Las Vegas Cybertruck explosion spurs scrutiny over vehicle data utilization
By onLegal | Technology
A Tesla Cybertruck exploded in Las Vegas last week, and the information analyzed to detail and track the movements leading up to the events has spurred continued conversation about data privacy for drivers.
The Associated Press reports that the data collected by Tesla after a Cybertruck packed with fireworks exploded in front of the Trump International Hotel, injuring seven people, “proved valuable to police in helping track the driver’s movements.”
The article says Tesla was able to track Army Special Forces soldier Matthew Livelsberger’s movements in detail from Denver to Las Vegas. Tesla also confirmed that the incident resulted from explosives Livelsberger placed in the truck rather than an issue with the truck itself, by pulling data collected from charging stations and onboard software “to great acclaim” from the Las Vegas Metropolitan Police Department sheriff.
Based on other findings from the investigation so far, law enforcement determined the explosion wasn’t a terrorist attack, and that Liverlsberger died by suicide prior to the explosives detonating. Army officials and others have since urged those struggling with mental health issues to seek help.
David Choffnes, executive director of the Cybersecurity and Privacy Institute at Northeastern University in Boston, shared with the AP that the incident “reveals the kind of sweeping surveillance going on.”
“When something bad happens, it’s helpful, but it’s a double-edged sword,” he said, according to the AP. “Companies that collect this data can abuse it.”
As vehicles have become more and more like computers on wheels data privacy and cybersecurity have been increasingly scrutinized worldwide over the past few years by consumers, consumer advocacy groups, and state and federal governments.
“There are no federal laws regulating car data similar to those that restrict information collection and sharing by banks and health care providers,” the AP article says. “And state laws are a grab-bag of various rules, mostly focused on data privacy in general.”
Jodi Daniels, CEO of privacy consulting firm Red Clover Advisors, questioned who has access, according to the AP.
“You might want law enforcement to have the data to crack down on criminals, but can anyone have access to it? Where is the line? …I think law enforcement should have access to data that can help them solve things quickly but we have a right to privacy.”
Daniels thinks new national laws are needed because rules have not kept up with technology, the article says.
Last month, Sens. Mike Lee (R-UT) and Jeff Merkley (D-OR) introduced bipartisan legislation that they believe will restore vehicle owners’ control over their personal data.
The “Auto Data Privacy and Autonomy Act” aims to “prevent covered vehicle manufacturers from accessing, selling, or otherwise selling certain covered vehicle data, and for other purposes,” according to the bill text.
If passed, OEMs would have to obtain consent from vehicle owners to access data or only access data to improve covered vehicle performance or safety, according to the bill. “Covered vehicle performance” isn’t defined in the bill.
As vehicles and consumers become more technologically connected to their vehicles, repair facilities working on connected cars may need to pay greater attention to using “service mode” settings to manage communications and access while vehicles are under repair, including during test drives.
Case in point, a Repairer Driven News reader provided an example in 2023 of how performing a necessary set of driving conditions on a customer’s Tesla negatively affected their auto insurance Safety Score.
Service Mode limits remote access to the vehicle, implements a speed limiter, and allows for the repair facility to conduct necessary steps in troubleshooting and repairing the vehicle.
Future of Privacy Forum (FPF) survey results released last year found that many individuals value advanced vehicle safety technologies but worry about the privacy risks, accuracy of the technology, cost, and data transfers to third parties.
“Vehicle safety systems can save lives and reduce injuries, but only if people use them,” said Adonne Washington, FPF data, mobility, and location policy counsel and author of the report. “Policymakers and auto manufacturers must consider the privacy and data protection implications for all drivers when incorporating new technology into vehicles to bolster driver trust and adoption.”
Respondents also said they generally trust carmakers’ data practices more than online companies and the government.
The Infrastructure Investment and Jobs Act, or Bipartisan Infrastructure Law includes a pilot fee program based on annual mileage rather than tax at the pump. The U.S. Department of Transportation is required to set aside $10 million for each fiscal year through 2026; this began in fiscal year 2022.
General Motors came under fire last year for allegedly selling data from 1.8 million Texans, for which the state’s attorney general filed a lawsuit against the OEM.
Tesla also came under fire and was sued in 2023 when Reuters reported that employees shared drivers’ sensitive videos and recordings with each other between 2019 and 2022, including videos of road rage incidents and nudity within someone’s home.
U.S. Sens. Ron Wyden and Edward J. Markey asked the Federal Trade Commission (FTC) to investigate automakers’ alleged disclosure of driving data from millions of American consumer vehicles to data brokers.
The letter followed a New York Times investigation that exposed how driver behavior data was collected by GM, Honda, and Hyundai and sold to the insurance industry.
But it’s not just automakers that track or collect data. Last month, Texas Attorney General Ken Paxton sent a notice of violation to Arity, an Allstate data broker company, claiming the company fails to clearly inform consumers about the data it collects and how it is sold.
Paxton said Arity violates the Texas Data Privacy and Security Act (TDPSA), which effective July 1, governs how companies collect, use, and process Texans’ personal data. He writes this includes several obligations placed on companies that conduct business in the state.
Images
Featured image credit: metamorworks/iStock