Once mobile devices are connected to car infotainment systems and cars are connected to the Internet, vehicles will become a rich source of data for manufacturers, marketers, insurance providers and the government. Oh, and they'll be a lucrative target for hackers, too.
Unlike mobile device makers that use state-of-the-art technology to secure their devices, the automotive industry has generally been a technology laggard when it comes to privacy. The computer systems in automobiles, like so many other systems, may be built from years-old technology because of the three-to-five-year vehicle development cycle.
"Nothing dates a car quicker than the electronics. You can get into five-year-old luxury car and it... feels like a Nintendo game... compared to the experience on your smartphone," said Scott Morrison, a distinguished engineer at CA's Layer 7 Technologies.
With that in mind, Morrison believes cars, just like computers, need an opt-out capability when it comes to collection of in-vehicle data. That's especially true since there's little federal oversight on who's collecting what data from vehicles.
Carmakers already remotely collect data from their vehicles, unbeknownst to most drivers, according to Nate Cardozo, an attorney with the Electronic Frontier Foundation. "Consumers don't know with whom that data is being shared," Cardozo said. "Take Ford Sync, for example. In its terms of service, it says it's collecting location data and call data if you use Sync to dictate emails."
Ford then shares that data with business partners to improve service, "but that is so broad that you don't know what that means," Cardozo said.
Location data, which is routinely collected by GPS providers and makers of telematics systems, is among the most sensitive pieces of information that can be collected, Cardozo said. For example, if a company knows where your car is at any point in time, it knows where you live, what restaurant you're in and where you go to church. And, as Cardozo, points out, it also knows "if you're interviewing for another job or having an affair.
"Not having knowledge that a third party is collecting that data on us and with whom they are sharing that data with is extremely troubling," Cardozo said.
Dominique Bonte, a director at ABI Research, believes drivers should have to opt in before car companies can share data with any outside parties. Bonte pointed to GM as an example of why an opt-out model isn't good enough.
In 2011, GM's OnStar in-vehicle communications service began collecting data on users without permission. The strategy was designed to improve the OnStar service, but GM also shared that data with third-party suppliers.
"They failed to observe the most essential rule in privacy. They were forced to stop using the data," Bonte said.
Sign up for CIO Asia eNewsletters.