the fact is that ALL of the major automakers signed off on this document, and if any of them break their promise, it's also going to be a lot of PR damage for them. That equates into actual lost sales, if the damage is bad enough or sustained enough. Consumers are getting more and more privacy conscious, thanks in large part, no doubt, to some of our governments three-letter agencies.

      Here's the good news, and why we may be able to give automakers the benefit of the doubt until we spot evidence to the contrary: it's important to look at revenue models for companies when dealing with privacy and data issues. One of the big problems with Google and Facebook is that they have no product to sell other than your data. As such, you're never going to see much in the way of consumer privacy protection from these companies... ever. It's just not really possible. ISPs have plenty of revenue sources, but are generally in a non-competitive environment. As such, they've seen fit to track users for their browsing habits simply for the extra revenue, consumer privacy be damned. They can well afford to screw over their customers with high prices and horrible service, and there's little that people can do about it because there's often no real choice in providers for a given area.

      Auto-makers, on the other hand, are in a competitive market. Moreover, they're selling a high-value product for an actual profit. If an automaker decides to play fast and loose with the terms of this promise, people are likely to notice, and simply choose a make of car next time with a company they feel won't renege on their promises. Fortunately, there are plenty of carmakers to choose from. There's also a wide range of price points and features to choose from. You don't sell luxury goods by crapping all over on your customers - at least, not for the long haul.

      Most corporations are more than willing to write off a few of it's customers, although thanks to the internet, that's become more and more risky [youtube.com]. However, in a competitive market, few corporations will screw over ALL of their customers, or they'll risk damaging their brand and risking market share. That's why they'll almost always back down when confronted with really bad PR.

      • by Anonymous Coward

        And when ALL automakers have government-mandated spyware as an integral part of their design, where do you take your business in order for the mythical free market forces to work as fantasized? Call me cynical, but the only solution to the problem of the abuse of personal data is to prevent the generation of that data in the first place. In the case of automobiles this means the complete separation of the systems that make the car function as a personal transportation device and any other information system

      • Re:Pinky swear? (Score:4, Insightful)

        by i kan reed ( 749298 ) on Thursday November 13, 2014 @12:26PM (#48378541) Homepage Journal

        I too dislike unbridled cynicism.

        Of course, the problems with this line of reasoning, about PR disasters from breaking promises are:
        A. No one, not one major media organization, has a history of challenging companies on keeping promises
        B. They can abuse the data and call it non-abuse.
        C. Price and features are the driving motivators in the car purchase market, making "company PR" a pretty low concern, and even in that avenue, safety tends to matter more for PR than promise keeping.
        and
        D. Corporate promises last only as long as there's not more profit to be made from breaking them, no matter how big the cost is.

        • Also, unilateral contracts. Consumers will have about as much say in the matter as we do with cell phone carriers and ISPs.

      • You better take another look at the reelection results. The buying habits are identical. Nobody cares about their damn privacy. Never give any authority the benefit of the doubt. They are the last types to deserve such a thing. They will abuse it. It is a universal scientific fact. How many more studies have to be done on the subject before people understand the nature? The cynicism is justified. Is there a word for that? Because it's not really cynicism then.

        There is more collusion amongst the automakers t

        • Nobody cares about their damn privacy

          I do I don't own a smartphone I don't own a tablet I pay with cash as much as possible I refuce to give my email address of zip code during all purcheses. There are millions of people just like me. I send emails to my elected officials complaining about hidden data collection and the need for opt-in only. nothing will change unless you stop buying theses devices it wouldn't take long for them to change either a week? maybe a month? Money talks its the ONLY power we ha
        • by s.petry ( 762400 )

          Nobody cares about their damn privacy.

          Generalization fallacy, sorry pal but you don't speak for everyone. Every single person I work with cares, and there was a good amount of turnover in the mid-terms. Considering we have a problem with having only 2 candidates each from the major party on the ballots it can surely get better, but _we_ must work to get these people on ballots.

          You also fail to consider the amount of propaganda the media puts out to prevent voting, and prevents voting for non D or R candidates. Again, it's our job to fix that

          • ...there was a good amount of turnover in the mid-terms.

            You call 95% reelection rate a good turnover? Seriously? Gee, I don't know what to say. Aside from that you are reversing everything I post on the subject.

      • The problem with the statement is that it doesn't really address my major privacy concerns at all. Even if they adhered to it 100%, there are enough exceptions that I don't care. It doesn't reassure me. My car simply should not be phoning home, period. It gives me zero benefit, and exposes me to risk.

      • Sure, most of this may be PR driven, but the fact is that ALL of the major automakers signed off on this document

        If they can all agree on this, why can't/don't they lobby for it as a formal law or regulation?

        • I think they're doing this precisely because they want to head off government regulation, most likely because they fear government regulation would be much stricter than what they are imposing on themselves via this document. It's probably the same reason why industries like movies and videogames set up their own rating systems. If they waited for the government to do it, it might be worse than than what they came up with themselves - at least from their perspective.

          Obviously, those companies are not doin

    • by aepervius ( 535155 ) on Thursday November 13, 2014 @12:26PM (#48378521)
      I take their promise as in "we will pretend to protect your privacy while working hard with our legal department to find work around, and when we get caught, then it won't matter because we will have respected the "letter" of our promise even if we broke the spirit of it, and in the mean time we avoid laws which would force us to REALLY respect privacy."

      If an industry promise self regulation, you can bet it will be in their interrest, not in the one of the customer.
    • What the carmaker says or doesn't say is virtually irrelevant. The mere possession of customer data means somewhere along the line it will leak, whether intentionally, though incompetence, accident, change of corporate heart, outside malice or other reasons.
    • by AK Marc ( 707885 )
      "without permission" Now, who read's their car's EULA? It's printed on the inside of the right front tire, and guarded by leopards.

      Using the car is agreeing to it.
  • by James-NSC ( 1414763 ) on Thursday November 13, 2014 @11:19AM (#48377919) Homepage
    ... it's because they've already broken it and are acting on the advice of legal and/or PR spin.
    Seriously, when was the last time a corporation promised you anything that they stuck to?
  • "Court order"? (Score:4, Interesting)

    by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Thursday November 13, 2014 @11:20AM (#48377929) Homepage Journal

    What does "court order" mean? Are they going to require an actual warrant, or will they just cough up your data on any request by a court? Because if a warrant ain't required, I ain't interested.

    As has been pointed out elsewhere, unless it has the force of law it's useless. The FTC having the power to strong-arm corporations slightly, maybe get you a settlement for a discount off a future product, doesn't help you if the rules of evidence don't prohibit using that information against you. And unless passing that information is actually illegal, they won't do that.

    • And if it's one of those National Security Letter "secret warrants," it's not like we're going to know about it either, in which case does it really matter whether there's a warrant or not if we're not allowed to see it?

      The summary preemptively covered too many of the points I was going to raise :P

    • Re:"Court order"? (Score:5, Insightful)

      by pla ( 258480 ) on Thursday November 13, 2014 @11:42AM (#48378141) Journal
      What does "court order" mean? Are they going to require an actual warrant, or will they just cough up your data on any request by a court? Because if a warrant ain't required, I ain't interested.

      Even if they do require a warrant, I ain't interested. They can keep their BS extra features that require tracking me. I can call AAA on my own. I can read a map on my own. I can remember to schedule my regular maintenance without automated reminders based on telemetry data.

      Free hint, automakers - Any feature that requires data to leave my car, I will actively disable. And even any feature that requires the car to log data locally, I will minimize to the greatest extent possible. I don't trust you, I don't trust the NSA, I don't trust the state government not to retroactively issue speeding tickets in a revenue-tight year (like they've already proven they will do with EZ-Pass type toll transponders - You know, the ones they promised (just like in TFA) they'd never use for anything other than paying your tolls).

      Someone want to get rich? Develop an ODBC-II dongle that erases my car's EDR every time I turn the car off... Or for that matter, continually if possible.
      • by mlts ( 1038732 )

        I'm also worried about data coming in. If GM and OnStar can shut down cars, then what prevents some bad guy from shutting all Chevies down on the highway during a hurricane evacuation just to cause problems.

        This already happened in Austin when a car dealer that used a "pay to play" system on their vehicles (where the buyer had to enter a code after every payment to allow the vehicle to start)... a disgruntled employee logged in via another person's account and shut down every single car, be it paid for or

      • by AK Marc ( 707885 )
        And when the connected cars get preferential treatment at stop lights, what will you do?

        I don't trust you, I don't trust the NSA, I don't trust the state government not to retroactively issue speeding tickets in a revenue-tight year (like they've already proven they will do with EZ-Pass type toll transponders - You know, the ones they promised (just like in TFA) they'd never use for anything other than paying your tolls).

        The one near me never did anything like that. But then, they were chartered by the state in law, and it would take a law change to let them do it. The only violations they are able to charge are toll-related ones.

  • by RandomFactor ( 22447 ) on Thursday November 13, 2014 @11:24AM (#48377975)

    customer ... Information ... wont be ... all kinds of stuff ... without their permission.

    I'm told I gave permission for things that I in no way gave permission for (consciously) far to often to buy that one.

    They'll just add permissions to the shrink wrap license on your smart ignition key (or your XM radio, live maps, emergency service, or some other needed/desirable function). Pesky 'privacy' problem solved!

    • Buying the car is giving permission, duh. Also known as the "Shrinkwrap Defense."

      "You don't like our terms of service? Then don't buy our product. What's that? Everybody else in the market does the same thing? Well then fuck you."

    • speaking of gps maps, I had a discussion with a guy at work about buying a gps that came with the car vs installing an aftermarket one.

      my point to him was that car companies cannot be trusted with your data, your driving locations are WAY too much info to hand over to them, their gps systems are almost always worse than even just your phone's gps and they are expensive as hell. the only upside is that they 'look good' on your dash since it was designed in from the factory.

      no, I want no bluetooth from a car

      • their gps systems are almost always worse than even just your phone's gps and they are expensive as hell. the only upside is that they 'look good' on your dash since it was designed in from the factory.

        This has changed in just the last decade tops. Before that, the carmaker often had a pretty good GPS, and your phone GPS was rubbish. Also, before that, your carmaker's GPS didn't have any internet connection, and it worked entirely from local storage, which meant it had less privacy concerns. Now it seems like half of them are using Google.

        Luckily, I'm not in the market for a car so new it requires an internet subscription. My latest car doesn't even have the on-board navigation. It just has a radio, and I

      • by Gr8Apes ( 679165 )
        It would be really useful to have a list of makers/cars and when they were infected with all this crap. I have 2 clean cars, guess I'll be keeping them running as long as possible.
  • by Anonymous Coward on Thursday November 13, 2014 @11:26AM (#48377999)

    Lifetime commitment to this promise, or else I can return the car at anytime and get exactly what I paid for it.

  • License change? (Score:5, Insightful)

    by gstoddart ( 321705 ) on Thursday November 13, 2014 @11:26AM (#48378009) Homepage

    Industry officials say they want to assure their customers that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads for pizza parlors, gas stations or other businesses they drive past, without their permission.

    By continuing to use this service, you agree that your information may be provided to law enforcement at our discretion, provided to your insurer, sold to third parties, and used to provide advertising.

    See how easily they can change this?

    In an age where EULA changes by the issuer have been upheld, and when we're talking about your car (which you likely can't readily replace) ... in a few months they simply change the terms to read that you've given them permission.

    This is an entirely empty promise, and since it's software (and therefore licensed) they can change the terms any time they like.

    Tell you what, make it a law that you either have to provide a model which doesn't collect this data, or you have to remove the functionality when I take delivery if I ask you to.

    Other than that, I don't believe a damned thing you say.

  • by hooiberg ( 1789158 ) on Thursday November 13, 2014 @11:27AM (#48378013)
    A big company... promising anything... Bwahahahahahaahahaha! Actually it is worth weeping over.
  • Industry officials say they want to assure their customers that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads for pizza parlors, gas stations or other businesses they drive past, without their permission.

    I'm sure they'll assume your permission or have a clause in the sales contract which will turn this into "opt-out" instead of "opt-in".

    • Don't a lot of newer cars have black boxes that the police download from right after a major accident without any court orders or warrants?
  • by Anonymous Coward on Thursday November 13, 2014 @11:29AM (#48378045)

    My car, my data. You want it, let me opt in and pay me. The car company does not need to know anything about my vehicle - not where it is, not how fast it is going, not how long since an oil change. Nada, zip, zilch. And I won't buy any car that tries to send data back. They have too much computer crap in them anyway, at least for me. But I just like to drive (I race cars for a hobby) and not do my makeup or watch movies in my car.

    • One of the many reasons I prefer to buy older cars, especially since the computers are already so complicated many independent mechanics can't reset half the systems.
  • We won't betray you, but if we do, we will just hire a female CEO and blame it all on her.
  • NSL letters trump everything, including any laws that are passed.

    Welcome to the US of A :|
  • by DERoss ( 1919496 ) on Thursday November 13, 2014 @12:01PM (#48378307)

    Franchised car dealers already violate this promise; and many (most?, all?) independent service garages and body shops do, too. If you take your car to a dealer for servicing, your mileage is reported to CarFax, which then reports your mileage to your car insurance. If you have an accident and do not report it to your insurance, the accident is reported by the body shop that does the repairs. CarFax pays the dealers, garages, and shops for these data; and insurance companies pay CarFax.

    What is worse is that erroneous data are difficult to correct. In advance of an insurance policy renewal, I received an E-mail message asking me to use the insurance company's Web site to report my mileage. When I reported 25,065 miles, the entry was rejected with a message indicating I could not report an odometer reading less than the prior reading. On the Web site, there was a link to view the mileage history for my car. The immediately prior entry was for 241,080 miles, reported by CarFax on the date of the last routine servicing of my car. I checked the invoice for that servicing; it indicated 24,108 miles. A zero had been added to the end of the mileage, either by the dealer's service department or by CarFax! Working with both the service manager at the dealer and the local agent for the automobile insurance company, it took several phone calls over a month to obtain a correction.

      See http://www.carfax.com/ [carfax.com], which will charge you for a report on a specific car. See also http://www.mycarfax.com/ [mycarfax.com], from which you can get a free report.

  • We promise, cross our hearts, not to abuse your privacy. And we don't need to put it in writing, because you know we're totally trustworthy. Honest!

  • by Anonymous Coward

    One of the most basic things every single "computer nerd" learns, is that you never want to buy your hardware and software from the same entity. IBM taught people that lesson in the 1960s, and companies like Apple and Sony (both of whom are very capable of making excellent products but always make sure to poison their offerings) are teaching it to everyone today. Sometimes you get trapped and have to (or are unable to get out of thinking that you have to, which is basically the same thing), but it always s

  • I promise not to own any car with any data collection systems not fully controlled by the end user in place.

  • by JohnFen ( 1641097 ) on Thursday November 13, 2014 @12:19PM (#48378455)

    For my part, I'll just continue to disable the car's ability to communicate.

  • by Bugler412 ( 2610815 ) on Thursday November 13, 2014 @12:26PM (#48378527)
    I will remove, shield or power down whatever transmitter and antenna you install into my car. No need for the FTC to monitor compliance with that promise.
    • Automaker's promise to Bugler412: Rest assured, your data is safe* with us.

      We promise to record all data in your car's on-board computer. We will then have that data automatically downloaded to our servers when you get your car serviced. No need to remove or shield the antenna, besides that would just void the warranty.

      * For values of safe as defined in your Tire Pressure Monitor EULA section 18, part t, paragraph 63.

  • Isn't this the same industry that is keeping us safe by installing seat belts and air bags. Wasn't there just a major recall for them? If they have issues keeping our physical bodies safe, how safe is your data?
  • If it works as well as what we just saw for the politician, who's to say it can't be the same for everybody else? Waddya gonna do, walk?

  • by swb ( 14022 ) on Thursday November 13, 2014 @01:02PM (#48378923)

    If they really are committed to this, then let's make consumer privacy black letter criminal law and violation of it a felony offense with mandatory jail time.

    My guess is that when they say they are committed to it, they just aren't that committed to it, which means they aren't committed to it at all.

    • Why is it I never have Mod points when I really, really want one?

      You're exactly, 100% right. I'd only add that the sentence would have to sting...no 90 days at a country club stuff. Start the bidding at two years less a day at one of those institutions where "shank" isn't a cut of meat.

  • I remember when it was revealed in the trial of a gangster that GM had turned on their OnStar system and recorded hours of conversation for the government. That was a wakeup call. Lots of sites with instructions on how to disable that bit of useless technology.
  • The car companies see this as a major revenue engine. They do not want to see anything legislated, so they are jumping the gun by showing the government that they are capable of policing themselves.

    Its all total bullshit of course....

  • How would Carmack abuse a GPU drivers privacy?

  • 1. We put the check in the mail.

    2. We promise not to abuse Drivers' privacy.

    3. We won't cum in your mouth
  • by WaffleMonster ( 969671 ) on Thursday November 13, 2014 @02:37PM (#48379835)

    that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order

    This is the problem. Record everything and everything becomes discoverable. There is no distance from the man himself standing over your shoulder noting everything you do and everywhere you go.

    Use cases for recording all this data are equally pathetic...

    "The technology uses a radio signal to continually transmit a vehicle's position, heading, speed and other information. Similarly equipped cars and trucks would receive the same information, and their computers would alert drivers to an impending collision."

    If you feel compelled to make drivers safer with computer generated warnings then do so based on observations of the world as it already is. While image/sensor processing is more difficult computationally than recording transmitted signals the supporting hardware costs nothing and software R&D costs maximally benefit from deployment at scale and general interest in image processing across a growing number of domains.

    Plus you get capabilities transmitters do not provide such as the ability to react to vehicles or obstructions not transmitting their positions.

    "As modern cars not only share the road but will in the not too distant future communicate with one another, vigilance over the privacy of our customers and the security of vehicle systems is an imperative," said John Bozzella, president of Global Automakers, an industry trade association."

    Security of vehicle systems will never happen because we have proven ourselves incapable of ever producing a secure anything. There is also a small minor problem of owners of these vehicles themselves not being trustworthy.

    Sensors which view the world as it actually is rather than blind assertions of transmitters you have no reason to trust is both more secure and more useful on the context of driving vehicles on paved roads.

    The automakers' principles leave open the possibility of deals with advertisers who want to target motorists based on their location and other personal data, but only if customers agree ahead of time that they want to receive such information, industry officials said in a briefing with reporters.

    Where have I heard this before? You agree as a condition of purchase or in some fine print most people will never read. Everyone knows the drill by now.

    "You just don't want your car spying on you," he said. "That's the practical consequence of a lot of the new technologies that are being built into cars."

    Pure bullshit this isn't about technology, the future or in any way leveraging technology to provide additional value to consumers. It is about leveraging technology to provide additional value to manufacturers and their value chain.

    You don't need to report your location to view a map of your location. You don't need to report your location to download traffic conditions. You don't need to report your location to calculate the distance to nearest charging stations. You don't need to report your location for safety reasons.

    You only need to report your location so others can profit.

  • And I'll never ever comment on slashdot. It's a promise.
  • by Anonymous Coward

    I don't want your promise to not share that information, I don't want you to have that information to begin with. The audacity of companies these days to collect all of this data (because it's technically possible) is outrageous. I don't mind local data collection for specific purposes (e.g. assisting the mechanic with repairs or notifying the driver of issues), but transmitting that data back to the manufacturer is unacceptable.

    When I eat a restaurant, it's not okay for them to shove sensors in my stomac

  • Keep your promise by proving it. :P

"Catch a wave and you're sitting on top of the world." - The Beach Boys

Working...