S2E1: Driving Privacy Left: Vehicular Privacy with Andrea Amico (Privacy4Cars)

Show Notes

Of the almost 300 million cars that are in circulation in the U.S., the vast majority collect consumer’s personal information. Every time you connect your phone via USB or Bluetooth, your car is designed to download data and store it locally. The automotive industry is grossly behind when it comes to data privacy and safety, but that’s where Privacy4Cars comes in. 

Privacy4Cars is the first (and only) privacy tech company focused on identifying the challenges posed by vehicle data. They create solutions to better protect consumers and businesses by offering improved privacy, safety, security, and compliance. 

---------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
---------

In our conversation, Andrea reveals how personal data flows through vehicular systems and networks. He highlights the type of data that can be easily found in cars, such as your frequently visited addresses, garage codes, text messages, emails, and so on. Andrea explains the different privacy concerns that have so far remained unaddressed across the industry and his theory on why these gaps exist. 

It might be unsettling to hear about the state of privacy in the automotive industry, but fortunately, the folks at Privacy4Cars are dedicated to creating new standards. Andrea shares what the industry reaction has been to Privacy4Cars’ initiatives and highlights some other organizations that are leading innovation on this issue. 

---------
Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.
---------

Topics Covered:

• Andrea’s professional background and what inspired him to launch Privacy4Cars
• Debunking common myths about data storage and security in cars 
• Where car data privacy falls under EU GDPR
• How Privacy4Cars helps companies solve compliance issues
• Feedback from third-party wholesalers, dealerships, and service providers 
• Advice for automotive software developers when architecting systems and networks in this space 

Resources Mentioned:

• Read STOP's paper, Wiretaps on Wheels 
• Read the European Data Protection Guidelines for Connected Vehicles
• Learn about Privacy4Cars

Guest Info:

• Connect with Andrea on LinkedIn
• Follow @Privacy4Cars on Twitter 

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Buzzsprout - Launch your podcast


Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Chapters

• 1:15: Introducing Andrea Amico: CEO, Privacy4Cars
• 2:51: What Personal Data is Collected by and Stored in Vehicle Systems?
• 8:46: Andrea's Theory: Why Privacy has been Neglected by Auto Manufacturers and Dealers
• 11:42: Andrea Reveals His "Origin Story": From Engineering Consultant to a Founder of Automotive Privacy Tech Company, Privacy4Cars)
• 16:20: What or Who is Listening To You in Your Vehicle?
• 19:27: Despite GDPR, European Auto Manufactures & Fleet Managers Lag Behind When it Comes to Privacy & Data Protection
• 20:00: Privacy Harms that the Automotive Industry Must Prevent
• 27:07: Andrea Discusses Privacy4Cars and the Privacy Problems it Solves
• 31:13: The Need for Automotive Privacy Standards
• 38:03: Andrea Believes That Automotive Privacy Will Evolve as a Component of Vehicle Safety as Well as Customer Service
• 47:11: Andrea's Advice to Developers in the Automotive Space When Designing for Privacy
• 50:38: Debra & Jim Talk about the FTC and its and its Guidance Regarding Vehicular Privacy
• 51:39: Andrea highlights Industry Orgs & Non-profits Focused on Vehicular Privacy & Civil Liberties

Transcript

Debra Farber  00:00

Hello, I am Debra J. Farber. Welcome to The Shifting Privacy Left Podcast, where we talk about embedding privacy by design and default into the engineering function to prevent privacy harms to humans, and to prevent dystopia. Each week we'll bring you unique discussions with global privacy technologists and innovators working at the bleeding edge of privacy, research and emerging technologies, standards, business models and ecosystems. 

Debra Farber  00:27

Today, I'm delighted to welcome my next guest, Andrea Amico, CEO of Privacy4Cars, a leading authority on vehicle privacy and cybersecurity and the first and only privacy tech company focused on identifying the challenges posed by vehicle data and creating solutions to better protect consumers and businesses alike by offering improved privacy, safety, security, and compliance. Welcome, Andrea. 

Andrea Amico  00:59

Well, thank you so much, Debra. It's a honor and a pleasure to be here. 

Debra Farber  01:02

Absolutely glad to have you here. In fact, I want to let everyone know that you are actually having this interview from your car. 

Andrea Amico  01:10

That is true, and this conversation is being recorded. So there we go. 

Debra Farber  01:13

There we go. It's pretty meta from the beginning. So one of the reasons that I've been looking forward to interviewing you is that I personally have not had the time to follow the automotive industry very closely, especially around issues of privacy and security. I'm aware that over the past decade or so, we've connected cars to the Internet and to each other and other systems, right, we call that connected cars, and that cars, you know, that will allow for self-driving collect tons of data in order to make decisions. But, I just simply haven't had the time to dive into how personal data even flows through vehicular systems and networks, let alone identify all the privacy risks. So along with the audience, I'm excited to geek out with you today on this topic. So, to start, what kind of personal data can be found stored in car systems? You know, if I bought a used vehicle tomorrow, that was formerly part of a rental car fleet, you know, what personal data about other people might I be able to access? 

Andrea Amico  02:19

Great way to start. So, first of all, cars collect data, essentially from two different types of sources. One are the sensors in the cars. You and the audience will probably be extremely familiar with, for instance, things like GPS and, you know, modern cars, they may think of things like LIDAR and other sensors. They may ignore things have been in cars for a very long time such as, you know, every time you sit in the car, I don't know if you know this, but it takes your weight. And again, started...all of this data collection from sensors typically started with a very good intent of building safety into vehicles. And then companies realized that this was data they could actually monetize and use it to profile their consumers and then eventually to sell it. 

Andrea Amico  03:05

And then the second big source of data is actually our phones or whichever other devices we connect. And that's really a big myth that I want to dispel right away, which is that they are listening every time you connect your phone to a vehicle, even if you do it...so whether you do it by USB, Wi Fi, Bluetooth, but also if you use things like Apple CarPlay, because we hear a lot, oh, I use Apple CarPlay. So you know, my data is safe. That's not how it works. Every time you connect your phone, your cars are designed to download a lot of data from your phone and store it locally; and the local storage is typically unencrypted. So, now you end up with a mini clone of the phones and tablets and whatever are the devices of anybody, including minors and passengers right, stored into the cars. So back to the question of what can you find in a rental car? Well, a treasure trove of other people's Rolodexes, text messages, what apps are running on their phones, calendar entries, possibly even emails, records of files have downloaded from their phones, and records of which photos they've taken and so on and so forth. And it greatly depends car by car, but you can find a lot. 

Debra Farber  04:23

So in this data, do you need special technical capabilities to be able to access this data? Or could literally anybody who is playing around in the infotainment systems or the other systems within the car that is collecting this data? Would my mother be able to like find this who has no technical capabilities at all? 

Andrea Amico  04:46

It depends, right, and depends by car. It also depends by the person, but even without "hacking" into car and doing things that are really advanced, it's often pretty trivial just from the navigation history and whatever data is in the clear, and literally a few taps away on their screens and buttons of your infotainment system to realize who are the people who are driving the car, where do they live? Possibly that's associated with garage door codes, of course which church they may go to or temple, which doctors do they go to see, where do they drop off the kids to school, and, you know, all sorts of geolocation data is extremely common to be literally a few taps away. And then, you know, again, depending on the car, you can dig a lot deeper, and you can find a lot of other stuff. 

Debra Farber  05:35

It's fascinating. And it's just crazy because so many people have vehicles, right, that they're renting vehicles all the time, and you're not thinking when you're renting a car about all of the data. It's basically, you're driving a computer that many people have hooked up to in the past and will in the future. So, you know, that makes me think, what about third-parties, like component manufacturers or, you know, former fleet managers who formerly had access to, you know, in this scenario, that if I purchased a car that was part of a fleet, or the car dealers, you know, can they still access the same data; orr do they have additional data sets that they're able to access about the new car owner? 

Andrea Amico  06:21

So, yes. They may be able to access data if the car is connected with telematics that can either be installed by the manufacturer or after market. But also, you know, when you go to a dealership, there are a lot of dealerships that have systems that are installed by the manufacturer that automatically identify the car because, for instance, they may sniff for what's the WiFi of the car. And so, they know, "Hey, Andrea, you're just building in lane number two, welcome back. Are you here for your oil change, sir, because we already, you know, we already know everything about you?" And so, again, a lot of this stuff is, in theory, very convenient, but there are privacy concerns here that have so far remained vastly unaddressed across the industry. And not to mention, by the way, previous owners may be able to track you. In fact, you know, it is incredibly common for us to hear stories (because people don't have an interest in this topic) for people to call me and say, "Hey, I sold my car six months ago. I still know where it is and I can unlock the door. So, I can start it." It is incredibly common, and most consumers really don't realize that it's going on.

Debra Farber  07:23

To me, that's just crazy. It just seems so unsafe. And what's bizarre to me is that when I talk about privacy, often to talk about some of the safeguards we need to put in place, I often talk about the automotive industry, right? Like, you don't find it oppressive to wear a seatbelt. It's there for safety, and that we have laws around it; and we've got frameworks around making cars safe and they're highly regulated. And yet, here's just like some gaping holes in that safety when it comes to the data that cars collect. You know, I think I have this question tapped for later in the conversation, but I think I'm going to ask it now: why has the industry created this gap? Why haven't they thought through some of the privacy risk modeling and the security safeguards that need to be put in place to protect humans that actually, you know, are the end users of the product? 

Andrea Amico  08:20

Yeah, well, so my belief based on, you know, the many people I talked to that have been in the industry for a very long time is that, honestly, the industry never really thought about privacy for a very long time; and all these devices they put in cars to collect data were designed in a certain way for safety, right, including making a copy of your text messages and store it in clear text in the computer of the car was a choice that was originally driven by making systems more responsive back when this feature started to appear 20 years ago because it's all on Bluetooth and car has been around. Systems were not responsive, so to make sure people were not distracted or pressing extra buttons, you know, which could affect their driving behavior. Somebody thought at one manufacturer, "Oh, why don't we just store the text messages into the car, and this way, the system is going to be responsive because we can query it locally as opposed to pinging a phone and it's not responding on time?" And then they never changed. It became legacy. That's how everybody did it. That's how everybody implemented it. And in fact, three or four years ago, I discovered how easy it was to get around the security measures being put in cars to protect information like the text messages. In fact, I taught my daughter when she was back then eight years old to read my wife's text messages by taking them out of the cars and she could do it right. And so anybody can do it. If you only think about how to do it, it's actually pretty trivial and we disclose it responsibly; but, amazingly, while companies fix the cars that they had not produced yet, so they change those security protocols in line with the guidelines that we suggested. They have never fixed the cars that are in circulation. So, if you drive a car that is four or five years old or older, there's a pretty good chance that anybody can show up and take out the text messages without really any effort. An eight year old can do it.

Debra Farber  10:11

Wow. Well, I think this is the perfect opportunity to ask you to tell us your origin story. How did you get into the privacy space, since that's not, I know, that's not where you originated? You know, how did you kind of...so tell us a little bit about your background, how you came to care about this particular problem of, you know, all the data collected in vehicles, and then you know, how that led you to create Privacy4Cars? 

Andrea Amico  10:38

Sure, I'm an engineer by training. First of all, I spent the first half of my career in consulting, first at McKinsey and then at General Electric running strategy. And then 12 or 13 years ago, I switched to automotive. I entered into automotive, and one of the companies that was running and managing back then was a large used car inspection company. So, these are the companies that will go and inspect your car when you return your lease, or maybe was when a fleet was the fleet in their cars, a regular company was ready to sell their cars. And this was during the first Obama era when the CFPB had just been created, and I had a couple of customers who were under this investigation of the CFPB for how they were treating consumer records. And of course, nothing to do with... it was the bank side; it was not nothing to do with the cars, but I was just curious. And, again, you know, for a consultant and an engineer, I thought the right thing to do was to pick a random sample of 100 cars and just analyze: what data was there, how frequently it was, is it the same if it's a fleet or it's a lease or a rental or whatever, right? So I think that my claim to fame originally was running the first data in cars and make it public. And frankly, it was appalling, and I was absolutely fascinated. I'm sure you can tell from my accent, I'm Italian, originally, we are...in Europe, we are much more attuned to privacy. I guess we're wired that way for historical reasons, and I just took an interest into it. You know, I just found fascinating that people literally were leaving their home address, the garage door codes, where their kids go to school, etc. in cars and not seem to be worrying about it. And, when I started to ask, people in the industry didn't know, and that's what shocked me. Nobody seemed to know how Porsche really worked. And everything they were telling me on how cars were really working did not match my technical experience with how, you know, what I was seeing and what was happening in the systems. And so, you can started hacking into cars and doing some tests. And that's how, you know, I fueled this passion. And then, eventually, what happened is that in, you know, 2020, when CCPA passed, companies started to come to me and said, "Hey, don't you have a system to delete data from cars?" I said, "Yes. Yes, I do." So we actually stopped being, you know, just a passion project in the garage (me and a couple of friends) and started to become a company. So, this was never meant to be something that we would turn into a real business, but now, finally, there's a need for it. So, I guess that's, that's what I'm doing.

Debra Farber  13:12

Well, Bravo for being ahead of your time. You know, it's still crazy to me that there are so few discussions when it comes to vehicle privacy. And so I've been to....

Andrea Amico  13:22

Still today. Still today. It's very real. 

Debra Farber  13:24

Still today, yeah. Because if there were more discussions, I'd be reading them and I'd be up on it because I'm constantly searching for, you know, what's new in the privacy tech space, innovation, what's new in privacy engineering, and following researchers. And so, I guess, I'm not saying that I cover everything, but the only thing I've seen in the automotive space regarding privacy has been your work (and that's not to say that there isn't anything else out there; just that there isn't a lot out there) and I'm still very surprised by how little is there especially since for years now. There's been at like DEF CON, for instance, the hacker conference every year - or what we like to say "Hacker Summer Camp." I'm engaged to a hacker; I've been going with him for the past eight years, and I remember when they launched, you know, that hacking of cars. And, it was really more around the security of cars, as opposed to personal data that was left there. And the news around, you know, the whole scenario of what they were able to find for the most part kind of fizzled out. Right? I mean, there was a lot of news around, "Oh, my gosh, this is dangerous!" and then perhaps some security was addressed, and there were some folks who addressed the potential hacks and put in the appropriate safeguards to prevent that, but the privacy piece really wasn't picked up by anyone and advanced and moved forward within the industry. At least that's what it looks like from the outside of the automotive space. 

Andrea Amico  14:49

You know, honestly, I don't know exactly why that happened. Right? I'll give you my hypothesis, which is that it's a combination of two things. One from one side the industry wasn't particularly eager to peel the veil, ensure how much data they had about people, and invite questions about how they were protecting this data, how they were managing simple things like consent, which is still vastly mismanaged if you ask me. Right? The other side was also...there's a...I think there's a collective imaginary view of cars that just doesn't match reality, what cars are today, right? I mean, how many people do you notice it. "Oh, I need to take a private call. I'm gonna go and take it in my car." I will tell you, it's probably the least private place you can possibly take a phone call nowadays.

Debra Farber  15:38

Who's listening in the car?

Andrea Amico  15:40

You may not be listening to the conversation, but you know, the fact that we are on the phone is absolutely logged into the system of my car. And so, people will know which, you know which number I'm dialing in, and for how long we've been talking. And, you know, there's a lot of metadata associated with what was the phone associated with it. So, you know, it's very different than you taking the call from your house. But, also you will know, all of this data is typically associated with your geolocation; and, again, there's a lot of extra stuff that gets added...metadata gets added to any sort of information. So initially, it wouldn't be associated with it, but it does with cars. But as I was saying that the second reason I think it's called, I think people think of the car as your place of freedom, right? It's the modern horse of the modern cowboy or cowgirl, right? This is that imaginary - that does not match with the fact that what it really is is a network of a lot of computers that store a lot of data in the clear and that companies are actively trying to monetize. And in fact, right now - you know, we started our project a couple of years ago to try to figure out who has data from which car - and right now, in our database, we track over 600 companies that collect and sell data from cars, and I'm sure I'm just scratching the surface. 

Debra Farber  16:54

Wow. 

Andrea Amico  16:55

But people don't think of the car in the driveway as the largest, most expensive, and possibly worst privacy-designed IoT there is in their house, but that's where...that's where we are.

Debra Farber  17:08

Well, I hope we scared everybody appropriately.

Andrea Amico  17:11

Look, I choose not to scare anybody, but you know, relatively, we need to talk about it because otherwise, we keep living this land of myth that we've been stuck into for a very long time. And I think it's important we have the conversation. I mean, people want to have safe cars. It's important that data is related to safety, but, you know, one thing that I find very important that companies should be thinking about is, why is that when I consented to give my geolocation so that in case of an accident you can send an ambulance, at the same time, I'm also consenting to you to use my geolocation for whatever you want and keep it for however you want. That doesn't seem right. Like, we wouldn't find it acceptable with any other device. But it's the status quo with cars.

Debra Farber  17:56

That makes complete sense to me. Now, are you seeing kind of a different approach in the EU where GDPR has to be top of mind to, you know, the large organizations, where privacy is enshrined as an actual right. And then there's the, you know, General Data Protection Regulation (GDPR) that kind of provides most of the rules, not all of them, but most of the rules around personal data plus, ePrivacy and such. Is there a little more rigor when it comes to, you know, architecting privacy there?

Andrea Amico  18:25

I don't know how much of your audience is European, and so, you know, feel free to go and send us a note at info@privacy4cars.com if you see anything different, but my perception is, talking to a lot of companies in Europe, is that most companies don't even understand that the data collected by cars actually falls under GDPR and privacy, even though the European Data Protection Board has been extremely explicit about it. And in fact, most companies say, "Oh, but I put a disclaimer, for it's in my rental agreement that it's the responsibility of the consumer to take care of their data and if they leave it behind, we have no responsibility." And I keep telling them, "Look, the fact that you've wrote it and you're the lawyer writing, it doesn't mean that's how the law works. But, but that's the that's the reality of Europe. It's very ahead in terms of theoretical protections, but companies are still lacking the understanding on how that regulation specifically applies to cars and data collected by cars.

Debra Farber  18:29

Fascinating. So what are the main privacy harms that we should be preventing for modern vehicles? And are the privacy harms similar for both connected cars as well as self-driving vehicles...assuming it's different data that's being used? 

Andrea Amico  19:47

Well, so I'm not sure how to go into the self-driving vehicle simply because I never believed that there will be you know, something that we would see in a reasonable timeline, at least, you know, as mass adoption. And, you know, I think its panning out that probably we're not gonna see them for a very long time unless you exclude some very, very specific cases. Right? So, but clearly autonomous vehicles will need to collect even more data, but autonomous vehicles will also be extremely shared. So, they're going to be less...the relationship between the car and the person are probably going to be looser. So, I think that you have both factors going on in opposite directions. 

Andrea Amico  20:23

But let's talk about traditional cars, which is what most people drive of the almost 300 million cars that are in the United States in circulation. The very vast majority, collect personal information of consumers. A relatively small minority, but considers nowadays, almost 100% of the new car production transmits second-by-second information about consumers. I'm talking about, you know, more than 100 data points per second about whatever they're doing in the car, where they're going, where they're listening to it, literally everything right there is going on. And that's the new reality, which we're moving into. Right? All new cars have essentially an embedded cell phone inside of them that collects data. And just like he calls home all the time and tells you...tells companies about everything that you're doing. And my observation is that not only consumers are not aware that this is going on, but also industries are not aware of what is going on. We did a test in which we sent mystery shoppers to dealerships and asked them what data my car's collect and where does it go, and a very mass majority of dealerships told our consumers, There's no data collected" or of course "The manufacturer will never sell your data" and, you know, they're not a high-tech company and, you know, they will make all these kinds of statements or state say silly things like, "Oh, it's all stored in a USB stick in the glove box, which is nothing." So, I don't attribute any of that to maliciousness. I think people are very easy to pass judgment on dealerships. I think they simply are just like consumers; they have no idea. They don't know that's a lot of hearsay. They've never been educated on any of this. And then as a consequence, we are passing that lack of knowledge down to consumers who are buying cars, not really understanding how anything works and possibly being told that the car does not collect data when, in fact, they have consented to the second-by-second data to be collected and sold to hundreds of companies.

Debra Farber  22:25

Wow. So a company...also government, too, right...like it could be governments might ask for a subpoena for data...

Andrea Amico  22:31

Oh, absolutely. 

Debra Farber  22:32

or be able to track a woman who was seeking an abortion if they're in Texas, or...

Andrea Amico  22:37

It's an enormous issue. I mean, in the post-Dobbs era, I think that we need to be really...I'm sure you know that the FTC is very honed in on anything that is geolocation, but cars are extremely powerful geolocation tracking devices. And not only that, I mean, imagine, you know, the extreme case in which you're...you know, you want to not be tracked, and so you turn off your phone, you wrap it in foil, you leave it at home, and then you want to go to a clinic. What do you do? You hop in your car and you're done. You're gonna be tracking no matter what. We have audited all the privacy policies of all the manufacturers. Not a single one says that they will not release data to the government unless there's a subpoena or a court order. So, in reality, what happens if the government comes and asks? They'll give the data.

Debra Farber  23:27

Wow. Wow. It's just amazing that, you know, you see a lot of people kind of going to Twitter these days and screaming about free speech beyond the First Amendment definition of free speech - like asking private industry to allow people to say whatever the hell they want on private property. Meanwhile, you don't have those same "Freedom!" screaming people going to the car manufacturers and saying, "Why are you surveilling us?" and, you know, selling data about us and, you know, without any sort of payment, or, you know, we're not getting any value out of it. Like, no one seems to be up in arms about this. And it's just fascinating to me because of how much privacy is at the forefront of people's thinking about safety today no matter where it's coming, when it comes to online, when it comes to social media, whether it comes to how data about them is used, and how identity is managed by others. Like, our vehicles just never seem to come up, and I for one, I'm going to, you know, bring it up in the future. But um....

Andrea Amico  24:31

Yeah, so actually there's there's an association. There's an organization or nonprofit; it's called Surveillance Technology Oversight Project (STOP), and they're really focused on government and police - you know, law enforcement tracking people in the United States. And they just published a big report focused on cars, and I think it's the very first piece that I saw really focused on cars and civil liberties and implications for law enforcement and government. The tide is starting to turn. So that's the good news. Right? 

Debra Farber  25:07

Right. 

Andrea Amico  25:08

The bad news is that I think you and I can agree that it was long overdue. But it is good that finally people are starting to pay attention and talk because we all need cars. This is United States. It's very hard to participate in society without a vehicle unless you live in very few, you know, highly dense cities. People need a vehicle to have a life, right, to be a practicing member of society, and so do we really want to not have privacy protections for those? I think the answer is no. 

Debra Farber  25:36

No, we absolutely want that. Since this is a podcast show aimed at privacy technologists, engineers, and researchers, I want to ask you about your approach to building and marketing the Privacy4Cars app. How did you go about it? You know, well, first, tell us a little bit about it, how it deletes data, and, you know, the purpose of using the app. But then, you know, what was your approach in building it to meet the needs of enabling compliance and then enabling data protection rights, but also meeting the market need for those who manage vehicles?

Andrea Amico  26:15

Yeah, so first of all, you heard it in the origin story, right, that the idea, the original idea, was to just give a free tool to consumers. Right? And then by talking, especially with automotive finance companies, we realized that banks understood that leaving these data in cars was not good. And so, at that point, it became pretty obvious that what they were looking for was really a compliance solution. And so for them, it was important not only to delete the data in a way that was effective and cost efficient, but it also was trackable, auditable, right, and something you can go and verify and touch with your hands and robust, because otherwise it was not going to be satisfying or in compliance. Right? And so, that's really what we try to do in our programming solution. Our revenue comes entirely from the B2B side. Right? So we give stuff away for free to consumers and then we just help companies solve compliance issues. 

Andrea Amico  27:14

And so the way...there's two pieces. Right? There's a front end piece, which is an application; and essentially, what we do is that when you scan the VIN - which is the unique identifier number, every car has a unique identifier like a fingerprint that is 17 digits long - once you scan it, we decode that not so much into what is the make model and year, but into what are the modules that collect personal information that are most likely to be in the car and what procedures do we know...what is the best procedure that we know for each of those modules, and then combine them into a stack of instructions that is specific for the vehicle. And so, people that are in the car will be offered a series of steps to do in the car because this cannot be done remotely. 

Andrea Amico  28:00

You cannot plug into cars to get this data. We tried. We hacked into cars this way. Companies told us if you do that you're going to be...we're going to be voiding the warranty. So we can't do that. So we need to use the procedure - the manufacturers' design. So, we had to figure out what are all those procedures, figure out which is the best one for each system, and then kind of glue together and offer them dynamically to whichever person is doing it. And if you do that, turns out that people do an excellent job at deleting data. And if you said you tell them just, you know, delete the data from the 50 cars in the parking lot, they typically miss more than half, even when they're, you know, when they apply the best stuff. So that was one thing where she was to be, you know, delivering superior results, both in time and effectiveness. And then there's an entire engine behind that tracks what is happening with each car and manages which cars in process, which one they need to be reprocessed and all the different outcomes, all the different exception codes, and you know, all the really nitty-gritty technical stuff that you need to have to have a very robust compliance program in place. And nowadays, fortunately, you know, there are hundreds of companies that use our program. And so we're pretty much established as a best practice now almost a standard in United States, at least for the companies that want to do these kinds of things. And so, fortunately, our records have become widely accepted as this is what you should be doing, and it's the best practice. And so, we spend a lot of time thinking about how do we make the process as robust, as intuitive, as extensive as possible? And how do we make those records as robust as possible and visible to consumers eventually? So I don't know if I answered your question, but hopefully I have. 

Debra Farber  29:42

Oh, you absolutely have answered my question. I am my follow up and I was going to ask you about standards like, especially when you said that it provides a set of vehicle instructions that manufacturers provide in order to do this to do whatever it is delete the data or whatnot, because you can't just do the easy way where you maybe do a easy hack, because that will void the warranty. It made me think, well, what if you took what do all the good work you've done and officially, like created a standard with the industry. Perhaps they could streamline instructions so that it won't void the warranty, but in a way that's maybe an easier set of instructions for individuals than what exists today. Have you considered basically taking your best practices and helping to create a standard based off of it - like official standard, like with IEEE or some automotive standards?

Andrea Amico  30:37

First of all, I've never thought of it in this way. My personal experience is that auto finance companies and fleets in dealerships because they touch consumers, they have a vested interest in solving privacy issues. That is a little bit different when you're dealing with the manufacturing side of the house. But maybe it's just my own my own bias. Right? And I mean, really, there's a real tension here on manufacturers really have a lot of priorities, right? They need to...they need to deliver safe cars. They need to launch new features, as you pointed out cybersecurity for vehicles to be mature, but you know, still a very large attack surface, and everything that they do with cars, adding sensors and features actually increases that surface. Right? So, there's more and more work to be done just for the basic securing of cars. So I think that privacy just never made it on the list of priorities because a lot of other stuff got ahead of it.

Andrea Amico  31:38

And so, I don't know what will be the appetite. In fact, a few years ago, we observed the fact that there was, you know, there were essentially no autonomous cars on the road. But there was a very established SAE standard on how do we define autonomy in vehicles, right? There's five levels of autonomy, and most people within the industry would be able to recite them by heart, right? And we started asking, "Well, is there a standard for connectivity?" And there wasn't one. And so we thought about it and we created our own rubric on how do we categorize cars on, you know, what's going on your connectivity level, from level zero to level five, just like with autonomous vehicles? And we reached out to IAE, the association of automotive engineers, and told them, "Hey, what do you think of this?" and we didn't hear back, so, I don't know, maybe there is something here, Debra. It just has not been my experience so far.

Debra Farber  32:37

That makes sense. Well, maybe there are some listening here who want to help create a standard based off of what...you know, all the good work you've done so far, and then just, you know, just make it something that is kind of embedded into the processes of creating modern vehicles. But, you know, just something to think about.

Andrea Amico  32:56

Ya know, and we're going down the path without...you know, I fundamentally believe that privacy today is where safety was 30 years ago in cars. If you had gone to a lot 30 years ago, and you're asked, which is the safest of the cars, they would have looked at you like you were a Martian. People had no idea. And I think a lot of companies made the mistake of assuming that since consumers were not shopping for safety, that safety was not important for their consumers, or if it became visible, consumers wouldn't shop for it. Now we know very much; history is very different. Right? But, it took an external force. In this case, it was first the the Highway Institute for Safety ensures how is the safety. They started to produce the first crash test, right, with a standardized rubric to rate car safety. And then eventually, The National Highway Traffic Safety Administration Department level created a 5-star safety program, and that changed entirely. And nowadays, companies compete on who has the safest car, and they brag about the new features that improve the safety. Right? 

Debra Farber  34:08

Absolutely. 

Andrea Amico  34:08

My modest ambition for our company is that we do that, that we see the ability of changing the market practices around privacy. Nowadays, privacy is not there because it's either not a priority or because companies are focused on monetizing data. But, all our studies show us that consumers deeply care about privacy, especially in their cars. And conceivably, the only thing that is missing is making it visible. And I think if there's going to be a day, hopefully very, very soon based on some things we're working on, in which you can go to our laws and you as you're shopping for cars, and you get to know which car is the most private, I think that...my hope is that we will see the same change in the market. We'll see somebody like, you know, they will do the "Volvo of privacy." Somebody will say, "You know what? We want to make our cars safe and private and that's our position in the market." I mean, Apple has done that with phones. Why not...why not an automaker shouldn't do that. I think it would be brilliant if somebody did it. So my mission is to drive the marketing that direction.

Debra Farber  35:20

I love it, and I absolutely agree that there's opportunity there for the car manufacturers that want to take the lead. You know, one of the challenges is that, since they hadn't thought about privacy to begin with to the extent that they should have to architect the systems, and think about privacy by design embedded into everything, there's a lot of technical debt there. But, given that there's constantly new models, it seems like there's an opportunity to also work on a clean slate design, maybe for new cars and thinking from a privacy by design mindset. And then, you know, I clearly don't know what it takes to bring a car to market. I'm sure it takes a lot, but there is that opportunity there for a car maker who wants to actually take that mantle of being a privacy-preserving vehicle maker and then win the market on it because I totally agree with you. You know, people have been saying about privacy generally that everything from "Privacy is dead" to "Consumers don't care about being tracked," when in reality, it was just so unclear to consumers about how they were being tracked, who's doing what, that that confusion went to the benefit of the bigtech companies.

Andrea Amico  36:32

And even when they realize it, just didn't know what to do about it because, you know, if I want to use the app and how, you know, how do I not click yes, right, to agree to everything? And similarly, when you go and buy a car at a dealership, I don't think people realize it's the same thing as clicking on the estimate button in the app. By signing that contract, you are agreeing to your data being used for all sorts of things; and you can go there with your red pencil and, you know, say, "Well, I'm striking clause 47, on page 8," that just doesn't work. You cannot walk out of a dealership with the keys if you try to do that. Right? So it's that inability also that is preventing this from happening. I agree with you on the technological debt. But again, it's been done before, when the safety ratings came out for the very first time; and, at the end of the '90s, the average car scored the one and a half out of five stars. Even though the ratings calculation was much more generous at the time than what it is today, today is a lot sweeter. The criteria have evolved and become tougher, right? But, so it will be easy to say, "Well, dang. So we should throw in the towel because cars are unsafe" and we need to accept the realities that within one engineering cycle (which back in the day was eight years), the average rating has gone up across the board, by an entire star. So, the the fact that somebody had started to measure it, and gave a rubric, that rubric became essentially what we need to solve for as engineers to maximize the number of stars. And that turned out to be really good for consumers. And not only for them, but really good for companies who had safer products. They could sell it faster for higher prices. My hope is that, again, we'll see the same for privacy. The fact that we're starting from a difficult place, all it means to me is that there's a lot of opportunity and all this stuff is really low hanging fruits. I think that a lot of companies, you could be making a lot of progress really fast. Just today, they're not focused on it because they're not measured on it; and, that's what we want to change.

Debra Farber  38:36

Yeah. You know, that actually brings up a good point. So for one, I hear you saying that just making the privacy usable - where the interface is understandable and a person can actually like, say, "Yes, I want to delete this," or, you know, that is a huge win. That's low hanging fruit; let's design for that. But, what about the back end? Like, where's the data going? Like, you know, I've been in some large companies and had to deal with understanding, you know, that data governance aspect of how it moves through systems in the organization is, you know, really complex; and, being able to delete it where something somewhere has downstream effects, but also might have upstream effects. Is the state of like the company of manufacturers and the vehicle makers, the state of their privacy protocols within their organization, not just the devices themselves, the computers within the cars themselves, but what are the practices like about those who have access to it: the third party, you know, the wholesalers, dealerships, service providers? Is that just a different story? Not low hanging fruit? 

Andrea Amico  39:39

Oh, my gosh, this is so extremely complex because there's so many different types of companies and data flows in so many places, but, you know, just pure brokers of automotive data. I think we have more than 50 or 60 in our in our database so far, right? So there's, there's a huge market for this - for this data. And again, I think we're just scratching the surface; but, look, some problems are quite honestly difficult to do, right, because once you have laid an entire network of data flowing a lot of directions, it's really hard to start to pull the strings. But, at the same time, it's going to be a lot easier to do it now than 10 years from now because the market for vehicle data is just starting. This entire new concept people starting to talk about of the software-defined vehicles, in which the vehicle evolves as the software gets upgraded or a new feature launched, that's just barely, barely, barely started. And, I think if we start to address these issues now, we're going to find ourselves in a much better position. If we ignore it, it's like trying to fix now, you know, privacy on on the Internet. Like, you know, it's a huge problem, and it has...you know, there's a huge ecosystem of companies that have billions of dollars at stake, and every time you go in tweak autonomy, they'll take. But with cars, we're not quite there yet. And so that's my hope, again, that if more people draw attention to cars, it will pay off very handsomely in the years to come. 

Andrea Amico  41:05

And again, some of the changes that companies need to do are actually pretty trivial. Some of them are really, really just a policy, right? An example would be, why can't we start saying in our privacy policy what data we do not collect? There's a few manufacturers that actually do that. There's a handful of manufacturers will say, "We do not collect biometrics in our vehicles." Say that, like, that's a great thing to say, we're just going to take the position or collecting biometrics, there are some practices like before, we're talking about law enforcement, to for companies to be able to say, "You know what, we're going to give data to government only if we have a subpoena or a court order or similar situation and otherwise we will not" only takes his the stroke of a pen. There is no database to be reengineered. Right? And so there are a lot of ...what I'm saying is there's a lot of low hanging fruit. There's lots of little stuff like that that will really make a one-time bump that is meaningful and then you leave the harder things over time. But, we could dramatically improve how much we respect privacy of people, even just, you know, the things we were talking about before, the bundling of my consent of safety versus non-safety. That's also a strok- of-the-pen kind of thing. Simply, companies have not chosen to do so because right now they think that their best path to profit is going to be to collect data from consumers and sell it, and monetize in other ways, as opposed to taking the Apple path of "Buy my car instead of somebody else's because it's more private."

Debra Farber  42:47

Right? You know, you're this second guest of mine that has referred to this concept of almost privacy as restraint. Steve Wilson, from Lockstep Consulting - we had a whole conversation about how privacy to him is about restraint: what you don't collect about people, what you, you know, decide upfront not to do with data. And, you know, this is just another underscore of that concept, you know, communicating to the public what data you don't collect and, you know, it's a great way to earn trust from the market. So, you know, I love that your...

Andrea Amico  43:23

Well, what's your retention policy, right?

Debra Farber  43:25

Yep. 

Andrea Amico  43:25

And you can not tell me you retain it as long as we think is necessary, or 20 years, because no CIO of any other company will find it acceptable.

Debra Farber  43:34

Absolutely. So how have wholesalers, dealerships, and service providers reacted to Privacy4Cars? Has it been a wake-up call regarding vehicular privacy? Is there momentum in the industry now as a result of, you know, consumers and service providers and wholesalers and dealerships seeing it on the market?

Andrea Amico  43:57

Well, I'm sure you know that privacy is on the mouth of a lot of people nowadays; and, you know, a lot of regulators are looking into it. And a lot of new laws are coming into effect just now in 2023. Right? So, it is definitely a hot topic. But when we talk to companies, very often - especially with dealerships, right - many of them tell us, you know what, we actually never thought about this. But, doesn't make sense. I mean, if Debra brings her car and trades it in, I mean, as a company, would we want to delete your data and tell her we're doing that because that's good service? Yes, of course, right? So, beyond the legalities, there's an entire aspect of customer service. They've been attentive to what consumers want and need and frankly look different than what the dealership across the street or across town is doing. And so actually, we see some of our dealerships we work with are starting to call people ahead of their lease return, like they call them months before as they always did before, but now when they call it is not only, you know, "Well, bring it here. We'll give you a good view on your car," but "Well, see if you bring it here, we're going to be deleting your data, and I'm going to show that the same brand across town does the same. So, why don't you come to us?" And so, they're starting to realize that there's value to be communicated to consumers because consumers actually do care, and that's, you know, again, I don't have the power of changing law. And I'm sure that, you know, if we did a parallel universe in which Debra is the "Queen of the Universe," probably it will be an alternative reality in which there's more privacy protections for everybody. We don't. Right? And so, all I can do is to try to change the economics and make it more attractive for companies to do the right thing as opposed to ignore it.

Debra Farber  45:40

And that makes sense, you know, aligning it to areas of revenue generation and how do you compete in the marketplace. I mean, that's been something I've been trying to do with privacy from every role I've been in, right. Like, privacy is not a cost center. Stop viewing it that way, right. It's not about compliance. Privacy is about ensuring that you are respecting your customer, basically, and the rules around their identities and the data that's connected to it. And so by, you know, making it only compliance, you're never going to be embedding privacy within the organization. It's always going to be an add-on at the end and, you know, the minimum required to be legal as a business; and, that's just not going to set you apart as an organization in modern times. So, I totally agree with you there. You know, what advice would you give to the developers of automotive software when architecting and developing systems and networks in the space, and how should they approach threat modeling? You know, in your opinion, I know we just talked about some of the low hanging fruit, which is not regarding the technologist so much; it's maybe more of the realm of the lawyers. But, you know, what advice would you give to the developers in the space?

Andrea Amico  46:50

I think starting from simply asking themselves, "Does this have privacy implications?" and see what the reactions are in the room. That's, that's a great starting point because, frankly, I see some products coming out where I just look at them and I wonder, you know, "Who in the room didn't raise their hand?" and thinking that this was not a not a great idea. You know, just to be blunt, but I think it's part of a very difficult transition in culture in automotive, right, because automotive manufacturers until yesterday have been essentially bending metal and putting pieces of metal and plastic together. And now, they're supposed to be a high-tech company that writes software and that transition is hard. And there's a lot of people who are betting against that transition, and I think that they can...they can win the transition. But, that's not going to be without paying attention to what are actually the implications of dealing with data. And this is like if I had been making until yesterday, you know, typewriters and then I say, "Oh, and in the next five years, we're going to be following the logic, the following features: we're going to be putting in a hard drive on that so that, you know, the typewriter remembers what we typed; we're going to replace the sheet with with a screen; oh, and by the way, we're going to be attaching a modem so that the typewriters can talk to each other and also to a central place where we can store the documents." And, you turn them into laptops, but nobody actually has called it that, "Hey guys, we're making laptops now," and it's not the same thing as making typewriters. And so, I don't know how that cultural war is going to pan out, but again, my hope is that enough companies will see that privacy is not a problem for the lawyers by the lawyers, but it is something that can help change the positioning of your brand in the market. And I think the second which they're going to see that, we're gonna see wonderful things coming out of the industry. We're not there yet.

Debra Farber  48:57

Well, I love the optimism. I mean, I'm with you on that. I'm not I'm not...I am an optimistic

Andrea Amico  49:03

I'm optomistic because this has to do with safety. This has been done before.

Debra Farber  49:07

It has and it is only a matter of time. I feel like, you know, we haven't even talked about regulators and stuff like that. I mean, I do think that...I don't want to say it's a ticking time bomb, but as a...as a concept, the fact that the government hasn't looked at automotive vehicles and all the data that they collect and store and, you know, kind of apply the same approach that the FTC has been applying towards a lot of other areas of commerce, even, you know, it is still mind-boggling to me that we are so behind in the automotive space, but you have definitely explained why some of the...

Andrea Amico  49:38

Anyway, the FTC has spoken specifically about data left in cars as a problem area three times in the last four years. Right? So, despite all that guidance, we're still lagging. So, I don't know what the regulators will think about what needs to happen to actually see a change in the marketplace; and, you know, I'm not the regulator. All I can do is try to change the economics. That's the little area of influence I can try to exert. Right?

Debra Farber  50:08

Right. So to that end, what are what other projects are you working on? I mean, are other organizations that if people were interested in the space they can plug into? I know you, you already mentioned The Surveillance Tech Oversight Project, which, as I was writing it down I see that spells "STOP" as a acronym there. Yes. And then IAE, the Institute of Automotive Engineering. Are there any other projects, initiatives, organizations that you could....

Andrea Amico  50:34

Yeah, I mean, the EFF and Consumer Watchdog are always prolific about watching what's happening with cars and data and they write their own reports and they're both great oganizations. In fact, The Consumer Watchdog, based in California, clearly, they're very attuned to the local laws; and, the fact that California has been leading the nation, not just you know, in private, but specifically for vehicles. Like, people don't realize that the reason why cars are safer and cars are... there's an OBD-II port in cars, and the reason why emissions are better in cars is entirely because of California. So, California has been always on the leading-edge and driving change across entire nation. So, those are great organizations.

Debra Farber  51:19

Yeah, California definitely has set the standard for a lot of commerce related things, including privacy, generally.

Andrea Amico  51:26

We start to see all the <inaudible> officers speaking about this issue, which, you know, I quite did not expect, but we start to see dealers organizations talking about it. We start to see associational compliance officers talking about it. So there are a lot of niche organization really specific on automotive, were starting to think about what do we do for privacy (not just the data stored in the cache, but just more in general, you know), what do we do for particularly within the four walls or dealership, or in the database or bank, or anything that is related to a transaction where there's a vehicle? There's a lot more thoughts into that that we've seen in the last...just in the last couple of years and it's really been driven by regulation. Right? Because a lot of rules have been changing, or are imminent to change next year.

Debra Farber  52:17

Oh, interesting. We'll have to have you back on next year to tell us about that. Since we're getting to the end of our conversation today, do you have any calls to action for our listeners? For instance, where can they find your app?

Andrea Amico  52:29

Well, so the free consumer version is available on stores. So, you know, just go on GooglePlay or the Apple Store and it's there. They can find the information about us and our research, most importantly, Privacy4Cars, which is spelled "Privacy4Cars.com" and, it's also easy to get in touch with me. My social media preference is LinkedIn and occasionally on Twitter - we'll see what happens now - but that's where people can track us and find us. Please reach out because I've been in touch with increasingly...with companies that designed telematics system or that collect feeds from from cars; and they reach out and ask questions about, "Hey, this is how we're thinking about designing our program," and we're more than happy to give free advice to anybody on what we see, what are the best practices, and just give you food for thought.

Debra Farber  53:27

Well, I know the next time that I rent a car, I will be using the Privacy4Cars app to make sure that the data that's on there is is deleted.

Andrea Amico  53:36

Yeah. People started to tell me years ago: people, you know, should take control, and that's why we launched the application. But the more time passes, the more I realized that that's a little bit naive from my side because asking people to be informed and know what to do at the right time in the right place, as opposed to asking their dealership asking their auto finance company, asking their insurance, asking that, you know, fill the blanks, whichever company. Rather than a company asking them, "What are you doing to protect my data?" show me. That's way more powerful because, frankly, until consumers start asking, these becomes always tomorrow's or the next next day's problem and never today's.

Debra Farber  54:21

I 100% agree. I feel like in the ecosystem, if you're putting out a product, it's, you know, it's your job to educate consumers on how to use it safely. I mean, it just seems like common sense to me. I was kind of shocked over my 17 years in privacy to kind of see the advertising industry, you know, and even the app stores try to pass that off at the beginning on to consumers and be like," No, it's up to the consumers to determine what is safe." That means like...that's the Android kind of point of view versus, you know, there was a little bit of vetting for Apple AppStore. And you know, just remembering the advertising space...I don't understand how you can say, "Put this on the consumers and ethically say that with a straight face; but yet, you know, that's what happened. So totally agree with you there. I think that's where it is best going from a public policy standpoint where the onus should be for privacy assurance. 

Debra Farber  55:14

Andrea, thank you for joining us today on Shifting Privacy Left to discuss the privacy and security challenges around connected vehicles, privacy for cars app, and your thoughts on building privacy into vehicles by design. And until next Tuesday, everyone, we'll be back with engaging content and another great guest. Thanks for joining us this week on Shifting Privacy Left. Make sure to visit our website, shiftingprivacyleft.com, where you can subscribe to updates so you'll never miss a show. While you're at it, if you found this episode valuable, go ahead and share it with a friend. And if you're an engineer who cares passionately about privacy, check out Privado, the developer-friendly privacy platform and sponsor of this show. To learn more, go to Privado.ai. Be sure to tune in next Tuesday for a new episode. Bye for now.