Security

Car Runs on Your Data? Hot Rod it With Some Decentralization

Leave a comment

Cool kids run their rods on decentralized oil, thanks to Diesel who not only warned of centralization dangers but invented standards-based solutions that work to this day

A month ago I was on a call with some top security experts in the industry. We were discussing my upcoming presentation about exciting control options and data privacy from applying decentralization standards to the automotive industry.

To put it briefly I was explaining how web decentralization standards can fix growing issues of data ownership and consent in automotive technology, a fascinating problem to solve which I have spoken about at many, many conferences over the past seven years.

Here’s one of my slides from 2014, which hopefully increased awareness about automotive data ownership and consent risks:

Much to my surprise I see this issue just hit the big papers for some well-deserved attention, albeit I also see it may be for the wrong reasons.

The Washington Post has released what some are calling a viral phrase:

Cars now run on the new oil — your data.

While I can appreciate journalist bait to gather eyeballs, that message today flies in the face of other recent headlines.

People really already should know that phrase is problematic, as repeatedly flagged everywhere by, well, everyone.

  • Forbes: “Here’s Why Data Is Not The New Oil”
  • BBC: “Data is not the new oil”
  • Financial Times: “Data is not the new oil”
  • Harvard Business Review: “Big Data is Not the New Oil”
  • WeForum: “You may have heard data is the new oil. It’s not”
  • Wired: “No, Data Is Not the New Oil”

    • …data isn’t the new oil, in almost any metaphorical sense, and it’s supremely unhelpful to perpetuate the analogy…

That’s just to frame the many problems with this article. Here’s another big one. The author wrote:

We’re at a turning point for driving surveillance — and it’s time for car makers to come clean…

Haha, turning point. I get it. That pun should have led to “it’s time for car makers to choose a direction”. Missed opportunity.

But seriously, the turning point for many of the issues in this article surely was years ago. He raises confidentiality and portability issues, for example. Why is now the turning point for these instead of 2014 when encryption options exploded? Or howabout 2012 when a neural net run on GPUs crushed the ImageNet competition? I see no explanation for why things are present concerns rather than past/overdue ones.

I’d say the problem is so old we’re already at the solutions phase, long past the identification and criticism.

Please see any one of my many many presentations on this since 2012.

Here’s another big one. The author wrote:

I had help doing a car privacy autopsy from Jim Mason, a forensic engineer. That involved cracking open the dashboard to access just one of the car’s many computers. Don’t try this at home — we had to take the computer into the shop to get repaired.

Sigh. Please do try this at home.

Right to repair is a very real facet of this topic. Cracking a dashboard for access is also very normal behavior and more people should be doing it.

When I volunteered my own garage space in the Bay Area, for example, I saw the reverse effect. Staff of several automotive companies came to join random people of the city in some good old community cracking of dashboards.

A guy from [redacted automotive company] said “…what do you mean you don’t bring rental cars to take apart and hack for a day? You should target ours and tell us about it.” Yikes. That’s not ethical.

The 1970s “hot-rod” culture in today’s terms is a bunch of us sitting around with disassembled junkyard parts in a controlled garage (not operational rental/borrowed cars on the street!) and our clamps on wires etc to linux laptops deciphering CANbus codes.

This journalist desperately needs to participate sometime in a local car hacking community or at least read “Zen and the Art of Motorcycle Maintenance”….

It should not be hard for a machine owner to crack it open, when market regulations are working right. At least the journalist did not say an “idiot light” forced him to take his computer to the manufacturer for help.

Anyway, back to the point, the data models in automotive need to adopt decentralization standards if they want to solve for data ownership issues raised in this story.

But for the thousands you spend to buy a car, the data it produces doesn’t belong to you. My Chevy’s dashboard didn’t say what the car was recording. It wasn’t in the owner’s manual. There was no way to download it.

To glimpse my car data, I had to hack my way in.

In summary, data is not the new oil, right to repair means healthy markets trend towards hardware access made easy, and concerns about confidentiality and portability of data in cars are being addressed with emerging decentralization standards.

Sorry this article may not come with a viral click-bait title, but I’m happy anytime to explain in much more detail how technical solutions are emerging already to solve data ownership concerns for cars and give examples with working code.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.