33 comments

[ 4.1 ms ] story [ 87.5 ms ] thread
>"Car Data, will create an ecosystem to link the ever-expanding set of vehicle data to authorized data usage, such as pay-how-you-drive insurance, road monitoring, and fleet management."

I hope for once to be surprised with privacy features..

That would interfere with marketing.

"Where did you go today? We know." - Car Data slogan?

Such things already exist. Here’s an example: https://www.caruso-dataplace.com/

So today a consent of the vehicle owner is required and the owner needs to document the they “posses” the rights to the vin. This is how it works for bmw: you request data through that portal, the portal requests the access through the manufacturer. The manufacturer sends a consent request to the registered owner via email. If consent is granted via connected drive portal, data market starts receiving data and so do you. To even be eligible for consent request, the vehicle needs to be car data enabled which is done at a dealership with pen and paper signature. At least that’s how it works in Germany right now.

Disclosure: I know the sales and tech team at Caruso Dataplace but I’m not connected to the company in any commercial way.

Does the car not transmit any data prior to authorization?
That I do not know. All I know is: if there is no signature to consent to car data sharing, nobody ever will be able to request the consent. The car may be trying talking to manufacturer but what happens there, I do not know. This is all regulated by the ISO 27017 standard.
How does the manufacturer have the owner's email after something like a private resale? Would they just send the consent request to the original purchaser?
Presumably the registered owner can be updated.

It should be easy enough to prove ownership to a dealer or whatever and have them update the registration. It seems to me that the corner cases there are more unfortunate than dangerous.

Depends how you purchase the second hand vehicle. If the first owner did a trade in, it’s all easy to manage.

If it’s a direct sale, I guess it’s worth asking the first owner for the connectivity status. Even so, I believe a visit at a dealer with registration document would get that resolved pretty fast.

Pretty sure that in the US, the various states provide manufacturers with updates to vehicle title and registration changes. This is primarily so that vehicle owners can be notified of safety recalls.
I'm the co-founder of https://smartcar.com and we are in an adjacent space. We provide an API for cars to make it easy for developers to integrate with vehicles. Part of that process is to let consumers go through an Oauth flow and accept permissions before an app has access to a vehicle.

In my opinion, it's possible put privacy in the hands of consumers and enable developers to buidl apps for cars easily. I'm hoping this consortium adheres to these principles too.

will it merely be a generic initial 'i agree to terms and conditions' or a fully transparent, ongoing process of transferring data, with the user having ultimate control. If the latter is true, i salute you and wish you luck.
It's a 3-click flow. 1) Read Privacy Policy 2) Login Screen: Authenticate with username/password 3) Permissions Screen: review items and hit allow.

You can see an example of this flow on our homepage: https://smartcar.com/product/connect/

P.S. There's no other way for developers/apps/businesses to obtain access to a APIs for a car. The owner of the car has to explicitly go through this flow.

Letting users hand over their data with just an OAuth prompt ceased to be acceptable in 2018 when Cambridge Analytica extracted data from millions of naieve Facebook users who just clicked "accept" to hand over data...

I hope your platform only allows users to hand over data to thoroughly data-security-audited companies or your platform might be in for a rude awakening...

Has a tech platform ever been successfully launched relying on thoroughly audited partner companies to get that platform off the ground?
That's a great point. In that particular case, there was also the matter of a Facebook users unknowingly having the ability to share not just their own data, but data about their friends to a third party.

In our case, a car owner can link their car to a app of their choice. It's a lot like how you can link your bank to an app like Venmo or Robinhood. We do vet all businesses using our APIs, but a data/security audit of customers seems challenging and uncommon.

Are you aware of any services that help facilitiate this or any platforms that do this today?

As I understand it, the CCC's Digital Key specification is what actually powers tech like Apple's Car Key and Samsung's Digital Key. Is there a list of cars that support this spec anywhere? I haven't been able to find any information outside of a couple of press releases.
Probably the actual CCC are figuring out how this all works as we speak.
So no mention of any manufacturers involved, and a mailing address that matches the USB Implementers Forum.

Sign me up.

That address serves as their administrative headquarters. As consortia, they have no true employees and work with an AMC to provide these functions. The CCC uses VTM Group as their AMC, much like USB-IF.
Yeah, OK.

But this is why I drive a 20yo car and am serious considering replacing my current iPhone with a burner Dumb phone.

The value proposition just isn't being made nor delivering anymore!

I would love to drive a dumb car that doesn't pollute the air. Alas.
20 year old cars hit the sweespot for me. They're repairable and reliable (given a reputable model), and they're new enough to have airbags.

I hope electric cars take advantage of their simplicity and become very repairable, but I'm worried given Tesla's behavior.

Yet somehow they can't agree on a small handful of wheel bolt patterns.
I'm going to have to go ahead and say "no" to any more connected devices until I can share in the revenue stream that monetizing my behavior and travels generates.
If you expect ad revenues to be shared with you, you'll just end up with more ads or you'll have to pay the advertisers through commissions on the product you buy (cost of advertising is always including in the sold products that were advertised for).
I guess insurance could be cheaper for people who drive defensively. I'd sign up for that.

I imagine a future where people who drive recklessly get their insurance contracts cancelled and have to pay ridiculous premiums to get a company to take them. That's a dystopia I could kinda live with.

Last time I went to the grocery store, I bagged my own groceries. When I pointed this out to the manager, he happily gave me 5% off.
Where does Blackberry's QNX and other car platforms fall in / relate to this ecosystem?
No thanks. I do not want my privacy violated, security comprised, or have my devices depend on connectivity/degrade without connectivity. I also don’t want an insurance industry that forces us to live under the watchful eye of a behavior nanny for mundane daily things like driving.
Odd, I was just testing the mirrorlink protocol on a Samsung device and discovered it was dropped last June by Samsung. I wonder if they will have better luck with this effort.
Doubtful - the Twitter account last tweeted over three years ago, the website copyright date is three years old, etc.