My new car is desperate to spy on me.
In my last post I noted that my goal of maintaining some level of privacy was being tested as I looked for a level 2 charger. But it’s clear that the privacy issue extends far beyond the plug in my garage.
When I purchased my car, the dealer set me up with an app called “Bluelink®.” This technology links my car to my smart phone and opens up a wide array of features. The benefits include the ability to:
· Start my car remotely
· Turn on the air conditioner, defroster, or heater from a distance
· Unlock or lock the doors remotely from just about anywhere
· Turn on my phone and have a map appear to show where I parked my car
· Determine the exact location of my car if it has been stolen
· Press a button inside the car that immediately alerts emergency services to come and help me
Part of my initial reaction is that technology has become truly magical. With Bluelink®, if my wife accidentally locks her keys in the car while I’m on the other side of the country, she can give me a call, I can press a few buttons and presto, unlock the doors for her. If I move back North and have to face frigid winters again, I can get the car all warm and toasty before I even put on my boots. And when I get back to the airport parking garage and can’t even remember which floor I’m parked on, I can open my phone and get directions. Each and every one of these examples is a problem that I have faced before and would have loved to have had an easy solution. Hyundai offers all of this free for three years.
But there is a catch.
To get access to Bluelink® you have to agree to a “Connected Services Agreement.” It’s an online form similar to the ones you’ve seen dozens of times and simply clicked “agree” because a) you’re not a lawyer and b) it would take way too long to read it. This particular agreement outlines an incredibly wide array of data that you must share with Hyundai and whomever they see fit in order to get access to the benefits listed above. This data includes real time location, speed, direction of travel, charging data, tire pressure, coolant temperature, and many many other data points.
I should make it clear here that the issues I’m describing are in no way limited to electric vehicles.* Mozilla has done a deep dive into the data that car companies have been collecting on their customers over the last few years and it’s reasonably staggering (https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/).
Their research into the topic unearths a few things I couldn’t immediately find. (https://foundation.mozilla.org/en/privacynotincluded/hyundai/) For instance, if I assent to the Bluelink® agreement, Hyundai reserves the right to collect sensor data from my car. That includes not only everything I’ve listed above, but also temperatures in various parts of the car, whether I use my seatbelt or not, and all the images captured by the cameras mounted on the car.
Thankfully Mozilla found at least a few areas where Hyundai doesn’t go as far as others. For instance, unlike some car companies, Hyundai does not single out “sexual activities” and “genetic information” as data it collects. But Mozilla does note that Hyundai reserves the right to collect “olfactory data,” i.e. smells. Mozilla doesn’t think there are sensors on my car that can capture smells… but if they build a car with a nose, Hyundai is prepared to grab that data as well.
Ostensibly Hyundai uses this data to help it understand events in and around the vehicle when things fail (like in a car crash or motor failure). But there are few, if any, limits on what is done with that data and where it goes.
If I’m interested, I can even get in on the data grab! Bluelink® gives me the option to set parameters and then I can be alerted if anyone drives the car above a certain speed, outside of certain time limits, or outside of a predetermined radius. Hyundai’s marketing team pitches this as a useful parenting tool, but of course it is also an incredibly powerful weapon that can be used by domestic abusers just as easily.
One thing that particularly concerned Mozilla is that Hyundai appears to have a very relaxed relationship with law enforcement. In the privacy agreement Hyundai states that it reserves the right to share my personal information, vehicle information, and precise location with law enforcement based on an “informal request.” This means that anyone with a badge can ask Hyundai for and quickly obtain detailed information about not only where I am now but where I have been at any point since I purchased my car. No need for a warrant… a quick phone call should do it.
To make things as easy as possible for the police to get this data they include a handy form online and offer the phone number for Bluelink® customer care if they run into any difficulties: https://www.hyundaiusa.com/content/dam/hyundai/us/com/pdf/safety/HMA%20Exigent%20Circumstances%20Request%20Form.pdf
Now I don’t harbor great fears of being tracked down and persecuted by the police. Other than the occasional rolling stop through a stop sign and driving a few clicks above the speed limit, I’m generally a law-abiding citizen. And being a white male professor, I’m the kind of person who gets waved through customs pretty quickly. But I think my life would be worse off if I knew I was constantly being tracked.
Over the years I’ve had a lot of discussions with my students about privacy. A lot of them used to jokingly ridicule me, saying things like: “Prof. Wetmore! You’re living in the past. Privacy is dead. Embrace it!” But I think there are some beautiful things about privacy.
I often use a somewhat silly scenario to emphasize this point. I ask students if they would sing in the shower if they knew people were listening. Many of them say that they wouldn’t. They’d be too self-conscious about it. I don’t think we should be building a world that doesn’t offer the basic freedom of being able to sing loudly (and poorly) in the shower. It’s an act that only makes the world a better place.
Interestingly, the students I interact with today don’t need to hear that scenario anymore. College undergraduates today are significantly more concerned about privacy than they were a decade ago. Many of them know people who lost jobs because of something posted on social media and they take active steps to limit their exposure. They probably don’t work at this as hard as they should, but it is increasingly difficult in our world.
How difficult? For a couple hours I was signed up for Bluelink®. I didn’t sign myself up. The dealer did it the same time that he set up my charging station app, presumably accepting the “Connected Services Agreement” on my behalf. I knew about 25% of what I’ve written above at the time, but that was enough to convince me to delete my account as soon as I was able. Ever since, Hyundai has repeatedly attempted to get me to sign back up using a variety of techniques.
My favorite was the one that I got just after I deleted the account. As the website processed my deletion it asked (in big bold print): “Are you really breaking up with us?”
Yes Hyundai Bluelink®, if you’re going to rat me out to the cops, then I’m breaking up with you. I’m looking for a relationship that respects my values.
*If you’re interested in the data your car is collecting about you, Mozilla offers a very useful rundown of the privacy policies of every major car company. I’ll warn you, however, what you’ll discover will likely be pretty disconcerting: https://foundation.mozilla.org/en/privacynotincluded/categories/cars/
Jamey,
As I read your reflections on the pluses and minuses of the technological perks which our new cars can provide, I thought of the pleasure I have been taking in our unseasonably warm temperatures for several days here in Illinois in March while fretting at the same time about what such weather portends about climate change. We have no control over the weather but at least we can exert some control, as you did, over the technology we are willing to accept.