NO PRI­VACY BE­HIND THE WHEEL Au­to­mo­bile data col­lec­tion raises con­cerns

The Washington Times Weekly - - National - BY PHILLIP SWARTS

Con­sumers’ lo­ca­tions and other data are at risk of be­ing leaked by com­pa­nies that run au­to­mo­bile nav­i­ga­tion ser­vices like GPS, a re­port has found, putting the na­tional de­bate on pri­vacy be­hind the wheel.

De­spite telling con­sumers they are col­lect­ing the in­for­ma­tion and seek­ing con­sent, com­pa­nies do not al­ways dis­close what in­for­ma­tion is col­lected and how it is used. Com­pa­nies are also in­con­sis­tent when it comes to giv­ing driv­ers the abil­ity to delete their in­for­ma­tion.

“The com­pa­nies’ pri­vacy prac­tices were, in cer­tain in­stances, un­clear, which could make it dif­fi­cult for con­sumers to un­der­stand the pri­vacy risks that may ex­ist,” said a re­port from the Gov­ern­ment Ac­count­abil­ity Of­fice, Congress’ watch­dog arm.

Pri­vacy ad­vo­cacy groups are con­cerned “that lo­ca­tion data can be used to track where con­sumers are, which can in turn be used to steal their iden­tity, stalk them, or mon­i­tor them with­out their knowl­edge,” the in­ves­tiga­tive agency said.

“Any­time you’re col­lect­ing data about con­sumers, there’s a need to be aware of what the com­pa­nies are do­ing and the im­pli­ca­tions of hold­ing that data,” said Alan But­ler, an at­tor­ney with the Elec­tronic Pri­vacy In­for­ma­tion Center. “It’s an is­sue peo­ple need to be aware of. We haven’t heard yet of any ma­jor breaches or ma­jor vi­o­la­tions of con­sumer rights.”

The in­creas­ing use of com­mu­ni­ca­tion and lo­ca­tion-based com­put­ers and gad­gets in cars — called telem­at­ics — in some cases has left the gov­ern­ment scram­bling to keep up.

“Cur­rently, no com­pre­hen­sive fed­eral pri­vacy law gov­erns the col­lec­tion, use, and sale of per­sonal in­for­ma­tion by pri­vate­sec­tor com­pa­nies,” the GAO said. “While leg­isla­tive pro­pos­als aimed at pro­tect­ing the pri­vacy of lo­ca­tion data by mo­bile de­vices and nav­i­ga­tion sys­tems have been in­tro­duced by mem­bers of Congress, none of the pro­pos­als have been en­acted.”

The GAO looked at 10 com­pa­nies in­volved in the au­to­mo­bile in­dus­try, in­clud­ing man­u­fac­tur­ers: Chrysler, Ford, Gen­eral Mo­tors, Honda, Nis­san and Toy­ota, GPS producers Garmin and TomTom, and nav­i­ga­tion de­vel­op­ers Google Maps and Te­le­nav.

All 10 com­pa­nies tell driv­ers they are col­lect­ing in­for­ma­tion, but some don’t dis­close what in­for­ma­tion they are col­lect­ing or why, which could “al­low for un­lim­ited data col­lec­tion and use,” the GAO said. Like­wise, all the com­pa­nies tell driv­ers the in­for­ma­tion is shared with third par­ties but don’t al­ways give a rea­son.

Some don’t give driv­ers a choice to delete their per­sonal data, a nec­es­sary step in main­tain­ing pri­vacy, Mr. But­ler said. Keep­ing records of the data could cre­ate a re­pos­i­tory of per­sonal in­for­ma­tion that could be ac­cessed eas­ily by hack­ers or by law en­force­ment per­son­nel against the driver’s wishes.

“Ob­vi­ously this data, if it was breached, could re­veal a great deal of in­for­ma­tion about in­di­vid­ual driv­ers,” he said, adding that track­ing some­one’s car could re­veal where they live, work and wor­ship, among other things.

The Wash­ing­ton Times reached out to rep­re­sen­ta­tives for all 10 com­pa­nies named in the re­port, which the GAO said rep­re­sent the most widely used ser­vices or ma­jor­ity of the mar­ket.

TomTom, the Nether­lands-based GPS maker, said it op­er­ates un­der the strictest pri­vacy laws in that na­tion and pro­vides “re­spect and safe­guard” of driv­ers’ con­tri­bu­tions.

“We al­ways ask per­mis­sion to use any data pro­vided by our TomTom users, in­form­ing them how we will use it and al­low­ing them to opt out at any time,” a state­ment form the com­pany said. “All data pro­vided is anonymised and ag­gre­gated. We never share cus­tomers’ pri­vate lo­ca­tion data with third par­ties.”

Te­le­nav, which pro­duces nav­i­ga­tion apps and soft­ware, said all in­for­ma­tion it re­ceives is as­signed a num­ber and can’t be matched with a par­tic­u­lar driver. The anony­mous in­for­ma­tion can be shared with third-party traf­fic ser­vice providers to give real-time in­for­ma­tion, a ser­vice the com­pany said it be­lieves its cus­tomers ex­pect.

“Lo­ca­tion data is in­te­gral to the func­tion­al­ity of our lo­ca­tion-based nav­i­ga­tion prod­ucts,” said spokes­woman Mary­Beth Low­ell. “We would not be able to pro­vide maps, nav­i­ga­tion di­rec­tions, traf­fic up­dates, rerout­ing di­rec­tions, nearby point-of-in­ter­est searches, etc., with­out it. How­ever, we make ev­ery ef­fort to re­spect the sen­si­tive na­ture of this data.”

In­for­ma­tion on driv­ers is col­lected to pro­vide turn-by-turn di­rec­tions and traf­fic in­for­ma­tion, lo­cate ve­hi­cles for road­side as­sis­tance or re­cov­ery from theft, and give in­for­ma­tion on nearby gas sta­tions, restau­rants or charg­ing sta­tions for elec­tric ve­hi­cles, among other rea­sons.

The GAO said some es­ti­mates ex­pect use of telem­at­ics ser­vices to triple from 11.8 mil­lion sub­scribers in 2012 to 31.6 mil­lion in 2016.

Most of the time, com­pa­nies will make ef­forts to “de-iden­tify” data, such as list­ing a ve­hi­cle’s lo­ca­tion but giv­ing no in­for­ma­tion about the make and model of the car or the iden­tity of the driver. How­ever, there is no in­dus­try stan­dard, and the ways com­pa­nies try to pro­tect the data vary, giv­ing driv­ers dif­fer­ing lev­els of se­cu­rity.

Some­times the busi­nesses are us­ing se­cu­rity mea­sures that could still risk pri­vacy, the GAO said, such as as­sign­ing each driver a num­ber in­stead of us­ing a name. Af­ter sev­eral trips, it would be easy to dis­cern the num­ber’s driv­ing habits and pos­si­bly their home, lead­ing con­sumers to be “re-iden­ti­fied.”

“While se­lected com­pa­nies safe­guard lo­ca­tion data in part by de-iden­ti­fy­ing them, com­pa­nies use dif­fer­ent de-iden­ti­fi­ca­tion meth­ods that may lead to vary­ing lev­els of pro­tec­tion for con­sumers,” the GAO said.

AS­SO­CI­ATED PRESS

A Garmin GPS unit is shown in­side a ve­hi­cle in Tampa, Fla. “Cur­rently, no com­pre­hen­sive fed­eral pri­vacy law gov­erns the col­lec­tion, use, and sale of per­sonal in­for­ma­tion by pri­vate-sec­tor com­pa­nies,” a Gov­ern­ment Ac­count­abil­ity Of­fice re­port stated.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.