Imagine you're having a private conversation in your car, only to later find out that details of your discussion were recorded and could be accessed by strangers. This disturbing scenario is more likely than you may think, as modern vehicles have quietly become sophisticated data collection machines.
Your Car is a Tracking Device
While connected car features and services can provide real benefits, many drivers are unaware of the vast amounts of sensitive personal data being harvested from their vehicles.Data brokers and third parties now have unprecedented insight into people's lives thanks to the information gleaned from our cars. If left unchecked, unfettered vehicle surveillance risks normalizing a dystopian future where privacy is a relic of the past.
Andrea Amico, founder of Privacy for Cars, points out that our cars are essentially “tracking devices on wheels” now. They capture extensive data on our location, driving habits, phone activity, biometrics, communications and more.
Your Car Knows Where You Go
Location data provides some of the most intimate details about a person's life. Thanks to built-in GPS, modem connections and other wireless protocols, vehicles have become potent tracking devices that can pinpoint where someone has been down to the exact street address.
While mapping apps are an obvious source of location data, the surprisingly under-reported vehicle modem is another major culprit. With a SIM card like a smartphone, cars constantly ping nearby cell towers to transmit its location even without an integrated map. This means your movements are tracked whether you use navigation or not.
Telematics systems take vehicle tracking a step further, recording when doors open and close, the ignition turns on and off, and valuable "pings" that plot your driven routes over time. Insurance companies already use this detailed tracking, but it also gets shared with auto manufacturers, third party service providers, and potentially even law enforcement through data requests.
Before long, your car will have amassed a huge dossier tracing your every drove destination, the times you travelled there, and how long you stayed. But location is only the beginning - vehicles are also covert recording studios collecting a wealth of audio and visual data.
Your Car is Listening
Car sound systems today come equipped with always-on microphones poised to capture ambient noise, conversations, and voice commands. Common features like Bluetooth pairing, noise-cancellation systems, and onboard virtual assistants depend on constant audio monitoring.
While intended for hands-free use, these microphones have a nasty habit of mistakenly activating even without prompts. Compounding the issue, vehicle cabins prove noisier environments prone to more false triggers and accidental eavesdropping. Once triggered, recordings get sent off to automakers and their various partners for processing.
The potential for round-the-clock snooping is unsettling. What if a private conversation was preserved forever in some database because you happened to mention a movie title while crusing down the highway? Or if law enforcement issued a warrant demanding access to your car's vocal recordings? Drivers deserve to know they may be constant subjects of corporate and government surveillance.
Your Car is Watching Too
Complementing the audio incursion are cameras. Today's vehicles come pre-installed with various lenses ostensibly added for driver assistance, cabin monitoring of passengers, and remotely accessed vehicle diagnostics or security features.
The problem is most don't realize these cameras are active recording devices. When you use a phone app to check your vehicle's live video feed, you're actually streaming footage captured from insider the cabin. And if your car saves or transmits those clips, they could fall into unwelcome hands. We've already seen live car camera hacks and cases of abusive ex-partners stalking victims through connected cars.
Even worse, few manufacturers currently encrypt video streams adequately. That means any entity along the data transfer path - from auto companies to third party processors - can quite literally spy on occupants if motivated. All it may take is a lapse in security or coercive data sharing to compromise someone's privacy in a very tangible way.
Data Sharing: A Labyrinth of Companies
You might assume this data stays with the car manufacturer. But modern vehicles are actually “data platforms”, sharing information with a web of third parties, as expert Sam Curry explains.
Opening your manufacturer’s app gives some insight into what’s being collected. It may show camera feeds, GPS trails, engine diagnostics, voice commands and more.
This data gets logged, stored indefinitely, and disseminated widely without your clear consent. Curry emphasizes that if an app is free, you and your data are the real product.
Hundreds of companies get access to your driving data and profile you behind the scenes. From app makers to data brokers, it’s impossible to trace the labyrinth of where your data goes.
Syncing Your Phone: A Data Smorgasboard
Connecting your smartphone enables yet another pipeline for sensitive exchanges. Think apps that synchronize contact lists, text messages, photos stored on the device, and more. By plugging into the car, you grant it access to a portable goldmine of personal information.
But the data pipeline doesn't just flow one way. Your phone acts as a middleman, collecting info from the vehicle like driving telemetry and sending it back to its various apps. This means both the car and phone end up with a mirrored copy of each other's harvested contents. Suddenly every forwarded text or call placed using Bluetooth puts both devices into a perpetual loop of surveillance.
Worse still, phone mirrored data gets routed through the connected services atop both devices like Apple CarPlay or Android Auto before returning to their respective makers. So everyone in that long data chain gains visibility into your activity and digital life. Unless drivers alter privacy settings, Bluetooth and smartphone integration expose them to a broad network of trackers.
Worse still, this information gets retained in the cars, and who knows who else will be driving the car? Liron Segev demonstrates how this can be dangerous, especially for people who rent cars. He goes ahead and accesses phone details, contacts, messages and call logs of people who have previously owned a car.
Data Gets Shared Far and Wide - No Transparency, No Control
What happens to all this harvested information? Although automakers retain some for internal uses, they also distribute it extensively. Manufacturers sell aggregated vehicle metrics to advertisers, data brokers and third parties hungry for consumer insights.
Telematics providers share location logs and detailed sensor telemetry. Insurance companies receive driving behaviors to adjust rates. Dealerships and repair shops view records to contact customers. Emergency services access location in emergency situations. Government agencies can even demand this intel through user agreements and legal requests.
Once in the wild, there's no telling who else obtains your automotive data. It could get robbed in hacks, leaked in breaches, or resold as part of enormous "people databases." Future employers, creditors and other entities might comb dossiers drawn from car tracking histories. A permanent multi-party feedback loop of vehicle surveillance develops without oversight.
What’s most alarming about all this is the lack of transparency. Car companies rarely inform consumers exactly what data is collected and shared from connected vehicles. And encryption that would protect our data is almost unheard of.
Once you’ve bought a car, you have little control over what information it tracks and sends out. You may feel you have nothing to hide. But retained data can always be exploited or abused in the future. Surveillance capabilities will only grow more intrusive over time if left unchecked. We urgently need pushback from informed consumers, as Curry stresses:
Why You Should Be Worried
Right now, our data enters black box ecosystems where we don’t know who gets access. While regimes and laws change, our leaked information can be abused forever.
Do we want our private conversations, locational histories and personal footage potentially viewed by anyone in the future - whether companies, hacked, governments or bad actors?
Once available, your data could be summoned by legal entities or intelligence agencies. And make no mistake - if they can access it legally, they will. Curry warns: “Videos, telemetry, location data - it’s all being sucked up and can now be subpoenaed by the government or a malicious attacker.”
Fighting Back to Protect Privacy
Given the realities above, true vehicle privacy seems like a pipedream. But drivers don't have to relinquish all hope or agency in the matter. While no quick fixes exist, the following approaches can help reclaim some control:
- Change privacy settings in car apps and connected services to opt-out of non-essential data collection. Understand blanket consent is the norm.
- Disable location services, Bluetooth pairing, voice assistants and other non-critical tracking features when possible. Consider physical switches or software controls.
- Never leave phones unattended in cars where they can soak up location trails and sync invasive personal files.
- Check state laws for “consent to search” extensions applying to vehicle recordings, telemetry or device extracts obtained without explicit approval.
- Use encrypted communication apps, limit conversation topics while driving, and push automakers for fully end-to-end encrypted camera/microphone feeds to harden what data collection does happen.
- Educate others on car data realities to spark industry reform through collective demand for legal protections and limited "need to know" vessel tracking standards.
- Advocate transparency through "data in/data out" policies revealing exactly what information vehicles gather and where it flows to hold companies accountable.
- Be cautious what apps you download and features you opt into. Avoid connecting phone if possible.
The good news is we can take action once informed. Opting out of data collection features, encrypting data, and wiping cars before selling are just some ways to start protecting ourselves. We urgently need wider awareness and consumer pushback against the normalization of vehicle surveillance. Our privacy and personal freedom could depend on it.
Our vehicles should not be Trojan horses used by companies, governments and hackers to peer into our private lives. It’s time we take back control over our car data and reinvent what it means to go for a drive. I’d love to hear your thoughts on car privacy. Do you feel concerned yet or think this data sharing is acceptable? Let’s get an important discussion going in the comments.