Why Your Car Is Snitching On You
Modern automobiles log much more information than most people realise
Out of nowhere, your insurance premium jumped.
You haven’t had an accident. Your record is clean. Nothing of relevance has changed.
The problem? Your car was watching you the whole time. And then it sold what it saw to outside data brokers.
If this sounds like a nightmare, then welcome to your new reality. This judgment is less than a month old, and it helps to highlight the fact that sometimes, ownership rights around vehicles and real property become distinctly murky.
Buckle in, because privacy nuts who are also General Motors (GM) drivers are 100% certain to hate this one trick!
Do We Even Own Our Cars Anymore?
The right to repair and hardware ownership is something I’m distinctly passionate about. I even wrote about it in this article that covered manufacturers carrying out remote updates with the express intention of bricking the vehicle.
I’m a hardware hacker with a distinct interest in radio, so I like to fix, make and modify my own hardware. More importantly, this also means that I have little time for games around ownership and proprietary products. Especially when it comes to things like vehicles (if you want to hear a rant for the ages, get in the comments and ask me my thoughts on John Deere sometime).
So naturally, as you might expect, I have some pretty strong thoughts on this whole data collection and on-selling situation, and I’ve been waiting for the court case to settle so I could write about it.
Let’s see if we can share them without getting sued
The GM/ONSTAR Bombshell
When the case opens with the FCC claiming that GM was responsible for “an egregious breach of consumer trust”, you know it’s going to be a battle for the ages. And what a battle it turned out to be, as the FCC would accuse GM of breaching the privacy of more than 8 million drivers.
Court documents show that thanks to the OnStar Smart Driver program, a vast array of data points were collected every time the vehicle was in use. These data points would include geolocation information, driving data like braking/acceleration information and even inputs from the infotainment system and connected devices.
It’s important to highlight here that drivers of these vehicles were not the sole targets of this data collection. The legal process would help highlight the fact that passengers were not immune to this program either.
It’s also worth mentioning that for a vehicle manufacturer, data collection on its own is not necessarily a bad thing. In fact, in some instances, it’s even essential to know who owns a vehicle and what some of the performance data looks like.
It goes without saying, however, that the data should be held in a manner, that is secure and passing that data to third parties ensures that in these circumstances, this was definitely not the case.
Modern cars aren’t just data thieves. With GPS systems, onboard cameras, lidar and microphones, they are superb listening & tracking devices. Here are the sensors on an average Model Y. Source: Wikipedia
The Judgement
As you’d imagine, the court would see a few issues with this. Firstly, they took issue with the fact that GM would distribute this data to third parties, where it would ultimately end up being monetised. Multiple data broking companies were confirmed to be accessing this data, which would then end up in the hands of insurance companies.
The other issue was with how GM would disclose this information to its customers. It’s fair to say that most people wouldn’t be interested in signing up to a program that promised to share your data AND increase your insurance rates, but that’s exactly what happened. Why though?
Because, rather than openly disclose this fact, GM would blanket it in corporate speak so that customers couldn’t be sure of what they were signing up to at all. The FTC would note as part of its judgment that manipulation of customers to incentivise sharing this data had taken place.
As part of its ruling, the FTC would prohibit the sharing of customer data and geolocation information for a period of 5 years.
Note: “Sharing Data” is quite vague, so let’s clearly state just how invasive this program would end up being. Records tendered to the court would show that geolocation data captures would be occurring every three seconds or so.
It’s an opinion of course, but this situation has distinct dystopian vibes. Word has it that Batman might even have to trade his GM special vehicle for something a little more private. Source: Wikipedia
Opinion (Everyone Has One)
If you were challenged to create a device that collected data on its surroundings, spied on its occupants and acted as a constant tracking device, then the modern automobile would be a fine place to start.
Like many scenarios that involve privacy, there has been a distinct scope creep around how data is collected, analysed and used, and it’s this type of creep that we need to have discussions about.
Many people will read this article, decide they have nothing to hide and assume that for them, this is a mostly irrelevant opinion piece. Let’s be clear about one thing, though. This has absolutely nothing to do with “something to hide” and everything to do with insurance companies using dark data to increase premiums, reject claims and profile drivers.
While this article focuses on the recent ruling with GM, we should also point out that they were the only ones who were openly caught. Honda, Hyundai and other manufacturers have also drawn attention to themselves for the implementation of similar programs.
The fact is that if you have a vehicle, this matters to you. If you pay for insurance, this matters to you. And if you care about privacy, it matters, but you will probably have some strong views on this topic yourself.
Big data is here. And until manufacturers hear some noise on this issue, we can expect little to change while the scope creep slowly continues.
Stop being the product. Start demanding good data policies and transparency in data collection instead.
Investigator515 explores the RF spectrum, cybersecurity, and the hidden tech behind modern espionage.
Follow for new content weekly
Bluesky • X • Substack
You might also like,
- OSINT Investigators Guide to Self Care & Resilience
- Spies In The Mud: The RF-111 Aardvark
- What The Tech?! Space Shuttles
