X

Easy Prey Podcast

Their Loss is Another's Gain

Your Car Is Spying On You What It’s Collecting and Who It’s Telling

“Your car may know who you are before you even open the door, just by sensing your key or phone.” - Andrea Amico Share on X

I used to think of my car as just a tool to get from point A to point B. But after this conversation, I can’t help but see it as something else entirely, a powerful data collection device that knows far more about me than I realized. From where I go and who I text to how I drive and even what’s on my phone, today’s vehicles are gathering a staggering amount of personal information.

In this episode, I talk with Andrea Amico, the founder of Privacy4Cars. Andrea is one of the leading voices in automotive data privacy and someone who’s spent years uncovering the hidden ways cars collect, store, and share our information. He breaks down how connected cars work, what’s actually being tracked, and why it matters not just for your privacy, but for your safety and finances too.

We get into everything from rental car risks and data left behind when you sell a car, to how automakers and third parties might be profiting off your data without your knowledge. If you’ve ever paired your phone with a vehicle or assumed your texts disappear when you disconnect, this episode is going to change the way you think about driving and how to take back control.

“Manufacturers can collect and transmit data for years, even after the car changes owners, because someone, maybe two owners ago, clicked ‘I agree.’” - Andrea Amico Share on X

Show Notes:

  • [01:28] Andrea started Privacy4Cars because cars collect a lot of data. There were zero protections for privacy and security. He's dedicated to turning your car into a more private space and giving you more choice, understanding, and control.
  • [02:25] We talk about when cars started collecting data. OnStar started about 25 years ago. Things really began to evolve when Bluetooth and navigation became common.
  • [03:12] Things really exploded with modern telematics which is like putting a cell phone inside your car that calls home all the time. The average car collects around 25 GB of data per day.
  • [04:08] We talk about the type of data that is collected by cars from GPS to having your phone collected and the car even knowing your weight.
  • [05:26] The sensors in your car know exactly how you drive.
  • [06:46] Informed consumers are better off. These data collecting policies are usually hidden in the car manufacturers privacy policies.
  • [08:46] You can find your car's privacy policy at Vehicle Privacy Report.
  • [10:21] The goal is to make the car manufacturer's behavior visible to consumers, because that's the way to drive better company behavior.
  • [11:26] When you rent a car and when you sell a car, your car is like a giant unencrypted hard drive that contains your data.
  • [12:06] We should wipe the data in our cars the same way we wipe the data in our phones when we replace them.
  • [13:05] You can find a tool to help remove data from your car at Privacy4Cars.
  • [14:21] We talk about what rental cars get from your connected phone. 
  • [17:24] Found data can be used in targeted spear phishing attacks.
  • [19:18] Most cars since 2017 have a SIM card. If a prior owner consented to data collection, that data is still being collected when you take over the car.
  • [22:15] Ford estimated that they would make $2,000 per car per year from data services.
  • [24:17] It's common for cars to even have a camera that looks at you. In a few years it might be common for vehicles to monitor for things like intoxication.
  • [26:56] Organizations creating standards like the Future of Privacy Forum.
  • [29:09] Cars have an EDR electronic data recorder. It's like a black box for when an accident happens.
  • [34:05] Delete data when you buy, rent, or sell a car. Opt out if you can.
  • [36:33] Think about your car just like your computers and your phone.
  • [37:15] Andrea shares a story about how an ex-spouse was able to duplicate her key. The dealer wanted $1,000 to reset her car.
  • [40:23] Parting advice includes looking up your car's VIN at Vehicle Privacy Report.
“Most people don’t realize that when they plug in their phone to charge, data moves into the car and stays there unencrypted.” - Andrea Amico Share on X

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 

Links and Resources:

Transcript:

Andrea, thank you so much for coming on the Easy Prey Podcast today.

Thank you, Chris. It's a pleasure to be here. I'm a big fan of what you do, and it's really an honor to be here. Thank you.

Thank you. I'm really looking forward to this. I'm a big fan of intelligent cars and maybe I'm a little bit less of a fan of them at the end of this episode.

Oh, it's guaranteed.

Can you tell me and the audience what you do and how you got into that field?

I started this company called Privacy4Cars with a very simple idea. Cars collect a lot of data. When I started to look into this over a decade ago, it seemed to me there were really zero protections from both a privacy and a security standpoint. Fast forward to today, and it has improved a little bit, but really not much. That's really what we do. We're dedicated to trying to turn your cars into a more private space, give you more choice, give you more understanding of what they do, and give you more control.

We're dedicated to trying to turn your cars into a more private space, give you more choice, give you more understanding of what they do, and give you more control. -Andrea Amico Share on X

Cool. Let's go even further back. When did cars start collecting data?

Actually, it's a very, very long story. People have not realized that this goes back to the turn of the century, which is 25 years ago now. OnStar was actually started in the previous millennia, and they started with very simple things in which they had a SIM card just like your phone does so that you could call somebody, or in case of an accident, the car would dial automatically at the scene of the accident.

Bluetooth was introduced in cars just about the same time, and navigation actually goes even older than that. But really things started to evolve and Bluetooth became pretty common around 2006, 2007. It became really, really common. Navigation became really, really common around 2010, 2012. The new modern telematics, which is again, this ability of putting essentially a cell phone inside your car that calls home all the time, has really exploded since 2016, 2017.

For the last decades, cars have been collecting data, but as with all things in technology, they accelerate. The average car that you can buy new today from a dealer lot collects somewhere around 25 gigabytes of data per day. They've become a massive collection of sensors and interconnected computers and we still call them cars, but they are very, very different from what you and I were driving just a few years ago.

The average car that you can buy new today from a dealer lot collects somewhere around 25 gigabytes of data per day. -Andrea Amino Share on X

Got you. What kind of data is collected by the modern car?

All sorts. I think that people understand pretty intuitively that when I drive the car around, there's a GPS that’s going to collect all my breadcrumbs. I think another thing that is most intuitive to people is that when you connect your phone, when you connect your phone to your car, data from your phone will migrate into your car. But it's far more extensive than that, and it's far more concerning than that.

Nowadays, cars, before you even open the car, the car has sensed your key. It knows how far you are; it may automatically unlock it for you. You sit down, it takes your weight. It knows automatically who you are because your phone is connected, so now it knows it's Andrea; it's not Chris. By the way, my messages in ClearTech are being automatically synced up in, knows which apps I'm running on my phone, what are the recent photos I've taken with my phone, and so on and so forth.

It is a lot of stuff. Then you start driving and it's not just the breadcrumbs that are dropped second by second and collected. All the other sensors allow for a very minute tracking of your behavior. Your steering wheel has a sensor, your accelerator has a sensor. Your brake has a sensor. Beyond the GPS position that your phone has, your car has all these additional sensors to really micro-locate you and really fingerprint you based on how you drive. All of that builds a profile. You get scored on that.

I'm sure we're going to talk later today about how does it impact my insurance? How does this impact my car payment? How does it impact my ability to get a lease next year when I return the car? It does all those things and so yeah, so cars collect a lot of these data, and again, a lot of these data is transmitted real time or near real time and some of it stays on board on the car, but then it's either downloaded, say when you take your car for service or even more concerned, it's left behind when you finish to rent a car or you return your leisure, return your car, and you're essentially handed your phone, unlocked the complete stranger.

OK, so I have more questions in such a random order here based on the last two minutes that I can think of. What do you foresee as what's the best way to work through what kind of stuff we do with this stuff that's being collected? How do we mitigate it, and what are kind of some of the weird things that we may have to deal with?

Two things. First of all, I believe that informed consumers are always better, better, better, better off. Unfortunately, the vehicle manufacturers have decided that the best way for you to learn about all this stuff is through their privacy policies in their terms.

By the way, the policies and the terms of all the service providers that are in their cars, which of course already getting a list of those is pretty tricky. That was very dissatisfying for us.

By the way, It even takes a college education or postgraduate education to be able to understand them. Only a third of car buyers can even understand what's written in those documents. That's how complex they are.

A few years ago ,I started to read papers about privacy-labeling systems. I think that your audience will be familiar. If you have an iPhone and you go to the store and then later on Google will be the same. Every app now has these, called in technical terms, [inaudible 00:07:44] label. It will tell you what type of data the app collects and does it share with third parties and does it collect your geolocation.

Then Apple has really been at the forefront of this and giving more and more controls to users as step past. When I pulled updated regulators, I went to Google and said, “We don't understand if Apple can do it, why can't you?” So Google created the second biggest labeling system in the world and that was it.

I thought, “Why don't we try to do this for cars?” I started to research this maybe four years ago. I started to work with a bunch of interns first, and then we moved this internally into our R&D department. Then two summers ago, we released to the public this website that is called [inaudible 00:08:38] and we've been described as the Carfax of privacy.

Essentially, you go there, you type in the VIN of your car and we will tell you what we know about the privacy of the vehicle in simple terms. We try to translate all the legal mumbo jumbo that the manufacturers put together into a set of 10 icons: five to explain what type of data your car collects and five to explain where it's going.

Then we also started over time to improve it and tell you, “Hey. Did you know your car has SiriusXM? And what does SiriusXM do? Click here and you can find out more.” Then we started to tell you, “Hey. You're out of finance companies. What do they do to protect your data? Do they do anything or they don't? What about your insurance company?”

The report has grown organically over time. We're now at the fourth release of it. The portal is—I’m really excited about it because we just released it in March of 2025. For the first time, we're giving consumers the ability to take control of their data. We show them what the manufacturer allows them to do in their state. Some manufacturers allow you to have control. Some of them don't allow you at all and really depends a lot on where you live. You're in California, so your situation is far better than mine because I live in Georgia.

But we thought, “Let's make it visible to consumers because the best way to drive better behavior companies is to make it visible.” Two, we give you a simple ability. If you don't like what you see and what the practices of those companies are, because they think that you shouldn't have any controls, we make it very easy for you to say, “Chris, would you like to connect with the government authorities that have the ability to regulate and enforce this?” And we make it literally two clicks away for you to be able to go and file a complaint.

We also offer the ability for you to appoint us, which we do for free. It's a part of our pro bono efforts. We do a lot of things for people, consumers, to appoint us, and we'll try to do our best to put you back in control of your data. That's what we do over there.

Whether you are shopping for a car, you bought a car, I think starting at vehicleprivacyreport.com is a good place so you can start to take some actions and start to have some understanding of what your car does. -Andrea Amico Share on X

I think that should help most people in most situations. Whether you are shopping for a car, you bought a car, I think starting at vehicleprivacyreport.com is a good place so you can start to take some actions and start to have some understanding of what your car does.

Then there are some high-risk situations. Going back to your original question. A big one is when you rent a car and the other one is when you are ready to sell or return the lease of your car. In those cases, yeah, your car at that point is a little bit like a giant unencrypted hard drive that contains your data. Again, your data comes either from the sensors in the car or so. The newer the car, the more data you can expect is going to be collected about you and the data that came from your phone, if you connected your phone.

We think it's a terrible idea for you to leave this data behind. Unfortunately, we're seeing a growing number of cases in which this data is being abused. What you should do is just like what you do with your phone, when you stop using a phone and you get a new one, or your laptop, when you stop using it, you get a new one.

The newer the car, the more data you can expect is going to be collected about you and the data that came from your phone, if you connected your phone. -Andrea Amico Share on X

Grab a hammer and smash it.

Yes, you can put the car in the crashers and maybe you can put it on viral social media and people see you crashing your car to purchase your data actually gets you a lot of views and you can actually afford to buy a new car or you can try to wipe out the data in the “hard drive,” which is really not technically a hard drive.

Why not wipe what data in your car before you leave it? Every car has a process. Some of them are simpler than others. My record holder is a vehicle that I won't name, but it takes 56 steps to get rid of all data. That's what you should do.

I used to tell people, “Try to do it by yourself.” Then we realized that even professional inspectors, when they try to do their best, they really miss about half the cars, and so we built a little nifty tool, which is free for consumers. We sell it to companies. That's how we actually pay for all this free stuff so that people in your audience understand that we actually are a for-profit business. We sell these tools to dealerships and fleets and so on and so forth. We give them away for free to consumers because we think it's the right thing to do.

If you don't know what to do, you can go to privacy4cars.com and you'll find instructions and tools for you to use to help you do that and be safer on the road.

Let's assume I rent a car and I decide I'm going to connect my phone up to it. Clearly, the car is retaining all the driving history of everybody else who's driven it, where it's gone, all the GPS data. What is it often getting from my phone, which is staying in the car even though I've disconnected my phone and walked away at the end of the rental?

Two things we hear from consumers is, “I just charged my phone. I plugged it into the USB port and I just charged it,” or, “I just used Apple CarPlay,” or, “I just used Android Auto.” Only does it show what was on the screen, on the phone, and on the car.

That's not how this stuff works. I'm sorry. That's not how it works. Whenever you connect your phone over Bluetooth, WiFi, or wired, because you're charging it, the way it works is just like when you plug your phone into a computer. There’s going to be data that moves from the computer into your phone and from the phone into the computer, and that data will stay there unencrypted.

Very common is, for instance, your entire database of text messages in clear text is going to be moving into the car. It's going to stay there forever until somebody deletes it. When I ask people, your contacts, those are easy things for people to think about. There's a lot more stuff that moves around, but those are easy for people to understand.

When people think about why this matters, we'll go through your text message and my login with my bank is there, the confirmation, my last transaction of my credit card is in there, and my medical appointment this morning is in there. There's sensitive stuff before what I sent to my daughters and my wife.

Then in contact it is very common to find things such as your Social Security number. What's your bank? Many people save the PIN of their debit card in their contacts and all this kind of stuff.

In fact, I'm doing a fun project with a professor at the University of Memphis. He buys infotainment systems on eBay. Of course, nobody wipes the data from those because it's the responsibility of insurance companies. Most insurance companies don't do it even though it's mandated by all. Then he extracts it.

What's new and fun, and that's why I reached out and wanted to collaborate with him, is that they use large language models to query what comes out of the data in the car and to custom craft spear-phishing emails for you. “Dear Chris, I know that you like going to whatever your favorite restaurant is because I see it in the breadcrumbs that it's a frequent location you go to and you have the phone number. By the way, I may have a loyalty number from either your contacts or text messages.”

What a wonderful idea to say we are. “Chris, we are restaurant XYZ. Yeah. And we have this great promotion, and click here, and blah, blah, blah.” That's what he started to do, is to build these spear-phishing campaigns, little targeted ad based on what your car knows about you.

When I reached out, I told them, “I think you need to think a little bit bigger than this because criminals go after money. Phishing is a criminal enterprise and they do it for profit, as you teach better than I do. The big money is in companies. And if I can spearfish not just the consumer, but I can spearfish the company that leased you the car or had a loan against the car, or I can spearfish your dealership, or I can spearfish your insurance company, because I can first get into your personal accountant.”

From there, I can fish them because now I have perfect understanding. I can tell that I'm you, even though I'm not, and then I can get into their systems. That's where the big money is, and so that's what we're trying to collaborate and demonstrate on how easy that is to do. Unfortunately, it's easier than what most people would like to admit. These are real things that happen today.

Are there any kind of big misconceptions about what data is collected or transferred? To me, my assumption is that if you get a car that has the ability to connect out widely via SIM card, if it has the ability to be on a cell network, it probably always is, even if you're not paying for the service. Is that generally correct?

Oh yeah, yeah, absolutely. First of all, most cars today, if you buy a new car today, can almost guarantee you that it has a SIM card. In fact, I think 98% of the cars sold since 2017 have one. If you bought a car in the last five to 10 years there are really good odds, and it's actually one of the things we help you understand when you go on the vehicle privacy report—is my car a dumb car or it's a smart car that has a SIM card in it? Because it dramatically changes your security and privacy posture.

That connection is typically always on. It was turned on at the factory, actually, even before the car was delivered to your dealership. Then when you pay for the service, what you're really doing is that you're subsidizing a connection that was already in there. What is dramatic is that actually we're discovering we've done a lot of tests and now we have very compelling evidence that since manufacturers are to give these free connections for two, three, five, or 10 years, what happens very often, you end up with the manufacturer and other companies collecting data from a car under the understanding that the original owner, which may be one or two owners ago, consented when they bought the car to have this data transmission.

You have no idea in the first place that you actually consented to anything and they have no idea that it's somebody else they're connecting data from, and they're pretty happy collecting this data. There's a lot of stuff broken with privacy because it's just a lot of processes that have not been thought out with privacy or security in mind, unfortunately, Chris.

I assume that every company that has a connected car with an always-on connection, they’re motivated to figure out how to pay for that connection. If it's costing them a couple dollars a month they need for the rest of the life of the car to not have this cost to them, they've got to be able to collect enough data that they can sell it for a profit every month to cover the cost of that.

Let's be clear, this is not the company being nice to you, and if you read the talking points, they'll tell you all of this is necessary for your safety. But that's just not what it is. I don't deny that some safety features require live connections. That's absolutely true. But also it doesn't mean that, well, yes, you need to have a live connection, and if I get in an accident right now, you need to call the police, and sure as hell I would like for emergency services to show up. But what's the reason why you keep that location for 10 years?

It is exclusively for monetizing it. In fact, if you look at just the declarations made to investors, Ford, for instance, recently announced that they expect to make $2000 per car per year just from data services.

$2000 a year? Oh my goodness.

Yeah, that's their estimate. GM was very close to the number, then they had to settle with the FTC because they were selling data of consumers to insurance companies without really telling them this was affecting the rates. Now, the FTC forced them to settle into not selling data of consumers. But I don't know if the enforcement is there. That's question number one.

Question number two is also what is it that they're going to be technically saying that they're complying while they found some other way to do similar things that miss the language of the settlement, but maybe not quite the spirit. This is not about I'm just naming these two comments just because they've been in the news, but you can expect just about anybody to do the same thing.

When you were talking about the car knows who got into it because of the phone, the car is smart with the sensors in the seat because we need to know how much tension to put on the seatbelt based on how much you weigh. We know your movement patterns. I'll ask another question, but could the car actually know when you're drunk, let's say? Because based on, you're like, “We know who the driver is. We know what their movements normally are. Gee, now they're kind of swaying and weaving a little bit more than they normally would.”

That's an excellent question, and first of all, it is increasingly common for cars to have a camera that looks at you. There's no red blinking dot, just in case people were wondering, and it's actually not even visible. Typically, it's a pinhole camera that is put behind the dash where the instruments are, and so people don't even notice that it's there in the first place. Some of them are actually even mounted in the rearview mirror. Some of them even look at the backseat. They're used to detect people and objects as well. You have all these drivers—they’re called driver-monitoring systems. They were born out of safety intentions, as with everything. A lot of the innovations in cars came originally from safety and then people started to think, “Oh, what else can I do with this data?”

There are already many cars that have these attention detection systems, so if you're looking away, including if you may be intoxicated, you may be looking down or other ways instead of looking at the road, and they will take action based on that. They may say some action is really good. They may sound an alarm and try to get your attention back to the road or put hazards on whatever else. Some of them will measure this stuff and become part of your driver profile.

But where the law is going is that in a few years, it will be mandatory to have systems that are specifically designed for intoxication and specifically for alcohol. -Andrea Amico Share on X

But where the law is going is that in a few years, it will be mandatory to have systems that are specifically designed for intoxication and specifically for alcohol. I think we all want to live in a safer world. I mean, about 40,000 people lose their lives every year because of a collision in a vehicle, and I think it's a terrible number. But there are, of course, many implications from a privacy and security standpoint of those new technologies.

Yeah, because I could see that data being sold to the insurance company and the insurance company going, “Well, you clearly weren't driving the way that you would normally drive when this accident happened. You must have been intoxicated.”

Manufacturers—you will rarely hear me say wonderful things about manufacturing—but I actually think this one manufacturer is pretty thoughtful. They try to get together and decide what standards should be in place to give confidence to consumers. This technology can be adopted without pushback, and so there are some principles that an organization called The Future of Privacy Forum put together. Those include minimizing the data, the data should stay locally on the vehicle, it should not be sent to insurance companies, and so on.

Again, at least there seems to be some thoughtfulness on this one. But at the same time, you can read in the papers of many, many companies facing class actions because they collect a lot of data and they use it in ways that consumers were not aware of, and they were harmed not just in their privacy, not just in their security, but in both financially and in their safety.

I think that the two important cases are one about data being used for insurance purposes so people had their insurance rates go up, or losing insurance without really knowing that this was happening in the first place.

There's unfortunately a growing list of situations, all domestic abuse and other violent crimes, that are really originating because bad people realize that you can abuse technology and make it do things that are harmful to people.

I was also thinking of sometimes, there have been, and I'll say the manufacturer because they've talked about it, Tesla has come out, and anytime there's a high-profile accident, within hours, they're often posting online. Well, we ran the telemetry of the vehicle, and they didn't press the brake pedal, or they were pressing the gas pedal and not the brake pedal. Do you see more situations coming where companies are using the data kind of to protect their reputation?

Oh, absolutely.

We'll be happy to come out and use the data to protect our reputation, but if you want to claim that someone else caused the accident, we're not going to release the data to you without you jumping through tons of hoops.

This is what I find amazing. Two things that I find amazing. One is that there is a very, very special computer inside your car that is called the EDR, the electronic data recorder. The electronic data recorder is essentially the black box, not for planes, but for cars, and it collects a lot of data, but over just like the DVR of your house, it records it over and over, but when you have an accident, when you have an impact, it freezes the last few seconds of this data and a few seconds after the impact. It's used essentially for accident reconstruction. These technologies have been around for a long time.

That device is highly regulated. Back in 2016, Congress passed a law, the Driver Privacy Act, where essentially it says that if somebody wants to have access to this data, either they need to have the permission of the owner, or there needs to be a court that orders access to data, or it's a case of some emergency. That one computer is highly, highly protected and regulated. It's being litigated in courts, by the way. It stood the test of courts. But that is the only one.

Again, the average new car has about 100 computers, so I like to say that you have 99 problems, and the DVR is one. But that is where we are. The reality is that you can extract much more longterm and much more personal data from an entertainment system.

The DVR contains things like what millisecond they pressed the pedal of the brakes and how hard they pressed. What millisecond is the signal belt pretensioner? What millisecond the air deployed with how much power? It's really highly, highly technical data. I will be hard pressed looking at the data and say, “Who got in an accident?” Very hard. If I get the last two years of your phone records and the last two years of your break comes second by second, it doesn't take a genius to figure out who you are because guess where the car is parked at 2:00 AM? In your garage. That data is not protected.

I find that amazing and that data has the biggest loop to the Fourth Amendment of race. I opened the view. Cars are special, not in the ways you want them to, but cars are special.

Are there things that we could do without being a hermit and buying a 1940s car? Are there ways that we could still get the benefits of current cars and mitigate what gets stored? I mean, clearly we talked about like you sell the car, wipe the data before you sell the car. Probably should wipe the data as soon as you buy a car. You don't want to inherit anyone else's data.

Some people do not understand that you should do that too, because believe it or not, some of the things that are stored in there, for instance, are the authentication keys of mobile apps. You may have somebody else who started an account with their mobile app of their manufacturer and sold the car. They may not have told you the old data and you buy it. In their pocket they have essentially a spare key to your car. They can locate your car and lock it and do all sorts of things.

That's the number one way domestic abuse is perpetrated nowadays with cars, is by abusing these tools that come as convenience features right in your pocket, controlling your car. Unfortunately, they're being heavily abused.

Also, theft. People show up at your house and they start your car, and they take it in the middle of the night, and you have no idea. Because you didn't delete the data from the car. Please delete the data on the car.

Let me interrupt you there. Does your tool provide a kind of walkthrough on how to disable those types of features or reset them?

For some cars, yes. Some cars have adopted a protocol that we created and so some cars, yes. Later this year, we're also going to create an expansion in the instruction set to modify the privacy settings of your cars, because cars now start to have privacy settings. We figured out what to change to what, because sometimes they're really not intuitive or they're not working the way you think that they actually work based on how they're phrased.

Delete data when you buy a car. When you sell a car or rent a car, please delete it. -Andrea Amico Share on X

Uncheck this button if you don't want us to stop not doing this.

Yeah, the double negative and all of that. Delete data when you buy a car. When you sell a car or rent a car, please delete it. Again, if you are in the middle of your ownership, I think it's very, very wise to go to vehicle privacy reports, understand what your car does, and use the free tools that we give you. Go on the site of the manufacturer and opt out of data. Ask them to delete all the data. If they allow you to do that, go and see what your auto finance company does and if not, demand for better. Again, we give you a lot of action. All of them are free, and I think it's a good five minutes well spent.

Got you. I assume things like if you're renting a car, bring your own USB power port adapter like the cigarette lighter adapter.

If you plug into the cigarette lighter, typically that's safe because only power goes through. I rent cars because I travel a lot and I always bring with me a data filter. I use [inaudible 00:35:04]. It's a USB dongle that attaches to a power cord and lets the power flow through and not the data.

You don't want the opposite.

Yeah, exactly. You don't want the opposite. You wanna make sure it's the two pins that are enabled, but yeah, this way you can charge your phone and you're not going to be using the convenience of Android Auto or Apple CarPlay. When I listen to your podcast, I listen to it through the speaker of the phone. I won't play it through the speakers of the car, and I'm totally happy with that.

Are there things that you're kind of concerned about what's coming down the line?

I know that part of your audience is more technically advanced. These are professionals in security and CISOs. I think that people have underestimated and forgotten about cars as an end point. I think you should really start to think about your car just like your cellphones and your laptops.

I think that people have underestimated and forgotten about cars as an end point. I think you should really start to think about your car just like your cellphones and your laptops. -Andrea Amico Share on X

If you're listening to the podcast, I'm sure that you care about privacy, security, and you don't wanna be scammed. Again, I think you really need to start to think about the things you do with your phone and with your laptop for good hygiene. You want to start to do exactly the same about your car.

You may not know exactly what that means; reach out and ask for advice. We have a lot of free tools and free advice on our website. I always invite people to go and reach out. Sometimes we hear stories from consumers, honestly, we are not thought about and this allows us to think forward about what else we can do to help consumers.

What are some of those surprising stories that you've heard?

Last month, for instance, a survivor of domestic abuse reached out and she shared a story in which her ex created a duplicate of the key and probably dropped something in her car or was using the mobile app to locate the car and was able to get inside her vehicle and do things that were not good. We actually had never thought about these. “I have a rogue spare key.”

When she took the car to the dealership, the dealership asked her for a thousand dollars to be able to do what is called a hard reset of the car and to recalibrate all the sensors to any code, anything that was done, et cetera, is out.

A thousand dollars. Oh my goodness.

She didn't have a thousand. This was an important story for us because we've always been collaborating with associations with R&D space. It's something that's very near and dear to my heart. We filed comments in the past with the FCC on security measures that need to be in place, because they create harm for consumers that find themselves in this kind of very difficult situation.

But there is a law that the manufacturer at the federal level was granting some protections for survivors, and I think that those were great, but was also granting three beautiful gifts to the industry. One was that the law would preempt any state law so all state laws trying to regulate this would go out and no state would ever be able to pass any additional protections for survivors of abuse. It will grant immunity to manufacturers on anything that they do or don't do. The manufacturers are given the ability to decide at their sole discretion. There's no appeal process to decide what is technically feasible that they will do versus what is, “Sorry we can't help you.”

The reason why that story was important for me is that, again, I had never thought about it and had that law passed, what are you going to do to help these people? Because states at that point are handcuffed. They cannot say, “Oh, by the way. There should be some protection for consumers. They don't have a thousand dollars and they need to have the systems reset, and what are we going to be doing for those?”

Again, I'm always keen to learn from consumers because whatever scam situation, theft, glitch that you have experienced, we always want to learn about those because [inaudible 00:40:04] that helps us think harder about what's in the middle of the surface and how we can fix it.

Yeah, it's people that have an experience that you haven't had that allows you to look at in a different way.

That's right.

Crazy. Any parting advice as we wrap things up today?

Take a look at your car. Look up the VIN. There's a little window in the windshield. There's a little sticker on the doorjamb of your driver. It's on your insurance card. Type in your VIN on vehicle privacy report. I promise you, you will look at your car in a different way and take action. Don't be shy.

I think that some people like me are leaving states where we don't have a lot of rights, but there's still things I can do. I think if more of us take actions and the more we go and tell your dealership, your renter company, your auto finance companies that you actually care, the more it's likely that they will do something.

In fact, there's already hundreds of companies that have started to do good things and I think it's important that we try to use our dollars to vote and make sure that more of those things happen.

Yeah, and do you have any white papers or reports for any particular groups of people that would be helpful?

Yeah. For CISO specifically and for anybody who's really security, we've taken this concept of the forgotten endpoint about cars and we've written the white paper about it, and it's available at privacy4cars.com/ciso, and thank you for reminding me of that, Chris. I appreciate it.

You're welcome. If people want to connect with you, where can they find you online?

I'm on LinkedIn. It's my guilty pleasure. I have blue hair. I'm easy to find and I'm pretty active on LinkedIn, so I'm very, very easy to find over there. Then, of course, you can go to privacy4cars.com. We have a big Contact Us page. We have resources for consumers. We have resources for businesses or whoever you are. Hopefully, there's something that you can learn in there that can make your life better.

Awesome. Andrea, thank you so much for coming on the podcast today.

Chris, I'm super grateful that you had me here. Again, big fan. I really appreciate it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Notified When We Release New EpisodesALERT ME

X

Logo

Get Notified

When we release
new episodes

We will only send you awesome stuff!

Privacy Policy

×

 
×

Easy Prey Self Assessment Cover

Are you safe or at risk? Find out.

We’ll send you instructions to download the self-assessment right away. It takes only a few minutes to complete.

We hate spam and promise not to spam you.
Unsubscribe at any time.

Privacy Policy

×

Hire Me To Speak

Privacy Policy

×

Privacy Policy

Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on every page of our site.

The Way We Use Information

We use email addresses to confirm registration upon the creation of a new account.

We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.

On occasion, we may send email to addresses of registered users to inform them about changes or new features added to our site.

We use non-identifying and aggregate information to better design our website and to share with advertisers. For example, we may tell an advertiser that X number of individuals visited a certain area on our website, or that Y number of men and Z number of women filled out our registration form, but we would not disclose anything that could be used to identify those individuals.

Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above.

Our Commitment To Data Security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

Affiliated sites, linked sites, and advertisements

CGP Holdings, Inc. expects its partners, advertisers, and third-party affiliates to respect the privacy of our users. However, third parties, including our partners, advertisers, affiliates and other content providers accessible through our site, may have their own privacy and data collection policies and practices. For example, during your visit to our site you may link to, or view as part of a frame on a CGP Holdings, Inc. page, certain content that is actually created or hosted by a third party. Also, through CGP Holdings, Inc. you may be introduced to, or be able to access, information, Web sites, advertisements, features, contests or sweepstakes offered by other parties. CGP Holdings, Inc. is not responsible for the actions or policies of such third parties. You should check the applicable privacy policies of those third parties when providing information on a feature or page operated by a third party.

While on our site, our advertisers, promotional partners or other third parties may use cookies or other technology to attempt to identify some of your preferences or retrieve information about you. For example, some of our advertising is served by third parties and may include cookies that enable the advertiser to determine whether you have seen a particular advertisement before. Through features available on our site, third parties may use cookies or other technology to gather information. CGP Holdings, Inc. does not control the use of this technology or the resulting information and is not responsible for any actions or policies of such third parties.

We use third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. For information about their specific privacy policies please contact the advertisers directly.

Please be careful and responsible whenever you are online. Should you choose to voluntarily disclose Personally Identifiable Information on our site, such as in message boards, chat areas or in advertising or notices you post, that information can be viewed publicly and can be collected and used by third parties without our knowledge and may result in unsolicited messages from other individuals or third parties. Such activities are beyond the control of CGP Holdings, Inc. and this policy.

Changes to this policy

CGP Holdings, Inc. reserves the right to change this policy at any time. Please check this page periodically for changes. Your continued use of our site following the posting of changes to these terms will mean you accept those changes. Information collected prior to the time any change is posted will be used according to the rules and laws that applied at the time the information was collected.

 

×
close
Embed this image

Copy and paste this code to display the image on your site