After Researching Cars and Privacy, Here’s What Keeps Us up at Night

Through cheeky print ads, TV commercials, and multi-million dollar product placements, car companies work hard to make us feel things about cars. They tell us that cars can empower us, set us free, improve our social status, affirm our identities, and make us the best versions of ourselves. Maybe that’s why they represent more to most people than just a way to get from point A to B… And why there aren’t nearly as many love songs about bicycles or public transit.

But if a sense of independence is responsible for the warm and fuzzy feelings we have for our EVs and SUVs then the reality of today’s cars is a betrayal. According to their own privacy policies, car companies can collect, share, and sell an overwhelming amount of data about you, your car, your passengers, and even pedestrians. Modern cars are surveillance-machines on wheels souped-up with sensors, radars, cameras, telematics, and apps that can detect everything we do inside -- even where and when we do it. Whether that means singing at the top of your lungs, engaging in hanky panky in the back seat, or driving to a domestic violence shelter, cars are an increasingly unsafe place to be yourself.

Cars’ recent vibe shift from 1969’s Easy Rider to 2002’s Minority Report worries us a lot. Here’s what worries us the most.

WTF-level data collection

It’s worth saying again: new cars, at every price point, create and collect so much data about their owners, drivers, passengers, and the world around them. About where you go, what you do inside, and who you are. They have so much information about you that they can (and do) use it to invent even more, through “inferences.” So that’s the first privacy red flag: the quantity of personal data car companies collect. Then, a lot of the car companies share and sell that information -- to service providers, data brokers, the government, and other businesses we know little or nothing about. The sharing, selling, and the overall lack of clarity about those things are flags two, three, and four. But there’s more: the intimacy of the data (that’s five).

There is some personal information that corporations just should not be allowed to collect about you, especially when there is no imaginable good reason for them to do it. In this category: genetic information. GM’s Cadillac, GMC, Buick, and Chevrolet say in their California Privacy Statement that they can collect (among so many other things) your “Genetic, physiological, behavioral, and biological characteristics.” KIA and Nissan also say they can collect “genetic information.” We have every question about this, but mostly “how”?

It gets worse. Nissan says they can collect information about your “sexual activity” and “intelligence” (which they apparently infer from your personal data) and can share that information with “marketing and promotional partners” or for their own “direct marketing purposes.” What on earth kind of campaign are you planning, Nissan? On second thought, don’t answer that. Just please cut it out. Especially after your data breach earlier this year, it’s only fair your super-sensitive data privileges are canceled.

A new era of cybercrime

When car companies aren’t busy sharing or selling your data, they’re often not protecting it as well as they should. We couldn’t confirm if any of the car brands we researched meet our Minimum Security Standards. That’s really bad and not normal. This is the first time all the products in a single guide earned our security “ding.” Mostly, we can’t tell if all that personal data is encrypted at rest on the car. It’s a scary thought to think the data your car collects and the data your phone shares with your car could be sitting unprotected on your car. Especially since even encryption is no silver bullet for keeping data safe. In fact, most (68%!) of the car companies earned our “bad track record” ding for failing to protect their users’ privacy with a leak, breach, or hack in the past three years -- from sources that should have been better protected.

In a number of the cases we looked at, it was car companies’ own mistakes (and not mastermind hackers) that exposed their customers’ data. Hyundai used an example key copied from a tutorial for encryption. That’s like keeping a default password like “12345” on a very important account, but way worse. Toyota exposed the data of 2.5 million customers for more than 10 years because of a “misconfigured cloud.” Volkswagen and Honda also made mistakes that exposed millions and thousands of records.

Sensitive data and weak security is a terrible combination. We’re worried that it puts your personal information or even control of your car up for grabs for criminals. Since car companies are already lagging behind on data protection, it could be just a matter of time until snoopers, stalkers, and thieves don’t even need high tech hacking skills but just a few bucks to buy a hacking kit off the deep web (like they already can for all kinds of malicious software) to get access. We shudder to think of the scams that a criminal could cook up with that much information in their arsenal.

Mass surveillance by law enforcement and the government

There are so many ways for the law enforcement to unlock the treasure trove of data that’s collected by your car. In the United States, they can just ask for it (without a warrant) or hack into your car to get it. At least fourteen (56%) of the car brands’ own privacy policies say they can voluntarily share your personal data with law enforcement or the government in response to a “request.” At Mozilla, we believe that the government should have to do more than ask nicely for your personal information. We look for stronger language in privacy policies, that say they won’t share your information unless they are legally obligated to do so, and even then, limit the personal information they provide to law enforcement or governments to the smallest amount necessary.

Police and government agencies’ easy access of private data is most likely to impact already-overpoliced black, indigenous, and other racialized communities the most. Other victims of targeted surveillance, like people seeking gender-affirming care or abortions, as well as asylum-seekers or undocumented immigrants, are also left vulnerable to these abuses of authority. And it’s not only drivers whose privacy is at risk, since Tesla and other cars with outward-facing cameras can record video of people and places outside your car.

In the European Union, thanks to stricter privacy laws, it’s not so easy for the government or law enforcement to get access to your private data from corporations. Still, it’s a line that needs holding globally especially as tech evolves. The contrasts make it clear: it’s the law and not car companies’ good conscience that’s protecting your privacy.

Car apps’ features are ripe for abuse

VW’s Car-Net promises to help you “Keep tabs on who’s driving” and it sure does deliver on that promise. You can set “boundary alerts” and “curfew alerts” that send a notification to your phone when drivers leave a certain area or drive past a certain time. These services are marketed as safety features for young and inexperienced drivers. But besides being a buzzkill for teens, we’re worried that they could be abused by controlling family members or partners.

They’re not the only car company we looked at that offers app features that could enable problematic behavior. BMW’s Digital Key lets you share your car keys by text. That part is cool! But when you share access you can also add limits on other drivers’ speed and stereo volume. Hmm. Even if you don’t share a car with anyone who might use these features to spy on or control your behavior, you probably don’t want those drivers to be able to see your location whenever you’re driving, like Tesla, Ford, Lincoln, Mercedes-Benz, Hyundai, Kia, Chevrolet, Buick, GMC, Cadillac’s accounts and apps let them do.

Weaponizing connectivity

What are they thinking? Is a question we asked ourselves a lot while researching car brands’ privacy practices. Why would car companies want so much and such intimate data and exactly what do they plan to do with all of it? What can they do? Lucky for us we got a peek into what at least one of the car brands we researched is noodling on lately and… it is grim.

In a patent they filed earlier this year in the United States, Ford spilled some very detailed beans about an idea for self-repossessing technology that would make use of the car’s connectivity to the car-maker, a lending institution, a repossession agency, and policy authority. In it, they describe a series of escalating torments that they could inflict on drivers who have missed car payments.

The gist of the 14-page application is that the car repossession could start with a text message to your phone or car and end with your car driving itself to an impound lot or, if it’s not worth enough, a junkyard. We don’t trust the creative minds behind this piece of work as far as we could throw a Ford F-750 (that’s a really big one).

In between the initial message driving off into the sunset, your car’s features like the infotainment system, windows, and air conditioning could be turned off so that you experience “certain” and then “additional level[s] of discomfort” that, we guess, motivate you to make those payments. In another scenario, the car will play an annoying (“unpleasant”) sound that won’t stop until the payment is made. These are especially cruel ideas in the context of the United States (where the patent was filed) since a not-insignificant number of people live in their cars.

Ford seems to get that all this might make you angry, which is probably why the system could collect real-time video recording using the car’s cameras to “identify undesirable actions that the owner of the vehicle may take” in response to, for example, being locked out of their car. The cameras’ images could also be used to determine whether you’re trying to “block repossession,” and decide whether the car should “transmit a complaint to the computer associated with the police authority.” Congrats, Ford! Your imagination is better than ours at dreaming up privacy nightmares.

Drivers having little control over information shared with insurance companies

Telematics report your driving behavior directly from your vehicle to your insurance company. The idea is that by analyzing your driving habits with data about your driving speed and braking, your insurance company can have proof that you’re a responsible (low risk) driver and offer you a discount on insurance. It started as a dongle that you could choose to plug into your car but it’s quickly moving to built-in software drivers have no real ability to opt-out of. According to an industry report, most cars sold in 2020 already had telematics built in. By 2026, the same report predicts almost all cars (91%) will have “embedded telematics.”

As an optional service, there isn’t anything wrong with telematics. But it seems unavoidable that it will be all-but-mandatory soon because of its widespread government support and its promise to save drivers money. But drivers having little control over the flow of information to their insurance company (or elsewhere) makes us uneasy.

That it will only get worse unless we act now

The situation with cars and privacy is not good. Cars are so far the worst category of products we have ever reviewed at *Privacy Not Included, with every single car brand we looked at earning our warning label. We’re worried about the amount and the sensitivity of the information car companies collect about you. Based on their track records alone, we don’t trust them to keep it safe. And we don’t think a lot of the ways that your information is being shared or sold benefits drivers or anyone besides the businesses who exist to make money off of your data.

We’re worried about the ways car companies offload their responsibility to protect their drivers’ privacy. It’s on you to make sure your data is properly deleted before you sell your car or return a rental. It’s on you to track down the (separate) privacy policies from your car dealership and connected services to learn how they treat your information. It’s on you to inform passengers about your car’s privacy practices. It’s on you to “opt out” of data collection (when possible) -- and it’s also on you if that makes your car undrivable.

We’re also worried that this is just the beginning. We’re worried that new sensor technology could help car companies create, collect, combine, and sell even more information about you. And about how more data-collecting cars are replacing more analog (and more privacy-preserving) ones one by one as most new (even “basic”) vehicles are already connected ones.

With car companies' long history of lying, cheating, and putting profit before everything, including human lives, we’re worried about what they have planned for the future. When it comes to protecting your privacy, someone else needs to take the wheel. This is where you come in. Join the Mozilla community’s fight to force car companies to respect our right to privacy.

Sign the petition and tell car companies to stop their huge data collection programs that only benefit them.