11 January 2014

Geolocation, surveillance and smart vehicles

The New York Times in an article about 'in-car surveillance' features a classic own goal
Jim Farley, Ford Motor Company’s top sales executive, who is known for making off-the-cuff comments, told a panel at the CES: “We know everyone who breaks the law. We know when you’re doing it. We have GPS in your car, so we know what you’re doing.” Although he quickly added, “By the way, we don’t supply that data to anyone,” and later issued a full retraction, the comments, even if overblown and meant to be provocative, fueled the concerns. 
Ouch.

The article notes that senators John Hoeven and Amy Klobuchar are about to introduce a bill stipulating that US car owners control the data collected on vehicle event data recorders, which will be mandatory from September 2014 and which collect data such as direction, speed and seatbelt use in a continuous loop.
The data collected by the black box has already been the center of litigation by law enforcement agencies and insurance companies seeking to use the information against car owners. The bill would limit what the data could be used for and would require a warrant to release the data without the owner’s consent.
 Khaliah Barnes of the Electronic Privacy Information Center is quoted as commenting that vehicle owners should be able to request and delete at their discretion the information recorded by manufacturers. “Consumers should decide what level of surveillance they want to be under. None of that should be on default. You should have to opt in.”
At the CES, G.M. introduced a new camera in the 2015 Corvette Stingray designed to give track enthusiasts real-time feedback on their driving. The performance data recorder, as it is called, uses a camera mounted on the windshield and a global positioning receiver to record speed, gear selection and brake force.
The Corvette’s system goes further than traditional black boxes.
A camera mounted on the windshield records the driver’s point of view and a microphone in the cabin records any noises made in the car.
Chevrolet said that the consumer owned the data, which is collected in a digital card housed in the glove compartment.
But privacy lawyers say that the information can still be used against a driver, as well as G.M. and its suppliers, in litigation or by an insurance company investigating a driver’s habits. . . .
Garmin introduced a new windshield-suctioned camera that turns on automatically when the car starts. It records wide-angle footage as well as speed, location and time in the event of a collision, and also has a microphone that can record sound from within the car.
“We hope it takes some of the ‘he said, she said’ out of an incident in your car,” said Ted Gartner, a spokesman.
He said the device’s owner also owned the data and that Garmin could not access it.
“There’s no way that we have access to that data because there’s no way to transfer the data out of the car wirelessly,” Mr. Gartner said. 
The Times notes this week's Government Accountability Office report, requested by Senator Al Franken.

The report found that the 10 automakers, navigation device manufacturers and application developers surveyed did not make owners aware of all the risks of the data collection, like allowing third parties to track their location or gather sensitive information such as their religious and political activities and preferences.
“Information about your location is extremely sensitive,” said Senator Franken, who is chairman of a Judiciary subcommittee on privacy and said he planned to introduce a bill that would legislate guidelines on when a vehicle owner’s location could be shared. “If someone has a record of your location, they can figure out where you live, where you work, the doctors you visit and where your kids go to school.”
The 32 page GAO report - In-Car Location-Based Services: Companies Are Taking Steps to Protect Privacy, but Some Risks May Not Be Clear to Consumers - states that
Representatives from all 10 selected companies--auto manufacturers, portable navigation device (PND) companies, and developers of map and navigation applications for mobile devices--said they collect location data to provide consumers with location-based services. For example, companies collect location data to provide turn-by-turn directions. Nine companies share location data with third-party companies, such as traffic information providers, to provide services to consumers. Representatives from two companies said they share data where personally identifiable information has been removed (de-identified data) for purposes beyond providing services (e.g., for research), although such purposes are not always disclosed to consumers. All company representatives said that they do not share personally identifiable location data with or sell such data to marketing companies or data brokers.
All 10 selected companies have taken steps consistent with some, but not all, industry-recommended privacy practices. In addition, the companies' privacy practices were, in certain instances, unclear, which could make it difficult for consumers to understand the privacy risks that may exist.
Disclosures: Consistent with recommended practices, all selected companies disclose that they collect and share location data. However, inconsistent with recommended practices, nine companies' disclosures provide reasons for collecting data that are broadly worded (e.g., the stated reasons for collecting location data were not exhaustive), and five companies' disclosures do not describe the purposes for sharing de-identified location data. Without clear disclosures, risks increase that data may be collected or shared for purposes that the consumer is not expecting or might not have agreed to.
Consent and controls: Consistent with recommended practices, all selected companies obtain consumer consent to collect location data and obtain this consent in various ways. In addition, all companies offered consumers some controls over location data collection. However, if companies retained data, they did not allow consumers to request that their data be deleted, which is a recommended practice. Without the ability to delete data, consumers are unable to prevent the use or retention of their data, should they wish to do so.
Safeguards and retention: All selected companies take steps to safeguard location data--a recommended practice--but use different de-identification methods that affect the extent to which consumers may be re-identified and exposed to privacy risks. Also, there is wide variation in how long companies retain vehicle-specific or personally identifiable location data. To the extent that a company's de-identification methods allow a consumer to be identified or that identifiable data are retained, risks increase that location data may be used in ways consumers did not intend or may be vulnerable to unauthorized access.
Accountability: All selected companies disclose to consumers or take steps to protect location data that they share with third parties; such efforts are consistent with recommended practices. However, inconsistent with recommended practices, none of the selected companies disclose to consumers how they hold themselves and their employees accountable. The companies told GAO that internal company policies serve this function.