feature article
Subscribe Now

Your Car: 25 GB/Hour of Personal Data

Otonomo Makes it Their Business to Track, Sell Your Whereabouts

What defines creepy? Is it a dark abandoned house with creaking floors and a history of mayhem? A doll with eyes that seem to follow you? A backwoods loner with a chainsaw? 

Or is it your car? Your car takes you to work, to your friends’ houses, to your favorite vacation spots, and back home again. It goes everywhere with you — or you with it. It’s your closest companion, along for every ride, every adventure, and every misadventure. So what would happen if this close companion blabbed to a stranger about absolutely everywhere you’ve been together? 

Too late: it already has. 

Unbeknownst to most of us, many new cars now stream gigabytes of real-time data up to the cloud, where it’s collected, collated, aggregated… and sold. Up to 25 GB/hour of automotive data gets collected and shipped off from new cars by BMW, Mitsubishi, Chevrolet, Mercedes-Benz, Nissan, Cadillac, Renault, Dodge, and others. More than 40 million new cars are already sharing their owner’s travel activities, with tens of millions more joining the club every year. 

What kind of data? It’s a long list, including GPS coordinates, vehicle type, speed, odometer reading, entertainment media choices, outside temperature, accelerator and brake pedal pressure, turn signal status, steering wheel position, oil level, fuel level, tire pressure, seat belt status, lateral g forces, and much more. In all, 50–80 separate items are measured, recorded, and sent to someone else. 

Surprised? Creeped out? Or unconcerned? 

Let’s look at an example. Without spending a dime, you can obtain thousands of data points recorded from cars operating in your choice of region (city, state, or country). The data is anonymized, in the sense that it doesn’t include drivers’ names, but that hardly makes it anonymous. As this Motherboard article points out, location data alone is enough to pinpoint someone’s home (i.e., where is the car parked every night?) and their workplace (where is it parked during business hours?), as well as their friends, favorite restaurants, doctor visits, recent movies, and much more. Given all of that, filling in the owner’s name is trivial. 

Some automakers collect this data themselves, but most of the big names farm out their data collection to an independent Israeli company called Otonomo. The company says it has OEM agreements with 16 large automakers (including those named above), amounting to more than 40 million cars globally. The amount of data collected varies by car, ranging from 50+ parameters for cars made by Stellantis (that is, Dodge, Chrysler, Jeep, Ram, Fiat, Peugeot, Alfa Romeo, Maserati, and others), to over 80 data points for Mercedes-Benz vehicles. In all, the company says it collects a whopping 4.3 billion data points per day

Why would Otonomo collect all this data? To sell it, obviously. Customers include insurance companies, advertisers, automakers, law enforcement, municipalities, financial institutions, and even the military. Said customers pay Otonomo $15–$25 per car per year, or $30–$100 per million data points per year, according to this corporate investor presentation

The company’s mission statement proclaims, “We harness the immense potential of automotive data by allowing thousands of organizations across a broad range of end markets to seamlessly access, explore, analyze, and unlock the full data potential” and to “provide new monetization avenues for OEMs…” 

“Thousands of organizations?” Yikes. Otonomo estimates the revenue potential from “car data monetization” will reach at least $450 billion, and maybe $750 billion, by 2030. 

Until recently, Otonomo even offered a free trial to anyone with an email address. (Now the company says it requires a phone call and “additional vetting.”) As one reporter figured out, it was easy to sign up for multiple free trials and aggregate the data to provide an even clearer picture of the unsuspecting participants in his experiment. 

Otonomo says that its data is all scrubbed and anonymized, and that users (meaning drivers) must consent to the data sharing beforehand. But such “consent” often amounts to a click-through agreement on the car’s GPS screen. No consent, no navigation or radio. Sometimes having a cell phone in the car amounts to consent (check your carrier’s service agreement). 

There are admittedly some fairly benign uses for such data; ones that might actually benefit drivers instead of monetizing them. A low oil reading, for example, might trigger an email warning. Oh wait… cars already have dashboard “idiot lights” for that. Same goes for high coolant temperatures, low fuel level, low tire pressure, high engine RPM, excess speed, and other potentially damaging conditions. In short, drivers over the last hundred years have had all the information they need to drive and maintain their own cars. 

Otonomo’s terms of service includes a stern finger-wagging admonishing their clients not to ”…derive, or attempt to derive, either directly or indirectly, the identity of an individual…”. Yeah, that ought to keep the stalkers away. The company’s website also includes an opt-out link for consumers, but ironically enough, it requires you to create an account and identify your vehicle. All of which assumes that car owners even know to look for the Otonomo website. 

Drivers and car owners don’t usually, if ever, sign an agreement directly with Otonomo. Any consent is typically buried in amongst the paperwork with the car dealer, automaker, rental company, or leasing agent. They, in turn, might have an agreement with Otonomo, which is motivated to sell the data to anyone they like. Nobody in that chain has an incentive to clarify the situation, while Otonomo has every incentive to offer the data to “thousands of organizations.” 

We’ve already seen how cameras can legally record every car’s whereabouts and derive sensitive personal information from that. Now we can skip the camera; the car itself will rat you out if you’re dodging work. The world’s privacy ends not with a bang but a whimper.

2 thoughts on “Your Car: 25 GB/Hour of Personal Data”

Leave a Reply

featured blogs
Oct 22, 2021
Voltus TM IC Power Integrity Solution is a power integrity and analysis signoff solution that is integrated with the full suite of design implementation and signoff tools of Cadence to deliver the... [[ Click on the title to access the full blog on the Cadence Community site...
Oct 21, 2021
We share AI chip design insights from AI Hardware Summit 2021, including wafer scale AI accelerator chips, high-bandwidth memory interfaces, and custom SoCs. The post 4 Futuristic Design Takeaways from the AI Hardware Summit 2021 appeared first on From Silicon To Software....
Oct 20, 2021
I've seen a lot of things in my time, but I don't think I was ready to see a robot that can walk, fly, ride a skateboard, and balance on a slackline....
Oct 4, 2021
The latest version of Intel® Quartus® Prime software version 21.3 has been released. It introduces many new intuitive features and improvements that make it easier to design with Intel® FPGAs, including the new Intel® Agilex'„¢ FPGAs. These new features and improvements...

featured video

What are V³Link SerDes?

Sponsored by Texas Instruments

V³Link ICs are ultra-low latency SerDes that aggregate video, clock, control and GPIO data into a single-wire bidirectional bridge between industry-standard interfaces. Vision-based designs can use V³Link devices to achieve higher resolution, extend cable reach up to 15 meters and reduce system size, weight and power. Learn about the basics of V³Link technology and explore typical applications for V³Link in this training video.

Click here for more information

featured paper

How to Design with Maxim’s Latest Supervisors

Sponsored by Maxim Integrated (now part of Analog Devices)

As the technologies in MCUs, µPs, DSPs, and FPGAs move toward lower geometries and power, operational voltages become significantly low for these devices. Reducing the core voltage poses challenges in the use of high-accuracy power supply and voltage supervisors to avoid system failure. This application note discusses the critical parameters Maxim’s MAX16132–MAX16135 supervisor family and presents a reasonable approach in choosing the right reset threshold and hysteresis for voltage supervisor ICs.

Click to read more

featured chalk talk

Time Sensitive Networking for Industrial Automation

Sponsored by Mouser Electronics and Intel

In control applications with strict deterministic requirements, such as those found in automotive and industrial domains, Time Sensitive Networking offers a way to send time-critical traffic over a standard Ethernet infrastructure. This enables the convergence of all traffic classes and multiple applications in one network. In this episode of Chalk Talk, Amelia Dalton chats with Josh Levine of Intel and Patrick Loschmidt of TTTech about standards, specifications, and capabilities of time-sensitive networking (TSN).

Click here for more information about Intel Cyclone® V FPGAs