Your car may be smarter than you realize, as the U.S. Court of Appeals for the 9th Circuit recently ruled that it is not a violation of privacy for a car to store text and call data from your cell phone automatically.
While modern convenience often comes with an associated cost in terms of sacrificed privacy, a class-action lawsuit brought against five major car manufacturers—Ford, General Motors, Honda, Toyota and Volkswagen—asserted that under the Washington State Privacy Act drivers’ rights had been violated due to their unawareness of what they were signing away when connecting their smartphones to their cars.
“If text messages or call logs are deleted from a cellphone, the vehicle nevertheless retains the communications on the vehicle’s on-board memory, even after the cellphone is disconnected. Vehicle owners cannot access or delete their personal information once it has been stored,” the court said of the plaintiffs’ complaint.
Ford argued in its defense that drivers of their vehicles had given “implied consent” for the storage of personal data and provided a “factory reset” procedure on its website to wipe the memory board of all stored data.
Ford was also able to prove that it did not have access nor store any text or call data from customers’ vehicles.
Thus, the privacy concern from the plaintiffs rested solely with Berla, a third-party data retrieval company which produces hardware and software marketed to law enforcement clients, allowing them to extract stored phone data from connected vehicles.
On its own website, Berla stated that by using its products, “having access to a suspect’s connected vehicle is the next best thing behind having the actual phone itself.”
The 9th Circuit found in favor of Ford and other car manufacturers because the plaintiffs failed to demonstrate an actual injury resulting from alleged breach of privacy, such proof is required under law for damages.
Nevertheless, consumer advocates remain highly concerned with potential privacy risks posed by vehicle technology.
A recent report conducted by Mozilla News’ *Privacy Not Included team called modern cars “the worst product category we have ever reviewed for privacy.”
After looking into 25 car brands, they concluded that “Every car brand we looked at collects more personal data than necessary and uses that information for a reason other than to operate your vehicle and manage their relationship with you.”
While police must still comply with due process procedures when seeking access to such data via court order, these findings are certainly cause for alarm.
“They can collect super intimate information about you — from your medical information, your genetic information, to your ‘sex life’ (seriously), to how fast you drive, where you drive, and what songs you play in your car — in huge quantities.
They then use it to invent more data about you through ‘inferences’ about things like your intelligence, abilities, and interests.”
The report revealed an alarming statistic: 84% of the car brands reviewed shared or sold user data.