Cars are increasingly digital. That sounds like something of an obvious statement, given the TV-sized screens now increasingly standard fit for the interiors of almost all cars. The digitisation of the car goes far, far farther than that though. Hitherto, cars have been defined and categorised by the size and power of their engines, and the shape and spaciousness of their bodies. From here on in, the car is defined by the software, pulsing like digital blood flow, through the electronic arteries of its on-board computers.
There are dangers here for consumers, dangers far beyond the expected worries about advertisers harvesting your information for their own nefarious ends.
In January it emerged that a massive data breach in Germany had exposed the personal information of 800,000 drivers of electric cars made by the Volkswagen Group, including VW, Audi, Skoda and Cupra models.
The breach included revealing the locations of places regularly visited by major politicians, sparking significant security concerns. The breach was down to an error, a seemingly small one, made by VW’s software subsidiary Cariad. The breach was revealed by German magazine Der Spiegel, but Cariad claims it has seen no evidence that the information has been accessed by any group other than the “white hat” hackers who revealed the breach.
Volkswagen Group Ireland confirmed that 91 per cent of its 2024 car buyers were signing up for connected services, a new record.
Connected services can be beneficial, and include anything from live traffic data for your sat-nav to automatic payments for electric car charging to servicing information, but there are other benefits. VW Group vehicles — be the Volkswagens, Audis, Skodas or Seat/Cupras — can now use “swarm” data that can send each other warnings of stopped traffic, accidents or other hazards on the road around you. These swarm warnings pop up as alerts on the car’s big infotainment screen.
Clearly those benefits also come with the danger that the software and sensors that they use are also tools for monitoring and surveillance within the car.
VW Group Ireland chief executive Pierre Boutin said to The Irish Times that a greater emphasis was needed on keeping all sides informed of what data is flowing where. “The first element is that personal information is absolutely critical, and we do the utmost to make sure that our customers data is is never at risk in any way, shape or form” said Boutin.
“Two, we have what we call the customer consent in anything we do; we always ask for consent. But three, I will say that, yes, there’s more that needs to be done in educating the customers about this data, about what’s being done with the data. That data helps us improve products moving forward, and that actually help us with the over-the-air software upgrades and so on to enhance even the current vehicle that our customers have, but we take this very seriously. I think that it’s a growing field, and we’re still constantly looking at, how can we do better in terms of protecting the data, to protect ourselves against cyber attacks and so on, so that the customer’s data is safe.”
Part of the issue may be that, increasingly, cars are not only dependent on their software for their systems to work, they are dependent on software to function at all, and are increasingly designed around such software.
Hyundai has said that software will not only define the design and capability of its future models, but that it will even actively improve their performance. It’s the software that’s the critical bit here, as Hyundai isn’t talking about stuffing new car platforms with ever-bigger batteries, but instead maximising their efficiency. Much of that efficiency will come from software. Indeed, Hyundai says that from this year onwards, its cars will be “software-defined”.
“By transforming all vehicles to software-defined vehicles, Hyundai Motor Group will completely redefine the concept of the automobile and take the lead in ushering in a never-before-experienced era of mobility,” said Chung Kook Park, president and head of research and development at Hyundai. “Creating visionary vehicles empowered with the ability to evolve through software will enable customers to keep their vehicles up to date with the latest features and technology long after they have left the factory.”
Hyundai has already introduced software over-the-air (Sota) capability to some of its models, allowing them to download new and upgraded software, sat-nav maps and so on, usually overnight and while plugged in. This year, Hyundai says that all of its cars will be Sota-ready, and by that stage it anticipates that some 20-million cars worldwide will be signed up to its online services programmes.
This will give Hyundai access to what will effectively be a massive, mobile data farm. Twenty-million cars, driving around, generating terabytes of data each day on battery life, driving conditions, safety systems, traffic flows and so much more. Hyundai is teaming up with tech giant Nvidia to help crunch all this data, and will use so-called artificial intelligence systems to help it do so.
Hyundai is not alone, and these terabytes of data — all of it generated by us driving about, and therefore linked to our daily schedules and lifestyles — makes for a tempting resource for car companies. As well as an age of software, we live in an age of minutely targeted advertising, and so car companies are sitting on a motherlode of potentially lucrative data which can be sold to advertisers.
Here in Europe, the use of such data is governed by the GDPR regulations, which seek to ensure that any data gathered is sufficiently anonymised before being shared with anyone, which helps to protect consumers and drivers against intrusive ad targeting. Indeed, GDPR even tries to restrict precisely which data can be gathered in the first place, although there are a series of ongoing legal arguments over precisely which segments of data are considered personal and therefore off-limits. Equally, the Volkswagen data breach shows that such security and anonymity can be bypassed by people with the right tools and skills.
In other jurisdictions, things are rather looser but not perhaps to the extent that some companies would like, as General Motors has just found out to its cost. GM has been harvesting data from drivers of its cars, especially those using the online connected OnStar service, for some time now and reselling that information to data brokers.
However, the American Federal Trade Commission has now issued a ruling that says GM can’t sell that data on for five year. The FTC said that GM didn’t adequately inform its customers that it was collecting such data, nor what purposes that data was being used for. GM protested that it was “committed to customer privacy” but the FTC rejected this claim. “GM monitored and sold people’s precise geolocation data and driver behaviour information, sometimes as often as every three seconds,” FTC chair Lina Khan said in a statement. “With this action, the FTC is safeguarding Americans’ privacy and protecting people from unchecked surveillance.”
[ Speed limit on local roads reduced from 80km/h to 60km/h from FridayOpens in new window ]
Others are prepared to go further. Ford has patented a new in-car system that would use the car’s built-in microphones, normally part of the handsfree phone setup, to actively listen to what occupants are saying. Someone mentioning that they’re hungry could trigger the automatic pinging of an advert on the car’s touchscreen for a nearby Burger King or similar. That’s worryingly Orwellian.
Quite apart from the fact that European drivers are already better protected than our American cousins (and who knows, at this point, which US protections will be further rolled back in the next four years) there is a benign angle to all of this. Ultimately, the idea is that the data and the software updates become a feedback loop, with cars kept constantly updated to improve their physical performance and their digital agility. There is even the potential for creating personalised software for each individual driver, the better to augment their driving and ownership experience. That enhancement can, surely, not be allowed to come at the expense of drivers’ privacy and personal safety.
[ Are car touchscreens safe? Safety regulator lays down the lawOpens in new window ]
The BEUC, the EU’s official consumer protection organisation, is already highlighting areas of concern when it comes to data and cars. The BEUC said, in a position paper, that: “Smart driver assistance systems on cars can make driving easier and safer. By using these types of products every day, the modern-day consumer uses and produces increasing amounts of data – both personal and non-personal. What can be done with this data and by whom, however, is a complex issue, particularly from a consumer perspective.
“Consumers can benefit from this innovation, for example by walking in safer streets, finding themselves in fewer traffic jams or saving money on fuel. But such changes also raise questions regarding liability, safety, data protection, fair competition and more. We call for the putting in place of technical measures so the consumer can take their data with them and decide who should access the data generated by a car.”
