The Jastine Valdez case flags privacy issues around vehicle electronics
What does my car know about me? The answer, if it’s a modern car with a big screen and a smartphone link, is probably quite a lot. And if it’s one that will be coming to the market within the next five years, then the answer is damn near everything, from your music preferences to your resting heart rate.
The awful case of Jastine Valdez hinged on data taken from a Nissan Qashqai, which helped investigators work out what had happened to the 24-year-old student after she was abducted in Co Wicklow this month. If the Garda could use his car’s electronic brain to figure out where her killer had been, what other information can be gleaned from your car’s circuits?
Much of the answer depends on context. If your car has a built-in satellite-navigation system, it probably, like your smartphone, records everywhere it goes. Art Dahnert of the cybersecurity firm Synopsys says: “Most vehicles built within the last five years and fitted with an appropriate infotainment unit will be similar in the data that is available. Navigation data can be accessible, and usually the navigation will contain the last origin and destination locations, as well as favourite places if the owner has configured that feature. This information isn’t very difficult to access. It is also possible to get more complete GPS location information, but that will be model-year dependent.
“Often you can retrieve Bluetooth connections, like your smartphones, as well as phone books and call history . . . Some additional metadata is stored, such as call times and length; these have to be retrieved with some additional software tools. Today’s law-enforcement agencies have the tools to extract most of the relevant personal data from the infotainment unit, if the model year supports it.”
Legally speaking, who can access that data comes down to the case. In a serious crime, according to the Garda, “under the Criminal Justice Act 2006, if a member of An Garda Síochána has reasonable grounds to believe that an arrestable offence has been committed or is being committed, and there is in place evidence of, or relating to, the commission of an arrestable offence, gardaí can take such steps necessary to preserve any evidence of, or relating to, the commission of that offence.”
In other words, your car’s electronic data can be fair game in an investigation. In the United States, among other countries, in-car technology has been read or even taken over by authorities – a process known as cartapping – for more than a decade. In one American case a driver accidentally activated his car’s SOS system while discussing a drug deal. The SOS system called the car company, whose call-centre staff heard the discussion and alerted police. The driver was arrested.
Lawyers have so far failed to convince courts that using vehicle data in this way is effectively compelling people to give evidence against themselves. In Ireland a Law Reform Commission research paper suggested that such cases should not cite the privilege against self-incrimination, because the data is “evidence independent of the wishes of the respondent” and “not in itself an admission of guilt”.
Why, then, can such data not be used to settle legal arguments in civil cases to do with crashes and personal liability? Unless a serious crime has been committed, it boils down to who the data belongs to. If you own the car you also own its data. The opposing side’s legal team can ask for it, but you’re under no obligation to hand it over.
That rule could become rather more complicated if the car is owned by a company, or if a driver has fitted a “black box” monitor for insurance purposes. And the issue is likely to expand as cars become ever more sophisticated, and as we connect ever more of our devices to them.
The satnav company TomTom admits to having shared with police (anonymised) data that showed where drivers were most likely to speed. Cameras and traps were subsequently set up at those points. A judicious use of data in the enforcement of road-safety laws or Big Brother techniques that turn our own data against us?
It’s a debate that needs to be had. The Garda did the right, and legal, thing in reading data from Mark Hennessy’s Nissan Qashqai. But with our cars hoovering up so much data about our movements, habits and preferences, we need to talk about how that information is used down the line.