Kyle Rankin

Kyle Rankin

Chief Security Officer
PGP ID: 0xB9EF770D6EFE360F
Fingerprint: 0DFE 2A03 7FEF B6BF C56F73C5 B9EF 770D 6EFE 360F
Librem Social
Kyle Rankin

It’s rare to find modern technology that’s actually on your side. For the most part when technology advances today, new features are less for your benefit, and more to benefit the company that made them.

Whenever I hear about a new piece of technology, at first I’m excited. Then, my next reaction is to wait for the other shoe to drop and discover the secret way it ends up exploiting me for the company’s benefit. It might lock me into a company’s other products, making me dependent upon them so I can’t move to a competitor. It might spy on me and sell my data. It might sell me disabled hardware or software at a discount, only to charge me more later to unlock features to make the tech usable.

As cars become more like rolling computers, car manufacturers have been copying tech companies by designing features that let them lock in customers and remotely control car features, muddying the definition of car ownership along the way. Current trends in the automotive industry point to a future with you locked in a remote control car, your vendor holding the remote.

The App Store in Your Car

I recently learned about a new feature in recent BMW cars: adaptive high beam headlights that automatically adjust to the proper brightness depending upon the surroundings. At the same time I learned about another feature they added: pushing the adaptive headlights button will bring a notification up to the dashboard informing you that you must subscribe to this feature via BMW’s app store to enable it.

Now that car infotainment centers have turned car consoles into large smartphones, car manufacturers are discovering a brand new revenue stream–selling apps to enable new features on hardware that already exists in the car. It’s easy to see how this kind of feature benefits the company, but it’s hard to argue it’s in the customer’s interest to turn a car from something you pay for once and own, into something you have to pay extra fees for throughout its life to keep its features.

Subscribing to car features also means car vendors can profit from the lucrative secondary market. In the past buying a used car meant you kept whatever features and options it has. Now it means the new buyer has to set up accounts and subscriptions and pay more to enable services. That is, if they can enable the services at all–in the case of people who have bought salvaged Teslas, features like supercharging are disabled entirely.

It’s not just subscriptions that get the app store treatment. Teslas are well-known for adding a “full self-driving” software upgrade to its cars for $10,000. This upgrade grants the owner the latest in self-driving software updates as Tesla technology improves. While this is described like installing any other computer software, traditional notions you may have for paid software–like being able to remove your $10,000 software from one computer and install it on another–no longer apply in a car. Full self-driving software is not transferable between cars. If you buy a new Tesla you have to buy the full self-driving software upgrade again.

Remote-Controlled Car

In many modern cars the dashboard computer extends past entertainment and into core car functions. Many cars also feature always-on cellular connectivity. That combined with over-the-air updates, means that manufacturers can push updates and changes to cars remotely, changing not just entertainment features but fundamental aspects of the car itself.

Tesla in particular has used over-the-air updates to fix software glitches, add improvements, and even affect braking performance. This Washington Post piece compares Tesla’s approach to car technology with Apple’s approach to computers and recounts the following story with Tesla changing a car’s battery performance with a remote, over-the-air update that ultimately triggered a class action lawsuit:

Months after buying a used Tesla Model S for nearly $46,000, Harpreet Singh began to notice the car wouldn’t travel far enough on a single charge to cover his work trips frequently stretching more than 200 miles.

Tesla had taken about 40 miles of range off his used Model S, which began with 265 miles, in what Tesla said was an effort to protect the battery. The update also slowed down charging times, Singh said. Tesla ultimately agreed to replace what it later concluded was a faulty battery, but at the expense of what Singh has found is slower acceleration.

After the car and its new battery were working properly, Singh began to dread system updates, because they introduced new problems like the shorter range and decreased charging rates.

When car functions can be unlocked and updated remotely using the car’s always-on Internet connection, it gives the car vendor much more remote control over modern cars. The same security features that allow a vendor to disable a stolen car remotely would allow them to disable or degrade a salvage or modified car if they decide the owner’s modifications or repairs were unsafe. Tesla in particular uses this justification to revoke a car’s ability to supercharge when it discovers a car has been salvaged or has after-market repairs it doesn’t approve of.

According to the Washington Post article, this remote control might even extend to whether you could use car features for a competitor’s service:

Tesla has also sought to restrict how drivers use the features it bills as self-driving, suggesting they could not, for instance, use them for ride-hailing on Uber and Lyft. Instead they could leverage them only for Tesla’s own ride-hailing network built by a fleet that Musk envisioned would consist of 1 million robo-taxis by 2020, a target date that proved overly optimistic.

In the hardware and software world, it’s common for vendors to use a customer’s purchase of one product to lock them into the vendor’s other products. Often it’s by ignoring compatibility with competitors or on the other side outright preventing competitors from making their products compatible with the vendor. If Tesla is able to enforce this desire it would move this same kind of lock-in to the automotive world.

Hardware Lock In

In the past (with some exceptions), many car parts from windshield wipers to light bulbs to cars entertainment systems (which in the past just meant a car stereo) followed common standards. Car stereos typically fit a standard single or double DIN size, which created a thriving third party car stereo market. Because technology continues to advance after a car is made, after-market units tended to have more advanced features than factory stereos. So if your factory stereo only played cassette tapes, and later compact discs were invented, you could replace the stereo with an after-market unit that played CDs (or even controlled a CD changer!)

You didn’t need to get the vendor’s permission to upgrade or replace the stereo. Because sizes and wiring were relatively standard (even if connectors weren’t), at most it might mean investing in a wiring adapter and later on as dashboards became more styled instead of rectangular, perhaps a cosmetic shell as well to match the style of dashboard enclosure. Now that cars are moving to custom, in-dash entertainment systems, this makes it much more difficult to replace it with an after-market system. While these systems may seem advanced the year they are made, it won’t be long before they seem clunky and outdated.

In the case of Tesla, the entertainment system takes the form of a large, iPad-like tablet computer that handles many of the core functions in the car. This effectively locks you in to using Tesla for their modern equivalent of the car stereo. Some customers might accept that trade-off since Tesla’s control of this market means there aren’t really any after-market alternatives, and if it breaks it would be treated like any other part of the car. Unfortunately when the tablet computers in some Teslas exhibited touch screen problems (from the above Washington Post article):

… Tesla’s acting general counsel argued with regulators that its cars’ iPad-like touch screens should not be expected to last the life span of the vehicle, an argument that was anathema to an industry used to “automotive grade” components. That was a key issue for Tesla because the touch screens serve as a command center for the car, hosting the climate controls, navigation and music, and even functions such as opening the glove box.

After initially sparring with regulators, Tesla agreed to recall tens of thousands of Model S and X vehicles over the touch screen failures.

If your entertainment system fails in a modern car, you are dependent on the vendor for a replacement, and hope they will consider it “automotive grade”. You are locked into that hardware and modern car vendors are making it increasingly difficult for third parties to provide compatible replacements.

Tracking Your Every Move

Another area where modern cars mimic phones is in their ability to track the owner wherever they go. The same GPS features in car dashboards that provide driving directions, combined with the always-on Internet connection, means that many if not most modern cars, like phones, send a constant stream of telemetry data to the vendor. Like with phones this data often includes errors and other data the vendor can use to improve their products, but like with phones it can also include personal data like location. This data can then be sold to data brokers who go on to sell it to other interested parties such as insurance and financial companies, as well as for surveillance.

This Motherboard article describes a particular surveillance contractor The Ulysses Group who boasts that:

“Ulysses can provide our clients with the ability to remotely geolocate vehicles in nearly every country except for North Korea and Cuba on a near real time basis,” the document, written by contractor The Ulysses Group, reads. “Currently, we can access over 15 billion vehicle locations around the world every month,” the document adds.

The article goes on to state that cars that can be tracked this way “are expected to make up 95% of new cars sold in the United States by 2022. … By 2025 it is estimated that 100% of new cars will be connected at some level–each transmitted more than 25 gigabytes of data per hour.” While you can turn your phone off, leave it at home, or if it’s a Librem 5, disable all sensors with hardware kill switches, you don’t have the option to disable tracking in your car–the car vendor maintains control.

Technology That’s On Your Side

Technology that’s on your side is technology you can own. Once you buy something, you should be able to use it how you wish, including repairing it, hacking it, and using any features in the hardware, without getting further permission from the vendor. When it comes to computers and phones, this means being allowed to install software that’s compatible, and overall use the device however you wish, without getting the vendor’s permission. When it comes to cars it means being in control of any software that controls the car, including when and whether it gets updates, and whether it phones home to the vendor. Car vendors shouldn’t be allowed to track customers or collect other telemetry without the customer’s permission.

This kind of lock-in, remote control and privacy invasion have become the standard for the smartphones everyone carries in their pockets, so many people unfortunately accept it as the way things are. These same sorts of tactics are still relatively new in the automotive world, though, which means it would be simpler to go back to how it was before cars were rolling computers if we can all muster the will to demand things change. If we start with the expectation that technology should be on our side, not the vendor’s, and vote with our dollar for products that protect the customer, not the vendor, we have a chance to turn this tide not just with cars, but with phones and the rest of technology.


Recent Posts

Related Content