Editor’s note: This article is from Krypton 36 “Future Automotive Daily” (micro-channel public number ID: auto-time), Author: Qin Zhang Yong.Author | Qin Zhangyong
Edit | Wu Yan
Imagine that when you are driving on the road, your identity information, driving trajectory, vehicle status, song listening history, and even driving behavior are all recorded by the mysterious car network, and all your tracks are at a glance.What’s even more disturbing is that these all happened without your knowledge.
Everything is digital, and all data may expose your privacy.
From financial institutions to Internet giants, as long as it involves privacy leaks, consumer sensitive nerves will immediately tighten.The lesson that Facebook was fined $ 5 billion for failing to protect user data is clear, and companies are also struggling to clarify the boundaries between data analysis and user privacy.
Just recently, Google explicitly banned all Xiaomi-owned smart home products from accessing its integrated hub and Google Voice Smart Assistant because Xiaomi’s smart devices were allegedly leaking user privacy.
On January 7th, in response to technology companies ’data abuse and privacy violations, Apple reappeared at the International Consumer Electronics Show (CES) after 28 years. Jane Horvath, Senior Director of Global Privacy, attended the meeting.Privacy Officer Roundtable with the theme “What do users want?”
With the penetration of intelligent networking and the large-scale application of car networking, cars have become mobile phones on the road.However, due to the characteristics of open wireless channels and trackable movement trajectories, intelligent connected cars also face many threats to security and privacy.Consumers are worried about the leakage of data privacy and are worried, while indulging in the convenience of privacy in exchange for their knowledge.
“The car must not be turned into a ‘data monster’,” concluded Martin Wendern, the former CEO of Volkswagen.In the age of connected cars and big data, does personal privacy still exist?
Privacy Leaks “Heavy-hit Areas”
Whether you like to admit it or not, everyone is “streaking” in the era of big data.
At the end of the year and the beginning of the year, the circle of friends was overwhelmed with annual bills and inventory.How much did you spend on food, clothing, travel, what songs have you heard, and what hotels have you stayed at? The most common place to go by car, usually when you go out and know everything on your phoneEven the words that you accidentally talk to your friends will be quietly memorized by a shopping app, and related product ads will be “intimately” pushed on the homepage.
Behind every number and detail, cannibalism and invasion of personal privacy.
Cell phones and other smart devices know you better than you.It is becoming a spy, monitoring your every move.As the movie “Eavesdropping” states: “Everyone’s mobile phone is an eavesdropper, and you can be eavesdropped whether you turn it on or off.
The private photos of Hollywood stars have been collectively leaked. Social media giant Facebook has been the target of public criticism for leaking 50 million user data. Google, Twitter, Uber and other technology giants have been involved in leak scandals.Just in August 2019, Apple publicly apologized for Siri’s privacy leak on the official website, and promised to no longer keep audio recordings of user interactions with Siri by default.Former US CIA employee Edward Snowden, who had been wanted by the United States for leaking the “Prism Project,” even asked visitors to keep their phones in the refrigerator to prevent eavesdropping.
What exactly do users want?This is exactly the answer given by Apple.
After returning to CES in 28 years, Apple is only discussing data and privacy security.The whole discussion was full of gunpowder, and reporters from the audience repeatedly bombarded Hovas, and questioned whether the iPhone’s data was leaked and how to ensure that third-party applications would not steal user data.Even if it didn’t attend last year, Apple also set up a giant billboard near the Las Vegas Convention Center, which reads: “Everything on the iPhone is kept only on the iPhone.”
Source: CNBC video screenshot
With the large-scale application of the Internet of Vehicles, the car has also become a mobile phone driving on the road. The way to record personal privacy has become innumerable and invincible. Some even joked, “Putting the wheels on it is for smart phones.Better driving on the road. ”
Driving a smart car is like using a smart phone, you can shop, order food, entertain, and enjoy all convenient services.People are used to listening to their favorite songs by turning on the stereo, navigating to familiar destinations, controlling all switches in the car by voice, and even when they are lost or stolen, they hope that the car will be used to locate and track the car in real time.
But at the same time, the GPS on the car records your whereabouts, the camera in the car can capture your image, and the microphone is also recording your voice.Every move you make will be silently recorded by the connected car.
There is no privacy at all in the era of connected cars, which is not alarmist.Without providing your home address, you cannot enjoy navigation services, you cannot pass various software certifications without leaving personal images, and you cannot enjoy various intimate services without being analyzed for personal preferences.
In 2010, Suzhou Haige launched the G-BOS bus intelligent operation system suitable for the needs of Chinese buses.The system analyzed and documented the driver’s behavior, a feature that caused much controversy at the time.As the Internet of Vehicles can realize the network connection between the vehicle-X (that is, the vehicle and the vehicle, people, roads, and service platforms) according to the agreed communication protocol and data interaction standards, it is difficult to avoid privacy and security issues.
The “routine” of the Internet of Vehicles leaking user privacy is exactly the same as the software of “undercover” mobile phones.
When the criminals embed a piece of software in the mobile phone without the user’s knowledge, the user will be illegally monitored and tracked in real time. The software will even send real-time location information, call chats and other content to the criminals, which allows users to be private.It became a commodity being sold everywhere.
Similarly, once the data of the connected car supplier is hacked, the user’s private information will be used maliciously, and it may also be leaked to third parties for profit.
In December 2017, personal information of customers of Nissan Canada Financial Corporation and Infiniti Canada Financial Services Company were stolen by hackers. The customer’s name, home address, vehicle brand and model, and even credit scores and loan amounts were all within the scope of the theft.
In 2015, Jeep Grand Cherokee car entertainment system was exposed for vulnerabilities, and hackers could remotely control the braking and steering system through these vulnerabilities.Jeep has decided to recall 1.4 million cars.This is the first car recall due to information security issues.
Source: Tesla’s official website
In 2016, Tencent Cohen Labs successfully conducted a “remote intrusion” into Tesla.They replaced the main screen of Tesla with the logo of Cohen Labs, and the owner could not operate, and then realized remote unlocking and braking.
In other words, the car has become a “heavy disaster area” where users’ personal information is leaked. Even if people are sitting in the car, they are still running naked in the era of big data.
Nowadays, the security threats of the Internet of Vehicles have penetrated the entire network architecture, and each level faces many problems.With the advent of the era of intelligent networking, this contradiction will become increasingly prominent.
Who betrayed your privacy?
Many consumers have experienced this: they received a car insurance sales call just after buying a car, and received a clear commercial push message when driving the car.This means that your personal information has become a commodity in the hands of data traffickers.
Through the powerful functions of the Internet of Vehicles, from home address to personal driving trajectory and other data, a complete user portrait can be formed.These behavioral data have powerful marketing monetization ability. If they are obtained by people with ulterior motives, the impact will be immeasurable.
Just like the contact information lying in the phone’s address book, you can still restore it even after deleting it.Some second-hand mobile phone recyclers will restore the information of second-hand mobile phones, and then profit from the sale, forming a stable black industry chain.This information may become a database of scam information or a traffic pool for marketing text messages.
Cars now face the same threat.
Personal data privacy issues have become a “worry for users”, but for the maintenance and operation of vehicles, data storage and transmission are inseparable.With more data, car manufacturers can provide more analysis and customization services.Therefore, privacy issues have always been a sensitive topic that car companies and connected car suppliers are reluctant to mention.
Car companies are cautious and try their best to avoid stepping on the user’s “minefield”.However, under the large-scale application of intelligent network connection, it is always a difficult subject to find a balance between ensuring the user experience and protecting user privacy.
In October 2018, after a large number of Weilai ES8s were delivered, some car owners and media questioned the privacy protection of Weilai car users.According to the way user information is collected, the ES8 regularly uploads image and audio information of drivers and inside and outside of the vehicle through the camera and microphone inside the car, which undoubtedly involves the user’s most taboo privacy issue.
In response, Li Taide, known as the “father of Nomi” of Weilai Automobile, stated publicly: “All data produced by Weilai will be used to enhance the user experience and will be effectively protected.”
According to his introduction, Weilai Automobile will first perform data desensitization and unbind identity information, that is, desensitize all voice interaction data, and it is completely unbound and unrelated to user identity.In addition, these data information will be stored encrypted by a dedicated server, and the expiration date cannot be traced.
In the new car camp, most companies have consciously taken steps to protect user privacy.
Niu Shengfu, CTO of Skyline Motors, has revealed that Skyline Motors has a complete set of information security mechanisms. Only after obtaining the user’s consent can sensitive information such as user’s location data be obtained, and insensitive information will be uploaded to the background.
“In terms of data acquisition and use, we follow the relevant national regulations and will sign relevant agreements with users before using services such as vehicles to ensure users’ right to know and choose.” Insiders of a new car brand told Future Automobile Daily: Auto-time), the company strives to protect user privacy data through encryption technology and monitoring systems.
With the development of new energy vehicles, in order to grasp their safety and rationality, the state will force the monitoring of the vehicle’s driving status, charging status, and data on electric power and other information.
In March 2019, the European Commission adopted a new regulation to reduce the fatality rate of traffic accidents.It is stipulated that all new cars sold in Europe after May 2022 need to use speed limit technology, including the installation of speed limiters, automatic emergency braking devices, and electronic recorders to monitor the driver’s attention level system.
Weilai legal experts said that in order to ensure safe production and operation, the state has forced electric vehicles to upload daily use, repair, maintenance and other data and vehicle dynamic monitoring data to the new energy vehicle data government collection / monitoring platform.Information such as nicknames will not be uploaded.The purpose of data use is also strictly controlled, and is only used for national operation monitoring and enterprises to provide basic services for users.
This means that as long as OEMs and IoV vendors collect and use user information in accordance with policies and regulations, they will not become the “culprit” for personal privacy leaks.However, under the policy supervision, there are still phenomena with ulterior motives to steal personal data by using regulatory loopholes.
“The risk of privacy leakage also exists in some aftermarkets and third-party applications for data collection and leakage.” Insiders of a OEM factory told Future Auto Daily that specific actions include installing some illegal on-board software or hardware to bury the privacy of usersA time bomb, some ulterior motives will also sell users’ privacy data.
At the cusp of the evolution of smart cars to autonomous driving, dealers, insurance companies, and technology companies are eager to use this data and information to leverage this huge market.They use radar sensors, diagnostic systems, and car navigation systems to record behavior data from cars and drivers.
Because this data involves user privacy, companies are often vocal about its use.However, it is undeniable that some third-party in-vehicle software will silently collect the user’s digital activities in the car, but change hands and leak user information to other third parties, and even some illegal software maliciously steals user information for profit.
Privacy and convenience are not zero-sum games
“Privacy issues are actually relative.” Insiders of the aforementioned OEM told Future Auto Daily that it is reasonable for car companies to use personal information to provide services to consumers.problem.
This is the crux of the privacy issue.When the use of private information is to provide services to users, and users readily accept it, there is no so-called privacy theft.An embarrassing fact is that users are willing to sacrifice some of their privacy in order to get convenience.
According to the Bank of America Merrill Lynch report, everything will be digital in the next 10 years.By 2030, the amount of data generated by self-driving cars will exceed that of all people on the planet today.At the same time, consumers are less likely to reduce the frequency of convenience services.Of the 1,500 U.S. consumers surveyed, 79% said they were willing to abandon personal data privacy for “clear personal benefit” and 62% of millennials were willing to abandon third-party data.
When dataization is inevitable, human beings can no longer “stand alone” in this age of interconnectedness.People try to strike a balance between privacy and convenience, but no one can tell where exactly the red line between the two is.
There is no zero-sum game between privacy and convenience, but this does not mean that the protection of user privacy can be shelved.
At present, research on anti-intrusion technology at home and abroad is still in the development stage.
Researchers at Shanghai Jiaotong University have designed a risk assessment model for the privacy leakage of connected cars, and used this model to dynamically provide defense strategies.French universities have also specifically proposed intrusion detection systems specifically used in vehicle-mounted ad hoc networks, but most research is still in the laboratory stage.
On April 4, 2019, the Automotive Standardization Research Institute of the China Automotive Technology Research Center announced that the four national standards projects for automotive information security submitted by the National Automotive Standardization Technical Committee Intelligent Networked Automobile Sub-Bid Committee were approved.This means that after the United States, Britain, and Germany, China also has its own automotive information security standards.
But these are just the beginning.
When the Internet of Vehicles truly returns to the nature of providing convenience and is still able to “do no harm”, users can take off their defenses and accept the convenience in exchange for privacy.