Tracking vehicles across state lines
As the number of women traveling across state lines to obtain abortions continues to grow (analysis of trends, statistics and map), recent reports have confirmed the reality of some of the ways we feared that motorists traveling for these or other purposes can be identified and tracked.
The ACLU of Northern California and Bob Egelko of the San Francisco Chronicle have reported that, despite a directive from the California Attorney General forbidding California state and local government agencies from sharing automated license plate recognition (ALPR) data with out-of-state entities, police in some California cities are continuing to share this location data with out-of-state police and/or interstate data brokers.
The order from the Attorney General was specifically intended to prevent other states from using ALPR data from California to identity or take action against abortion travelers.
Even if California police bring their practices into compliance with state law and the state Attorney General’s directive, that won’t stop police in other states from buying ALPR data collected by private entities in California — the owner or operator of a parking garage across from an abortion clinic, for example — and aggregated and resold by commercial data brokerages.
Meanwhile, in the New York Times, Kashmir Hill reveals that automobile manufacturers have been selling motor vehicle telemetry information, collected by onboard sensors and control systems and transmitted by cellular data transceivers embedded in euphemistically-named “infotainment” systems, to data brokers including Lexis-Nexis.
While the focus of Hill’s article is on the use of this data by auto insurance companies, law enforcement agencies including the TSA are customers of Lexis-Nexis.
Hill says the data sold in bulk by vehicle manufacturers and disclosed to vehicle owners by Lexis-Nexis in response to requests pursuant to the Fair Credit Reporting Act didn’t explicitly include vehicle location data. But that doesn’t mean that location data isn’t available to vehicle manufacturers or police.
Most vehicles with embedded cellular data transceivers also have embedded GPS receivers. Enabling those systems to send GPS location pings to the manufacturer, if that isn’t being done already, would require only a remote software “upgrade”. As long as the manufacturer has the ability to push out software turning on location reporting, the manufactuerer could be compelled to do so by a court order such as has been used to force other companies to spy on and report travelers’ movements.
The only way to prevent this is not to build this capability into vehicles. But most vehicle purchasers or drivers don’t know that their car has a built-in self-surveillance system with its own wireless data transmitter that “phones home” to the manufacturer, much less what data it transmits or could be silently and remotely enabled to transmit.
That’s not the only threat model inherent in having an embedded SIM and wireless data connectivity built into your vehicle. Because the telemetry system connects to the Internet over the wireless cellular data network, the network operator knows which cell tower the unique SIM in the vehicle is registered with whenever the telemetry system is active, which is generally whenever the vehicle is in operation — and could be switched to be always on.
Law enforcement agencies already use fishing-expedition “geofence” warrants to identify all cellphones in the vicinity of times and places of interest. As the percentage of new vehicles with embedded SIMs and always-on cellular modems continues to increase, they are likely to use similar warrants directed to wireless network operators to identify all the “connected cards” that were registered on those networks in specific locations and times.
We’d welcome reports from anyone who has obtained a complete report of the data collected by either (a) the manufacturer of their vehicle or (b) the operator of the mobile network uses by the vehicle telemetry system. (It may be easier for vehicle owners in Canada than in the USA to obtain this data through access requests under the Canadian PIPEDA law, which has no US counterpart.) We’d also welcome reports from anyone who has tried to opt your vehicle out of manufacturer telemetry or have the telemetry system removed, disabled, or placed under driver control.
Pingback: Tracking vehicles across state lines - CodeGurus
Getting a used vehicle circa 1975 model year keeps sounding better. Vehicles that old can’t be tracked or hacked as they have mechanical engines and no computers or software. To keep from being tracked via mobile phone a faraday bag is all that is needed.
My truck is more than 20 years old and has no wireless devices of any kind, nor a “black box” data recorder. My parents have a 2011 Chevy Traverse equipped with an OnStar cellular transceiver. I disabled the OnStar system as follows.
First, I located the OnStar module, in the back next to the emergency jack. It has an LG logo on it. Then I pushed the OnStar button on the rearview mirror to confirm that the system works. Then I unplugged all the wiring connectors from the module: two rectangular connectors and an antenna connector. I also unplugged the Sirius satellite radio module, right next to the OnStar module, because why not. Then I pushed the OnStar button again to confirm that the system no longer works. Done! I didn’t even need tools to do this.
Update to my previous comment. I find that simply disconnecting the OnStar module causes annoying error messages on the dash. A better solution is to take the module out, open it (six screws), and remove the connector between the small cellular circuit board and the main circuit board. Then reinstall the module and plug it back in. The OnStar system will fail to connect to the cell network.
Pingback: Combining radio and visual tracking of road vehicles – David Icke
Pingback: Combining radio and visual tracking of road vehicles - All View News
Pingback: Combining radio and visual tracking of road vehicles – Infokeltai News