Excuse my French, but audio recordings, holy shit. I thought we were still living in a society where recording audio of unsuspecting people in semi private spaces was at least a line that would not be crossed that casually. Apparently not.
I agree with you, but we also collectively bought devices with active mics, cameras and a constant internet connection while legal aspects of data privacy were (and still are) a bit of a Wild West, so I'm not sure what anyone expected. We as consumers and citizens need to stop assuming our governments and corporations will just do the right thing and not tread those ethically grey lines. When "consent" is defined by those doing the exploiting, only total abstinence from the decision is the safe option, but we all continued to buy smart phones.
Note, this is not a justification, but an attempt to understand how we got to now in hopes that by seeing where we've been, we can collectively make better decisions about where we are headed.
> legal aspects of data privacy were (and still are) a bit of a Wild West, so I’m not sure what anyone expected. […] we all continued to buy smart phones.
Widespread breach of privacy is not a valid excuse for companies to continue violating privacy and even collecting potentially illegal surveillance, right? Phone taps and home searches without a warrant have been illegal for decades, and the fourth amendment to the constitution prohibits government search without probable cause in general. So what I expect is that the existing and established laws and goals carry forward in obvious and reasonable and unsurprising ways from the consumer’s point of view, without vested interests trying to pretend like digital devices’ ability to communicate are somehow radically different from any other type of communication. The only thing that’s changed is that recording and sharing and searching got much, much faster and easier. People who stand to benefit from that are arguing that because it got easier, it should be allowed, but from the privacy perspective it’s the opposite: because it got easier it means we need to actually enforce privacy, and put a stop to the contorted arguments that try to justify data collection without explicit consent.
American law doesn’t generally prevent them from surveillance, so long as a shrinkwrap license provides consent and any token one-time fines are classifiable as necessary opex if they survive a decade of court appeals.
This is slowly changing, but with 50 member states and aging union leadership, there is no GDPR equivalent yet for citizens of the US.
(And, CCPA protections are only offered to citizens of California, which demonstrates the corporate incentives to keep it fractured and at the state level nicely.)
The most effective way to get this changed would be to identify the cars used by every US senator, and then write them letters pointing out that their cars have granted a sometimes-foreign corporation permission to record every conversation they have, keep a file on who they meet, and document their sexual activities. This is standard espionage tactics, and as awareness of it should be spread in Washington DC in particular.
You’re right, of course, but we shouldn’t really need a GDPR when we should already have an established reasonable expectation of privacy inside a car. Google search takes me to lawyers who agree, for what that’s worth… https://dworkenlaw.com/when-can-the-police-search-my-vehicle....
A person can give up their right to privacy to any officer of the law, and to a corporation just as easily.
US corporations now demand you give up all rights that the law permits you to give up, and they do so by shrinkwrap licenses that are “take it or leave it”, while denying the ability to deactivate a reasonable and small subset of functionality if the buyer disagrees.
This is typically where regulation steps in, and does so quite successfully in the EU but not the US, to say that consumers may not contractually give up their right to privacy without express, plainly-sought consent — so, not just shrinkwrap licenses — and that refusal or revocation of that consent shall not deny someone access to functionality that can be reasonably delivered without it. The US has its work cut out for it to catch up here.
Not directly related to the car situation, but the last time I bought a TV my first question was whether non-smart TVs exist. They do, but they're not worth the effort and my best option was to not connect the TV to the network.
It sounds like it's no longer even an option to buy a car that doesn't come with a bunch of uplinks to the car company, maybe to the insurance company airplane-black-box-style, etc.
Some IoT devices now are programmed to reach out to public or known (ISP) wifi networks and connect automatically without your knowledge or consent. This is what it looks like when your government is by and for corporations.
> We as consumers and citizens need to stop assuming our governments and corporations will just do the right thing and not tread those ethically grey lines.
We—as in most people on this forum—can do much more than that. We can actually refuse to work for these companies, and to build such features. We can implore our colleagues to do the same, and inform our family and friends of these features, and suggest alternatives.
Yet many of us don't think twice about working for an adtech company, because of the prestige, compensation, or some other personal benefit.
> Excuse my French, but audio recordings, holy shit.
People carry phones in their pockets equipped with mics and running operating systems that have secret source code. If you think the mic can never turn on without you knowing you are in for a big surprise.
To my knowledge though this has never been proven. Yes, the base band can in theory access this stuff, and the OS could do so stealthily I suppose -- but this is Subaru SAYING they are doing it every time you get in the car for no really good reason.
If the hardware and software allows it its not science fiction that it will be used in that way one day if its not already the case. And of course it works better if you dont tell people about it unlike Subaru
The companies selling those phone swear they are not listening to everything you say.
Whether you believe them or not, it's a completely different situation from reserving the right to record everything and sell the recordings to whoever they want.
One giant reason that the
Police of Zürich did not purchase Tesla's for their electric fleet was this. Although I assume the audis they have now also would be able to record passanger audio it can be removed.
I'm confused how all of this doesn't violate the GDRP in the EU? I'm not an expert, but at face value I'd assume none of this is allowed by the GDRP, unless they found a loophole or no one was aware of it.
Supposedly EU data is stored in a Netherlands DC but it may still violate the law.
For sure the Tesla recording while parked feature is illegal. I dont know why nothing is done about it. Probably just slow moving government. Especially now in Switzerland with the new privacy law. Private survalance of public grounds is illegal. Survalance of private property requires posting a clear sign of such including data retention, where data is stores and contact information.
> Are dashcams illegal too? If not, how is it different?
A state court in Landgericht ruled that everyone who is participating in traffic is aware of being seen and recorded [1], so apparently it's different from being near a parked Tesla in public in which you might be recorded without your knowledge.
There have been similar decisions by other courts, apparently.
However, the law is probably a bit tricky, in that it might be legal to use the recorded video as evidence in court (or perhaps insurance purposes?), but probably not for other purposes such as posting it on Youtube.
Last time I checked, in Spain (and probably other EU countries) similar reasoning applied for recording videos in public places, e.g. while you're walking on the street: I think you can record other people in public without their consent as part of your interactions with them, as long as you safeguard the recorded video and not publish it (and probably only for as long as it might be needed). You could use these recordings as evidence in court, but probably not for almost any other purpose.
You might, however, be prone to being punched in the face, as many people find that to be quite aggressive behavior. Police may even arrest you and confiscate your equipment as they're not all necessarily aware of all the intricacies of data protection laws.
In Switzerland you can record crowds and in public but as soon as your footage focuses on a specific person you are violating their rights and require consent which can be revoked any time in the future.
If you watch news footage you will see street footage but as soon as a person is too close or start being the focus they will blur it out.
However there are exceptions, for example a large public gathering that is broadcast on television you can not expect privacy. For example the street parade.
I ended up in a CD album art booklet without my knowledge or consent but it was at the street parade at which you can't expect privacy if you are attending.
> In Switzerland you can record crowds and in public but as soon as your footage focuses on a specific person you are violating their rights and require consent which can be revoked any time in the future.
Probably I didn't make this very clear, but in the specific scenario I mentioned, it is legal to record a specific person without their consent but only if:
1. You are interacting with that person, and
2. You don't publish the recording (without the person's consent).
And I think there are other restrictions as well, although I don't remember exactly, e.g. you might be required to delete the recording if it's no longer needed and/or you might only be allowed to record it if you intend to use it as legal evidence and/or you might be required to take reasonable steps to protect the recording (i.e. not allow other people to access it). But again, I'm not sure about these latter restrictions.
Also, there is a distinction between recording someone (or some place) and just keeping the recording vs publishing the recording. The latter has more restrictions than the former, obviously.
Although I have no clue how live streaming fits into all of this, as you're not (necessarily) saving the recording? So I'm not sure how the GDPR laws come into the live streaming scenario, if at all.
If dashcams are then so are Tesla's and bigger issue with Tesla is if any of this footage leaves the car. Especially if it goes outside the EU like autopilot disengagements.
This isn't something tne Tesla owner can sign in the ToS because the people in the footage are others. Tesla probably uses the excuse that you the operator are in violation not them but then again a Tesla owner has only limited control over this. I can legally buy a surveillance camera but it is my responsibility to use it legally.
But why do you think dashcams are illegal in the EU?
It's been ruled by multiple courts in the EU that dashcam recordings can be done legally because everyone is aware that they might be recorded in traffic at any time (e.g. by traffic cameras). That said, you have to comply with some restrictions. For example, you are probably not allowed to publish these recordings on Youtube. But they can definitely be used as legal evidence in court.
Secondly, I don't think Tesla's dashcam footage leaves the car in the EU (unless there is an accident, perhaps).
As far as I know, they don't even transmit or save any recording unless there is an accident or the user presses a button to save the footage into a USB drive inside the car.
In the accident scenario, it is quite clear that it's legal to keep this recording, because these can be used in court as legal evidence. As far as I know, there are many situations in which you are not allowed to film someone or something in the EU in general, but you are allowed to do so if you intend to use it as legal evidence, as that purpose trumps the other privacy concerns.
In the "user presses a button" scenario, it would be the user's responsibility to make sure that the recording is used legally. But again, if the user does not publish the recording and is only filming traffic, this is quite likely to be legal, especially if you only use it in reasonable scenarios (such as recording an accident in which you are not involved, or someone driving drunkenly).
It's not like anyone is going to be pressing the button every 10 minutes. And even if they were, it would be their responsibility to make sure it's legal to do so. It wouldn't be dashcams themselves that are illegal, but rather, what you do with them and the saved footage (if there's any).
Edit: I'm talking about the normal usage of the dashcams, not the Sentry mode functionality which has additional concerns (as you're not recording traffic, but rather people in the immediate surroundings of the car, when the car detects movement around it). As far as I know, courts have already decided that it's legal to have Sentry mode as well, but Tesla was required to warn users that they have to comply with data protection regulations when they use this functionality.
That said, I'm not sure what are the exact requirements for using Sentry mode legally.
There is one potential way it may be getting used which would probably be legal.
Years ago, before smart phones became ubiquitous, I worked for a company that had a contract to provide kiosks containing travel planning software to bus and rail stations. As part of this, one of the jobs I had to do was create a method of recording information from an onboard camera in the case of the kiosk being vandalised.
How it worked is I made a rolling cache of the last 30 seconds of video; this was never saved unless an onboard "shock sensor" was activated. If the shock sensor was activated then I would save the last 30 seconds of video plus another minute or so. This could then be used as evidence by the police to help catch the vandals.
I have no insight into how the Sentry Mode functionality works, but it could very easily use a similar sensor to car alarms to only actually save the recorded video if there is some sort of "impact" on the car.
It does, but in most cases how can you prove that the car record and send such information to the OEM and others? Most new cars offer some kind of audio interfaces, so they NORMALLY listen to you, some also have various "security features" to monitor driver attention that demand video. Can you prove in a closed source system that such information does not goes beyond the car itself?
Until we properly fund the data protection agencies not much can be investigated and thus enforced. Also enforcement starts mostly with ‘please don’t do that’…
When your car crashes and it calls for help do you really want to sit through "this call may be recorded for quality assurance" and other disclaimers?
If Mozilla really wanted to be helpful they could suggest legal terms to cover the manufacturer for features people want, such as crash reporting or locating stolen vehicles - except I suspect that Mozilla would feel obligated to issue a scathing review of Mozilla's suggested privacy policy were they to do so.
When your car crashes, do you really want it selling the livestream? Because it seems like the agreement would allow that.
If contrarians really wanted to be helpful, they'd not downplay risks inherent in the utter lack of basic privacy legislation in the US and pretend this is all fine and normal. But instead they shill for car manufacturers, pretend adtech is harmless and try to portray anyone who has a problem with these things as weirdos.
If it’s about expediting emergency calls then say so and limit the recording (declared and actual) to that situation. This ‘including, but not limited to’ wording that everyone uses is bs.
The point is that it's not so easy to narrowly construct a legal contract that covers the manufacturers from liability.
Don't you think Mozilla's message would be much stronger if their privacy guide had an example of what the legal agreement should look like? I didn't see anything like this, maybe I missed it. Clearly manufacturers have gone overboard in some cases, but I don't believe it's that easy to make you guys happy.
There are lawyers in the audience here, how about post some legal contract that protects manufacturers from a passenger pressing the OnStar button while the driver is in the gas station bathroom and being liable for anything resulting from that, and every other possible liability from OnStar. I'll take my -4 and your lack of constructive counterargument as the answer I know it is.