Your Car Spies On You And Rats You Out To Insurance Companies

The interior of a luxury car. There is a dagger protruding from the steering wheel. The entertainment console has been replaced by the text 'You wouldn't download a car,' in MPAA scare-ad font. Outside of the windscreen looms the Matrix waterfall effect. Visible in the rear- and side-view mirror is the driver: the figure from Munch's 'Scream.' The screen behind the steering-wheel has been replaced by the menacing red eye of HAL9000 from Stanley Kubrick's '2001: A Space Odyssey."

By Cory Doctorow
March 12, 2024

Another characteristically brilliant Kashmir Hill story for The New York Times reveals another characteristically terrible fact about modern life: your car secretly records fine-grained telemetry about your driving and sells it to data-brokers, who sell it to insurers, who use it as a pretext to gouge you on premiums:

https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html

Almost every car manufacturer does this: Hyundai, Nissan, Ford, Chrysler, etc etc:

https://www.repairerdrivennews.com/2020/09/09/ford-state-farm-ford-metromile-honda-verisk-among-insurer-oem-telematics-connections/

This is true whether you own or lease the car, and it’s separate from the “black box” your insurer might have offered to you in exchange for a discount on your premiums. In other words, even if you say no to the insurer’s carrot – a surveillance-based discount – they’ve got a stick in reserve: buying your nonconsensually harvested data on the open market.

I’ve always hated that saying, “If you’re not paying for the product, you’re the product,” the reason being that it posits decent treatment as a customer reward program, like the little ramekin warm nuts first class passengers get before takeoff. Companies don’t treat you well when you pay them. Companies treat you well when they fear the consequences of treating you badly.

Take Apple. The company offers Ios users a one-tap opt-out from commercial surveillance, and more than 96% of users opted out. Presumably, the other 4% were either confused or on Facebook’s payroll. Apple – and its army of cultists – insist that this proves that our world’s woes can be traced to cheapskate “consumers” who expected to get something for nothing by using advertising-supported products.

But here’s the kicker: right after Apple blocked all its rivals from spying on its customers, it began secretly spying on those customers! Apple has a rival surveillance ad network, and even if you opt out of commercial surveillance on your Iphone, Apple still secretly spies on you and uses the data to target you for ads:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

Even if you’re paying for the product, you’re still the product – provided the company can get away with treating you as the product. Apple can absolutely get away with treating you as the product, because it lacks the historical constraints that prevented Apple – and other companies – from treating you as the product.

As I described in my McLuhan lecture on enshittification, tech firms can be constrained by four forces:

I. Competition

II. Regulation

III. Self-help

IV. Labor

https://pluralistic.net/2024/01/30/go-nuts-meine-kerle/#ich-bin-ein-bratapfel

When companies have real competitors – when a sector is composed of dozens or hundreds of roughly evenly matched firms – they have to worry that a maltreated customer might move to a rival. 40 years of antitrust neglect means that corporations were able to buy their way to dominance with predatory mergers and pricing, producing today’s inbred, Habsburg capitalism. Apple and Google are a mobile duopoly, Google is a search monopoly, etc. It’s not just tech! Every sector looks like this:

https://www.openmarketsinstitute.org/learn/monopoly-by-the-numbers

Eliminating competition doesn’t just deprive customers of alternatives, it also empowers corporations. Liberated from “wasteful competition,” companies in concentrated industries can extract massive profits. Think of how both Apple and Google have “competitively” arrived at the same 30% app tax on app sales and transactions, a rate that’s more than 1,000% higher than the transaction fees extracted by the (bloated, price-gouging) credit-card sector:

https://pluralistic.net/2023/06/07/curatorial-vig/#app-tax

But cartels’ power goes beyond the size of their warchest. The real source of a cartel’s power is the ease with which a small number of companies can arrive at – and stick to – a common lobbying position. That’s where “regulatory capture” comes in: the mobile duopoly has an easier time of capturing its regulators because two companies have an easy time agreeing on how to spend their app-tax billions:

https://pluralistic.net/2022/06/05/regulatory-capture/

Apple – and Google, and Facebook, and your car company – can violate your privacy because they aren’t constrained regulation, just as Uber can violate its drivers’ labor rights and Amazon can violate your consumer rights. The tech cartels have captured their regulators and convinced them that the law doesn’t apply if it’s being broken via an app:

https://pluralistic.net/2023/04/18/cursed-are-the-sausagemakers/#how-the-parties-get-to-yes

In other words, Apple can spy on you because it’s allowed to spy on you. America’s last consumer privacy law was passed in 1988, and it bans video-store clerks from leaking your VHS rental history. Congress has taken no action on consumer privacy since the Reagan years:

https://www.eff.org/tags/video-privacy-protection-act

But tech has some special enshittification-resistant characteristics. The most important of these is interoperability: the fact that computers are universal digital machines that can run any program. HP can design a printer that rejects third-party ink and charge $10,000/gallon for its own colored water, but someone else can write a program that lets you jailbreak your printer so that it accepts any ink cartridge:

https://www.eff.org/deeplinks/2020/11/ink-stained-wretches-battle-soul-digital-freedom-taking-place-inside-your-printer

Tech companies that contemplated enshittifying their products always had to watch over their shoulders for a rival that might offer a disenshittification tool and use that as a wedge between the company and its customers. If you make your website’s ads 20% more obnoxious in anticipation of a 2% increase in gross margins, you have to consider the possibility that 40% of your users will google “how do I block ads?” Because the revenue from a user who blocks ads doesn’t stay at 100% of the current levels – it drops to zero, forever (no user ever googles “how do I stop blocking ads?”).

The majority of web users are running an ad-blocker:

https://doc.searls.com/2023/11/11/how-is-the-worlds-biggest-boycott-doing/

Web operators made them an offer (“free website in exchange for unlimited surveillance and unfettered intrusions”) and they made a counteroffer (“how about ‘nah’?”):

https://www.eff.org/deeplinks/2019/07/adblocking-how-about-nah

Here’s the thing: reverse-engineering an app – or any other IP-encumbered technology – is a legal minefield. Just decompiling an app exposes you to felony prosecution: a five year sentence and a $500k fine for violating Section 1201 of the DMCA. But it’s not just the DMCA – modern products are surrounded with high-tech tripwires that allow companies to invoke IP law to prevent competitors from augmenting, recongifuring or adapting their products. When a business says it has “IP,” it means that it has arranged its legal affairs to allow it to invoke the power of the state to control its customers, critics and competitors:

https://locusmag.com/2020/09/cory-doctorow-ip/

An “app” is just a web-page skinned in enough IP to make it a crime to add an ad-blocker to it. This is what Jay Freeman calls “felony contempt of business model” and it’s everywhere. When companies don’t have to worry about users deploying self-help measures to disenshittify their products, they are freed from the constraint that prevents them indulging the impulse to shift value from their customers to themselves.

Apple owes its existence to interoperability – its ability to clone Microsoft Office’s file formats for Pages, Numbers and Keynote, which saved the company in the early 2000s – and ever since, it has devoted its existence to making sure no one ever does to Apple what Apple did to Microsoft:

https://www.eff.org/deeplinks/2019/06/adversarial-interoperability-reviving-elegant-weapon-more-civilized-age-slay

Regulatory capture cuts both ways: it’s not just about powerful corporations being free to flout the law, it’s also about their ability to enlist the law to punish competitors that might constrain their plans for exploiting their workers, customers, suppliers or other stakeholders.

The final historical constraint on tech companies was their own workers. Tech has very low union-density, but that’s in part because individual tech workers enjoyed so much bargaining power due to their scarcity. This is why their bosses pampered them with whimsical campuses filled with gourmet cafeterias, fancy gyms and free massages: it allowed tech companies to convince tech workers to work like government mules by flattering them that they were partners on a mission to bring the world to its digital future:

https://pluralistic.net/2023/09/10/the-proletarianization-of-tech-workers/

For tech bosses, this gambit worked well, but failed badly. On the one hand, they were able to get otherwise powerful workers to consent to being “extremely hardcore” by invoking Fobazi Ettarh’s spirit of “vocational awe”:

https://www.inthelibrarywiththeleadpipe.org/2018/vocational-awe/

On the other hand, when you motivate your workers by appealing to their sense of mission, the downside is that they feel a sense of mission. That means that when you demand that a tech worker enshittifies something they missed their mother’s funeral to deliver, they will experience a profound sense of moral injury and refuse, and that worker’s bargaining power means that they can make it stick.

Or at least, it did. In this era of mass tech layoffs, when Google can fire 12,000 workers after a $80b stock buyback that would have paid their wages for the next 27 years, tech workers are learning that the answer to “I won’t do this and you can’t make me” is “don’t let the door hit you in the ass on the way out” (AKA “sharpen your blades boys”):

https://techcrunch.com/2022/09/29/elon-musk-texts-discovery-twitter/

With competition, regulation, self-help and labor cleared away, tech firms – and firms that have wrapped their products around the pluripotently malleable core of digital tech, including automotive makers – are no longer constrained from enshittifying their products.

And that’s why your car manufacturer has chosen to spy on you and sell your private information to data-brokers and anyone else who wants it. Not because you didn’t pay for the product, so you’re the product. It’s because they can get away with it.

Cars are enshittified. The dozens of chips that auto makers have shoveled into their car design are only incidentally related to delivering a better product. The primary use for those chips is autoenshittification – access to legal strictures (“IP”) that allows them to block modifications and repairs that would interfere with the unfettered abuse of their own customers:

https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon

The fact that it’s a felony to reverse-engineer and modify a car’s software opens the floodgates to all kinds of shitty scams. Remember when Bay Staters were voting on a ballot measure to impose right-to-repair obligations on automakers in Massachusetts? The only reason they needed to have the law intervene to make right-to-repair viable is that Big Car has figured out that if it encrypts its diagnostic messages, it can felonize third-party diagnosis of a car, because decrypting the messages violates the DMCA:

https://www.eff.org/deeplinks/2013/11/drm-cars-will-drive-consumers-crazy

Big Car figured out that VIN locking – DRM for engine components and subassemblies – can felonize the production and the installation of third-party spare parts:

https://pluralistic.net/2022/05/08/about-those-kill-switched-ukrainian-tractors/

The fact that you can’t legally modify your car means that automakers can go back to their pre-2008 ways, when they transformed themselves into unregulated banks that incidentally manufactured the cars they sold subprime loans for. Subprime auto loans – over $1t worth! – absolutely relies on the fact that borrowers’ cars can be remotely controlled by lenders. Miss a payment and your car’s stereo turns itself on and blares threatening messages at top volume, which you can’t turn off. Break the lease agreement that says you won’t drive your car over the county line and it will immobilize itself. Try to change any of this software and you’ll commit a felony under Section 1201 of the DMCA:

https://pluralistic.net/2021/04/02/innovation-unlocks-markets/#digital-arm-breakers

Tesla, naturally, has the most advanced anti-features. Long before BMW tried to rent you your seat-heater and Mercedes tried to sell you a monthly subscription to your accelerator pedal, Teslas were demon-haunted nightmare cars. Miss a Tesla payment and the car will immobilize itself and lock you out until the repo man arrives, then it will blare its horn and back itself out of its parking spot. If you “buy” the right to fully charge your car’s battery or use the features it came with, you don’t own them – they’re repossessed when your car changes hands, meaning you get less money on the used market because your car’s next owner has to buy these features all over again:

https://pluralistic.net/2023/07/28/edison-not-tesla/#demon-haunted-world

And all this DRM allows your car maker to install spyware that you’re not allowed to remove. They really tipped their hand on this when the R2R ballot measure was steaming towards an 80% victory, with wall-to-wall scare ads that revealed that your car collects so much information about you that allowing third parties to access it could lead to your murder (no, really!):

https://pluralistic.net/2020/09/03/rip-david-graeber/#rolling-surveillance-platforms

That’s why your car spies on you. Because it can. Because the company that made it lacks constraint, be it market-based, legal, technological or its own workforce’s ethics.

One common critique of my enshittification hypothesis is that this is “kind of sensible and normal” because “there’s something off in the consumer mindset that we’ve come to believe that the internet should provide us with amazing products, which bring us joy and happiness and we spend hours of the day on, and should ask nothing back in return”:

https://freakonomics.com/podcast/how-to-have-great-conversations/

What this criticism misses is that this isn’t the companies bargaining to shift some value from us to them. Enshittification happens when a company can seize all that value, without having to bargain, exploiting law and technology and market power over buyers and sellers to unilaterally alter the way the products and services we rely on work.

A company that doesn’t have to fear competitors, regulators, jailbreaking or workers’ refusal to enshittify its products doesn’t have to bargain, it can take. It’s the first lesson they teach you in the Darth Vader MBA: “I am altering the deal. Pray I don’t alter it any further”:

https://pluralistic.net/2023/10/26/hit-with-a-brick/#graceful-failure

Your car spying on you isn’t down to your belief that your carmaker “should provide you with amazing products, which brings your joy and happiness you spend hours of the day on, and should ask nothing back in return.” It’s not because you didn’t pay for the product, so now you’re the product. It’s because they can get away with it.

The consequences of this spying go much further than mere insurance premium hikes, too. Car telemetry sits at the top of the funnel that the unbelievably sleazy data broker industry uses to collect and sell our data. These are the same companies that sell the fact that you visited an abortion clinic to marketers, bounty hunters, advertisers, or vengeful family members pretending to be one of those:

https://pluralistic.net/2022/05/07/safegraph-spies-and-lies/#theres-no-i-in-uterus

Decades of pro-monopoly policy led to widespread regulatory capture. Corporate cartels use the monopoly profits they extract from us to pay for regulatory inaction, allowing them to extract more profits.

But when it comes to privacy, that period of unchecked corporate power might be coming to an end. The lack of privacy regulation is at the root of so many problems that a pro-privacy movement has an unstoppable constituency working in its favor.

At EFF, we call this “privacy first.” Whether you’re worried about grifters targeting vulnerable people with conspiracy theories, or teens being targeted with media that harms their mental health, or Americans being spied on by foreign governments, or cops using commercial surveillance data to round up protesters, or your car selling your data to insurance companies, passing that long-overdue privacy legislation would turn off the taps for the data powering all these harms:

https://www.eff.org/wp/privacy-first-better-way-address-online-harms

Traditional economics fails because it thinks about markets without thinking about power. Monopolies lead to more than market power: they produce regulatory capture, power over workers, and state capture, which felonizes competition through IP law. The story that our problems stem from the fact that we just don’t spend enough money, or buy the wrong products, only makes sense if you willfully ignore the power that corporations exert over our lives. It’s nice to think that you can shop your way out of a monopoly, because that’s a lot easier than voting your way out of a monopoly, but no matter how many times you vote with your wallet, the cartels that control the market will always win:

https://pluralistic.net/2024/03/05/the-map-is-not-the-territory/#apor-locksmith


* This article was automatically syndicated and expanded from Pluralistic.

Be the first to comment

Leave a comment: