What Apple's iPhone Fight With the FBI Means for Car Privacy
19 February 2016 - Autoblog
In perhaps the biggest fight yet over the privacy rights of ordinary citizens, Apple said Wednesday it would fight a court order that requires the company to provide government investigators with access to encrypted data on a cell phone.
Building a back door for FBI agents to access a phone that's part of an investigation into the San Bernadino shootings, Apple says, would not only give the agency access not only to the phone of alleged murderers. It would also provide a "master lock" for law enforcement to peruse millions of records belonging to ordinary, law-abiding Americans.
"The implications of the government's demands are chilling," writes Apple CEO Tim Cook. "... It would have the power to reach into anyone's device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge."
While not directly addressed in this conflict over the iPhone, the outcome of Apple's resistance to the court order will have broader implications for all mobile devices, whether or not their contents are encrypted. And lest anyone forget, cars are mobile devices.
One way a decision will affect cars is specific to Apple. The Silicon Valley giant has been installing its CarPlay phone-projection system in the new cars of major automakers over the past nine months. Because everything a driver sees in CarPlay originates from the iPhone, the same privacy standards – the ones the government is seeking to negate – carry over to CarPlay.
Apple says it only uses "essential information that enhances the CarPlay experience" from the car itself, but that includes GPS data that is used to make navigation and Apple's "Maps" feature as accurate as possible.
For privacy advocates, the idea the government could seek vehicle data because CarPlay connects iPhones and cars may be alarming enough, but that's one small slice of a broader trend. Even beyond CarPlay, cars themselves are collecting troves of data on their drivers.
Some of this information relates to driving – how fast drivers go, how hard they brake and how loud they turn the volume up when listening to the radio, for example. Some of it relates to more sensitive location information – tracking where drivers go and when they go there reveals which doctors they visit, what churches they attend or perhaps how often they stop at a liquor store on the way home from work.
Last year, two U.S. Senators and AAA, the nation's largest motoring organization, said automakers weren't transparent enough with car owners in informing them about what information was collected, how long it was stored and whether they shared that information with third parties. Earlier, a report from the Government Accountability Office concluded that automakers needed to do more in telling motorists how and why they're collecting and storing real-time navigation data.
In response, 12 automakers reached a voluntary agreement to implement measures that would prevent unauthorized access to data, minimize the records collected to those only needed for "legitimate business purposes, and require a warrant before giving data to law enforcement. But Senators Ed Markey (D-Massachusetts) and Richard Blumenthal (D-Connecticut) argued the scope of that voluntary agreement didn't go far enough.
They've proposed legislation, the Security and Privacy in Your Car Act of 2015, that would give car owners and lessees the option of terminating the collection and retention of driving data. If motorists chose to do so, the act would ensure they could still use infotainment features like turn-by-turn navigation and other features. The "SPY Act" would also require manufacturers to receive consent of owners or lessees before using any information for advertising or marketing purposes.
In December, car owners earned a victory more narrow in scope. Provisions in the FAST Act, a transportation bill that largely provided billions for road projects, affirmed car owners and lessees owned the data collected by event data recorders in their cars. So-called "black boxes" in cars have been required by federal rules since last year, and the legislation requires law-enforcement agents obtain a warrant before accessing that data. The provision only applies to the Event Data Recorder (your car's black box, so to speak) information, though, not all forms of data collected by cars.
As cars become more connected to wifi hotspots, to traffic infrastructure and, yes, to iPhones, it's worth remembering that Apple's resistance to building a back door for mobile devices will be a bulwark against diminished privacy rights. On the road, that privacy is increasingly harder to find.