Quote:
Originally Posted by dragracer567 A couple of questions we should have from this:
1) Which cars send our data back to their company? Do connected cars in India like Hyundai Venue, Kia Seltos, MG hector, Tata Nexon etc. do the same?
2) Under what conditions can governments and courts access the data? Do car companies have a policy? Does it makes the population more vulnerable to an authoritarian government or even democratic governments overreaching its powers?
3) MG is Chinese, so can the Chinese government access the data of Indian/European car buyers?
...[/url] |
1) If i may make an educated guess, it would be that all connected cars send some data to their companies. That is the whole point of buying a connected car. It is a double edged sword, there are benefits too, such as emergency assistance. You could read about the Venue's connected car features from the Team-BHP review page
here (Hyundai Venue : Official Review). In fact you don't need an eSim in the car for emergency assistance, Ford's Emergency Assistance feature works using the phone paired to the car's ICE via Bluetooth. The issue here is how much data these cars send and for how log it is retained. Imagine malicious actors using data stolen from automobile companies to track movements of important Government functionaries! Also important is how upfront these companies are about their data gathering and retention policies with their customers. I am sure folks who own these connected cars would be able to add to this point of whether they got the Terms of Service for connected car services along with their vehicles.
2) How much access a Government has to the data collected by car companies, or any other company that collects data about it's customers as a byproduct (or otherwise) of its normal business operations depends on the jurisdiction of the Government on the company. In cases where the company in question is not a legally registered entity in India, the Law Enforcement Agencies/Govt. has to depend on other channels. These may be time consuming in natures (of course there are exceptions wherein the time period can be cut short). In case the company is registered in India it is a fairly straight forward process of serving the Company with an appropriate legal notice. Most companies have designated Nodal Officers to respond to such requests.
As for the second part of your question about the abuse of data by Governments authoritarian or otherwise, the past trends aren't particularly encouraging.
The Chinese Government has something called a Social Credit Score. Trustworthiness of individuals is decided based on their Social Credit Score which is calculated on the basis of all the data the the government and private companies collect, this includes CCTV footage, Social Media posts, legal history, online purchases etc. I am sure it will make for interesting reading -
here
3) The thing with suspecting manufacturers belonging to a specific country alone is that we then tend to miss the larger point. Nations have always deployed all means as their disposal to keep an eye on other nations. This is not limited to a single country or a group of countries. The basic idea is that if their is data, there will be people looking to ex-filtrate that data to use it to their advantage. Even in the days when computers weren't around, espionage (whether nation state or industrial) was commonplace. The advent of computers and the information age has only added to the tools at the disposal these folks. As for Governments accessing data about citizens of other countries through automobile manufacturers, there is no denying of such a possibility. However, if proven, it will lead to severe backlash leading to significant loss of face for both the manufacturer and the country in question. Therefore, there is only a slim chance of such a thing ever coming to light. The real risk is when one nation state steals from another nation's data repositories and plants enough false footprints to avoid attribution to itself.
The (in)famous criminal Willie Sutton was once asked why he robbed banks, and his response was simple, eloquent, and humorous: Because that's where the money is. It is the same with data, most of these companies hoarding customer data do not actually operate the huge infrastructure required to store the data. That is done by other companies, often in the "Cloud", this is where the money is when it comes to the information age.
There are enough ways to track individuals without the cars being another source of data as it is. Almost every one carries a mobile on ones person at all times, this in itself is sufficient to locate a person, and also know of who he/she is in touch with. Now may people have smartphones, there are two main Operating Systems (software that runs these phones) - Google's Android and Apple's iOS. Both Android and iOS maintain quite a bit of information on individuals i.e., location history (
how Apple does it) , call history, SMS history, Browsing history and a host of other information. This information is often backed up to the Cloud (iCloud for Apple iOS, Google Drive etc for Android). Add the various apps such as facebook, instagram, youtube etc to the mix and the amount of data each individual generates per day is unfathomable.
As for facial recognition, the vendor with the biggest repository of images ( a claimed 3 billion images, some of not most scraped off public websites such as facebook) reportedly suffered a breach recently - related report
here. Willie Sutton wasn't wrong after all!
Interesting times!