Car Reporting Accidents, Violations

In addition to car’s using network connections to call for assistance, here is a natural consequence — your car may notify police of an accident, in this case a driver leaving a hit-and-run situation. My insurance company offered to add a device to my car that would allow them to increase my rates if they go faster than they think I should.  Some insurance companies will raise your rates if you exceed their limit (70 MPH) even in areas where the legal limit is higher (Colorado, Wyoming, etc. have 75+ posted limits).  A phone company is promoting a device to add into your car to provide similar capabilities (presented for safety and comfort rationale.)

So what are the possibilities?

  • Detect accident situations and have emergency response arrive even if you are unable to act — and as noted above this may also detect hit-and-run accidents.
  • Provide a channel for you to communicate situations like “need roadside assistance” or “report roadside problem”.
  • Monitor car performance characteristics and notify user (shop?) of out-of-spec conditions
  • Using this same “diagnostic port”, taking remote control of car
    • Police action – to stop driver from escaping
    • Ill-intended action, to cause car to lose control

So, in line with the season, your car  is making a list, checking it twice and going to report if you are naughty or nice —

====

One additional article from the WSJ Dec. 10th on the Battle between car manufacturers and smartphone companies for control of the car-network environment.  The corporate view, from Don Butler, Ford Motor’s Director of Connected Vehicles: “We are competing for mind-share inside the vehicle.”  Or as the WSJ says, “Car makers are loath to give up key information and entertainment links… and potentially to earn revenue by selling information and mobile connectivity.”  In short, the folks directing the future of connected vehicles are not focusing on the list of possibilities and considerations above.

 

Who is Driving My Car (revisited)

Apparently my auto insurance company was not reading my recent blog entry.  They introduced a device, “In-Drive” that will monitor my driving habits and provide a discount (or increase) in my insurance rates.

There are a few small problems. The device connects into the diagnostic port of the car, allowing it to take control of the car (brakes, acceleration, etc.) or a hacker to do this (see prior Blog entry). It is connected to the mothership (ET phones home), and that channel can be used both ways, so the hacker that takes over my car can be anywhere in the world.  I can think of three scenarios where this is actually feasible.

  1. Someone wants to kill the driver (very focused, difficult to detect).
  2. Blackmail – where bad guys decide to crash a couple of cars, or threaten to, and demand payment to avoid mayhem (what would the insurance company CEO say to such a demand?)  (Don’t they have insurance for this?)
  3. Terrorism – while many cyber attacks do not yield the requisite “blood on the front page” impact that terrorists seek, this path can do that — imagine ten thousand cars all accelerating and losing brakes at the same time … it will probably get the desired coverage.

As previously mentioned, proper software engineering (now a licensable profession in the U.S.) could minimize this security risk.

Then there is privacy.  The  insurance company’s privacy policy does not allow them to collect the data that their web page claims this device will collect — so clearly privacy is an after thought in this case.  The data collected is unclear – they have a statement about the type of data collected, and a few FAQ’s later, have a contradictory indication that the location data is only accurate within a forty square mile area, except maybe when it is more accurate.  What is stored, for what period of time, accessible to what interested parties (say a divorce lawyer) or with what protections is unclear.  A different insurance company, Anthem, encountered a major attack that compromises identity information (at least) for a large number of persons.  I’m just a bit skeptical that my auto insurance company has done their analysis of that situation and upgraded their systems to avoid similar breaches and loss of data. For those wondering what types of privacy policies might make sense, I encourage you to view the OECD policy principles and examples.  Organizations that actually are concerned with privacy  would be covering all of these bases at least in their privacy statements. (Of course they can do this and still have highly objectionable policies, or change their policies without notice.)

Phony Cell Towers (who, why, …)

Popular Science Magazine had an article on “Who is running the phony cell phone towers” along with a map of some 20 plus that had been located.  These “towers” look like a local service tower to all cell phones in range and can capture some “meta data” (phone #, ID, location info) without any need to decrypt actual calls, but could also do that with some additional effort.

Variations of this technology, “Stingray” and “Triggerfish” are available for sale, perhaps with some limitations on buyers — at least for major manufactures like Harris.   How these are being used in the U.S. is being carefully protected according to a 2011 Wall Street Journal article. Popular Science indicates that a unit could be constructed for as little as $2000 by a knowledgeable hacker (at a maker-space near you no doubt), but did not point to any kits, plans or software available on the net at this time.

While the question posed by Popular Science and some other publications related to this recent survey of phony towers is “who is doing it?” — a more relevant observation is that any entity with resources and interest can do so in any country.  It is probably illegal in most if not all countries, at least for non-governmental agencies, but with a low cost, low profile and difficult to detect characteristics you can bet it is being done.  There are phones that can detect, and reject these tower connections, which is what the really bad guys might use (or disposable phones that they trash after every use which might be cheaper.)

While the “NSA” data collection revelations have sparked a lot of interest, and apparent “surprise” from foreign country officials — this potentially more “democratic” capability (everyone can do it) has not gotten the same press.  Of course the opportunity for abuse is much greater with a comprehensive program managed by government entities, but the opportunity is there for unscrupulous actors to monitor our cellular presence (note just having your phone “on” provides for this tracking, no calls required.)

Technology has addressed the “how, what, when and where” issues, the “who and why” answers will vary from country to country and perhaps a new form of paparazzi as well.

Technology and Floods

I have about as painless of opportunity to experience the pros and cons of technology in an emergency situation.  We have a cabin in one of the Colorado canyons where the flooding hit this last weekend.  Fortunately our cabin does not appear to be affected, nor the cabins or lives of our family members who also live in the area.  (We live in New Hampshire, so not even near the action.)

But … how is technology playing its role?

The Good News:

The reverse 911 systems and opt-in notifications were very good at letting folks know that flooding was likely, then expected, then coming at a higher rate and you need to move to high ground.  In the area where our cabin is located, many lives were lost in the 1976 flood due to a lack of communications, and realistically, lack of understanding of the power of water.  While we can expect further loss of life (probably discovered as search and rescue folks move in) the significant drop here was due in part to the communications channels.

The failures in the area started with power, first to go in any major storm.  Then phones when they opened the flood gates on the Estes Park dam (as the lake filled and started to flood many other areas.)  This also took out much of the road network, a situation echoed across the northeastern area of Colorado (I25 is still not fully open as I write this, and that is the major north-south freeway; the secondary highways and tendrils of roads back into the hills has even greater damage.

Ingenuity being what it is, a few folks near our cabin cobbled together a few car batteries, laptop and a satellite dish (from what I hear) and have been able to get emails in and out.  A level of communications that has been most valued by those of us on the outside.
(yes we are ok, this property is damaged, this one is not, a list of folks here, folks not here, folks that have hiked out, etc.)

A second communications channel has been a web site I created on the fly to track who was in the area, who was not in the area.  I’ve added information about property damage, pictures and pointers to news stories, excerpts from the emails, and so forth.  Friends, families, spouses, kids, etc. are finding it useful to both confirm the well being of the persons involved, and the local status.

Pictures can come from many places.  Early emails included pictures of water over the bridge (never a good thing), later pictures are from folks who hiked out.  The Denver Post flew a helicopter over the area and just happened to publish pictures of four cabins that were in the area, so we have some expectation of the recovery efforts (mostly redoing the river bed and rebuilding the road.)  These pictures confirm that the phone line into the area are intact, and the power poles are gone. I expect more pictures as a formal smart-phone, whatever-pad and real ‘camera’ tour is made of the 70 or so properties in the area.

Estes Park swapped their emergency communications from their own servers to Facebook and Twitter.  I suspect one reason is that the servers for those operations are remote (not affected) and importantly,  the thousands of hits increase in queries are a drop in the bucket for those sites.  The Colorado Dept. of Transportation did not do this and their website shut down with overloads … a classic case of not accommodating “black swan” events.

We did not have a good index of the houses, occupants, contact information, etc for the folks in this small community.  I was able to build one from property tax records, online white pages and some data mining for email addresses.  It is not complete, but it has allowed me to move from a first name to complete name with address information.  There are privacy issues here, but in this case there is justifying value — and I don’t plan on abusing the information.  I expect it will have even greater value as repairs start getting put into action (for example, the National Guard needs a way to check folks entering an area to see if they are legitimate, we can give them a list of residents, etc.)

The Bad News:

We are so dependent on technology, remaining in the area is not feasible for most or all folks.  The real limiting factor is access to food (and clean water). Without the road network, folks cannot get to food supplies.  Fifty years ago, the closest (small) market was two miles down the road, now it is 15 miles up the road.  Mind you, the road is gone, so supplying the small market would not be possible at this time.  But, “back then” it would have been back in operation, and we could walk down and back.  My grandmother got to the cabin by horseback (after taking a stage coach to Estes.)  Folks had supplies in camp like flour; caught fish in the river, and shot deer, etc. Ok, so fish don’t do well in floods, but the level of dependency on high speed travel (like over horse speed) was not there either.  Her parents would have expected to live for weeks on what they had on hand, without refrigeration, etc. — Mind you, I really do like flush toilets and running water, even better, hot water and electric lights. These are all things that were added to the cabin during my grandmothers life span.  (She died before we got DSL in the area, cell phones are still no go)

One of the bad things is the lack of knowledge (and perhaps planning/etc.) folks have about their devices.  Phones with GPS can track your walking.  When folks found their way out of the area this would allow easy communications about the path for others to follow — in or out.  (We forget that when the roads go, our ability to find our way changes, in some cases quite radically.)

The experience so far leans towards the benefits of technology.  I do  not doubt that this has saved lives in Colorado, just with changes in the last five years.