Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: More on Flying Squid |
| More State-Sponsored Hacking »
February 18, 2013
Automobile Data Surveillance and the Future of Black Boxes
Tesla Motors gave one of its electric cars to John Broder, a very outspoken electric-car skeptic from the New York Times, for a test drive. After a negative review, Tesla revealed that it logged a dizzying amount of data from that test drive. The company then matched the reporter's claims against its logs and published a rebuttal. Broder rebutted the rebuttal, and others have tried to figure out who is lying and who is not.
What's interesting to me is the sheer amount of data Tesla Motors automatically collected about the test drive. From the rebuttal:
After a negative experience several years ago with Top Gear, a popular automotive show, where they pretended that our car ran out of energy and had to be pushed back to the garage, we always carefully data log media drives.
Read the article to see what they logged: power consumption, speed, ambient temperature, control settings, location, and so on.
The stakes are high here. Broder and the New York Times are concerned about their journalistic integrity, which affects their brand. And Tesla Motors wants to sell cars.
The implication is that Tesla Motors only does this for media test drives, but it gives you an idea of the sort of things that will be collected once automobile black boxes become the norm. We're used to airplane black boxes, which only collected a small amount of data from the minutes just before an incident. But that was back when data was expensive. Now that it's cheap, expect black boxes to collect everything all the time. And once it's collected, it'll be used. By auto manufacturers, by insurance companies, by car rental companies, by marketers. The list will be long.
But as we're learning from this particular back-and-forth between Broder and Tesla Motors, even intense electronic surveillance of the actions of a person in an enclosed space did not succeed in providing an unambiguous record of what happened. To know that, the car company would have had to have someone in the car with the journalist.
This will increasingly be a problem as we are judged by our data. And in most cases, neither side will spend this sort of effort trying to figure out what really happened.
EDITED TO ADD (2/21): CNN weighs in.
Posted on February 18, 2013 at 6:14 AM
• 65 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
typo: "text drive" should be "test drive" in the 2nd sentence
After reading all of the to-ing and fro-ing, the account that comes out as much-more-believeable is that of Broder, whose descriptions of what he did and why he did them all sound reasonable and consistent.
Tesla/Musk come across as whiney little snots who have prejudged what they allege to be Broder's bad-faith motivations, and then try and shoehorn every act into that context.
Tesla mentioned a prior bad experience with the UK motoring show 'Top Gear', which found the range of their vehicle to be far lower than what was claimed for it, under the circumstances in which they tested it. It might be useful to note that Tesla sued 'Top Gear' for libel, not once, but twice, over this case, and they lost both times.
From all the descriptive material, from both sides, one thing is for sure - I will never buy a plug-in electric vehicle while this is the current state of the art. It would appear that one needs the energy-management skills of a carrier-based fighter pilot to avoid going bingo-fuel in one of these things. In the simplest possible terms, a vehicle that has a duty cycle around 50% in normal use just isn't a practical proposition for 99.978% of motorists.
And I suspect that very few others will be moved to buy a Tesla as anything other than a fair-weather vanity ride as long as the company and its founder spend their time squabbling in this way with what would seem at first blush to be a more-or-less unbiased tester.
Is this going to be the next smartphone jailbreak issue?
"You can't examine what's in the black box because that's proprietary for company use only unless a lawful request from duly authorized enforcement official is made."
I have mentioned this before, though perhaps not here. Recall the NSA data center in a remote area of one of the Western States, where they plan to accumulate ALL possible data about everyone in the U.S. The data will be so voluminous such as to take over the Internet (why do you think they are always pushing for higher bandwidth, such as 10 gigabits). Further, the data may likely outrun the ability to capture and store it all. And, when technology improves to make storage density higher and the cost lower, there won't be enough time to convert existing data to any newer technology as well as analyze it or all of the newly collected data. It will come down to NOT collecting all the data, but only the data that can be used against you (there will only be bad data collected and nothing that can be used to prove innocence).
We have already seen that prosecutors have been known to withhold from trial, information that might prevent a defendant from being found guilty. In the Tesla situation, each side is presenting their "view" of the data. Who would win here if there was only one "view", the Tesla view?
"We have already seen that prosecutors have been known to withhold from trial, information that might prevent a defendant from being found guilty."
We already see what happens then in Russia.
Everybody in Russia drives around with a dashcam to use the recordings as evidence against police, state prosecution, and insurance companies.
So, if they collect data, about us, we can collect even more data about ourselves to defend ourselves.
Whether this is actually a "Good Thing" (tm) is a different matter.
"we always carefully data log media drives"
They do not describe the instrumentation package. Did they take the logs off stock auto-onics or did they add a custom package for Broder? If it's stock is the data collection on all the time or just when someone with a bad review comes along.
Looking at the data collected I'm inclined to believe it's stock (the gps feature for example - useful for finding charging stations) even though their claim is to " carefully data log media drives"
So either the data is being logged all the time or it's easily enabled and collected on equipment already on the car.
It takes a while to realize that an electric car is not a gas car and therefore requires a different frame of mind. Where we wouldn't think of re-fuelling after a stop with a gas car, with an electric it actually makes sense to just plug it in and slowly trickle charge it while say shopping at the store. I do that with my cell phone every night and sometimes at work if I know I will be using some of the more power consuming features (like GPS for instance). The infrastructure is just not there though.
I would say this is a case of two people just seeing the world from different viewpoints and not really being able to cross to the other point of view. At this point though I doubt they will. Too many egos and money involved. I would say Musk missed the chance on a teachable moment.
The NYT job is to sell ads. Media outlets are not worried about their reputation or the truth. Example: Dateline NBC and GM pickup trucks.
Careful, there. Your comment is pretty clearly biased, and crosses into mud-slinging territory more than once.
It's worth noting that the main reason the libel suit got tossed was because what Top Gear said was plausible and Tesla had little data to refute the claims. Top Gear has been criticized in the past for allegedly "stress-testing" car brands they don't like by operating them in a way wholly inconsistent with how an actual driver would, in order to ensure a negative lean to the outcome. Is it questionable, sure, but I agree that it doesn't constitute legal evidence of a tort without the data, which Tesla clearly lacked at the time. Case closed.
Second, of course, is that you would expect a car manufacturer to go to bat for what they perceive as a smear job. The review had some things that clearly panned out in its favor ( less than 1 mile search for a charger in the dark) that I would agree would not need to be mentioned in the article (but I wish they were, as difficulty in finding the charger is a real concern for consumers). There were other elements, though, that should have been left in, like the detour one would not rationally take if on a limited mileage, in order to be fair. Other things, like the reporter saying only that they turned down the temp, only to have it later come out that at best he went back-and-forth with it, are clearly a problem on the reporter's end.
On the other side, Elon Musk not only needs to seriously work on his PR skills, but he seemed determined to make mountains out of some clearly molehills, and was nitpicking to a rather bizarre degree that does make him look very good. The fact that the car's mileage went down so much over a cold night and that "conditioning" apparently didn't work are wrongly ignored by him in order to focus on whether the car exceeded the shortened range he mentioned (as opposed to the range it read the night before).
In the middle are claims about the inadequate charging. The reporter's defense is that he was trying to use the car the way a typical driver would expect, not the optimal way at every step. Valid enough, except the purpose of the drive was about the distribution and availability of charging stations, not about whether it was ready for everyone to trade in their hummers but drive the same way. The report is right to challenge the optimal conditions (as a good reporter always should push limits), but it should have at least been honest enough to admit that was what it was doing and that doing so was above and beyond the stated purpose of the test.
As for the viability of all-electric cars, Musk is showing quite well that we are quickly approaching the point where they can be used for most people in most situations, but "quickly approaching" doesn't mean we're there yet. Transitions like this will happen slowly, and drivers will have a learning curve attached to it, but it should be notable that the vast majority of drivers go less than 100 miles in a day, and a sizable percentage less than 50 miles. At that range, the current generation can get you 2-5 days without recharging, and if we assume (reasonably) that *most* users would plug in at home over night then it's essentially jettisoning all the trips to the gas station except for road trips. That last area is what the spread of supercharger stations is supposed to address, and the infrastructure for that is not yet ready for the public.
The reactions to these accounts are as interesting as the accounts themselves. Musk may have overplayed his case with his account of running around the parking lot, but the point stands: either Broder didn't do what he claimed, or the logs are inaccurate.
"Now that it's cheap, expect black boxes to collect everything all the time. And once it's collected, it'll be used. By auto manufacturers, by insurance companies, by car rental companies, by marketers. "
I just got an insert with my auto insurance bill, offering rate discounts for having data piped from OnStar or InDrive.
So it's not "in the future". It's now.
You seem to think that the average car doesn't already have a black box on board. Marty in Kalamazoo was working on programming them back when I lived there - they're ubiquitous now. Currently they can only be used as diagnostic tools for the mechanics, but the data is there. Couple it to the GPS that most folks want in their cars, and it will be able to tell you where the car went, at what speed, and probably who was driving based on weight on the drivers seat. Tesla didn't install anything that's not standard equipment from what I can tell - they just made sure it phoned home.
The Toyota Prius owner's manual has an EULA that states data is being stored and can be used by the company for just about any purpose they care to use it for, not just diagnostics. Probably the same with other manufacturers.
In Russia many drivers use dash-cams to ensure they have a record of what's been happening as there are corrupt police and dodgy fake accident claims.
To record more information is probably pretty sound stuff - but it needs to be in the control of the owner, not the insurance co, police etc. Police can have it after a proper legal request to the owner, same with insurance. The data wil be very useful to sort out claims after incidents, but it cannot and should not be used for spying.
The troubling point is that most people will be willing to do just that, give all their data for an insurance discount.
Soon enough it will be the normal rate and privacy-conscious people will pay a premium.
Or mandatory for anything but statutory liability insurance.
But honestly, I have no trouble with data being collected. As long as I can read it as well.
I'm even ok with it being shared during an insurance claim/accident. As long as the data is being handle confidentially and fairly.
If for some design flaw my brake pedal stops working that data could help the manufacturer/insurance prove I'm lying, but can also help me prove it's their fault.
If they're gonna read my data at my periodic checkup, they better give me that checkup for free.
Then again, I have a '99 car, not gonna buy something else unless it happens to break down.
@ Ryan - your points are well-taken.
Regarding the Tesla/Top Gear fracas, you wrote
'Top Gear has been criticized in the past for allegedly "stress-testing" car brands they don't like by operating them in a way wholly inconsistent with how an actual driver would, in order to ensure a negative lean to the outcome'.'
Those criticisms, while true, don't really apply in this case for the simple reason that Clarkson loved the Teslas he tested and said so, repeatedly, during the test. I've watched the broadcast, several times. It's on YouTube. He calls the acceleration 'biblically quick!' and compared handling and other parameters favourably to the Lotus Elise on which the Tesla Roadster was (partly) based. In other words, he wanted to like the car, and he liked everything about the way it drove, but had to draw attention to the issues they had with range.
And 'Top Gear' is a show that concentrates on high-performance cars, and tests them at their full capacity. If Tesla gave them a high-performance car to test, then they should not have been surprised that they tested it that way, and reported their findings truthfully. It is (at best) naive for Tesla to complain that Top Gear misled viewers about the range of the vehicle. It's perfectly-clear from the broadcast just how they drove it (which is to say 'like they stole it'), but Tesla marketed it as a high-performance car. If anybody is being misleading, it is Tesla, for marketing the car based on top speed, acceleration and performance, but then quoting a range that you can only achieve if you drive it like a little old lady going to Sunday services, on a 65° day, with the radio off.
I don't accept your assertion that I am 'biased'. I speak as I find. Tesla loudly states an optimum range for their product, but then hedges it around with so many caveats and limitations that the average driver in the real world simply cannot say with any certainty what the range of the vehicle will be on any given day. As this and other tests have shown, getting the stated range out of a Tesla is an exercise in energy management that is simply unrealistic to expect average drivers to perform or have to live with.
Mud-slinging? No worse that the assertions from Tesla/Musk that Broder was somehow deliberately conspiring to show the vehicle in a bad light, and repeatedly lied and acted in bad faith in order to do so. These assertions are laughable. To what possible end? How does Broder improve his credibility (or sell more newspapers, or more ad space, as some have suggested) by doing this? Tesla are the people in this exchange who are keen to sell their product.
I'd love to see a completely-recorded and instrumented test - by Tesla, why not? - that shows clearly everything the driver has to do to get their rated range in a variety of real-world conditions - heat, cold, speed, etc - and let prospective buyers decide for themselves whether that matches their real-world applications. Tesla's reactions (so far) to negative reports of range have been universally awful, and have served to undermine customer interest instead of supporting it. They (and their apologists) keep telling customers that EVs are different, and they have to be owned and used in different ways, but then they totally fail to address the customer's most basic concern - will it get me there? - and lash out at anybody who suggests that this is something to be seriously concerned about.
It reminds me of GM in the '60s and their reactions to Ralph Nader - but instead of 'Unsafe at Any Speed', it's 'Unsure if I'll Get Home'.
Whether or not the data is being collected and who it is made available to with or without legal process doesn't touch on how secure is that data and what are the opportunities for tampering - which if collection becomes ubiquitous and use common, then there will be value in tampering.
Data collection and potential compromise isn't just an issue with EVs but with all 'smart' cars. The Leaf, for example is constantly broadcasting your GPS location in order to provide relevant weather and news information. I'm sure many other connected vehicles can do so as well.
The biggest issue is the industry's lack of appreciation for security controls in general, and specifically the need to isolate infotainment systems from the car's control functions.
Anyone who regularly drives an EV can point out at least half a dozen things Broder could have done different to not "stall out." Everything he did was stupid. Some of what Tesla alledgedly told him was stupid as well, but we don't have the voice logs, we do have the car logs.
In the EV community 'Broder' is now a verb to describe the act of intentionally running an EV to a halt, which is quite impossible in any rational use.
Top Gear only got away with their libel because it was done for entertainment value, and the judge said no rational person would be expected to take them seriously. I suppose the same line of thought should apply to the NYT, just replace 'entertainment' with 'profit'.
@Scott: That Joy of Tech comic is epic. The only thing it didn't blend in (but could have) is something about it doing the Kessel Run in under 12 Parsecs, or perhaps something involving Time Lords.
Perhaps 'biased' does or does not fit, but as you say, I call it like I see it and what I saw was a pile-on for one side without any mention of the other side's missteps. Unless one side truly is golden and flawless, I prefer the good and the bad aired together. Of course, I won't argue that Musk slung mud too, and significantly more than you.
As for Top Gear, I did re-watch the video, and I will concede that the reviewer there did not appear to have an axe to grind, but like you said, the criticism is at least somewhat valid. I would venture it's because they so easily and selectively cross the fine line between "Let's see what it can do" and "Let's see if we can break it entirely" without any transparency of the shift in focus.
Several people here have commented that owning and operating an EV requires a different driver mindset, for both planning and execution, than owning a petrol vehicle. As you observed, Tesla is not doing a good job of educating the consumer -- both currently buying and potential future buyers -- of this, and Musk's PR disasters don't help. Only time will tell how EV works out, although I certainly think that it has a lot of infrastructure problems to overcome that legacy vehicles don't need to worry about, but I'm glad that there's a company truly trying to innovate and at least try to make such a vehicle a practical reality.
@ Captain Obvious, who wrote
'Anyone who regularly drives an EV can point out at least half a dozen things Broder could have done different to not "stall out."'
Ah, yes, the 'smart people (like me) wouldn't do this' argument. It merely reinforces my point that these vehicles simply aren't ready for prime-time - that they require an approach to planning and performing car travel that is completely alien to the current expectations and abilities of 99.987% of drivers. Tesla is not going to get very far in the marketplace with their product if their basic response to range issues is 'you need to be smarter than you are, because there couldn't possibly be anything wrong with our claims of range.'
Broder tried to test range in a real-world setting, but fell afoul of the fact that the range of the vehicle can change (depending on time and temperature) and that the range you parked it with last night is not the range it has this morning. He also tripped up on the fact that the battery capacity varies in non-intuituve ways, and that even the maker cannot accurately advise the customer what to do to achieve the range desired. But no, it's Broder's fault - he should have been smarter.
. . . 'running an EV to a halt, which is quite impossible in any rational use.'
Well, depends on what you mean by 'rational', I guess. Since even the maker can't tell you what to do in a specific situation to avoid running their EV to a halt, I guess we have different values for 'rational'.
Tesla has 'form' for failing to meet range promises. A Tesla Roadster left a Car and Driver staffer at the side of the road after promising him at the outset of his journey that he had plenty of range to make the trip.
And you only have to read the stories at Consumer Reports (which has a Tesla on long-term test) to realize that even with 'rational' use by a driver experienced with the vehicle, finding oneself almost out of range despite the initial promises that the vehicle made is an everyday occurrence.
Like I said - not ready for prime time. A car that can't tell you how far it will get you, and then changes its mind as it goes, fails the most basic parameter for a transportation device, which is a passable degree of confidence that it will get you there. Blaming it on the stupidity of the driver is just a cop-out.
@ Ryan - fair enough, agreed.
I am not sure why anyone, especially Bruce, is surprised by the amount of data logged. This is standard practice on all modern, high end cars: Tesla is certainly in this bracket.
My BMW measures everything. It is a diagnostic tool, but it can be so much more. It measures how fast I am going, in what gear, how hard I accelerated, at what time, and how aggressive I turned the wheel.
If I crash, BMW can see when I pressed the brake, how hard, whether the wheels locked and the ABS was activated. It can tell if I had the radio on, or if I received a call via the in-car bluetooth.
It can even tell who was driving - well, which key was in use.
Storage is cheap, relative to the price of the car. Why would they not log this?
Black Box data harvesting came into the mainstream with OBD II engine and emissions management software about a decade ago. It is present in nearly every new car and truck, and is very helpful for diagnosing operational problems. It maintains a persistent memory of the last several seconds of vehicle use, operational data and trouble codes. This information has been subpoenaed by police, and also been used by manufacturers in order to deny warranty coverage for damage relating to misuse.
There have also been uses of the LoJack vehicle recovery tracking system, toll transponders, OnStar and other tech for both police and civil cases - where the information has been recovered and used without the owner's consent. Some car rental companies track vehicle location and also record driving speeds - and assess penalties when speed limits are exceeded.
It's a brave new world out there.
I think you are confusing Top Gear with a serious car show. It's not. It is a comedy show that has cars on it. Some of the cars are even funny (such as the Reliant Robin and the caravan).
While there are some differences between an EV and an ICE, the ability exceed one's estimated range by twofold is not one of them. If you put 1 gallon of gas in a 30 MPG car and try to drive 60 miles you're going to fail...every time.
The infrastructure 'issues' EVs face are largely irrelevant. 99% of EV drivers will charge at home or work 99% of the time.
FYI - CNN and 5 or 6 private owners have all recreated the drive since with no issues.
An EV doesn't require an expert driver, but like any other car you should know the basics. For an EV that includes how and when to charge.
Anyone who doesn't know that 32
You obviously, like Broder, waste a good deal of your time insisting you have no axe to grind while spending the rest grinding. Or maybe you're not even trying to present a persuasive argument, and just Brodering it.
The stakes are high here. Broder and the New York Times are concerned about their journalistic integrity, which affects their brand.
Two words: Judith Miller.
Cut off: Anyone who doesn't know that 32
avoiding accidental html
Anyone who doesn't know that 32 is less than 61 should not be allowed to drive anything anywhere.
@ Captain Obvious, who wrote:
'An EV doesn't require an expert driver, but like any other car you should know the basics. For an EV that includes how and when to charge.'
Oh, indeed? And how are you expected to figure this out, when both the machine itself and the maker don't tell you the truth? Intuition?
The Car and Driver report is a perfect example of the problem. The machine tells you you have plenty of range. You drive it in such a way that the range appears to be consumed in a predictable way - and then it suddenly changes. You're halfway there, and all of a sudden, the remaining capacity starts to decline at twice the rate you are driving. You're hosed.
How and when are you supposed to charge for that eventuality?
If you don't know "how and when to charge", what do you do? Why, you call the manufacturer! This is what Broder did - and the instructions they gave him were either so poorly communicated, or just downright wrong - that he was left at the side of the road. Maybe he should have been more judicious in his charging plans - but when he saw the machine was misleading him, he turned to the manufacturer, who misled him even more - and now berates him for telling the trurth about what happened to him.
Half of this 'how and when to charge' is based on a mixture of equal parts folklore and unquantifiable hocus-pocus about "warming the battery" and "regenerative recovery" and "recovered capacity" and half-a-dozen other unknowns that the driver is supposed to somehow intuit. Don't charge it too much! Don't let it get too empty! Just a quick charge will refresh the battery! Even my first wife wasn't this fickle.
Others have replicated the ride with no problems? Well, of course they have - now that they know what not to do! But the real world is unfortunately seldom so predictable.
I especially love the blithe way you simply assume that you know what 99% of drivers will do. It's that sort of arrogance that Tesla/Musk display in their interactions with critics, and the same sort of arrogance that has kept sales of mass-market EVs such a dismal failure. What's wrong with our dog food? Well, it's simple. The dogs don't like it. And one simple reason the dogs don't like it is that it has been grossly overpromised, and especially when it comes to range.
The sad fact is that cars like the Tesla are only useful as a sole or primary vehicle for a very small subset of drivers whose travels are short and highly predictable, who live in temperate climates with flat geography, and who have a large disposable income to indulge their taste for environmental indulgences. For the great majority of average people, they are about as useful as a chocolate teapot.
Incidentally, and maybe I should have made this point a lot earlier, it would be a laughably-simple matter for the makers of EVs like the Tesla to provide the driver with a much-more accurate assessment of range in real time.
My GPS already knows where I am and where I am heading, it knows the time of day and the temperature now and in the next 24 hours, and it would be laughably simple to interrogate the driver with some very simple questions about what his plans are for the next X-number of hours. With a driving history for that driver, it would be a simple matter to produce a 95%-or-better accurate estimate of what the car's current capability is, and provide scenarios to choose from.
And, of course, they will never do that, because that level of truth-telling would be a sure death-knell for the entire product category? Much better to quote some idealized number, and then simply blow off anybody whose real-world experience falls short as being stupid and ignorant. Since the great majority of these vehicles are currently purchased by what you might call 'true believers' anyway, the makers will be able to get away with that for quite a while yet. Not many people are going to stand up and admit that their $100,000 green wonder-car is a total pup.
Ok Broder, I'll not further clutter Bruce's blog with further arguments about basic math.
@ Captain Obvious, who wrote,
'I'll not further clutter Bruce's blog with further arguments about basic math.'
Oh, so you don't actually have any cogent arguments to bring?
Basic math? None of this discussion is about 'basic math'. None. That is simply your red herring. The discussion centers on the fact that the range of EVs is grossly, systemically misrepresented when it comes to any sort of real-world use, and that the makers of EVs deny this by any means they can. As they have to, because their continued existence depends on a political fairytale that assumes that mass-market EVs are a practical reality, and they have to swear allegiance to this fable to keep the taxpayer grant money flowing. That's the 'basic math' at play here - not car mileage, but taxpayer dollars.
With the level of monitoring capability of Broder's car that Tesla has displayed, and their prior knowledge of his plans, it would have been 'basic math' to tell him what he had to do to make it work. But that they could not do, because he would have reported the unpalatable truths they told him - whatever they were. Better to leave him by the side of the road and then obfuscate the matter with vague claims about bad faith and cheating, and let it all blow over. But whatever they do, they cannot tell the truth about real-world EV range, because it will bring the whole political house of cards down around their ears.
Owned, I think.
And, by-the-bye, Mr Schneier is a big boy and is perfectly-capable of telling anybody who is "cluttering" his blog to take a hike. Don't feed me a line about how you're just being bowing out to be polite.
The NYTimes has placed themselves right up there with Top Gear in terms of the values and practices of the automotive entertainment media.
Now that they have been calibrated, readers have the information needed to trust what they write.
I just don't think automobiles are ready for prime time. What happens if someone is driving down the highway and lets go of the steering wheel? They could crash! What if they hit another person, let alone the property damage. And what happens if they forget to put gasoline in the tank? Their automobile could suddenly run out of power...and worse, this could occur when they are driving down the highway! Has anyone thought about that? I don't think people are ready to handle the dangers and complexity of refueling either. Did you know that gasoline is not only flammable, but the vapors could be explosive?
We really need to collect more data before we can be sure society is prepared to allow ordinary people to drive automobiles.
"I have mentioned this before, though perhaps not here. Recall the NSA data center in a remote area of one of the Western States, where they plan to accumulate ALL possible data about everyone in the U.S."
Remote area, nothing. It's a little off I-15 between the Salt Lake and Provo metro areas -- visible from the freeway, as I recall.
Llamas, your tone is becoming increasingly obnoxious, and the viability of EVs is not really the subject here in any case. If you have something to say about data logging, privacy, or other issues appropriate to this post on a security blog -- and if you can talk about them civilly -- go ahead. Otherwise, I think you've said enough.
Hmmmm....is that irony?
Randy - sorrycouldntresist
Most of us have a data trove in the GPS navigator. You do not need a high end car in order to find out when where and how fast. I have for many years wondered why the police did not check the GPS when they caught someone speeding. It would be very hard to establish reasonable doubt concerning the average speed over let say one km shown by the GPS. But they do not use this opportunity to investigate. Why?
What irks me is that this mediocre, government money-grubbing, litigatious company named itself after one of the greatest physicists in history. Nikola Tesla's reputation should not be smeared by association with Tesla Motors.
Money quote, however unfinished:
And once it's collected, it'll be used. By auto manufacturers, by insurance companies, by car rental companies, by marketers. The list will be long.
It really should include:
- foreign spies
- domestic spies
- dictatorial / totalitarian regimes
- IRS (when they start taxing us for miles driven, as gas taxes will go by the wayside for electrics, hybrids, etc)
- EPA, FDA, HHS, CDC, DHS ... to say nothing of CIA, FBI, DIA
... and that's just the obvious ones
I am bothered about the whole data logging thing. That a lot of data is collected and that there is no independent proof offered that the data is accurate. That the data is being offered up as some sort of proof showing that one party lied.
And that the data is being misconstrued to show intent verses actual. An example of this is showing a graph is provided that purporting to show temperature. It appears to show a thermostat setting instead of interior temperature.
My belief is that before admitting raw data into a discussion, that there needs to be some sort of healthy scepticism both about the data's accuracy and what it represents.
Legal agreements also need to be codified around the disclosure and use of any collected data.
Having read Broder's and Musk's pieces, my sympathies are 100% behind Musk while accepting that some of his response was hyperbolic and should have been trimmed. Without piling onto the specifics of the case and the utility of electric cars, I think Bruce is right that the case shows that collecting a lot of data won't always turn into useful evidence. If Broder had kept his own video diary of the trip or if Tesla had kept a log of Broder's calls, then we would be in a position to work out what actually happened. As it stands, there is still a lot of apparently unrecorded "I said/you said" in both player's arguments.
Fortunately a traffic cop cannot easily check your GPS to establish guilt as that would require a warrant.
As black boxes become more invasive that may become an implied consent granted by the use of public roads.
TX already has automatic blood warrants for holiday weekends. While drunk driving (and many other illegal activities) is obviously bad, anything requiring a warrant should never be automatic.
In Musk's release, he clearly reports the graph as being the thermostat controls rather than the cabin temperature. This distinction, however, has not survived the release of the story into the wilds of the internet where just about everyone (including Bruce above) has reported it as being a record of the temperature. The distinction matters in this case.
"But as we're learning from this particular back-and-forth between Broder and Tesla Motors, even intense electronic surveillance of the actions of a person in an enclosed space did not succeed in providing an unambiguous record of what happened."
I'm a flight test engineer at a major aerospace company. Our test aircrafts are often packed with dedicated instrumentation, capable of collecting huge amounts of data on every possible flight and environmental parameter. We sometimes have digital video cameras, recording the flight deck or control surfaces in glorious HD. In addition, we tend to pack personal HD cameras, and every one of us totes a clipboard, obsessively taking manual notes during every phase of taxi, takeoff, flight, etc. For the sake of safety, we never improvise tests "on the fly," but stick to a script we've written and vetted well in advance.
I mention all of this because reconstructing what actually happened can take hours of us poring over all of that data. In the midst of the action, the human brain easily becomes overloaded by too much information, and sorting out what really happened from what we think happened can prove challenging. (Dr. John Medina has plenty of interesting material on these points, at brainrules.net)
"To know that, the car company would have had to have someone in the car with the journalist."
And maybe not even then...
You left out law enforcement as a possible/likely user of that data. Once there's data, they'll go after it. Hopefully a warrant, but let's not get our hopes up.
Hopefully [with] a warrant, but let's not get our hopes up
From an outsiders perspective, the US LEAs be they Federal, State, more local or communications/transportational are working on the assumption that "bits on a disk are in plain sight" irrespective of wherever the disk might actually be. The recent press noise about the US DHS regarding the US boarder zone to be 100miles deep and thus extending the "no warrent required zone" to cover most of the US population only makes this perspective worse.
Thus I can quite easily see the US authorities pushing to have not just the Black Box Data be made available, but to have a "Law enforcement Technical Interface" for easy access as has been seen with other methods of communication via CALEA. So either a NFC or Mobile Comms port for local / remote "easy access" on demand. And as has been seen with similar Technical Interfaces once the mechanisum exists, others will exploit it to their benifit, and as current US legislation assumes that any data gathered belongs to the person who gathered it potentialy it might be easier just to give all the Black Boxes "twitter accounts" and have done with it, that way no person in the US will be able to travel much further than they can walk before their movment gets logged and available for the government or others to use against them...
A lot of the argument here has been over the energy source be it Electric of Fossil Fuel.
The problem is not the energy source type but how you store it and the loses involved.
Much as I find Top Gear amusing I also deplore some of their stunts (car up a mountain, car to North pole, etc etc etc). But they also tend to be a little more honest about things than they are often given credit for.
Both Jeremy Clarkson and James may have pointed out a major disadvantage of EVs -v- FFVs in that it takes eight hours to fill an EV's tank and a minute or so to fill an FFVs tank.
They have also pointed out that an electric motor is significantly lighter and much more efficient at converting the energy source to usable motive force than the FF motor and drive chain etc.
Likewise they have also talked at length about the problems with the "tank" electric batteries are increadably inefficient and heavy in comparison to a FF tank. Also the salient point of battery life time and subsiquent replacment and disposal and all the extra energy that consumes. The Tessla uses "thousands of Laptop batteries" that are built in in a way that changing them is going to be comparable to rebuilding the vehical. They are inordinantly expensive and as some laptop owners know may need to be replaced as frequently as once a year if performace is to be retained...
And I know James May has actually discusssed why "Diesel Electric Trains" are more usable and efficient than pure "Diesel Driven" trains and included into that all the factors from the filler cap to the motive force on the track.
They have both discused the problems with "primary sourcing" the energy source and it's transportation to the "filler cap" especialy as much of our electrical energy is produced from fosil fuels (coal, gas, oil).
And James May has gone into fuel cel£llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
There has also been a side mention of the polution involved and how it's dealt with. The cost and issues involved with CAT converters are a complex subject in their own right, that further complicates the EV -v- FFV argument.
The simple fact is pure EV's are no where as "green" as people would like to have you think, partly for the reasons above and mainly because "Green" is so nebulous in it's many many meanings.
What both of them have done not just in Top Gear but many of their other programs is to talk about Hybrids, that is using various parts of EV and FFV technology and combining it.
As someone who has built software products with extensive logs and then pored through them after crises looking for causes and root causes, and having read both Musk's and Broder's accounts, the situation does mimic situations I've encountered:
A problem erupts
You start poring through all the logs you created for such a situation as this
You think you know what they mean
There are odd things that don't correspond with what the customer reports
You believe the logs and not the customer
Until you realize that the logs don't work quite the way you thought
You get some insight and then you realize perhaps the customer was telling the truth in their own odd way and the issue that you thought they were reporting as an X issue was really a Y issue
You regret perhaps some of the tone you used in emails communicating about the issue with people either internally or the customer themselves earlier in the process
One's understanding of and ability to interpret one's logs improves with practice and comparison against real-world incidents. There is no substitute for such practice and comparison against real-world unexpected usage.
On the upside, it does seem like Mr. Musk and team, who seem to be claiming that they only do this logging for media drives, may be telling the truth at that bit-- otherwise their interpretational skills would be better!
On the downside, this may easily end up being a common growing class of problem between technologist and ordinary citizens ("lusers"), as logs of our activity proliferate, yet are used so rarely that people with a prejudice (grounded in whatever historical frame they come from) see the logs through their own filter and the objectivity of the log fools them into thinking they know more than they do, at the expense of an ordinary person.
That said I am not sure I 100% agree with Bruce's final comment that nobody will try to get to the bottom of things when it's not so high-profile. Someone working for a manufacturer who cares about quality and has sufficient management cover or leeway to do so will try to get to the bottom of these things, because it's just such anecdotal data from even ordinary users that reveals the critical real-world quality and defects in one's products. And those are issues that the manufacturer must (and is highly incented) to address. Perhaps "big business" is too sclerotic (or litigious-frightened? or optimized/tightly managed) to address such things and can coast somewhat without them, but I assure you that startups must investigate such truths about their products... or die.
@GregW: Yup, that seems to be a problem in the manufacturer-user-interface (which Tesla tries to blame the user for, but really shouldn't). Sure, error reports are often unclear - but they're the experts, they need to ask the right questions.
The most basic issue is that error reports by users are likely of the form "Function Y does not work!", while it should be of the form "I did X, expected Y, but Z happened. What's wrong?". If you don't extract that basic info first, the next days will be spent calling each other stupid/incompetent with decreasing politeness.
Father to son, back when I was your age we needed stickers on the windshield to remind us to get the oil changed.
Big Brother wants to know everything about you; where you've been; who they can cross-index you with; how to tax you; and how to set you up if they choose. Lawyers will make a fortune with the technology both in prosecuting and defending.
Our society will get meaner as we point fingers at bogeymen; and our economy will continue to decline as we focus on paranoia and less on productivity.
Meanwhile, we novelists find such technology ripe for ridicule and caution. I'm certainly incorporating this in my upcoming novel sequel, The Carbon Cross.
As a Tesla owner, I can say for certain that a great of information is logged. When I purchased the car I was notified that this would occur and shown how to disable remote access to the logs (not collection of the data, just remote access). There are several enthusiast efforts to create log parsers (VMS parser, TeslaGLoP, etc.) so that owners can read the logs. The cars are in operation in climates as varied as the Arctic circle, the California desert, and southern Florida. The cars have been continuously improved based upon information learned from the logs. Regular maintenance of the vehicle involves examining the logs for issues.
As several commenters have pointed out, extensive logging is now standard practice in high-end automobiles. What we as consumers should worry about is how this information may be used by insurers, law enforcement, and other third parties. It is these "unintended" uses that may become troublesome. Will the traffic stop of the future include a demand for your license, registration and log files?
Wow. People can read the data logs and claim they don't know what really happened? Is the idea that the auto may have been mounted on a dynometer/simulator of some kind, or that the logs are bogus? Seriously? NYT is so busted, whether you like Tesla or not, and whether you appreciate its vehicles or not.
You failed to mention that the UK court case against Top Gear was thrown out because the judge rated Top Gear as entertainment-only and not a Consumer Information programme while acknowledging they faked parts of the review.
And everyone in the UK knows Top Gear is heavily scripted and they do everything they can to get a laugh.
But everyone would be hard-pressed to find anything funny in the NYT hatchet job and the fact that the author corrected himself several times shows that it was indeed a case of bad journalism.
In the end I think Tesla's PR was pretty bad, but when it's your business under attack it's hard to keep cool and show a sense of humour.
Robert Sawyer's Neandertal Parallax books have a large theme on the implications of constant surveillance. The conclusion from the book is that like the Russians filming everything from their cars - people want the security of proof of what they did.
If I'm in a car collision I want the truth to come out - even if I am at fault the relief of simply knowing the truth, and being able to get the post-collision court case over with quickly is worth it. Even better of course if I'm completely in the clear.
I think my chief concern would not be that the data can be collected & read. That has been happening for a while. It's that we will find that people, especially prosecutors, will point to data as 'oh see? they braked here, too late' and use the data to imply guilt. That we can then spend time afterwards interpreting it.
Broder is accused of lying. He might just have had a terrible day and totally forgotten what he did when. That doesn't per se excuse the mud-slinging, or that he then defended his position instead of saying 'ok, I may be wrong', but we have to collectively own up to the fact that people are fallible.
The truth is one thing - spin is another. We forget that data collecting allows us to point out flaws without recognising that humans err. People make mistakes. If we're not careful, we end up in a society where we're judged by infallible data collections & computers, where suddenly those mistakes are visible. That will take a lot of getting used to for society.
I for one, as a person who has been in a car accident where fault was nebulous at best (and remarkably, the attending officers concurred), both love & hate the idea of perfect data on which to dispassionately judge & second-guess events with hindsight - because I know that humans, being fallible, are unable to separate 'a priori' knowledge with 'a posteriori'.
@Cameron: people want the security of proof of what they did
There was a movie called Proof in the early '90s about a blind man who takes photographs as "proof" that the world really is as others describe it to him.
I suggest that the problem we are likely to have with vehicle data logging is that those with power can make better use of the data to further their ends than the actual subject can.
The main trouble I have with this data collection is that it can be and is (at least in Tesla's case) being collected and selectively published by the company to push a viewpoint.
I have seen other companies use GPS data to find when truck drivers are several hundred miles away from their route which is one thing ( a blatant difference); in Tesla's case they have used the data to establish that the reporter drove a half mile around a parking lot while before plugging into a recharge station, they also used the data to establish that he did not drive the most direct route when leaving Manhatten.
Minor differences between reported observations and data is being used (in a bullying fashion) to trumpet as proof that the reporter was biased, all based on data that was collected and reported as fact by one of the parties involved in the dispute. One sided collection, interpretation, and censoring of results is a bad thing.
Not only do modern aircraft black-boxes record huge amounts of information over a length of time sufficient to encompass the longest of intercontinental flights, but professional drivers of trains and heavy vehicles have been required to record their driving for a long time.
The tachograph familiar to lorry drivers records both when and how fast the vehicle was moving, and is often audited by police to ensure permitted driving hours and speed limiters are not being defeated. That's pretty primitive technology, the basis dating back at least to the 1930s if not further, and it is explicitly designed to record hours and days of information for posterity.
On the British main-line railways, *every* train must be fitted with certain minimum equipment - a decent headlight, the AWS and TPWS safety systems, and the OTMR "black box" must all be fitted even to preserved steam locos if they are to operate under their own power on the national network (but not necessarily on preserved or other privately-run railways). The power required to run this equipment is often generated by a steam turbine discreetly fitted somewhere on the tender, for lack of anywhere that would not be visually or mechanically obtrusive on the locomotive itself. Many modern trains also have the equivalent of dashcams, which frequently also record at the rear of the train (since multiple-unit trains have a cab at each end). All this ensures that when the rare accidents occur, it is much easier to work out precisely what happened than it used to be.
It also means that large amounts of data are available for professional driving reviews and training. The data can be examined for signs of inefficient driving, risky techniques or poor timekeeping, which can then be the focus of a future refresher course. Airlines also use flight recorder data in this way. Remember, these are professionals - they are held to a higher standard than the average man on the street.
The huge volume of data recorded by "track recording trains", whose entire purpose is to detect track problems for scheduling preventative maintenance, is also stored for future reference. (One of these trains is a converted HST, allowing track to be examined regularly even on fast mainlines without interrupting traffic.) This includes a video feed from a down-facing camera, which is not usually examined in detail for practical reasons, but relevant portions can be reviewed if there is special concern about a track defect in a particular location - especially after a derailment, see page 11 here.
When it comes to black boxes and dashcams on private cars, the primary reason to do so is to use the data from your own car to prove your own innocence - to show that you were driving reasonably and therefore the blame must lie elsewhere. In other words, it is used to defend yourself against an accusation made by another. This is, of course, not entirely in accordance with the general legal principle of "innocent until proved guilty". But I think it would be reasonable for police investigators to collect black-box data where it exists, as an obvious route to the truth. The trick is to provide confidence that the data will not be tampered with and is also available to the vehicle's owner.
But it is generally used in a civil context - ie. "this accident has happened, no charges are being pressed, but whose insurance company pays for the repairs?" - in which the above principle does not apply. The innocent party has an incentive to provide evidence of innocence, since that avoids adverse rate adjustments on future insurance periods. The insurance company would be quite justified in requiring submission of black-box and camera data with a claim, if they are aware that such equipment was fitted and operative in their subscriber's vehicle.
As for privacy, the obvious answer is only to permit remote access to data in the event of an accident or a report of theft. The sole exception would be where the subscriber has specifically agreed to remote monitoring in exchange for rate concessions - such as some schemes designed for young drivers, which keep track of sharp accelerations (in any direction) as a decent proxy of avoidable driving hazards.
“We're used to airplane black boxes, which only collected a small amount of data from the minutes just before an incident."
As mentioned previously, that constraints are not present anymore. State of the art solid state flight data recorders can hold lots of hours, reaching even just a day back of data.
Just on example (no affiliation with such product):
L-3 FA2100 Solid-State Flight Data Recorder (SSFDR) records a minimum of 25 hs of data
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.