Big Auto Is Watching

Kashmir Hill published an article in the New York Times this week: Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies(free share link). This prompted some follow-ups by Bruce Schneier, Nick Heer, et al.

In recent years, insurance companies have offered incentives to people who install dongles in their cars or download smartphone apps that monitor their driving, including how much they drive, how fast they take corners, how hard they hit the brakes and whether they speed. But “drivers are historically reluctant to participate in these programs,” as Ford Motor put it in a patent application that describes what is happening instead: Car companies are collecting information directly from internet-connected vehicles for use by the insurance industry.

Yikes! I don’t want that! Except, it’s not really possible to avoid it entirely. Sounds like staying clear of GM and Ford might help, but still…

I was just going to add these to the Links section of this week’s thing, but I actually have something to add beyond that.

Last year, I bought a new vehicle. I’d driven my previous Canyonero, a 2002 Toyota Highlander, for 21 years. It was still running well, but was about to hit the “older vehicles need a bunch of expensive work” threshold, and at some point there’s diminishing returns. So I decided that it was time, and I bought a new Rav4. I wanted a hybrid, and I thought I’d timed it well to get one of the last 2023s (ordering it in July). Instead, because of “supply chain constraints” that are really “we don’t need to build them faster or keep vehicles in stock because you’re going to pay and wait anyway so deal with it”, I got one of the first of the 2024s (delivered in November)¹. Hooray for new car smell.

One of the things that come with a new Toyota, or at least with my SE Hybrid, is the Connected Services platform. I didn’t care about it. The only tech I wanted was CarPlay, and it came with the new wireless kind of CarPlay, so that was all I wanted. It came with a 2 year free trial to Connected Services, which lets you use an app on your phone to remotely start, open, lock, and monitor the vehicle. It’s actually super handy, and I did enjoy that during the -30˚C snap so I could start it from my desk before leaving work at the end of the day. I don’t know if I’ll pay the annual fee after the trial ends, but maybe?

Connected Services also has “Drive Pulse”, which uses data gathered by the vehicle - from the accelerator and brakes, but also from GPS and apparently accelerometers buried in there somewhere. It builds a “trip report” after each trip, which must be processed In The Cloud™ somewhere, because they’re not visible until the next day.

The Drive Pulse score is based on the last 30 days of data, and only details on the last week’s worth of trips are visible in the app (but who knows how long they’re stored in the cloud?). Apparently, I’m an “Excellent” driver, but tend to do lots of “Harsh Cornering” and “Fast Acceleration”. This is also known as “driving in rush-hour”. This is what the collected data looks like from the vehicle-owner perspective. Handy, but not essential. But this is the kind of thing an insurance company might be interested in.

This part of the data collection makes me a bit uncomfortable. Toyota obviously has the data, and it could be problematic if it was shared without consent. The GPS data includes every location I start/stop trips at, and the route taken, and the speed and “Drive Pulse” - how safely/efficiently I was driving. But - who has access to the data? I can opt out, but I assume that doesn’t make the data go away or disable the hardware that collects it, it just means that I can’t see it. I assume it’s still collected, stored, and processed as part of “service delivery”.

Toyota has a statement on their Help Centre, but I can’t link directly to the relevant bit. Scroll down to the bit about insurance companies, or:

Is Drive Pulse information shared with my insurance company? Drive Pulse information is not shared with any third party. For more information on how we protect your personal information, please visit click here.

There are a lot of details in there, and I Am Not A Lawyer, so won’t pretend to analyze any of that. Toyota clarifies that collected data is not shared with insurance companies, and only relevant data is shared with partners such as SiriusXM as part of delivering their services. That sounds fair. Toyota says that will only change if they are acquired by another company. Toyota’s big enough that it’s not a big risk. But, who knows what will happen down the road - will they spin off a “Driving Data” subsidiary that could then be acquired?

Anyway. It’s not like I could have said “no, I would not like my car to do this” because it’s baked in, and every manufacturer is doing the same thing. Toyota seems to be at least superficially less creepy about it. I have no idea how this will be used against me in the future. I’ve seen enough Dateline shows to know that if I wind up selling drugs or something down some remote country road, this data will be used to sell me out to the man. Which, not a big risk for me, but still.