Cars have become the most sophisticated computers many of us own, filled with hundreds of sensors. Even older models know an awful lot about you. Many copy over personal data as soon as you plug in a smartphone.
But for the thousands you spend to buy a car, the data it produces doesn’t belong to you. My Chevy’s dashboard didn’t say what the car was recording. It wasn’t in the owner’s manual. There was no way to download it.
To glimpse my car data, I had to hack my way in.
We’re at a turning point for driving surveillance: In the 2020 model year, most new cars sold in the United States will come with built-in Internet connections, including 100 percent of Fords, GMs and BMWs and all but one model Toyota and Volkswagen. (This independent cellular service is often included free or sold as an add-on.) Cars are becoming smartphones on wheels, sending and receiving data from apps, insurance firms and pretty much wherever their makers want. Some brands even reserve the right to use the data to track you down if you don’t pay your bills.
When I buy a car, I assume the data I produce is owned by me — or at least is controlled by me. Many automakers do not. They act like how and where we drive, also known as telematics, isn’t personal information.
Cars now run on the new oil: your data. It is fundamental to a future of transportation where vehicles drive themselves and we hop into whatever one is going our way. Data isn’t the enemy. Connected cars already do good things like improve safety and send you service alerts that are much more helpful than a check-engine light in the dash.
But we’ve been down this fraught road before with smart speakers, smart TVs, smartphones and all the other smart things we now realize are playing fast and loose with our personal lives. Once information about our lives gets shared, sold or stolen, we lose control.
There are no federal laws regulating what carmakers can collect or do with our driving data. And carmakers lag in taking steps to protect us and draw lines in the sand. Most hide what they’re collecting and sharing behind privacy policies written in the kind of language only a lawyer’s mother could love.
Car data has a secret life. To find out what a car knows about me, I borrowed some techniques from crime scene investigators.
What your car knows
Jim Mason hacks into cars for a living, but usually just to better understand crashes and thefts. The Caltech-trained engineer works in Oakland, Calif., for a firm called ARCCA that helps reconstruct accidents. He agreed to help conduct a forensic analysis of my privacy.
I chose a Chevrolet as our test subject because its maker GM has had the longest of any automaker to figure out data transparency. It began connecting cars with its OnStar service in 1996, initially to summon emergency assistance. Today GM has more than 11 million 4G LTE data-equipped vehicles on the road, including free basic service and extras you pay for. I found a volunteer, Doug, who let us peer inside his two-year-old Chevy Volt.
I met Mason at an empty warehouse, where he began by explaining one important bit of car anatomy. Modern vehicles don’t just have one computer. There are multiple, interconnected brains that can generate up to 25 gigabytes of data per hour from sensors all over the car. Even with Mason’s gear, we could only access some of these systems.
This kind of hacking isn’t a security risk for most of us — it requires hours of physical access to a vehicle. Mason brought a laptop, special software, a box of circuit boards, and dozens of sockets and screwdrivers.
We focused on the computer with the most accessible data: the infotainment system. You might think of it as the car’s touch-screen audio controls, yet many systems interact with it, from navigation to a synced-up smartphone. The only problem? This computer is buried beneath the dashboard.
After an hour of prying and unscrewing, our Chevy’s interior looked like it had been lobotomized. But Mason had extracted the infotainment computer, about the size of a small lunchbox. He clipped it into a circuit board, which fed into his laptop. The data didn’t copy over in our first few attempts. “There is a lot of trial and error,” said Mason.
(Don’t try this at home. Seriously — we had to take the car into a repair shop to get the infotainment computer reset.)
It was worth the trouble when Mason showed me my data. There on a map was the precise location where I’d driven to take apart the Chevy. There were my other destinations, like the hardware store I’d stopped at to buy some tape.
Among the trove of data points were unique identifiers for my and Doug’s phones, and a detailed log of phone calls from the previous week. There was a long list of contacts, right down to people’s address, emails and even photos.
For a broader view, Mason also extracted the data from a Chevrolet infotainment computer that I bought used on eBay for $375. It contained enough data to reconstruct the Upstate New York travels and relationships of a total stranger. We know he or she frequently called someone listed as “Sweetie,” whose photo we also have. We could see the exact Gulf station where they bought gas, the restaurant where they ate (called Taste China) and the unique identifiers for their Samsung Galaxy Note phones.
Infotainment systems can collect even more. Mason has hacked into Fords that record locations once every few minutes, even when you don’t use the navigation system. He’s seen German cars with 300-gigabyte hard drives — five times as much as a basic iPhone 11. The Tesla Model 3 can collect video snippets from the car’s many cameras. Coming next: face data, used to personalize the vehicle and track driver attention.
In our Chevy, we probably glimpsed just a fraction of what GM knows. We didn’t see what was uploaded to GM’s computers, because we couldn’t access the live OnStar cellular connection. (Researchers have done those kinds of hacks before to prove connected vehicles can be remotely controlled.)
My volunteer car owner Doug asked GM to see the data it collected and shared. The automaker just pointed us to an obtuse privacy policy. Doug also (twice) sent GM a formal request under a 2003 California data law to ask who the company shared his information with. He got no reply.
GM spokesman David Caldwell declined to offer specifics on Doug’s Chevy but said the data GM collects generally falls into three categories: vehicle location, vehicle performance and driver behavior. “Much of this data is highly technical, not linkable to individuals and doesn’t leave the vehicle itself,” he said.
The company, he said, collects real-time data to monitor vehicle performance to improve safety and to help design future products and services.
But there were clues to what more GM knows on its website and app. It offers a Smart Driver score — a measure of good driving — based on how hard you brake and turn and how often you drive late at night. They’ll share that with insurance companies, if you want. With paid OnStar service, I could, on demand, locate the car’s exact location. It also offers in-vehicle WiFi and remote key access for Amazon package deliveries. An OnStar Marketplace connects the vehicle directly with third-party apps for Domino’s, IHOP, Shell and others.
The OnStar privacy policy, possibly only ever read by yours truly, grants the company rights to a broad set of personal and driving data without much detail on when and how often it might collect it. It says: “We may keep the information we collect for as long as necessary” to operate, conduct research or satisfy GM’s contractual obligations. Translation: pretty much forever.
It’s likely GM and other automakers keep just a slice of the data cars generate. But think of that as a temporary phenomenon. Coming 5G cellular networks promise to link cars to the Internet with ultra-fast, ultra-high-capacity connections. As wireless connections get cheaper and data becomes more valuable, anything the car knows about you is fair game.
Protecting yourself
GM’s view, echoed by many other automakers, is that we gave them permission for all of this. “Nothing happens without customer consent,” said GM’s Caldwell.
When my volunteer Doug bought his Chevy, he didn’t even realize OnStar basic service came standard. (I don’t blame him — who really knows what all they’re initialing on a car purchase contract?) There is no button or menu inside the Chevy to shut off OnStar or other data collection, though GM says it has added one to newer vehicles. Customers can press the console OnStar button and ask a representative to remotely disconnect.
What’s the worry? From conversations with industry insiders, I know many automakers haven’t totally figured out what to do with the growing amounts of driving data we generate. But that’s hardly stopping them from collecting it.
Five years ago, 20 automakers signed on to volunteer privacy standards, pledging to “provide customers with clear, meaningful information about the types of information collected and how it is used,” as well as “ways for customers to manage their data.” But when I called eight of the largest automakers, not even one offered a dashboard for customers to look at, download and control their data.
Automakers haven’t had a data reckoning yet, but they’re due for one. GM ran an experiment in which it tracked the radio music tastes of 90,000 volunteer drivers to look for patterns with where they traveled. According to the Detroit Free Press, GM told marketers that the data might help them persuade a country music fan who normally stopped at Tim Horton’s to go to McDonald’s instead.
GM would not tell me exactly what data it collected for that program but said “personal information was not involved” because it was anonymized data. (Privacy advocates have warned that location data is personal because it can be re-identified with individuals because we follow such unique patterns.)
GM’s privacy policy, which the company says it will update before the end of 2019, says it may “use anonymized information or share it with third parties for any legitimate business purpose.” Such as whom? “The details of those third-party relationships are confidential,” said Caldwell.
There are more questions. GM’s privacy policy says it will comply with legal data demands. How often does it share our data with the government? GM doesn’t offer a transparency report like tech companies do.
Automakers say they put data security first. But I suspect they’re just not used to customers demanding transparency. They also probably want to have sole control over the data, given that the industry’s existential threats — self-driving and ride-hailing technologies — are built on it.
But not opening up brings problems, too. Automakers are battling with repair shops in Massachusetts about a proposal that would require car companies to grant owners — and mechanics — access to telematics data. The Auto Care Association says locking out independent shops could give consumers fewer choices and make us end up paying more for service. The automakers say it’s a security and privacy risk.
In 2020, the California Consumer Privacy Act will require any company that collects personal data about the state’s residents to provide access to the data and give people the ability to opt out of its sharing. GM said it would comply with the law but didn’t say how.
Are any carmakers better? Among the privacy policies I read, Toyota’s stood out for drawing a few clear lines in the sand about data sharing. It says it won’t share “personal information” with data resellers, social networks or ad networks — but still carves out the right to share what it calls “vehicle data” with business partners.
Until automakers put even a fraction of the effort they put into TV commercials into giving us control over our data, I’d be wary about using in-vehicle apps or signing up for additional data services. At least smartphone apps like Google Maps let you turn off and delete location history.
And Mason’s hack brought home a scary reality: Simply plugging a smartphone into a car could put your data at risk. If you’re selling your car or returning a lease or rental, take the time to delete the data saved on its infotainment system. An app called Privacy4Cars offers model-by-model directions. Mason gives out gifts of car-lighter USB plugs, which let you charge a phone without connecting it to the car computer. (You can buy inexpensive ones online.)
If you’re buying a new vehicle, tell the dealer you want to know about connected services — and how to turn them off. Few offer an Internet “kill switch,” but they may at least allow you turn off location tracking.
Or, for now at least, you can just buy an old car. Mason, for one, drives a conspicuously non-connected 1992 Toyota.
Read more from our Secret Life of Your Data series: