Tesla Knows How You Drive—Should You Care?

 

In an article in the October issue of the engineering professional journal IEEE Spectrum, Mark Harris investigates the depth and volume of customer-generated data that Tesla acquires every day from millions of its cars on the road.  The reasons for all this data collection appear to be benign for the time being, but it's truly a new thing in the automotive industry, and potential misuse of the data is something to worry about.

 

In common with all other new cars, Teslas have what are called "event data recorders" (EDRs).   Similar in function to an airliner's black box, the data recorder keeps a constantly updated 5-second record of speed, accelerator and brake conditions, steering, and other data relevant to diagnosing a crash.  In the event of a wreck, the last data set is preserved so that investigators can reconstruct the conditions leading up to the accident.

 

But Tesla cars go way beyond the EDR minimum.  Every minute, the car's GPS location and certain other data are recorded.  And when (not if) the car next gets in touch with its designated wireless hub, it uploads an anonymized version of the data to Tesla HQ through the Internet.  Technically, the car's owner is not linked to the randomized ID number that accompanies the upload, according to an engineer under the alias of Green, who has examined scrapped Teslas (as well as the one he owns) to determine what the famously close-mouthed company is doing.  But as Green points out, if you have anonymized data showing that the car leaves a certain residential address at 8 every morning and returns there at 5 every evening, it's not going to be hard to figure out whose car it is. 

 

Besides the location data, the vehicle's Autopilot system can do something called Shadow Mode, according to former AI head of Tesla Andrej Karpathy.  While the human driver is in control, Autopilot pretends to drive the car and compares its steering and control outputs with what the human actually does.  When there's a discrepancy, Autopilot can take a data sample, including camera images and other details, and upload it to Tesla HQ to enable continuous improvement of the Autopilot algorithms.  Multiply this by the several million Teslas on the road, and you have the world's best test bed for improving autonomous-driving software.  This is yet another example of the tech world's powerful largest-network advantage.  Once a player in a networked system gets to be the biggest, that organization has a huge advantage over the other players because of the synergistic effects of network nodes supporting each other, roughly speaking. 

 

Of course, Musk and his engineers say that is the only reason they're collecting all this data:  to improve the Autopilot system.  But it's come in handy in court at least once, when the father of a teenager who died in the fiery crash of his Tesla sued the company.  Tesla was able to present the judge with a detailed catalog of many times when the driver tore around town at up to 130 MPH, establishing that the teen was not driving responsibly. 

 

In fairness to Tesla, they are only doing what any sensible company would do in the same situation.  If Ford or Volkswagen had happened to climb to the top of the U. S. electric-vehicle heap first with an autonomous car, they would probably be doing more or less the same data-gathering.  In principle, even Tesla owners can decline to have any Internet connection made to the car, but no one knows of any owner who has actually done this.  This is probably because the intersection of (people who buy Teslas) and (people who don't want their hardware connected to the Internet) is the empty set. 

 

Should we worry about Tesla, or any other car company for that matter, collecting huge piles of data on where we drive every minute, and how fast we drive, and how safely we drive?  There are two entities that have strong reasons to access this data, and the main concerns may come from them.

 

The first entity is government—Federal, state, and local.  Already, state governments are beginning to wonder how they will keep collecting highway-tax revenue as more drivers turn to electric vehicles, which completely evade the X-cents-per-gallon gasoline tax that has up to now been a mainstay of highway funding.  It's always seemed to me that if you take a libertarian point of view, the people who use the roads should pay for them.  Up to now, it was impractical to tell who was using which road, but as more cars get equipped with follow-me-everywhere software, the technology to assess road taxes by miles used wouldn't be that hard to do.  But for various political reasons, the states seem instead to be leaning toward a flat annual tax on electric vehicles that will more than make up for the lost gasoline-tax revenues.

 

The other entity that would like to get their hands on the data is the auto-insurance industry.  It's not hard to imagine developing algorithms that would take in a year's worth of digital driving data on you and assess a personalized insurance cost that would precisely reflect your driving habits.  This would be very popular for safe drivers and highly unpopular for the other kind.  Of course, as Autopilot and its ilk get better, the insurance companies are going to have to deal with increasing numbers of vehicles driving themselves, and the liability implications of that situation are far from being sorted out.  But it's likely that the insurance industry will develop some kind of certification process that you'll have to deal with in order to obtain insurance on a car with a given type of autonomous driving capability. 

 

Finally, there is the general creepiness factor that some software somewhere knows where you've been.  But as we've gradually gotten used to that with mobile phones, I suppose it won't be much different if our cars know what our phones know already.

 

For now, just being aware that this data gathering is going on may be the most we can do about it.  But while improving autonomous-vehicle software is a laudable goal, it won't be surprising if hackers or other malevolent actors eventually exploit the data stream that Tesla extracts every day from their cars.

 

Sources:  "The Radical Scope of Tesla's Data Hoard," by Mark Harris appeared on pp. 40-45 of the Oct. 2022 print edition of IEEE Spectrum.

Abortion and Data Privacy: New Cause for Concern

 

With the June 24 Dobbs decision overturning of Roe v. Wade and Casey, the U. S. Supreme Court withdrew the nationwide blockade against the intention of many states to ban abortion to a greater or lesser degree.  Depending on where you live, abortion may already be illegal or will shortly become so. 

 

Texas, where I live, is one of the more aggressive states, having effectively banned most abortions since last fall by authorizing private citizens to sue anyone who assists in an abortion.  To the best of my knowledge, the penalties for performing abortion focus mainly on the providers.  But any woman who wants an abortion now faces a new forest of legal complications, including the possibility that law enforcement agencies may obtain extremely private information such as data from period apps in building a case that an abortion was performed.

 

In a recent Vox online piece, Sara Morrison pointed out that although women concerned about keeping their possible pregnancy status private should probably get rid of their period apps, that is not the only way you can be spied on, although period-app companies have a rather poor record when it comes to data privacy anyway. 

 

Most media companies have a boilerplate clause as part of that agreement everybody pretends to read (and nobody does), which allows them to share information with legally constituted law enforcement agencies that have a reason to obtain it.  So even if a woman sent a private text message to her closest friend saying that she thought she was pregnant, and a state police investigation thought it was relevant in prosecuting an abortionist, they could legally obtain that message. 

 

The concept of privacy lies mostly in tatters these days for anyone who spends any amount of time online, which is pretty much everybody.  While the Fourth Amendment to the U. S. Constitution guarantees the right to be secure in one's "persons, houses, papers, and effects," it does allow searches (presumably including online ones) in cases where a crime is suspected and a warrant for the search can be justified. 

 

What is so different today from the circumstances in 1792, when the Bill of Rights was enacted, is that all of us leave electronic trails that are in legal gray areas in many cases.  Simply being on social media and using one's mobile phone creates gobs of data that clever analysts with adequate resources and access to commercial databases by means of search warrants can use to create an incredibly intimate portrait, including one's pregnancy status or attempts to obtain an abortion. 

 

Morrison says the ultimate solution is better data-privacy laws.  And she may be right.  The problem with this is that the entire economic basis of social media relies on the violation of the kind of privacy that data privacy laws would protect.  So unless the Big Tech giants figure out an entirely new revenue model, their heavy hands on the scale of justice will outweigh any desire on the part of the general public to be more private online.

 

This is not an easy column for me to write, because I am personally opposed to abortion.  At the same time, I realize that trying to enact (or revoke) a law that creates a situation which is hugely unpopular among a large segment of the public leads to situations in which law either loses respect or unduly harsh measures are used to enforce it.  Probably some of both will happen in the coming months as the nation readjusts to the new circumstances surrounding abortion.

 

Judging from the way Morrison wrote her article, she seemed to take the point of view of a woman who finds herself pregnant against her intention and wants to get an abortion, but lives in a state where abortion is now illegal.  What are the options?

 

Over half of current abortions are achieved by means of medication, which means the combination of mifepristone and misoprostol taken to induce a spontaneous abortion.  Many states are or will shortly take steps to make such medications illegal for use in abortion, and the natural first thought of many—to order them online—leaves one open to surveillance as explained above.

 

The next option would be to travel out of state to a place where abortions are still performed.  But in a state like Texas, even helping someone with travel arrangements could be grounds for a lawsuit—remote grounds, maybe, but who wants to do something that leaves their friends liable to be sued?  And everyone's whereabouts are being tracked 24/7, or at least the whereabouts of your phone, unless  you turn it off.  So as things stand, there are really not many places to hide.

 

Far from solving the problem, the Dobbs decision has brought abortion into the spotlight of public consciousness and debate in a way that perhaps hasn't been equaled since the original 1973 decision that legalized it by judicial fiat nationwide.  The real problem, the one that lies deeper than online privacy, or legal decisions or codes, is a cultural one.

 

We live in a hypocritical culture which both promises untrammeled freedom, and withholds from nearly everyone the means to realize that freedom, which is illusory in any case.  The culture has convinced millions of women that pregnancy and childbirth is simply not an option compared to all the other treasures of the world, and if a woman becomes a mother without meaning to, she must correct the error even if it means the death of an innocent being. 

 

This is a serious distortion of how the world is, and correcting it is going to take more than the passage or revocation of a few laws or judicial rulings.  But if Dobbs and its fallout get us to thinking about these things, there is at least hope that the truth will eventually emerge.  And it is only the truth that makes people truly free.

 

Sources:  Sara Morrison's "Should I delete my period app? And other post-Roe privacy questions" appeared on Vox at https://www.vox.com/recode/2022/7/6/23196809/period-apps-roe-dobbs-data-privacy-abortion.  I also referred to a list of what many of the states are doing about abortion laws at https://apnews.com/article/supreme-court-abortion-ruling-states-a767801145ad01617100e57410a0a21d.