The transparent car driver? The Germans’ “favorite child” becomes a data catapult
Recently, various experts spoke out against the transparent car driver. The 52nd German traffic law conference thus postulated that data that were automatically collected while driving may no longer flow out uncontrolled. They recommended that social acceptance of technical innovations required to safeguard informational self-determination by the principle of data minimization, transparency and freedom of choice of those affected.
Information about speed, direction of motion, braking or acceleration is already collected during the drive by private systems. This development is expected to increase with the planned launch of the pan-European automatic emergency call system “eCall” in 2015.
1) Not statutory required data collection
a) The Tesla case
The Tesla case vividly documents the technical potential of data collection in or by the car: The replica of the U.S. electric car maker Tesla of a New York Times practice review shows that during the whole test drive the car gathered data on speed, the route, the charging time and the charge status of the battery, and even the internal temperature. The data can be broken down to match single fractions of the drive. Inter alia, Tesla stated that it followed from the data that the test driver was driving on a small further specified parking lot in circles for more than half a mile at a very low battery state of charge.
To the use of the aforementioned technical possibilities Tesla explains that the possibility of data transmission to Tesla (via AT & T’s mobile communications network) was pointed out to its customers at the time of conclusion of the contract, that this functionality can be manually disabled and that Tesla accesses the data– e.g. for calling the driver to indicate a low battery condition– only if the buyer agreed. Only journalists would be surveilled secretly due to negative experiences.
b) Car Rentals
For years, the car rental company Europcar has secretly controlled high-end rental cars via GPS. The Hamburg Data Protection Authority found that these cars were located every 48 hours registering date, time and speed. Additionally, data was transferred as soon as the car headed for certain port areas. Since then, Europcar has stopped this course of action and amended its rental agreement, to which the renter must agree, to the effect that cars will only be monitored in certain countries.
c) Free floating car sharing
The business model of free floating car sharing providers, that allow to take and/or leave the car at any point within an urban area, requires the collection of data regarding renting time as well as localization of the car.
Some providers like DriveNow deploy their cars as “mobile traffic detectors”. The cars transmit anonymous position and sensor data (function can be deactivated). For example, the competitor car2go goes even further requiring in their general terms and conditions (doubtful, cf. §4a (1)(4) BDSG) that their consumers accept that car2go continuously collects, processes and uses personal information about user behavior, location and traveled routes via the built-in telematics and location systems by evaluating the user behavior, inter alia, to contribute to a safe and fuel-efficient driving style and recognize and eliminate disturbances in the rental transaction as well as in the overall operation.
2. The emergency call system eCall
The EU Commission proposed the installation of a telematics system by default: From October 2015 on, all new passenger cars and light commercial vehicles shall be equipped with an “on-board eCall system”. This will be triggered either automatically in case of a severe accident by built-in sensors or manually. Next, a standardized minimum data set will be transmitted via mobile communication networks and an audio connection between the passengers and a public safety answering point based on the number 112 will be established. It has not yet been regulated in the proposal what data can or must be transmitted, information about the location, the – on motorways and in tunnels important – direction of motion, the vehicle type, fuel type etc. is conceivable.
3. Data collected by the car – blessing or curse?
Studies show that many drivers are in favor of solutions for the networked car – primarily for increasing security but also to facilitate the use of information technology and entertainment electronics or to get cheap insurance tariffs that are linked to their driving behavior.
a) Saving lives by the means of eCall
eCall is said to increase the safety of the people involved in an accident as well as of the rescue forces since the emergency call – even if the passenger concerned is unconscious – can be made in the moment the accident occurs. In addition, the transmitted minimum data set contains both the site of the accident, which the forces can reach as quickly as possible and without unnecessary detours, and information about the vehicle type and the fuel type etc., which are relevant for the excision of trapped passengers. Furthermore, a driver, for example who suffers a heart attack while driving, is able to manually trigger the emergency call, get in touch with the emergency call center and receive help as quickly as possible. What is more, the improved accident management can prevent consequential accidents and reduce the costs of resulting congestion as well as for the roadside emergency infrastructure.
b) GPS black boxes of insurance companies
Insurance companies are introducing new flexible premium systems (“pay as you drive”). The Sparkassen direct insurance (SD) has set up the first telematics insurance contract linked to a GPS black box (similar to the eCall system, however, without its own hands-free device) in Germany. The insurance markets this system stressing the points safety (automatic emergency call), service (the black box transmits the vehicle position in case of theft), insurance premium discount and gamification: Every month, the driver with the safest way of driving receives three months of free insurance cover. The customers can view all routes traveled until all one-year-old data is deleted automatically every six months (i.e. maximum period of data retention is < 18 months).
Critics doubt that people voluntarily choose this insurance tariff and thus voluntarily opt for “data retention of the vehicle owner”. Rather, the pricing structure could lead to economic constraints, says the chairman of the European Academy for Freedom of Information and Data Protection (EAID) Peter Schaar. This pressure is also probably increased since it can be assumed that the first ones to change to the “surveillance rate” will be the cautious drivers. In addition, the systems cannot differentiate, whether a driver slams on the brakes to protect a pedestrian (this is equally desirable for the insurance company) or whether it was just for the fun of taking a risk.
c) General critique of the “connected car”
The collection, storage and transmission of data by the car holds the same dangers that accompany any large database:
First, experience e.g. with credit card companies has shown that despite all security measures such as cryptography and anonymization data is never permanently protected. Additionally, cryptography must at least be verifiable (by the customers or by independent third parties). In particular, in the telematic system of the SD referred to above, the data anonymity could easily be lifted since the system’s infrastructure provides for the possibility for customers to view their own data online – what they will normally do by using their private computers, so that re-identification of the data set does not seem to be very difficult.
Second, devices and data collections like the aforementioned awaken desires – not only by private companies (e.g. car rentals and insurances) as has already been pointed out, but also by the government or criminals. Thus, for example, the public prosecutor could seize a black box and analyze the data, which would result in quasi self-discrimination by the driver. Or the police might want to access the data to monitor a suspect or create a movement profile. From extensive movement patterns inferences about habits and contacts of the persons concerned could be drawn (at least if the car’s driver can safely be identified).
Basically, systems like eCall or the Sparkassen direct insurance black box are lavishly equipped combi-bugs that record position and acceleration data. It may also even be able establish an audio connection (at least the eCall system). Once integrated, the system can easily be combined with other services. The device and its functions are always available, they are accessible via GSM and work – with their own battery – even when the vehicle’s ignition is switched off. A possible starting point could be to focus on the test of necessity and appropriateness of the (mandatory) collection, storage and transmission of each single date, taking into account in particular the principle of data minimization and the purpose limitation principle. For at the latest, the NSA surveillance scandal has provided decisive proof of “function creep”, i.e. the gradual widening of the use (or even abuse) of a technology or system beyond the purpose for which it was originally intended.
This post is part of a weekly series of articles by doctoral canditates of the Alexander von Humboldt Institute for Internet and Society. It does not necessarily represent the view of the Institute itself. For more information about the topics of these articles and asssociated research projects, please contact firstname.lastname@example.org.
This post represents the view of the author and does not necessarily represent the view of the institute itself. For more information about the topics of these articles and associated research projects, please contact email@example.com.
Sign up for HIIG's Monthly Digest
and receive our latest blog articles.