Cars downloading text messages from phones doesn't violate state privacy law
arstechnica.comDiscussed the other day
Ah, I didn't realize that. My apologies.
> The class-action "complaint alleges that the vehicle's system downloads all text messages and call logs from Plaintiffs' cellphones as soon as they are connected," the Ford ruling said.
This doesn't match with my experience renting cars. After connecting Bluetooth for calls, I am specifically prompted as to whether or not I want to share contacts or texts. Of course I always choose "No". If you choose "Yes" to the question about sharing contacts and texts, it seems hard to complain that the car stores your contacts and texts.
The fact that the car can read your texts and contacts does not necessarily imply that they're stored by the car and readable after the phone disconnects. There's no reason a consumer would assume that.
I was always under that assumption, how else is it supposed to work without storing things? Why would it delete your phone book and message log every time you disconnect? The way you delete it on basically every infotainment system ever is by removing the device from the pairing menu.
Basically, the lawsuit found that this is exactly the same concept as syncing your phone's messages to your laptop or a personal device like that, all on local storage. The fact that the car doesn't protect the data isn't all that alarming: plenty of people have unprotected data sitting on their laptops and flash drives. Again, this isn't cloud storage or Internet-connected services here, this is old world Bluetooth phone calls and texts infotainment.
> The class-action complaint contended that "text message and call log data copied onto the vehicle can be, and is, transmitted to users of Berla's equipment without requiring any kind of password, biometric, or other security measure." The complaint pointed to a 2017 CyberScoop report that quoted Berla CEO and founder Ben LeMere as saying his firm was working with carmakers to educate them on securing private data, but only "when it's part of an agreement that they will allow law enforcement in."
> A Ford court filing said that making a vehicle containing an infotainment system does not create liability under the state law "any more than selling computers and smartphones to purchasers who make and record calls and store texts on their devices. Any recording in this case was done by Plaintiffs, or by the system itself, which resides in a vehicle they own or use."
> how else is it supposed to work without storing things?
Ask the phone for you contacts list when you need to view contacts? Ask the phone for text data when you need to view texts? Why wouldn't it work like that?
When I make a phone call, does it record both parties' voices and store them on the car's hard drive, or does it just stream the voice data through the car to and from the phone? It's the latter. So it's reasonable that someone might expect the other functions to work that way.
There are plenty of reasons and all of them are corporations.
At least in android this prompt is relatively new (compared to the age of this lawsuit). It used to show no dialog and just give access…
That sounds like your manufacturer did something weird, the confirmation dialog goes back to some pretty old versions of Android
https://android.googlesource.com/platform/packages/apps/Sett...
Sorry for me 2015 is “recent”. I worked on android 2012-2018.
2015 is just some arbitrary commit that touched the message and was easy to Google: if you worked on Android I'm sure you're handy enough with Gerrit to find exactly when the message was added but afaik it dates back to the earliest versions that supported this.
Looks like the request is qualified with "when connected", which would not grant permission to store the data.
This prompt has been in Android for years...At least as far back as the Galaxy S1 and the Pixel 1.
The prompt is relatively new for iPhones though. I've had plenty of rental cars where Apple users' entire phonebooks had been uploaded to the car.
The data theft pyramid:
Corporations stealing data from the people - business.
Governments stealing data from corporations - national security.
People stealing data from corporations - copyright infringement.
People stealing data from governments - treason.
Question: Does resetting infotainment systems and head units clear the message history, or is everyone permanently unable to remove the info car systems have grabbed?
I hope that this isn't a situation where you have no control, -as that means most people, who don't know that cars do this- wouldn't be able to do a thing even once informed- and are vulnerable to data breaches, now and in the future as cars storing various data expands.
You can often not clear the memory, and often the data is already exfiltrated by the onboard radio uswd for software updates.
Viva Apple Carplay..