Tesla - Ongoing Privacy Issues / Security

[strider]

I think this here is the important part.

We can never protect ourselves fully against data breaches or government interventions, but there are differences in the company policy and culture on how they interact with out data. Those we should understand and decide on how to deal with them.

Apple, for example, has been shown to go to lengths to protect the privacy of its customer's encrypted content. Even fighting the government.

Tesla, on the other hand, has been shown to loudly volunteer their customer's driving data to any media that will listen to them, when it seems to be in Tesla's best interest PR-wise (e.g. after a crash).

Clearly there are differences in company policies on how they treat customer privacy issues.

I loudly disagree. Apple (and Amazon, FB, Google, MSFT, Uber, etc) will also loudly volunteer any data to any media/govt if it is in the company's best interest. They'll also use it in any way they wish to further their own agenda. Tim Cook is a smart guy and saw that it was in Apple's best interest to resist the govt in that particular case. But they (and FB, Google, Amazon, Uber, etc) are still collecting data with wild abandon and there is effectively nothing you can do to limit or stop them from selling that data to whomever they want except to not use those services.

You have the same issues with any connected car, be it a Jeep, Audi, or whatever. They collect whatever they want and your only option is to not use the product. There is already precedent with John Deere and other tractor manufacturers "owning" all of the telematics data collected by the farmers that use their products. They then package and resell that data to people who could use it to trade futures contracts and things.

The bottom line is that very few people in the world worry about this stuff. I can't tell you the number of times I try to talk to people about using FB and ask them what FB's product is. They almost always respond with "a Social Media platform". Bzzzt. The answer is "you". Blank stare. I think there will be a backlash someday but for now it's clear that people are more than willing to trade their privacy for "free" stuff/convenience. I'm even guilty of it - I use LinkedIn and drive a Tesla but I do still use a Blackberry

 

[AnxietyRanger]

I loudly disagree. Apple (and Amazon, FB, Google, MSFT, Uber, etc) will also loudly volunteer any data to any media/govt if it is in the company's best interest. They'll also use it in any way they wish to further their own agenda. Tim Cook is a smart guy and saw that it was in Apple's best interest to resist the govt in that particular case. But they (and FB, Google, Amazon, Uber, etc) are still collecting data with wild abandon and there is effectively nothing you can do to limit or stop them from selling that data to whomever they want except to not use those services.

You have the same issues with any connected car, be it a Jeep, Audi, or whatever. They collect whatever they want and your only option is to not use the product. There is already precedent with John Deere and other tractor manufacturers "owning" all of the telematics data collected by the farmers that use their products. They then package and resell that data to people who could use it to trade futures contracts and things.

The bottom line is that very few people in the world worry about this stuff. I can't tell you the number of times I try to talk to people about using FB and ask them what FB's product is. They almost always respond with "a Social Media platform". Bzzzt. The answer is "you". Blank stare. I think there will be a backlash someday but for now it's clear that people are more than willing to trade their privacy for "free" stuff/convenience. I'm even guilty of it - I use LinkedIn and drive a Tesla but I do still use a Blackberry

Mere speculation about other companies. Not that some aren't doing similar things, but not all are the same either.

With Tesla we know they will discuss customer data in public when it comes to crashes. They will do it quickly, even before really they would have to.

We know that. Many other companies and industries are much more careful about individual customer data.

 

[AnxietyRanger]

True.

I still don't understand for those who value privacy but still drive a Tesla as history has demonstrated that it has widely released drivers' data repeatedly and here are just a sample:

1) BBC Top Gear
2) New York Times reporter Broder
3) Wisconsin Anesthesiologist doctor Robert Montgomery...

Stop asking innocent questions! It's very simple: the big brother Tesla is watching you, period!

Yes. Tesla is doing that and they will talk your data in public, as has been seen.

We each make our mind about what to do with that info of course.

 

[TDUK101]

To be fair to Tesla (yes, I do wish to be), in the case of Top Gear and I think NYT they were both driving Tesla's own vehicles and it wasn't personal/private data so I don't think it's the same. In the case of the doctor, he was (I think?) suing Tesla, so that comes under their policy of, if you sue us, we will do what the hell we like with your private data, which presumably includes threatening to publish it on the Internet to show you have hookers and drug dealers in your contacts list....

 

[JoaoD]

The moral story is: If you want to keep your phone untrackable, you do not buy an Iphone even if Apple promises to keep your info private.

I'm even guilty of it - I use LinkedIn and drive a Tesla but I do still use a Blackberry

Not no disagree with your choices but if you are using a mobile carrier (everyone who uses a mobile phone in practice) data is still getting collected and as long as you are connected to the carrier (being it using the internet or only satellite connection) your data can always be accessed by some hacker or by the connection company.
The only safe way to keep data secure is to keep it in a place with no connectivity. There are almost no completely private devices nowadays.

 

[TDUK101]

Right, but I am reasonably confident that my mobile carrier is not secretly uploading my calendar and contact to their own servers (obviously they know the numbers dialled!). Even iOS/Android give you the option to NOT backup WiFi passwords outside of the phone. My data is not their data, just because they can take it.

 

[Tam]

....I am reasonably confident...

It is noble to fight for your privacy.

I do not intent to discourage you because I do believe it is a righteous fight.

However, I am not sure whether it is helpful by asking Tesla with obvious questions such as: Are you watching me with one eye or two eyes? Left or right?.... when you already know that it is recording every move you make!

 

[AnxietyRanger]

To be fair to Tesla (yes, I do wish to be), in the case of Top Gear and I think NYT they were both driving Tesla's own vehicles and it wasn't personal/private data so I don't think it's the same. In the case of the doctor, he was (I think?) suing Tesla, so that comes under their policy of, if you sue us, we will do what the hell we like with your private data, which presumably includes threatening to publish it on the Internet to show you have hookers and drug dealers in your contacts list....

Sure, but Tesla has also volunteered info to media about crashes in several instances where they were not being sued and where the cars were private cars.

Also, it is quite different to use data as a legal defence in a court, than using it for PR in media...

If you crash visibly enough, Tesla will share your data in public (even or especially if you are dead) - that has been the key takeaway so far.

 

[strider]

Not no disagree with your choices but if you are using a mobile carrier (everyone who uses a mobile phone in practice) data is still getting collected and as long as you are connected to the carrier (being it using the internet or only satellite connection) your data can always be accessed by some hacker or by the connection company.
The only safe way to keep data secure is to keep it in a place with no connectivity. There are almost no completely private devices nowadays.

True, but mobile carriers are technically regulated by the government and so there is recourse should the body politic force the govt/regulators to do something. But with private companies like Tesla (and FB, Google, Amazon, JD, etc, etc) there is no recourse. Their privacy policies are written so broadly that they can do anything they want with your data. Truly your only option is to not use the products or services with which you disagree.

 

[bonnie]

Worth repeating - Tesla has a privacy policy. If you haven't read it, it's worth reading. (Please note that this is not meant as a response to any particular post.)

Privacy & Legal | Tesla

Curious if anyone here has opted out of Tesla's data collection.

 

[TDUK101]

As an update, I mentioned earlier that Tesla had changed my order AFTER I had signed it. When I signed the order I asked for a printed copy by the salesman said they don't do paper but I could view it on-screen any time. He showed me "your vehicle specification", which is the part which changed. The original PDF copy of the order confirmation, which I downloaded is unchanged.

The vehicle specification PDF however I think it produced dynamically (either in real time when you download it or every so often), so, it seems the the reason for the changes to my vehicle are because they changed the format and content of the PDF source text/layout.

As the changes were material (suddenly Tax/VAT apparently wasn't included, supercharging was removed...) and should not have happened, I'm guessing this was just lack of forethought rather than deliberate shenanigans or deliberate moving of goalposts... Interestingly, when checking this, I noticed that in the order Tesla state that they DO NOT log or store your vehicle location, which seems a strange assurance seeing as they don't give assurances about so much other equally important data..

 

[verygreen]

I spoke with Tesla legal counsel about privacy a bit (started as a licensing thing, but I was allowed to add other questions so I did).
In particular I wondered about more finer-grained control of what's accessed/shared or at least make a remote login a "request permission first" type thing - this was flatly refused along with everything else. The only option being "do a total optout and lose the fw updates and other functionality - but no tracking".
It was also mentioned that the pictures from the cameras are collected in two modes - the emergency mode we already know of (pre-crash), but also the EAP collects and transfers the pictures to the mothership as you drive/car is on "for AI training purposes", but they are "anonymized" (i.e. no gps coordinates and such).

 

[TDUK101]

That's interesting and a bit comforting...but without it being an official comment from a named person, it's less useful (not your fault). How did you reach their legal counsel ? When was this ?

 

[verygreen]

I spoke with them on Jan 30.
Basically asked OA about Tesla GPL noncompliance, and he got back to me stating Tesla has a lawyer that wants to talk to me (they have been approached by some seriously minded people as I could infer then and now confirmed by other means and so their goto mode is now "anybody asks for that - have the IP guys talk to them").

 

[Shock-On-T]

Let me tell you a story about growing up in rural Australia:

Due to the vast distances and sparse population, the mate-seeking teen often has few suitable candidates living close to him or herself. To that end, a tradition has developed known as the Bachelor and Spinsters Ball.

These classy events are held annually in various regional hubs, and have the following common features:
- totally unsupervised
- held in a muddy football ground at night
- unlimited free alcohol (noting that Australia's drinking age is 18)
- tuxedo mandatory

By the early hours of the morning the event has usually devolved into a "Lord of the Flies" scenario, involving packs of heavily inebriated young men playing aggressive rugby with no need of a ball. Proud, well groomed men are brought down by the horde, with the main aim being to leave no clean tuxedo in the grounds by morning.

Keeping one's rented (and heavily-collateralised) tuxedo clean becomes evermore difficult as the night progresses.

Whenever I hear about preserving one's privacy in this day and age I'm always reminded of my noble, but ultimately futile attempt to keep my tuxedo out of Moree's mud at the tender age of 18. Try as you might, but eventually you're just dirty all over.

But then again, that brings its own kind of freedom.

 

[Bigtanuki]

Let me tell you a story about growing up in rural Australia:

Due to the vast distances and sparse population, the mate-seeking teen often has few suitable candidates living close to him or herself. To that end, a tradition has developed known as the Bachelor and Spinsters Ball.

These classy events are held annually in various regional hubs, and have the following common features:
- totally unsupervised
- held in a muddy football ground at night
- unlimited free alcohol (noting that Australia's drinking age is 18)
- tuxedo mandatory

By the early hours of the morning the event has usually devolved into a "Lord of the Flies" scenario, involving packs of heavily inebriated young men playing aggressive rugby with no need of a ball. Proud, well groomed men are brought down by the horde, with the main aim being to leave no clean tuxedo in the grounds by morning.

Keeping one's rented (and heavily-collateralised) tuxedo clean becomes evermore difficult as the night progresses.

Whenever I hear about preserving one's privacy in this day and age I'm always reminded of my noble, but ultimately futile attempt to keep my tuxedo out of Moree's mud at the tender age of 18. Try as you might, but eventually you're just dirty all over.

But then again, that brings its own kind of freedom.

That, my friend, is a fabulous story!! Bravo.

 

[Tam]

...bit comforting...

Sure Tesla can sweet talk to you that your data is "anonymized" (i.e. no gps coordinates and such)."

But look at all the details posted about New York Times reporter Broder:

In this example, the name, gps, speed, temperature... were not "anonymized" because the illustrations mention "Broder"

 

[verygreen]

Sure Tesla can sweet talk to you that your data is "anonymized" (i.e. no gps coordinates and such)."

But look at all the details posted about New York Times reporter Broder

In this example, the name, gps, speed, temperature... were not "anonymized" because the illustrations mention "Broder"

Did he opt out? Did he own the car even? I wonder what sort of an agreement and disclosures did they make him sign first before letting him go in the demo car.

 

[Tam]

Did he opt out? Did he own the car even? I wonder what sort of an agreement and disclosures did they make him sign first before letting him go in the demo car.

It sounds like your privacy is secured as long as you don't do anything "wrong" (perfect paperwork. proper opt out, own the car, read your agreement and disclosure, disassemble your GPS antenae, disassemble your WiFi/3G/LTE internet antanae, never get a firmware update, avoid hooking your car to Supercharger, have your car riding on a faraday cage on a truck....)

Sure, we are all assured by Tesla that the data are not identifiable but the history is disproving that: take an example of probable cause of crime and Tesla didn't even need a search warrant:

The lemon lawsuit illustrated that Tesla looked at the owner's past activities to decipher whether he committed fuse box sabotage or not.

"When the fuse kept blowing despite the new parts, and faced with no diagnosis showing anything wrong with the car, the engineers were moved to consider the possibility that the fuse had been tampered with. After investigating, they determined that the car's front trunk had been opened immediately before the fuse failure on each of these occasions. (The fuse is accessed through the front trunk.) Ultimately, Tesla service applied non-tamper tape to the fuse switch. From that point on, the fuse performed flawlessly."

 

[verygreen]

Sure, we are all assured by Tesla that the data are not identifiable but the history is disproving that: take an example of probable cause of crime and Tesla didn't even need a search warrant:

Well, there's no such assurance actually. The data collected IS identifiable and they say so in their privacy policy.
They say other things in there that are less true, though, like the remote access part.

It's just the learning data from ape that is supposedly anonymized.