You Have Probably Heard of Autonomous Vehicles

What about Connected Vehicles?

Autonomous Vehicles

“Autonomous Vehicles” and their implications on Safety, Security, and Privacy are heavily debated by regulators, industry, advocates, and consumers worldwide. They all rely on a standardized definition of the Levels of Driving Automation. Despite all the debate and fascination with “self-driving cars” there are no highly automated (level 3 and above) vehicles commercially available to consumers today.

Connected Vehicles

On the contrary, “Connected Vehicles” are not as debated, yet are widely available and pose equally serious challenges to Safety, Security, and Privacy of drivers, vehicle occupants, and even consumers who just happen to be in range of some of these vehicles.

Levels of Driving Connectivity

To facilitate the debate of these technologies in a manner similar to AVs, Privacy4Cars proposed a standardized definition of the Levels of Driving Connectivity parallel to the Society of Automobile Engineers’ (SAE International) framework. Vehicles with no connectivity are defined as Level 0, vehicles meeting the bare minimum requirements to be “Connected Devices” under generally accepted laws (e.g. GDPR and CCPA) are defined as Level 1, and the highest possible level of connectivity “Vehicles to Everything” or V2X is defined as Level 5.
Perhaps surprisingly, Level 1 Connected Vehicles have been commercially available to consumers for two decades, and constitute the large majority of the vehicles on the road in developed countries. They also represent the majority of used vehicles for sale.
Even more surprisingly, what the industry calls “Connected Vehicles” , i.e. vehicles with their own native, embedded connectivity (meaning they contain a Telematics Control Unit with direct access to a mobile telecom network via a SIMM) are Level 3 Connected Vehicles, i.e. significantly higher on the connectivity scale than the legal definitions for connected devices. The ~15 year worth of vehicle production misalignment between industry definitions and legal definitions is a symptom of how overlooked the legal issues posed by connected vehicles have been – until recently .
Level 3 and above Connected Vehicles constitute almost the totality of new vehicles produced today. Level 5 vehicles – the highest possible level – are also already for sale to consumers today.

Privacy4Cars’ Five Levels of Vehicle Connectivity

LEVEL 0

LEVEL SUMMARY:
No connectivity
CONNECTIVITY:
The vehicle does not have the capability to connect to the internet or any other device. Has no Bluetooth capabilities
EXAMPLE FUNCTIONS:
None. Any vehicle pre Bluetooth commericalization (1999)
PRIVACY IMPLICATIONS
None (as far as vehicle tech)

LEVEL 1

LEVEL SUMMARY:
Local connectivity only
CONNECTIVITY:
The vehicle does not have it’s own native connectivity, but can connect to other devices (e.g. via Bluetooth, USB) and leverage the devices’ connectivity to offer OEM-designed/branded connected services through the infotainment system
EXAMPLE FUNCTIONS:
As in Level 1, PLUS live traffic updates, local info (e.g. weather, updates)
PRIVACY IMPLICATIONS
Data synced from connected devices (including metadata, such as device identifiers) may be available to future owners or other third parties who have access to the vehicle if not properly removed

LEVEL 2

LEVEL SUMMARY:
Indirect connectivity via connected devices
CONNECTIVITY:
The vehicle does not have it’s own native connectivity, but can connect to other devices (e.g. via Bluetooth, USB) and leverage the devices’ connectivity to offer OEM-designed/branded connected services through the infotainment system
EXAMPLE FUNCTIONS:
As in Level 1, PLUS live traffic updates, local info (e.g. weather, updates)
PRIVACY IMPLICATIONS:
If a device is connected, service provider (OEM/Tier1) may accesss in real or near-real time information about the vehicle and its occupants, including geolocation and driver behavior. Data streamed from connected devices may be available to future owners or other third parties who have access to the vehicle if not properly removed

LEVEL 3

LEVEL SUMMARY:
Direct connectivity, in-vehicle only, OEM only services
CONNECTIVITY:
The vehicle has its own native connectivity (i.e. a telematic connection through an embedded SIMM) that is used to offer OEM-designed/branded connected services inside the vehicle only
EXAMPLE FUNCTIONS:
As in Level 2, PLUS e-Call, anti-theft, turn-by-turn directions sent by a vehicle service, Over-The-Air updates, connected vehicle driver scoring
PRIVACY IMPLICATIONS:
Service provider (OEM/Tier1) may access at all time (even if a device is not connected to the vehicle) a broad range of real or near-real time information about the vehicle and its occupants, including geolocation, driver behavior, occupant behavior, video recordings, and voice recordings. Data may be stored in the vehicle but also in OEM/Tier1 servers, from where it could be shared to third parties or leaked in a data breach

LEVEL 4

LEVEL SUMMARY:
Direct connectivity, OEM services inside and outside of vehicle, including with personal devices of users
CONNECTIVITY:
The vehicle has its own native connectivity (i.e. a telematic connection through an embedded SIMM) that is used to offer an in-vehicle experience of a broad range of online services that can be seamlessly ported inside and outside the vehicle (via personal devices associating personal devices with vehicles)
EXAMPLE FUNCTIONS:
As in Level 3, PLUS vehicle health update sent to vehicle owner and/or service center, reminders/calendaring, in vehicle Wi-Fi, connected voice assistants, in vehicle shopping and coupons remote start/unlock via an app, presentation layers powered by third parties (e.g. Android Auto, Apple CarPlay),third-party applications that are mobile-first but associate a vehicle with user accounts (e.g. Alexa, SiriusXM/Pandora, Google Maps)
PRIVACY IMPLICATIONS:
Service provider and a number of third parties may access at all times a very broad range of real or near-real time information about vehicle owners/occupants, including outside the vehicle for services they also consume inside the vehicle, including geolocation, voice recordings, detailed online or offline behavior. Service providers, which includes not only OEMs but any connected-vehicle enabled provider and the third parties who power those services, may be able to build a detailed profile of drivers and occupants and tie their in-vehicle behavior with their behavior online, or in real life through devices that are directly or indirectly connected to the automotive data ecosystem.Large amount of data is likely to be stored not only in the vehicle but also across a plethora of third parties who could further share this data with other third parties or leaked in a data breaches.

OEM likely to operate as a hub of the majority of vehicle data, but connected service providers may directly collect data, at least while in use, but also possibly in the background, and can start collapsing in a single persona online profiles and real-world profiles of individuals.

LEVEL 5

LEVEL SUMMARY:
Direct connectivity, vehicle is a hub supporting and communicating with several third party services inside and outside the vehicle, including other vehicles and infrastructure (V2X)
CONNECTIVITY:
The vehicle has its own native connectivity (i.e. a telematic connection through an embedded SIMM) that is used to offer an in-vehicle experience of a broad range of online services that can be seamlessly ported inside and outside the vehicle (via personal devices associating personal devices with vehicles) PLUS can interact with infrastructure or other similarly equipped vehicles
EXAMPLE FUNCTIONS:
As in Level 4, PLUS automated tolling and parking payments, traffic management applications (e.g. traffic lights, other vehicles), media sharing, vehicle video monitoring and streaming (e.g. remote storage or processing of security footage or automated driving footage)
PRIVACY IMPLICATIONS:
Service provider and a number of third parties may access at all times a very broad range of real or near-real time information about vehcicle owners/occupants, including outside the vehicle for services they also consume inside the vehicle, including geolocation, voice recordings, detailed online or offline behavior. Service providers, which includes not only OEMs but any connected-vehicle enabled provider and the third parties who power those services, may be able to build a detailed profile of drivers and occupants and tie their in-vehicle behavior with their behavior online, or in real life through devices that are directly or in directly connected to the automotive data ecosystem.

Large amount of data is likely to be stored not only in the vehicle but also across a plethora of third parties.

While OEMs still capture a large portion of vehicle data, the ability of third parties, including government-run or privately owned infrastructure elements (e.g. traffic lights, tolls, camera networks, gas and service stations, etc.) to collect information and independently build profiles of individuals grows greatly. This expanded group of parties in turn can sell data to an even greater number of third parties who would be able to more easily overlay online and real-life behavior of users, creating unprecedented levels of profiling and greatly increasing the risk and severity of data breaches.