Carmakers Promise Not To Abuse Drivers' Privacy 98
schwit1 provides this excerpt from an Associated Press report: "Nineteen automakers accounting for most of the passenger cars and trucks sold in the U.S. have signed onto a set of principles they say will protect motorists' privacy in an era when computerized cars pass along more information about their drivers than many motorists realize. The principles were delivered in a letter Wednesday to the Federal Trade Commission, which has the authority to force corporations to live up to their promises to consumers. Industry officials say they want to assure their customers that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads for pizza parlors, gas stations or other businesses they drive past, without their permission. The principles also commit automakers to 'implement reasonable measures' to protect personal information from unauthorized access."
Also at the Detroit News. Adds schwit1: "It's a meaningless gesture without being codified into law. A greedy car manufacturer or NSL trumps any 'set of principles'." The letter itself (PDF) isn't riveting, but it's more readable than some such documents, and all the promises it makes are a good reminder of just how much data modern cars can collect, and all the ways that it can be passed on.
Re: (Score:3)
Install a simple OFF SWITCH.
Re: (Score:2)
Here's the best thing they could do to PROVE they are respecting our privacy.
Install a simple OFF SWITCH.
Or better yet, make the entire tracking system a paid optional extra... but knowing car makers, the off switch would be a paid optional extra.
Pinky swear? (Score:5, Insightful)
Will they take an oath? With they sign in blood? Will they promise their first born if they renege?
A promise from corporations doesn't go very far.
Re:Pinky swear? (Score:4, Funny)
Re: (Score:3)
Re: (Score:2)
Re:Pinky swear? (Score:5, Insightful)
The check is in the mail. I promise I won't cum in your mouth. We promise we won't misuse your private data.
None of these statements is worth a damn.
The only solution is to not give it to them in the first place, and to have laws which dictate what they can and can't collect, and what they can do with it.
This is why other countries have actual privacy legislation which spells this kind of stuff out. Because trusting promise of a corporation is moronic.
This promise, or pledge, or PR stunt ... is neither legally binding nor particularly meaningful.
Re: (Score:2)
Exactly, the first thing I thought about was this:
http://www.metrolyrics.com/i-p... [metrolyrics.com]
Re: (Score:2)
yes brother, I am all with you!
I am a drummer too.
Re: (Score:3)
This promise, or pledge, or PR stunt ... is neither legally binding nor particularly meaningful.
What'll happen is one or more States will pass laws to codify those privacy pledges.
Then the manufacturers will push for a national standard/law so that they aren't stuck with a patchwork of 50 State laws.
It's what happened once Massachusetts passed a Right-To-Repair law [autonews.com]
Re: (Score:2)
Which is why they sent it to the FTC who can use legal means to make them keep their promise.
Re: (Score:1)
That would be cool. I would to see how they can pull that off. It will have to be some David Copperfield thing. Make their corporate charters disappear *poof*
Re: (Score:3)
The problem I see is that 'permission' is very vaguely defined in the US legal system.
Unilateral contracts and all. Basically, they'll set it up so you can't buy any car without signing something that gives them 'permission' to share your data, just like what the cell carriers have done. This isn't a move to protect consumers, its a preemptive strike.
Re: (Score:2)
Re:Pinky swear? (Score:4, Insightful)
It's easy to be cynical and simply dismiss this as rubbish. Sure, most of this may be PR driven, but the fact is that ALL of the major automakers signed off on this document, and if any of them break their promise, it's also going to be a lot of PR damage for them. That equates into actual lost sales, if the damage is bad enough or sustained enough. Consumers are getting more and more privacy conscious, thanks in large part, no doubt, to some of our governments three-letter agencies.
Here's the good news, and why we may be able to give automakers the benefit of the doubt until we spot evidence to the contrary: it's important to look at revenue models for companies when dealing with privacy and data issues. One of the big problems with Google and Facebook is that they have no product to sell other than your data. As such, you're never going to see much in the way of consumer privacy protection from these companies... ever. It's just not really possible. ISPs have plenty of revenue sources, but are generally in a non-competitive environment. As such, they've seen fit to track users for their browsing habits simply for the extra revenue, consumer privacy be damned. They can well afford to screw over their customers with high prices and horrible service, and there's little that people can do about it because there's often no real choice in providers for a given area.
Auto-makers, on the other hand, are in a competitive market. Moreover, they're selling a high-value product for an actual profit. If an automaker decides to play fast and loose with the terms of this promise, people are likely to notice, and simply choose a make of car next time with a company they feel won't renege on their promises. Fortunately, there are plenty of carmakers to choose from. There's also a wide range of price points and features to choose from. You don't sell luxury goods by crapping all over on your customers - at least, not for the long haul.
Most corporations are more than willing to write off a few of it's customers, although thanks to the internet, that's become more and more risky [youtube.com]. However, in a competitive market, few corporations will screw over ALL of their customers, or they'll risk damaging their brand and risking market share. That's why they'll almost always back down when confronted with really bad PR.
Nonsense. [was Re:Pinky swear?] (Score:1)
And when ALL automakers have government-mandated spyware as an integral part of their design, where do you take your business in order for the mythical free market forces to work as fantasized? Call me cynical, but the only solution to the problem of the abuse of personal data is to prevent the generation of that data in the first place. In the case of automobiles this means the complete separation of the systems that make the car function as a personal transportation device and any other information system
Re:Pinky swear? (Score:4, Insightful)
I too dislike unbridled cynicism.
Of course, the problems with this line of reasoning, about PR disasters from breaking promises are:
A. No one, not one major media organization, has a history of challenging companies on keeping promises
B. They can abuse the data and call it non-abuse.
C. Price and features are the driving motivators in the car purchase market, making "company PR" a pretty low concern, and even in that avenue, safety tends to matter more for PR than promise keeping.
and
D. Corporate promises last only as long as there's not more profit to be made from breaking them, no matter how big the cost is.
Re: (Score:3)
Also, unilateral contracts. Consumers will have about as much say in the matter as we do with cell phone carriers and ISPs.
Re: (Score:2)
Yeah, that's one of my big problems also, but I didn't think that was relevant here.
Re: (Score:1)
You better take another look at the reelection results. The buying habits are identical. Nobody cares about their damn privacy. Never give any authority the benefit of the doubt. They are the last types to deserve such a thing. They will abuse it. It is a universal scientific fact. How many more studies have to be done on the subject before people understand the nature? The cynicism is justified. Is there a word for that? Because it's not really cynicism then.
There is more collusion amongst the automakers t
Re: (Score:1)
I do I don't own a smartphone I don't own a tablet I pay with cash as much as possible I refuce to give my email address of zip code during all purcheses. There are millions of people just like me. I send emails to my elected officials complaining about hidden data collection and the need for opt-in only. nothing will change unless you stop buying theses devices it wouldn't take long for them to change either a week? maybe a month? Money talks its the ONLY power we ha
Re: (Score:2)
Nobody cares about their damn privacy.
Generalization fallacy, sorry pal but you don't speak for everyone. Every single person I work with cares, and there was a good amount of turnover in the mid-terms. Considering we have a problem with having only 2 candidates each from the major party on the ballots it can surely get better, but _we_ must work to get these people on ballots.
You also fail to consider the amount of propaganda the media puts out to prevent voting, and prevents voting for non D or R candidates. Again, it's our job to fix that
Re: (Score:1)
...there was a good amount of turnover in the mid-terms.
You call 95% reelection rate a good turnover? Seriously? Gee, I don't know what to say. Aside from that you are reversing everything I post on the subject.
Re: (Score:3)
The problem with the statement is that it doesn't really address my major privacy concerns at all. Even if they adhered to it 100%, there are enough exceptions that I don't care. It doesn't reassure me. My car simply should not be phoning home, period. It gives me zero benefit, and exposes me to risk.
Re: (Score:2)
Sure, most of this may be PR driven, but the fact is that ALL of the major automakers signed off on this document
If they can all agree on this, why can't/don't they lobby for it as a formal law or regulation?
Re: (Score:3)
I think they're doing this precisely because they want to head off government regulation, most likely because they fear government regulation would be much stricter than what they are imposing on themselves via this document. It's probably the same reason why industries like movies and videogames set up their own rating systems. If they waited for the government to do it, it might be worse than than what they came up with themselves - at least from their perspective.
Obviously, those companies are not doin
It is worth less than that (Score:4, Insightful)
If an industry promise self regulation, you can bet it will be in their interrest, not in the one of the customer.
Re: (Score:3)
Re: (Score:2)
That's... uh... not how international commerce works.
They are very much "in the USA" as far as the law is concerned.
Re: (Score:2)
Using the car is agreeing to it.
If a corporation has to "promise"... (Score:5, Insightful)
Seriously, when was the last time a corporation promised you anything that they stuck to?
Re:If a corporation has to "promise"... (Score:5, Funny)
my company promised us that there would be layoffs and they actually did make good on that promise.
does that count?
"Court order"? (Score:4, Interesting)
What does "court order" mean? Are they going to require an actual warrant, or will they just cough up your data on any request by a court? Because if a warrant ain't required, I ain't interested.
As has been pointed out elsewhere, unless it has the force of law it's useless. The FTC having the power to strong-arm corporations slightly, maybe get you a settlement for a discount off a future product, doesn't help you if the rules of evidence don't prohibit using that information against you. And unless passing that information is actually illegal, they won't do that.
Re: (Score:2)
And if it's one of those National Security Letter "secret warrants," it's not like we're going to know about it either, in which case does it really matter whether there's a warrant or not if we're not allowed to see it?
The summary preemptively covered too many of the points I was going to raise :P
Re:"Court order"? (Score:5, Insightful)
Even if they do require a warrant, I ain't interested. They can keep their BS extra features that require tracking me. I can call AAA on my own. I can read a map on my own. I can remember to schedule my regular maintenance without automated reminders based on telemetry data.
Free hint, automakers - Any feature that requires data to leave my car, I will actively disable. And even any feature that requires the car to log data locally, I will minimize to the greatest extent possible. I don't trust you, I don't trust the NSA, I don't trust the state government not to retroactively issue speeding tickets in a revenue-tight year (like they've already proven they will do with EZ-Pass type toll transponders - You know, the ones they promised (just like in TFA) they'd never use for anything other than paying your tolls).
Someone want to get rich? Develop an ODBC-II dongle that erases my car's EDR every time I turn the car off... Or for that matter, continually if possible.
Re: (Score:3)
I'm also worried about data coming in. If GM and OnStar can shut down cars, then what prevents some bad guy from shutting all Chevies down on the highway during a hurricane evacuation just to cause problems.
This already happened in Austin when a car dealer that used a "pay to play" system on their vehicles (where the buyer had to enter a code after every payment to allow the vehicle to start)... a disgruntled employee logged in via another person's account and shut down every single car, be it paid for or
Re: (Score:2)
I don't trust you, I don't trust the NSA, I don't trust the state government not to retroactively issue speeding tickets in a revenue-tight year (like they've already proven they will do with EZ-Pass type toll transponders - You know, the ones they promised (just like in TFA) they'd never use for anything other than paying your tolls).
The one near me never did anything like that. But then, they were chartered by the state in law, and it would take a law change to let them do it. The only violations they are able to charge are toll-related ones.
Without their permission (Score:5, Interesting)
customer ... Information ... wont be ... all kinds of stuff ... without their permission.
I'm told I gave permission for things that I in no way gave permission for (consciously) far to often to buy that one.
They'll just add permissions to the shrink wrap license on your smart ignition key (or your XM radio, live maps, emergency service, or some other needed/desirable function). Pesky 'privacy' problem solved!
Re: (Score:3)
Buying the car is giving permission, duh. Also known as the "Shrinkwrap Defense."
"You don't like our terms of service? Then don't buy our product. What's that? Everybody else in the market does the same thing? Well then fuck you."
Re: (Score:3)
speaking of gps maps, I had a discussion with a guy at work about buying a gps that came with the car vs installing an aftermarket one.
my point to him was that car companies cannot be trusted with your data, your driving locations are WAY too much info to hand over to them, their gps systems are almost always worse than even just your phone's gps and they are expensive as hell. the only upside is that they 'look good' on your dash since it was designed in from the factory.
no, I want no bluetooth from a car
Re: (Score:2)
their gps systems are almost always worse than even just your phone's gps and they are expensive as hell. the only upside is that they 'look good' on your dash since it was designed in from the factory.
This has changed in just the last decade tops. Before that, the carmaker often had a pretty good GPS, and your phone GPS was rubbish. Also, before that, your carmaker's GPS didn't have any internet connection, and it worked entirely from local storage, which meant it had less privacy concerns. Now it seems like half of them are using Google.
Luckily, I'm not in the market for a car so new it requires an internet subscription. My latest car doesn't even have the on-board navigation. It just has a radio, and I
Re: (Score:1)
Put it in my warranty then. (Score:4, Interesting)
Lifetime commitment to this promise, or else I can return the car at anytime and get exactly what I paid for it.
License change? (Score:5, Insightful)
By continuing to use this service, you agree that your information may be provided to law enforcement at our discretion, provided to your insurer, sold to third parties, and used to provide advertising.
See how easily they can change this?
In an age where EULA changes by the issuer have been upheld, and when we're talking about your car (which you likely can't readily replace) ... in a few months they simply change the terms to read that you've given them permission.
This is an entirely empty promise, and since it's software (and therefore licensed) they can change the terms any time they like.
Tell you what, make it a law that you either have to provide a model which doesn't collect this data, or you have to remove the functionality when I take delivery if I ask you to.
Other than that, I don't believe a damned thing you say.
Re: (Score:1)
Re: (Score:2)
Suuuuuuuure (Score:3)
Yeah, right! (Score:2)
Industry officials say they want to assure their customers that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads for pizza parlors, gas stations or other businesses they drive past, without their permission.
I'm sure they'll assume your permission or have a clause in the sales contract which will turn this into "opt-out" instead of "opt-in".
Re: (Score:1)
They don't get what it means to SELL a car (Score:3, Interesting)
My car, my data. You want it, let me opt in and pay me. The car company does not need to know anything about my vehicle - not where it is, not how fast it is going, not how long since an oil change. Nada, zip, zilch. And I won't buy any car that tries to send data back. They have too much computer crap in them anyway, at least for me. But I just like to drive (I race cars for a hobby) and not do my makeup or watch movies in my car.
Re: (Score:1)
We won't... but if we do... (Score:2)
Newsflash (Score:1)
Welcome to the US of A
This Primise Is Already False (Score:5, Informative)
Franchised car dealers already violate this promise; and many (most?, all?) independent service garages and body shops do, too. If you take your car to a dealer for servicing, your mileage is reported to CarFax, which then reports your mileage to your car insurance. If you have an accident and do not report it to your insurance, the accident is reported by the body shop that does the repairs. CarFax pays the dealers, garages, and shops for these data; and insurance companies pay CarFax.
What is worse is that erroneous data are difficult to correct. In advance of an insurance policy renewal, I received an E-mail message asking me to use the insurance company's Web site to report my mileage. When I reported 25,065 miles, the entry was rejected with a message indicating I could not report an odometer reading less than the prior reading. On the Web site, there was a link to view the mileage history for my car. The immediately prior entry was for 241,080 miles, reported by CarFax on the date of the last routine servicing of my car. I checked the invoice for that servicing; it indicated 24,108 miles. A zero had been added to the end of the mileage, either by the dealer's service department or by CarFax! Working with both the service manager at the dealer and the local agent for the automobile insurance company, it took several phone calls over a month to obtain a correction.
See http://www.carfax.com/ [carfax.com], which will charge you for a report on a specific car. See also http://www.mycarfax.com/ [mycarfax.com], from which you can get a free report.
Re: (Score:2)
More mileage (per unit time) == more risk. And conversely, less mileage (per unit of time) == less risk.
If you drive your car less than 12000 miles per year, then seriously, talk to your insurance agent about a discount.
Re: (Score:1)
Trust us (Score:2)
We promise, cross our hearts, not to abuse your privacy. And we don't need to put it in writing, because you know we're totally trustworthy. Honest!
Re: (Score:1)
Don't get SW from your HW vendor, EVER (Score:2, Interesting)
One of the most basic things every single "computer nerd" learns, is that you never want to buy your hardware and software from the same entity. IBM taught people that lesson in the 1960s, and companies like Apple and Sony (both of whom are very capable of making excellent products but always make sure to poison their offerings) are teaching it to everyone today. Sometimes you get trapped and have to (or are unable to get out of thinking that you have to, which is basically the same thing), but it always s
I'll do one better (Score:2)
I promise not to own any car with any data collection systems not fully controlled by the end user in place.
Voluntary agreements aren't worth a thing (Score:3)
For my part, I'll just continue to disable the car's ability to communicate.
My promise to automakers... (Score:5, Informative)
Re: (Score:2)
We promise to record all data in your car's on-board computer. We will then have that data automatically downloaded to our servers when you get your car serviced. No need to remove or shield the antenna, besides that would just void the warranty.
* For values of safe as defined in your Tire Pressure Monitor EULA section 18, part t, paragraph 63.
air bags (Score:1)
Hey! A promise is a promise (Score:1)
If it works as well as what we just saw for the politician, who's to say it can't be the same for everybody else? Waddya gonna do, walk?
Then make it a felony criminal offense (Score:3)
If they really are committed to this, then let's make consumer privacy black letter criminal law and violation of it a felony offense with mandatory jail time.
My guess is that when they say they are committed to it, they just aren't that committed to it, which means they aren't committed to it at all.
Re: (Score:2)
Why is it I never have Mod points when I really, really want one?
You're exactly, 100% right. I'd only add that the sentence would have to sting...no 90 days at a country club stuff. Start the bidding at two years less a day at one of those institutions where "shank" isn't a cut of meat.
OnStar (Score:2)
The reason why they did this is simple (Score:2)
The car companies see this as a major revenue engine. They do not want to see anything legislated, so they are jumping the gun by showing the government that they are capable of policing themselves.
Its all total bullshit of course....
John Carmack (Score:1)
c'mon man, 3 biggest lies told by carmakers (Score:1)
1. We put the check in the mail.
2. We promise not to abuse Drivers' privacy.
3. We won't cum in your mouth
You lost me at (Score:3)
that the information that their cars stream back to automakers or that is downloaded from the vehicle's computers won't be handed over to authorities without a court order
This is the problem. Record everything and everything becomes discoverable. There is no distance from the man himself standing over your shoulder noting everything you do and everywhere you go.
Use cases for recording all this data are equally pathetic...
"The technology uses a radio signal to continually transmit a vehicle's position, heading, speed and other information. Similarly equipped cars and trucks would receive the same information, and their computers would alert drivers to an impending collision."
If you feel compelled to make drivers safer with computer generated warnings then do so based on observations of the world as it already is. While image/sensor processing is more difficult computationally than recording transmitted signals the supporting hardware costs nothing and software R&D costs maximally benefit from deployment at scale and general interest in image processing across a growing number of domains.
Plus you get capabilities transmitters do not provide such as the ability to react to vehicles or obstructions not transmitting their positions.
"As modern cars not only share the road but will in the not too distant future communicate with one another, vigilance over the privacy of our customers and the security of vehicle systems is an imperative," said John Bozzella, president of Global Automakers, an industry trade association."
Security of vehicle systems will never happen because we have proven ourselves incapable of ever producing a secure anything. There is also a small minor problem of owners of these vehicles themselves not being trustworthy.
Sensors which view the world as it actually is rather than blind assertions of transmitters you have no reason to trust is both more secure and more useful on the context of driving vehicles on paved roads.
The automakers' principles leave open the possibility of deals with advertisers who want to target motorists based on their location and other personal data, but only if customers agree ahead of time that they want to receive such information, industry officials said in a briefing with reporters.
Where have I heard this before? You agree as a condition of purchase or in some fine print most people will never read. Everyone knows the drill by now.
"You just don't want your car spying on you," he said. "That's the practical consequence of a lot of the new technologies that are being built into cars."
Pure bullshit this isn't about technology, the future or in any way leveraging technology to provide additional value to consumers. It is about leveraging technology to provide additional value to manufacturers and their value chain.
You don't need to report your location to view a map of your location. You don't need to report your location to download traffic conditions. You don't need to report your location to calculate the distance to nearest charging stations. You don't need to report your location for safety reasons.
You only need to report your location so others can profit.
And I'll never ever comment on slashdot... (Score:2)
Ability != Justification (Score:1)
I don't want your promise to not share that information, I don't want you to have that information to begin with. The audacity of companies these days to collect all of this data (because it's technically possible) is outrageous. I don't mind local data collection for specific purposes (e.g. assisting the mechanic with repairs or notifying the driver of issues), but transmitting that data back to the manufacturer is unacceptable.
When I eat a restaurant, it's not okay for them to shove sensors in my stomac
Prove it. (Score:2)
Keep your promise by proving it. :P