Report: The Government Is Already Using Connected Cars to Spy on You

Matt Posky
by Matt Posky

A recent report from The Intercept has confirmed some of our biggest fears about connected vehicles. Apparently, U.S. Customs And Border Protection (CBP) has struck a deal with Swedish mobile forensics and data extraction firm MSAB for hardware that allows the government to not only siphon up vehicle data but also use it as a backdoor to access the information on your phone.

While this shouldn’t be all that surprising in an America that’s seen the Patriot Act pave the way for all sorts of government spying, the arrangement represents another item in a toolbox that’s frequently used against regular citizens. CBP is alleged to have spent $456,073 on a series of vehicle forensic kits manufactured inside the United States by Berla. Internal documents suggest that the system was unique and of great interest to the U.S. government, with a multitude of potential applications pertaining to automotive data. But what surprised us was just how much information carmakers thought their products needed to keep tabs on and how that plays into this.

From The Intercept:

According to statements by Berla’s own founder, part of the draw of vacuuming data out of cars is that so many drivers are oblivious to the fact that their cars are generating so much data in the first place, often including extremely sensitive information inadvertently synced from smartphones.

Indeed, MSAB marketing materials promise cops access to a vast array of sensitive personal information quietly stored in the infotainment consoles and various other computers used by modern vehicles — a tapestry of personal details akin to what CBP might get when cracking into one’s personal phone. MSAB claims that this data can include “Recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been.” MSAB even touts the ability to retrieve deleted data, divine “future plan[s],” and “Identify known associates and establish communication patterns between them.”

As if that’s not enough, the system is also said to be capable of pulling really detailed items, like when and where you turned on your headlamps or opened/closed a door. There are also data logs for vehicle speed, gear selection, steering inputs, ignition cycles, and more — all linked to your positional data and the time. Manufacturers have been cagey about just how much information modern vehicles take in and share but the answer appears to be “literally as much as we can engineer into them.”

And now it’s available to anyone who can afford one of these kits, including government agencies, despite being an absolutely massive volition of the Fourth Amendment to the United States Constitution.

MSAB’s contract with CBP was active from June of last year until the end of February and reportedly worked Customs And Border Protection’s Laboratories and Scientific Services on training. The Swedish firm stated that it has no customer policy or governance on how its products/services are used. Considering that MSAB was previously helping teach people how to crack smartphones, that’s hardly a surprise.

The company has only recently branched out into automotive espionage and previously found itself extremely popular with law enforcement agencies around the world that wanted easy access to the private data contained within mobile devices. But with the automobile gradually metamorphizing into a motorized computer that beams data back to the manufacturer, the new businesses was shaping up to be a lot like the old one — only with fewer privacy protections in place, brand new data points to swipe, and a backdoor into networked devices (e.g. phones, tablets).

“The scale at which CBP can leverage a contract like this one is staggering,” explained Mohammad Tajsar, an attorney with the American Civil Liberties Union of Southern California.”

The Intercept report goes on to reference an NBC article that gives numerous examples of police and government agencies leveraging vehicle data for investigations, often without warrants. That piece also quoted Berla founder Ben LeMere as he outlined the insidiousness of how the data is harvested in the first place on The Forensic Lunch podcast.

“People rent cars and go do things with them and don’t even think about the places they are going and what the car records,” he explained. Your phone died, you’re gonna get in the car, plug it in, and there’s going to be this nice convenient USB port for you. “When you plug it into this USB port, it’s going to charge your phone, absolutely. And as soon as it powers up, it’s going to start sucking all your data down into the car.”

“What they’re really saying is ‘We can exploit people because they’re dumb … We can leverage consumers’ lack of understanding in order to exploit them in ways that they might object to if it was done in the analog world,'” suggested Mr. Tajsar.

Automakers are complicit in this because there’s absolutely no way they were unaware of the type of information that’s being gathered. While many will urge them to deploy better security measures, your author has been averse to data harvesting since day one. It’s predatory and leads to egregious privacy violations like the one you’re reading about now. We’ve covered quite a bit on the topic ourselves, but those interested in learning more will also find a wealth of information in The Intercept’s full report.

[Image: Virrage Images/Shutterstock]

Matt Posky
Matt Posky

A staunch consumer advocate tracking industry trends and regulation. Before joining TTAC, Matt spent a decade working for marketing and research firms based in NYC. Clients included several of the world’s largest automakers, global tire brands, and aftermarket part suppliers. Dissatisfied with the corporate world and resentful of having to wear suits everyday, he pivoted to writing about cars. Since then, that man has become an ardent supporter of the right-to-repair movement, been interviewed on the auto industry by national radio broadcasts, driven more rental cars than anyone ever should, participated in amateur rallying events, and received the requisite minimum training as sanctioned by the SCCA. Handy with a wrench, Matt grew up surrounded by Detroit auto workers and managed to get a pizza delivery job before he was legally eligible. He later found himself driving box trucks through Manhattan, guaranteeing future sympathy for actual truckers. He continues to conduct research pertaining to the automotive sector as an independent contractor and has since moved back to his native Michigan, closer to where the cars are born. A contrarian, Matt claims to prefer understeer — stating that front and all-wheel drive vehicles cater best to his driving style.

More by Matt Posky

Join the conversation
3 of 99 comments
  • Jeff S Jeff S on May 07, 2021

    You trade away your privacy every time you use a a rewards card or a credit card that uses a rewards program. For a discount or a reward you trade information about yourself and your buying habits. If you really are concerned about being tracked then don't use a credit card and live off of the grid--better yet become Amish. Not saying this doesn't matter or not to be concerned but in today's World it is next to impossible not to be monitored or to have information that is shared with others about yourself.

    • Stuki Stuki on May 08, 2021

      "You trade away your privacy every time you use a a rewards card or a credit card that uses a rewards program. " But you only use those, because you have no other means of buying things, than to allow worthless FIRE racket trash to insert themselves into transactions noone other than you and the seller has any business having even the faintest idea about whether took place or not. The reason people are being spied on, is not because they somehow want to. No doubt idiots dumb enough to fall for the trivially idiotic drivel that central banks and financialization is anything, whatsoever, other than pure theft by a totalitarian junta from the people they prey on, can also be relied on to be dumb enough to believe people somehow still wouldn't mind being spied on if realistic alternatives existed. But that only demonstrates that dumb people are dumb people. And idiots are idiots. It says nothing, at all, about whether people mind being sped on or not.

  • DenverMike DenverMike on May 08, 2021

    OK, we have no privacy. Whatever but why should gov, police, etc, get to enjoy secrecy that denies the rest of access to their crimes, rights violations, corruption, etc. That's what this is all about. It was an huge oops moment when the CBP realized they're exposed just like anyone else.

  • 1995 SC PA is concerning, but if it spent most of its life elsewhere and was someone's baby up there and isn't rusty it seems fairly priced.
  • CanadaCraig I don't see ANY large 'cheap' cars on the market. And I'm saying there should be.
  • 1995 SC I never cared for the fins and over the top bodies on these, but man give me that interior all day. I love it
  • 1995 SC Modern 4 door sedans stink. The roofline on them is such that it wrecks both the back seat and trunk access in most models. Watch someone try to get their kid into a car seat in the back of a modern sedan. Then watch them try to get the stroller into the mail slot t of a trunk opening. I would happily trade the 2 MPG at highway speed that shape may be giving me for trunk and rear seat accessibility of the sedans before this stupidity took over. I ask you, back in the day when Sedans were king, would any of them with the compromises of modern sedans have sold well? So why do we expect them to sell today? Make them usable for the target audience again and just maybe people will buy them. Keep them just as they are and they'll keep buying crossovers which might be the point.
  • Kwik_Shift_Pro4X As much problems as I had with my '96 Chevy Impala SS.....I would love to try one again. I've seen a Dark Cherry Metallic one today and it looked great.