Copyright techgenyz
Smart Vehicles collect vast personal data, raising major data privacy and surveillance concerns for drivers.Sensitive details like location, habits, and identity can be exposed, leading to identity theft, fraud, and third-party monetization.Blockchain and Privacy Enhancing Technologies offer solutions, giving drivers control over their connected cars. Once parked in your driveway, your car now represented a sophisticated, rolling data center. Connected and autonomous vehicles (CAVs) have transformed the automobile industry into an extension of the digital realm, placing a tremendous amount of private information at risk. While these flows of data foster marvelous innovations-from systems designed to avoid crashes to traffic patterns created for efficiency-they pose very serious issues: Does your car secretly watch your life, and what happens to the very private information that it gathers? The mass market for intelligent cars is picking up speed. Forecasts indicate that by 2030, almost all new cars will be connected to some degree. This transition, fostered by the ability to provide new services to highway users, turns the car interior into something that some commentators compare to a “moving panopticon,” in which the user is continuously monitored and it is hard to escape. Connected cars are basically sophisticated Cyber-Physical Systems, with a full set of hardware and software elements intended to collect data on both the mechanics of the vehicle and its passengers. Mechanisms of Collection They are all based on several hundred sensors and ECUs, which measure and monitor the vehicle’s performance, driver activities, and the surrounding environment. These sensors deploy high-end technologies such as LIDAR, radars, cameras, and thermographic cameras. They continuously record raw data to enable the vehicle to perceive objects, anticipate environmental changes, and control core functionality. The quantity of data produced is huge. Fewer autonomous vehicles can generate around 25 gigabytes per hour of data, a number that can balloon to 500 gigabytes per hour for self-driving cars. The personal data recorded is precise and highly sensitive. It encompasses the vehicle’s precise geographic coordinates, routes traveled, precise stopping points, trip speeds, and travel time. This kind of data can identify home and work addresses, shopping behavior, and even sensitive lifestyle attributes. Data that is recorded for authenticating authorized usage, individualizing comfort or entertainment settings, and in shared mobility services to identify passengers by name or destination choice. Information recorded by in-car cameras (aimed at assisting the driver’s attention) and microphones (tied to infotainment systems) tracks events within the cabin’s personal space. Storage and Networks After being gathered, this information needs to be processed and stored. Most intensive processing is performed on a High-Performance Computer (HPC) linked to the vehicle’s ECUs. The data can be stored locally in the Onboard network database. Still, it is often transmitted externally via Outboard networks (V2X)—vehicle-to-Everything communication systems—utilizing technologies such as cellular networks (4G, 5G), Wi-Fi, Bluetooth, and GPS. The vehicle architecture contains several points of access (Access Points or APs) that may be used as vectors for attack or data extraction, such as vehicular ports, such as the OBD (On-Board Diagnostics) port, telematics control units (TCU), and USB ports. The Marketplace for Automotive Data The main privacy concern is not so much the collection of data, but rather how much it is retained, processed, and transferred to third parties. Connected car-based services can be classified by the manner in which data travels: 1. IN-IN: Data is kept entirely within the vehicle for stand-alone services, like eco-driving assistance. 2. IN-OUT: Information gathered is sent outside, usually to third parties, like for pay-as-you-go insurance products or car diagnostics services. 3. IN-OUT-IN: Information is transmitted to an external service provider (such as the cloud) for processing and analysis (such as location and navigation services) before results are fed back to the car. It is the business value of the latter two types that drives privacy concerns. Automakers and their allies can profit from this personal information. Insurance companies, for instance, are extremely interested in vehicular data, such as external sensor data (from cameras or LIDAR) and internal data (measuring speed variations or direction) for accident analysis and premium rating. Alarmingly, sensitive and intimate information finds its way into the hands of vehicle data hubs and third parties, which merge motor vehicle data with other sources. This fusion could potentially de-anonymise aggregated information and render it extremely valuable for sale to advertisers or other third parties, resulting in invasive marketing. The Privacy Threat Landscape The threat to privacy in intelligent cars is severe since a single vulnerability in any part of it can reveal the entire system, following the “weakest link principle” of computer security, according to Badreddine Chah and colleagues. Threat analysis frameworks identify core privacy risks like linkability and identifiability, which is the possibility for an adversary (which could be organised crime, thieves, or spy agencies) to link two or more data points, such as messages or actions, back to the same individual or vehicle. Context information, such as unencrypted location data, can readily be associated with a passenger ID or vehicle serial number and thus build an intimate user profile even in the absence of overt identification. Some of the other dangers are divulgence of personal information, identity theft and fraud, true crime, and security intrusions The Driver’s Perspective: Balancing Safety and Privacy Drivers are not against data collection in general, specifically if there is a transparent, worthwhile purpose. Drivers tend to be favourable about data collection for enhancing road safety (for themselves or others) or optimising the performance of the vehicle and product development. However, users define particular, non-compromisable boundaries, particularly regarding the private area of the cabin: Audio and Video Surveillance: Almost universal resistance exists to collecting audio information, and broad resistance to in-car video cameras. Drivers regard the car interior as a private and secure space where personal discussions should not be tapped. Even in situations where internal cameras could enhance safety features (such as driver fatigue monitoring), drivers tend to prefer a closed system in which data is used solely as a sensor locally and never transmitted off the car. Anonymity Over Tracking: Drivers prefer greater ease when the information gathered pertains to the vehicle (e.g., performance) rather than their personal behavior. They like data to be aggregated and anonymized. The risk of losing anonymity raises concerns about being targeted by sales attempts or subjected to excessive monitoring. Lack of Control (Agency): Most drivers sense a lack of knowledge (Legibility) about precisely what data is being gathered, how it is stored, and to whom it is ultimately directed. They lack the information needed to provide informed consent. They want easy-to-use, detailed controls—usually through a cell phone app – that enable them to opt in or out of using particular pieces of data depending on shifting contexts (Negotiability). Technically, powerful frameworks are being created for protecting data, tending to rely on Privacy Enhancing Technologies (PETs). The integration of Blockchain and Federated Reinforcement Learning (BFRL) is one promising technique. The framework uses distributed technologies to jointly train machine learning models across numerous vehicles without requiring them to exchange sensitive raw data. Instead, encrypted model updates are traded through a secure, decentralized ledger. It guarantees strong data integrity and eliminates the need for centralized data storage, thereby eliminating a major potential vulnerability. Ultimately, the aim is to turn the dynamic on its head and have manufacturers make privacy by design a priority. This means offering drivers clear, granular controls that separate data required for safety features from data utilized for ancillary purposes, such as marketing or monetization. Until those types of systems are built into the industry permanently, the question persists: Are you in control of your connected car, or is your connected car in control of surveillance driving right into your life?
