Washington – A device roughly the size of two decks of cards could play a large role in the growing push on Capitol Hill to better protect the privacy of personal data.
These event data recorders — commonly referred to as black boxes — are situated beneath the front seat or console in vehicles, where they can track speed, steering angle, braking, air bag deployment, seat belt use and other information. The data they record is valuable to auto manufacturers and insurers trying to assess the reliability of different models and the circumstances of accidents.
As vehicle systems become more complex, concerns are growing that the information could be put to other uses, too, and that there is no comprehensive law governing who owns such information and what purposes it can serve.
“It’s a constant loop of information,” said U.S. Sen. Amy Klobuchar, D-Minn. “I think people would be pretty shocked.”
Klobuchar and others want to limit the ways in which that data can be used. Last week, Klobuchar and U.S. Sen. John Hoeven, R-N.D., introduced the Driver Privacy Act, which would ensure that the owner of a vehicle also owns the data recorded by that vehicle. The bill would require a warrant to release that data without the owner’s consent. North Dakota and 13 other states already have such a law. Minnesota does not. Drivers who pass through a state without such privacy laws are not covered while they are traveling in that state.
Black boxes in vehicles are not new. Some manufacturers have been installing data recorders since the mid-1990s, but their use has become increasingly widespread. More than 90 percent of new vehicles sold in the United States now carry black box devices, and the National Highway Traffic Safety Administration wants to make them mandatory beginning in September.
Federal regulators, law enforcement agencies and insurance companies say the data is an indispensable tool for crash investigations and, ultimately, the development of safer cars.
But privacy advocates say the data can be used in criminal probes, to find fault in crashes or even to build profiles that savvy marketers could exploit.
Previous attempts to pass such privacy protections have failed to gain traction, but recent revelations on U.S. government spying have made Congress and the public more sensitive to privacy issues.
‘We know what you’re doing’
Fresh controversy over black boxes in cars broke out earlier this month, when a top Ford Motor Co. official at the International Consumer Electronics show in Las Vegas bragged that the automaker could use global position system technology to determine when drivers break the law.
“We know everyone who breaks the law; we know when you’re doing it,” said Jim Farley, Ford’s executive vice president of global marketing. “We have GPS in your car, so we know what you’re doing.”
Farley later retracted those comments, and Ford officials did not respond to a Star Tribune request for clarification of the company’s position.
Klobuchar said Farley’s remarks were “very scary for people, and they [Ford] tried to dial it back, but it’s true.”
The Alliance of Automobile Manufacturers, a Washington, D.C.-based trade association that represents a dozen automakers — including Ford — defends the use of event data recorders as a tool to monitor passenger safety.
Alliance spokesman Wade Newton said automakers don’t access the data without consumer permission and that “any government requirements to install EDRs on all vehicles must include steps to protect consumer privacy.”
Black boxes aren’t the only devices in vehicles tracking information.
In a report requested by U.S. Sen. Al Franken, D-Minn., the Government Accountability Office found that automakers were storing private data collected from onboard navigation systems without allowing car owners to ask that it be erased.
The GAO report, released last week, said that nine of 10 companies contacted collect location data and share it with traffic information providers. The companies said they don’t share personally identifiable location data or sell such data to marketing companies or data brokers.
Franken nevertheless called the results of the GAO study “troubling,” and without privacy legislation, the potential for unwanted disclosure remains.
Location tracking in cellphones originally was advanced as a safety feature, so callers to 911 could be located quickly. But location identification now is used in third-party applications, allowing for easy tracking of people’s whereabouts.
During his time in the Senate, Franken has pushed for legislation to safeguard location privacy.
Franken and others fear that it wouldn’t take much to tweak event data recorders and other vehicle technology for equally broad uses.
“These companies aren’t telling their customers what they’re doing with your very personal data,” Franken said.
Franken, who chairs the Senate Judiciary Subcommittee on Privacy, wrote to Ford CEO Alan Mullaly, raising questions related to the company’s data collection and sharing policies. He is seeking a response by Feb. 1.
Corey Mitchell is a correspondent in the Star Tribune Washington Bureau. Twitter: @C_C_Mitchell