Case Study: Connected Cars and the Future of Car Travel in the Digital Age
As society heads toward an ever more connected world, the ability for individuals to protect and manage the invisible data that companies and third parties hold about them, becomes increasingly difficult. This is further complicated by events like data breaches, hacks, and covert information gathering techniques, which are hard, if not impossible, to consent to. One area where this most pressing is in transportation, and by extension the so-called ‘connected car’.
When discussing connected cars, it is important to define what is meant by a connected car. A connected car is any vehicle that is able to use sensor data to take affirmative actions, and which stores or retains that data for future processing or aggregation.
What happened?
Cars have become inaccessible computers which collect increasingly granular data, not just about the car itself, but also behaviours of drivers. For example, Tesla, Inc. collects driving data of its cars owners to improve its own artificial intelligence systems, a practice which will only increase as most car companies introduce autonomous cars. One domain in which this can have potentially harmful implications is the context of car insurance.
For years, car insurance companies have been relying on annual mileage data to determine insurance rates. However, now that cars are becoming increasingly connected, insurers have an unprecedented ability to access and judge (what they deem to be) bad driving habits.
What’s the problem?
Insurance companies are already asking customers to install proprietary telematics units into their cars. These units can monitor many of the sensors, controllers, and actuators in the car, giving insurance companies unprecedented access to customers’ interactions with their cars. Such systems, in addition to the cars’ own internal diagnostic and monitoring systems, can track actions of the driver and score them. Some examples include:
- how often and the amount of force applied to the brakes;
- what time of the day a person is driving;
- and in cars which use satellite navigation, the type of roads a person is traveling, which is learned based from driving style, such as over-revving, aggressive acceleration, or erratic steering inputs
A telematics system is similar in function to both the black box flight recorder found in aircraft mixed with the functionality of embedded systems, similar to what is inside mobile phones. What this means in practice is real-time monitoring and collection of data about core parameters of a car, along with maintenance of communications to external entities commonly over CAN (the car’s internal network, similar to the Local Area Networks used in homes and offices but scaled down and simplified for the interconnection of systems in a car), USB or wireless technologies such as mobile data, Bluetooth or WiFi.
Tesla uses a combination of telematics and sensor data to assist with its machine learning and autonomous driving systems. Telsa is aggregating this data and processing it to improve how its AutoPilot systems work for customers who have chosen to have it fitted. Customers who are not benefiting from the AutoPilot system still have their data collected by Tesla, to improve the overall functionality of the system.
Machine learning is the ability of an algorithm (a selection of operations carried out in a defined order or way), to use the outcome of one or a number of operations to infer a response to similar stimuli in future in a system of continuous self-improvement. Aggregation is the collection of data to identify trends in and recognise patterns - this is often referred to as big data analytics.
Although Tesla is currently collecting data primarily for the improvement of their own products and services, other manufactures are already showing an interest in similar data collection, along with third parties like Google. Based on past behaviour it is feasible to foresee a future where driving data could be readily shared with advertisers, insurance companies, local and municipal government, and law enforcement for a myriad of reasons.
What’s the solution?
Fundamentally this is problematic from a privacy perspective because for many people driving a car is not a choice. In many jurisdictions car insurance is mandatory and while car ownership is often misconstrued as a luxury, for a large number of people it is the only viable method of transportation to their place of work, leisure, and social activities. The inability to drive would significantly and detrimentally affect their lives. Therefore, those who do not wish to divulge there driving habits should not be punitively punished. Drivers should always have the option to opt-out of data collection for this purpose.
The activities discussed in the article go against forthcoming Privacy International’s Data Exploitation Principles, specifically:
1) People should have the right to object that their data contributes to a proprietary or secret intelligence system;
2) Individuals have multiple and negotiated identities and as a result they must be able to curate their data and identities and selectively disclose, and be anonymous by default;
3) Systems should be designed to minimise data generation, processing, and access;
4) Data must be protected from access by persons who are not the user;
The above examples show disparate systems working in different ways which could undermine privacy, and these systems demonstrate the issues that a serious modern digital and human rights organisation will need to tackle in the near future.
Privacy International’s forthcoming Data Exploitation Principles set out baselines to which companies and governments should aim to adhere. The proliferation of smart and connected devices is leading to a world where people are losing control of their data and identity. As systems gain the capability of enhanced aggregation, it is crucial that the law, regulation, and technological standards keep pace, and protect our privacy.