05.04.07
Your Car is Spying on You
I came across an interesting article today. The article, "Is Big Brother in your car?" (via Thoughts of a Technocrat), informed me that cars have a "black box"... Not all cars, the manufacturers are listed in the article as: Ford, Mazda, Mitsubishi, Subaru, General Motors, Isuzu, and Suzuki. Harris Technical (a black box recovery company has a "complete" list of cars with black boxes (or EDR/CDRs). Apparently more than half of all new cars carry these devices, located in the cars underbelly, tied into the air bag system.
These "black boxes" (actually silver boxes) are being called a privacy concern by the ACLU. Both the police and your insurance company could have access to these devices to know all the details of how you were driving when an accident occurred.
I see this as a minor issue... I actually was more interested in learning that these devices existed... I decided to contact one of the companies that provide Crash Data Recovery, Harris Technical, and get answers to a few questions I had... I was impressed with how quickly Jim Harris replied to me. Below you will find the questions I posed to Jim as well as the excellent answers that he provided. Thanks Jim.
options or sub-models (GT, XLS, etc). For pre-2000 GM vehicles, it is
mostly crash data. This is the velocity change of the vehicle through
the crash and does not include pre-impact data such as speed or brake
application. For post-2000 GM vehicles, through 2006, crash data plus up
to 5 seconds of pre-crash data including speed, brake application,
engine speed and throttle position may be stored. For some 2007 GM
vehicles, 2.5 seconds of pre-crash data is stored but much more
technical information regarding occupant restraints is also stored. For
most Fords, only crash data, however, in some models, Crown Vics for
one, up to 20 seconds of pre-crash data and crash data may be stored.
2. Do you have a sample of the output of the CDR that could be published?
find a pre-crash graph for a 2002 Saturn along with a photo of the
vehicle. A complete example report for a GM vehicle is attached in pdf
format. There are great variations between reports for different
vehicles but this is one that is currently common.
3. Is the data stored in any sort of encrypted/encoded format? Could
anyone, given the proper equipment, obtain data from any CDR?
requires software and hardware available from Vetronix, Corp. of Santa
Barbara, CA. http://www.vetronix.com The equipment is available to
anyone that wants to buy it. This equipment does not support all
vehicles with EDRs as the vehicle manufacturers have not yet released
the required information. A list of currently supported vehilces is on
our web site at http://www.harristechnical.com/downloads/cdrlist.pdf
Other vehicles may (do) have an EDR on board but data can only be
accessed, at this time, by the manufacturers, not the dealer technicians.
4. What sort of equipment is required to access a CDR? Is the
connection a standard data connection or proprietary? Could a
home-brew system be built?
Link Connection, one method to obtain data from an EDR in certain
circumstances, is standard, direct connections to the EDR modules
requires proprietary cables. An interface box is provided in the CDR
Tool kit. CDR Tool software is also required.
5. Can this data be accessed on the fly? For example, could someone
with the proper equipment read the current data off the device, even
if it hasn't been written due to an impact. Could I drive a car into
your building and have you access any data off the CDR.
when there is an air bag deployment event or air bag deployment level
event. The deployment level event is when there is a crash that would
have ordered an air bag deployment but it was not for a variety of
reasons, driver out of position, etc. A non-deployment file may also be
written, such as hitting a pothole. This is a temporary file that will
either be erased after about 3 months or overwritten by an event of
greater magnitude. Without an event, there is no data stored.
6. Can the device be accessed without damaging a vehicle?
to damage to the vehicle's electrical system, then direct access must be
gained to the module. This usually involves cutting some carpet under a
seat or removing a center console.
7. Do you see any privacy concerns with the CDR?
address, medical or financial records. However, it is private property.
A list of states with laws specific to accessing EDR data is available
at http://www.harristechnical.com/cdr7.htm All 50 states also have
computer trespass laws that may apply to gaining access to EDRs. This
last item has not been tested in court to my knowledge.
8. Do these devices have a maximum lifetime? Will they operate the
full life of a vehicle, or are they useless after an accident? If they
are useless, can a replacement be purchased and installed?
upon data from various sensors and other components operating correctly.
EDRs are expected to last the life of the vehicle.After an air bag deployment crash, the EDR, which is part of the air
bag control module, must be replaced to repair the air bag system. New
replacement modules are available through dealer parts departments. It
is recommended that only dealer technicians, with the proper training
and equipment, repair air bag systems. Buying a used one, even if the
seller "guarantees" it works, is a bad idea as you cannot tell if it is
going to function correctly when most needed.
Jim was also kind enough to include a Sample Report. I found all of this rather interesting... Is it a big invasion of privacy... not really, could it affect insurance claims definitely... Anyways... now you know as much as I do on the subject.
Bakez said,
May 4, 2007 at 11:29 pm
This isn’t a bad idea. But the idea that you can’t “tamper” with it is odd. You have purchased the car. Its yours. Full ownership is becoming a blurred right by not allowing you to read it as you please or remove it.
And no penalty by the insurance company should be applied either.
To often people just want laws, monitors, regulations all over the place. The United Kingdom did a great job of bringing “control” to the world a few centuries ago (sarcasm for any blockheads reading this). Ultimately the choice should be left to the purchaser. It should be removable by the dealer too as not all purchasers are technically inclined.
LonerVamp said,
May 7, 2007 at 9:41 am
I do appreciate that obvious care taken to make sure this data is only captured when needed and not really a huge privacy concern. I think the only people concerned would fall into two classes: 1) those people who don’t drive so kindly and would be outed after an accident (boo-hoo) and 2) people who think this is just one step down a slope to Bad Things.
I’m not necessarily a #2 person, but I don’t like how easily we can put things like a VIN on that device, have it always report data (even if it loops over itself regularly), slap in an always-on GPS, and so on. You can make initiatives like this become a privacy invasion very quickly, and of course all in the name of protection from terroris…I mean…insuranc…I mean public safet….err….that kind of stuff.
Then again, I see a few stoplights in my area getting new “photo enforced” units installed, which makes me very happy. I really hate when people speed through an intersection that just turned red. But then again, do people who bend/break laws and/or endanger other people deserve to have their privacy infringed upon more? Or are we just limiting the ability to lie and increasing our ability to gather data?
Thanks for posting this! I was almost hoping my car was involved in this, but I’m not so sure yet (Mitsubishi).
Technocrat said,
May 7, 2007 at 6:51 pm
Very interesting indeed…
Technocrat said,
May 7, 2007 at 7:10 pm
BTW, I would like to say that I agree with you on why ZDI is good
Wyatt_Earl said,
May 7, 2007 at 9:10 pm
I’ve got a 2006 Mazda MX-5, and I’m getting mail from my Mazda dealer that’s freaking me out.
I drive 90 miles a day to work, round trip, so I’m a high mileage guy. I bought the car last September, so it had around 18500 miles on it the middle of last week. And I get this letter today, with service coupons, that says “Our records indicate your Mazda has approximately 18,400 miles.”
This car hasn’t been to the dealership since I bought it.
Is my car phoning home? They can’t be estimating, or they’d show a much lower mileage number.
Tyler Reguly said,
May 7, 2007 at 9:23 pm
Wyatt_Earl:
Your car isn’t phoning home… There are 100s of reasons why that isn’t happening but I won’t bother to get into them…
They most likely made an assumption… If you do the math, that works out fairly close…
Assume average 20,000/year… 11 months would be ~18,400… You don’t want to do targeted mailings to your customer base every month… So you approximate… So let’s say you mail out 3-4 times per year.. Your 11th month would be July (Sept - Aug would be 1 year… So July would be 11 months)… Now assuming they send their letters every 4 months… They would send them in Jan. May, Sept…. They want to get you before your year is up so they lump you into the May mailing.. Now they don’t want to call may the 1 year because that’s the earliest point on the list and the average is 20,000 so 50% are less than that and 50% are more than that… So they are looking at either the 10th or 11th month… If people are driving less… (which you could assume given public opinion on global warming), then they may want to play it safe and pick the 11th month… So the take the 11 months at ~1666/month and they get ~18400…
It covers most of their customer base and requires only 3 mailings per year… Now this may be a bit of a stretch but it’s probably just something like that.
CrYpTiC MauleR said,
May 8, 2007 at 11:27 pm
Toyota should be on the list. I have a Toyota Matrix and in the owners manual it gives information about the car having an EDR.
Monster-GRENDEL said,
December 17, 2007 at 1:05 pm
I fall under the #2 group: “people who think this is just one step down a slope to Bad Things”. I feel the whole concept of my car ‘recording’ information of this ilk rather “Orwellian”.
I never thought that the telephone companies would hand over phone records of its customers to the government but it happened. How will this information be used without our knowledge?
What is the next step in this type of personal vehicle data recording? Inter-vehicular audio recordings for examination prior to accidents?