Court rules that automakers may store your texts and calls without explicit authorization

Originally published at: Court rules that automakers may store your texts and calls without explicit authorization | Boing Boing


Easy solution, find a judge selling their car, buy it, pull their texts and post online. Then somehow this problem gets resolved


Does this only apply to cars using the automaker’s software or does this also apply to cars where you explicitly sync using CarPlay or AndroidAuto? Has someone looked deeper to see if the other two technologies just use the car’s infotainment system as simply a second screen/speakers and the interceptions don’t occur?


Is there any indication of why the car makers would want to do this?


“Just collect everything, we’ll figure out how to monetize it later.”


Welp, quite happy I CBA to connect my phone to the car, it’s one less group of immoral assholes with access to my life’s details.


This may be a-ok in Washington State, but I don’t think it would fly in Europe. I can tick off several potential violations of GDPR: not providing proper notice to consumers, no valid Article 6 “basis for processing,” doesn’t sound like they honor data subject requests. Plus, what the hell happens if you sell your car and all that stuff is sitting in its memory? Maybe no one will ever access it, but the possibility is there.


why should not google ask you to accept their terms while using search on line in the car play node…

it’s an extra revenue stream

the part cut off by the one box ends: “health diagnosis data, and genetic information”

( interesting it doesn’t say “all phone messages.” that must be eula’d elsewhere )


They are really covering all the bases, but “we want it” is not a valid reason to collect personal data, at least in countries that have stiff privacy laws.


What’s CBA?

1 Like

iFixIt needs to come out with tutorials about where they are located, and if you cover the sending device with brass mesh if that will stop the broadcast of the data back to Big Brother (car maker, police, gov, etc.), or how to otherwise disable it.

As long as automakers don’t go the John Deere approach and make the whole car stop working if this collector can’t contact Big Brother or is otherwise disabled, I hope that there will be workarounds.


This is not an accurate description of what the court said. The cases were dismissed because the plaintiffs didn’t have standing to sue. This is a long standing principle of the law. In order to have standing to sue, you have to have actually been harmed. You can’t recover damages on the theory that you might be harmed.

This is not a failing of the courts. This is a failing of the legislature. That law needs to have some teeth. There need to be fines or some kind of consequences for manufacturers violating the law. If you live in Washington and you want this changed, call your state legislators. The court made the only ruling they could here.


Can’t be arsed, nothing special.


Let’s say it takes time to sync your messages to the car whenever you connect. That’s time that the user will have to wait before they can do something. Waiting is a bad user experience, so it is to be avoided. One way would be to cache the messages from the phone so that you don’t have to reload them later. (Note: While I am a software developer, I have no experience with or knowledge of the APIs used in cars, so I am speaking out of my ass here.)

The problem is that once that data is stored in the car, even if that was not the intent, someone will figure out a way to do something with it that’s outside the original mandate.

CarPlay, at least, just uses the infotainment system as a second screen. Everything is drawn by the phone. Also, iPhones don’t automatically transmit call log and text messages to the car, if you’re using the default software. You do have to authorize it on the phone.

Also, if it’s only the car that stores the messages, and it doesn’t retransmit it to the MFG’s servers, then it’s still your equipment, and they still need a warrant to search it. I can’t think of a good reason why your car should transmit this data to the MFG. But merely being on the car isn’t necessarily a privacy violation. I think the problem isn’t that people are being malicious here, but rather they didn’t think about having to delete the data off later (not a feature that anyone thought of).

1 Like

I mean that’s pretty much the motto of anyone who has any data connection these days, which is everyone.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.