From my previous comment, it looks like NHTSA is moving faster than I predicted. We're now at step 1, with this Advance Notice of Proposed Rulemaking.
(edit: I jumped the gun, we're still at step '0' on my original list)
Most of this notice seems to be a report on why 'impaired driving' is bad. I see alcohol, cannabis, mobile phone use, drowsiness...etc.
Due to technology immaturity and a lack of testing protocols, drugged driving is not being considered in this advance notice of proposed rulemaking.
Makes sense.
There is no clear and consistent engineering or industry definition of ‘‘impairment.’’
Yep, another unclear request by Congress.
NHTSA believes that Congress did not intend to limit NHTSA’s efforts under BIL to alcohol impairment.
Okay, that's fair.
Camera-based-systems, however, are increasingly feasible and common in vehicles.
Uh-oh...
The Safety Act also contains a ‘‘make inoperative’’ provision, which prohibits certain entities from knowingly modifying or deactivating any part of a device or element of design installed in or on a motor vehicle in compliance with an applicable FMVSS. Those entities include vehicle manufacturers, distributors, dealers, rental companies, and repair businesses. Notably, the make inoperative prohibition does not apply to individual vehicle owners. While NHTSA encourages individual vehicle owners not to degrade the safety of their vehicles or equipment by removing, modifying, or deactivating a safety system, the Safety Act does not prohibit them from doing so. This creates a potential source of issues for solutions that lack consumer acceptance, since individual owners would not be prohibited by Federal law from removing or modifying those systems (i.e., using defeat mechanisms).
Note that "make inoperative" does not apply to a "kill switch" in this case. NHTSA uses the term to mean "disabling required safety devices". For example, as an individual vehicle owner, it's perfectly legal for you to remove the seatbelts from your car, despite Federal requirements. But it's illegal for the entities listed above to do it. (This example doesn't extend to state regulations. It's legal for you to remove your seatbelts, but may still be illegal to drive a car without them.)
There's a short 'discussion' here regarding how to passively detect impaired driving, noting the difficulties of creating such a system. Followed by a note that basically says if they can't do it within 10 years, NHTSA can give up and not do it, as stated in the Infrastructure law.
There's a long section on how to detect various types of impairment, current methods of preventing impaired driving, etc. An interesting section about detecting blood-alcohol level using infrared sensors embedded in the steering wheel. Body posture sensors can be used to detect driver distraction.
This is followed by a brief overview of the technologies NHTSA is considering:
Camera-Based Driver Monitoring Sensors
Hands-On-Wheel Sensors
Lane Departure and Steering Sensors
Speed/Braking Sensors
Time-Based Sensors
Physiological Sensors
On page 850 (21 of the PDF), NHTSA asks for feedback to several questions. There are a few pages of relevant issues, so I won't cover them here. If you wish, you can go here to leave a comment. Please don't leave irrelevant garbage like "I oppose this on the grounds of my Constitutional rights..." While applicable in this situation, it's irrelevant to NHTSA, and commenting like that will just waste everybody's time. There's a section on page 855 (26 of the PDF) about Privacy and Security.
That's that. Let me know I can answer any of your questions. I'll try to come back to this post throughout the day and see what's happening. But, I do not work for NHTSA, so can't remark on agency thought process.
Take photos of me that can oopsie doopsie leak to the internet
Produce false positives and at least temporarily delay normal operation
Surveil me
Be hacked and used for nefarious purposes
Lovely.
I'm pissed enough already that my Subaru takes recordings of me through my OnStar microphone to train AI or sell or whatever. (Subaru's privacy policy says I agree to allow that basically by existing in a Subaru.) And Subaru is not the worst privacy offender.
I'm all for safer driving, but the car companies have to be creaming themselves over all the data this is would let them harvest in the name of "safety."
I wish it were as simple as calling things like your onstar microphone a deal-breaker when looking for a new car, but it seems like every single car out there has many deal-breakers, and you just need to choose which are worst.
For the avoidance of doubt, for purposes of this Privacy Policy, "using" the Services includes being a Vehicle Occupant in a Connected Vehicle.
In section 2, "Information We Collect", it says:
Identifiers - A real name, username or alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, vehicle information (such as model and year), vehicle identification number (VIN), vehicle telemetry data, or other similar identifiers.
Other Personal Information subject to certain laws - A name, signature, Social Security number, address, telephone number, driver’s license or state identification card number. Some Personal Information included in this category may overlap with other categories.
Commercial information - Records of personal property, products or services purchased, obtained, or considered.
Internet or other similar network activity. - Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
Geolocation data. - Physical location and movements, including from Connected Vehicle Services or Technology Services.
Inferences drawn from other Personal Information. - Profile reflecting a person’s preferences, characteristics, predispositions, behavior, or attitudes.
Recordings - Audio recordings of Vehicle Occupants. Audio recordings when you call our call centers or a Retailer.
Payment information - Credit card information for optional Services, such as Subaru Starlink.
You can opt out of Subaru Starlink, but all that does is turn off the benefits the owner of the vehicle would get. It doesn't disable the collection of information and recordings and such. (If you never paid for Subaru Starlink, this would probably prevent them from having your payment information, I guess.)
About your concern about kids, they have this to say:
Subaru’s Service is intended for a general audience and not directed at children under (13) years of age.
We do not knowingly gather Personal Information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) in a manner not permitted by COPPA. If a person under 13 submits Personal Information through any part of a Subaru Service, and we learn the person submitting the Personal Information is a child, we will attempt to delete this Personal Information as soon as possible. If you are a parent or guardian and you believe we have collected Personal Information from your child in a manner not permitted by law, contact us as set out in the “Contact Us” Section below. We will remove the data to the extent required by applicable laws.
So, basically, they're going to collect until you call and tell them why it's not legal. Until then, they'll assume they're not breaking any laws.
But then again, it's entirely likely you don't have a Subaru and don't really care about Subaru specifically. If that's the case, I highly recommend this page on Mozilla's site where you can go to look more into most popular car brands' privacy practices. Soiler alert: none of the 25 popular car brands they evaluated are much better than Subaru. And many are worse.
Whatever the case, it's pretty clear that whether they're "allowed to" or not, they do it.
And cars aren't the only concern. Robot vacuum cleaners for instance are an issue. (Also, don't believe a robot vacuum company when they say "this model doesn't have a camera, it only has an "optical sensor." If this interests you, see this talk.) And smart TVs. Just for instance.
Changing your child's diaper or changing vomit soaked clothes in the vehicle can result in a nude photo of your child. Then you could be guilty of having and distributing child pornography and those photos will make it onto nasty websites.
is there any reason you can't disconnect the mic? or do you use the onstar feature. I have been thinking of disabling mine as I don't use it nor plan to in the immediate future due to the subscription costs being extortionary
Just that I haven't done the necessary research to figure out how exactly. Another response to my first post in this thread by @evasive_chimpanzee that links to a guide on how to disable the OnStar module, which would disable the mic, GPS tracking, etc.
Now, my car also has Starlink which, you can call and cancel, but that doesn't keep them from tracking you. So my task will involve disabling two different things.
But all that to say, there's nothing keeping me from disabling the mic, OnStar module, and Starlink except it's not something that's really meant for consumers to do and I'm still early in the process of studying up on how to do it.
If it's anything like my 2001, there will be.
(It's the damn horn. The relay. It's wired in there with a bunch of other important shit, like cruise control. So, when i use the fob to lock the door, it doesn't simply chirp, it wholeass honks. Any efforts and documentation to silence this feature have been a failure. So I unplugged one horn and tried again and found out there were two.)
I've been tempted to run a separate wire from the battery to the horn but I'm still toying with a wiring diagram about it because if I'm gonna rig it, I'd prefer to do it correctly, and only once😂
Good luck with your mic, though.
The last GM vehicle I had, it was possible to entirely remove the OnStar module without affecting the operation of the truck. I also knew someone else that found out that if something tears the little shark-fin antenna off the roof, it won't work either.
I’m not sure about the interoperability between GM cars and OnStar, but almost every other car it can be disabled by removing the three plugs in the OnStar box. Here’s an article on how to do it.
Can't tell you how often I get a reminder to keep my eyes on the road, just because I repositioned my head, or tilted it down to stretch my neck. My eyes are on the road damn it. Now my car will turn off in the middle of the highway if i get a stiff neck...great.
Also, I had no idea subaru did this. I saw a recent article that mentioned a few big named car brands, and subaru wasnt included, so, i was naively hopefull. Plus, I realize im being recorded anyways, in an infinate amount of ways, but i didnt realize the car was in on it too. Wow, that sucks. I need to pay better attention, no pun intended.
Yeah the amount of shit I’ve seen about lack of privacy in new cars is disgusting. If I were you I’d get into the onstar panel and just pull some wires.