This content is imported from YouTube. You may be able to find the same content in another format, or you may be able to find more information, at their web site.

The Washington Post published an investigative report today in which it gets a hacker to figure out just what kind of information OnStar and a randomly selected 2017 model car's internal computers are collecting—in this case, a 2017 Chevrolet Volt.



A lot, it turns out, including saving pictures of your contacts and logging where you go.

There are ways to limit how much data your car collects, but they're not obvious, the paper concludes—and the tinfoil treatment humorously shown in the accompanying photo won't do the trick.

Washington Post

It's easy to count up the benefits to connected cars. From using your phone to warm up the cabin on a winter day to setting speed limits for the new teenage drivers in your household, telematics can make life a bit easier. But you're probably not surprised to hear that these upsides come with some potential downsides as well.

This was proven in a big way by Washington Post tech columnist Geoffrey Fowler (pictured above), who dug into just how much information his test car, a 2017 Chevrolet Volt, is collecting. Perhaps more important, though, Fowler wanted to see just how much information GM is getting from its connected cars. It's one thing for your car to store your favorite Starbucks in the nav system. It's another if the car company collects that information. The reporter made it clear that this is not a Volt thing, or a Chevy thing; nearly all new cars now have connectivity, including onboard internet connections.

For now, exactly what information goes where is a bit of an unknown by anyone other than the automakers themselves. As Fowler writes, "My Chevy's dashboard didn't say what the car was recording. It wasn't in the owner's manual. There was no way to download it."

To figure this out, Fowler had someone hack into the Volt. He discovered that the car was recording details about where the car was driven and parked, call logs, identification information for his phone and contact information from his phone, "right down to people's address, emails and even photos." In another example, Fowler bought a Chevy infotainment computer on eBay and was able to extract private information from it about whoever owned it before him, including pictures of the person the previous owner called "Sweetie."

While GM was the subject of Fowler's experiments, it's not the only company collecting data on its drivers. In 2017, the U.S. Government Accountability Office looked at automakers and their data privacy policies and found that the 13 car companies it looked at are not exactly using best practices. For example, while the automakers say they obtain "explicit consumer consent before collecting data," the GAO says they "offered few options besides opting out of all connected vehicle services to consumers who did not want to share their data."

Engineer Jim Mason removes the computer from the dashboard of the 2017 Chevy Volt to download its contents. Washington Post via YouTube

GM's OnStar privacy page makes it clear that the company "may use your information to improve the quality, safety, and security of our products and services, to develop new products and services, and for marketing." In response to Car and Driver's request for comment for this article, a GM spokesperson said: "Nothing happens in terms of connected services without customer consent," and also pointed out that collecting vehicle data such as location, vehicle health and status, and operating information "enables many important safety and connectivity services [including] automatic crash notification (alerting first responders to an accident scene), stolen vehicle locator, and vehicle health monitoring (monthly emails to an owner advising them of service and maintenance status)."

"Data is also used to improve vehicle quality and enhance future product designs," the GM spokesman said. The spokesperson also noted that new GM vehicles have a "location services" setting on their center screen, saying, "This allows the driver to switch location services on or off at any time, much like smartphones."

GM also told the Post's Fowler that it will update its privacy policy by the end of 2019.



Currently, No Federal Regulations Are in Place

Data privacy may be a big and growing issue in the automotive industry, but legislators and automakers are moving slowly to tackle it. Fowler points out that there are no federal laws to regulate what automakers can collect or use when it comes to personal driving data. Since 2014, 20 automakers (including GM) have pledged "to meet or exceed commitments contained in the Automotive Consumer Privacy Protection Principles established to protect personal information collected through in-car technologies," according to the Auto Alliance. The first of those principles is to "provide customers with clear, meaningful information about the types of information collected and how it is used," but Fowler's experience shows that this doesn't always happen in the real world.

To limit what private data your car collects about you, Fowler recommends not connecting your phone directly to your car via the built-in USB port and to use 12-volt chargers instead. He also suggests using an app called Privacy4Cars to make sure you delete your data from cars you use but don't own, including rentals or when you borrow one from a friend.

These tricks might not be enough when the upcoming 5G networks arrive and allow vehicles to transmit more data in less time. Coming soon to a dashboard near you.





This content is imported from {embed-name}. You may be able to find the same content in another format, or you may be able to find more information, at their web site.

This content is created and maintained by a third party, and imported onto this page to help users provide their email addresses. You may be able to find more information about this and similar content at piano.io