The connected vehicle: data ownership and cybersecurity

In the HQ TechTank mobility series, one provocation I respond to is the question of the social impacts of a fully connected self driving car, where the computer and the car are connected to other cars (V2V), the internet and to transportation infrastructures (V2I). What could possibly go wrong? This blog will consider the question of data ownership and cybersecurity questions such as hacking autonomous vehicles.

In terms of car ownership, autonomous vehicles will initially be expensive and only those in the luxury market are likely to own their own vehicle. The greater majority of people are likely to access AVs through fleet access and a sharing economy structure, much like GoGet in Australia.

There are several implications that are raised if drivers do not own the vehicle they are travelling in and are not responsible for what the vehicle does. If the users do not own the autonomous vehicles they travel in the questions raised for me are who is liable for accidents (insurance and legal implications) and who owns the users’ activity data. The following case study will focus on this question of personal data ownership.

Case study: Personal data ownership

Ratnam (2019) accounts that a car can generate about 25 gigabytes of data every hour and as much as 4,000 gigabytes a day, according to some estimates. Drawing on data from consulting business McKinsey, he anticipates that the data trove in the hands of car makers could be worth as much as US$750bil (RM3.11tril) by 2030. 

At the time of writing in 2019, (Ratnam) records that consumer groups, aftermarket repair shops and privacy advocates argued that the data belongs to the car’s owners and the information should be subject to data privacy laws. In line with this, the European Union had already ruled that data generated by cars belonged to their owners and is subject to privacy rules under the EU’s General Data Protection Regulations or GDPR.  

In 2019 the Auto Alliance, a trade group representing the world’s largest car makers, was seeking for California to legislate that the companies be allowed to provide only summary information to consumers as opposed to the specific pieces of personal information a business has collected about them. This raises the question as to who owns the data for the user of an autonomous vehicle, particularly if the user does not own the vehicle.

The answer to this question will become more urgent with the deeper levels of data that automated vehicles will collect. Andrejevic (2020) argues that the creation and deployment of autonomous vehicles will transform cars into fully mediated devices, packed with sensors that collect and process a growing range of information. 

To find out more about who will own these autonomous users, we can turn to the Director of Product for Lyft, the ride-sharing platform who spells out how this company anticipates the future with autonomous vehicles (Swisher 2017). Taggart Matthieson detailed the collaborative model proposed in 2017 that Lyft is pursuing through the provision of an open platform with a number of partners who were seeking to produce level 5 vehicles (fully autonomous).  In his description he implies open data flows of user activity between the companies involved.

From the consumer experience point of view, the user of an autonomous vehicle will encounter two brands. The vehicle itself will be branded to the manufacturer, this will include the “brain” of the car, and the interface that the customer engages with and trip experience be curated by Lyft. The integration of the Lyft interface with the vehicle would include gathering intelligence from the car in order to facilitate the passenger validation process; for example gathering sensor data on the weight of the passenger on the car seat, that they have closed the door and connected the seatbelt. It will be an “integrated experience” between the sensors in the vehicle and the trip experience that Lyft provides. Summary taken from Taggart Matthieson, 2017, Recode Decode podcast.

More recently, Lyft and Aptiv launched a robotaxi pilot in January 2018 in Las Vegas. The program, which puts Aptiv vehicles on Lyft’s ride-hailing network, surpassed 100,000 rides this month. Human safety drivers are always behind the wheel and the vehicles do not drive autonomously in parking lots and hotel lobby areas (Korosec 2020).

In her article detailing Lyft’s current AV strategy, Korosec (2020) notes that in 2019, Lyft reported to the Californian DMV that they had 19 autonomous vehicles testing on public roads in California. Those 19 vehicles, which operated during the reporting period of December 2018 to November 2019, drove nearly 43,000 miles in autonomous mode. The report showed that Lyft is doing more than partnering with autonomous vehicle companies like Aptiv. 

These shifts towards MAAS, Pizzuto et al. (2019) argue, will change the rules of the game across the entire mobility space, as software and data become fundamental differentiators when building and operating cars. They observe that the mobility sector will become ground zero for a convergence of industries that include automotive, transportation, software, hardware, and data services. These trends point to the impending question that whilst private car ownership may decrease, who will own our data?

These two case studies demonstrate some of the perhaps hidden or less obvious social implications of autonomous vehicles that do need to be broadly considered.

Is the cybersecurity sector ready for our cars becoming all connected? 

Driverless cars are seen as one of the key disruptors in the next technology revolution. However, Kaur and Rampersad (2018) argue that the main barrier to adoption is the lack of public trust. Drawing on quantitative evidence, their study found that the ability of the driverless car to meet performance expectations and its reliability were important adoption determinants. Significant concerns included privacy (autonomy, location tracking and surveillance) and security (from hackers). The discussion of user privacy concerns was discussed in one of the initial case studies on personal data ownership. This section will focus on the issue of data security. 

In a report on the state of autonomous vehicles, West (2016) notes that autonomous cars depend on vehicle to vehicle (V2V) communications and vehicle to infrastructure (V2I) connections. Similarly, Vassallo and Manaugh (2018) observe that AVs are vulnerable to malicious attacks through many channels such as attackers physically tampering with a vehicle’s hardware, intercepting a vehicle’s communication signals, or hijacking a vehicle’s connection to a centralized server.

Case study: Hacks on AVs

Automated vehicles are equipped with multiple sensors (such as LiDAR, radar and camera) enabling local awareness of their surroundings. Researchers Jonathan Petit and Steven Shladover (2015) outline a number of security threats to connected cars. This includes hacking, jamming, data theft, ghost vehicles, or malicious actions such as using bright lights to blind cameras, radar interference, or sensor manipulation. Any one of these activities could disrupt communications and create false readings for artificial intelligence algorithms. Their study identifies GNSS (global navigation satellite systems) spoofing and injection of fake messages as the most dangerous attacks (i.e., most likely or most severe). Manipulating this type of information puts passengers are risk and potentially can lead to serious accidents. 

Cybersecurity experts already have demonstrated a capacity to remotely hack a Jeep Cherokee. In a report published in Wired magazine (Greenberg 2016), they tampered with the vehicle’s steering, brakes, radio, windshield wipers, and climate controls, and showed that this vehicle was easy to disrupt through its Uconnect software. This example shows that designers need to take vehicle security very seriously in order to avoid unnecessary risks. 

Vassallo and Manaugh (2018) argue that malicious software (malware) is also a hurdle to autonomous vehicle (AV) adoption and a serious threat to AV occupant safety. They observe that by removing the need to pay attention to the road, AVs will allow drivers to conduct Internet browsing activity that increases malware infection risk (like pirating media or viewing pornography) that falls outside the limited browsing options vehicle infotainment systems offer today. They also note that it is also possible that immobile information broadcast points could infect vehicles driving within signal range to these. Interestingly they suggest that it is possible that AVs could avoid malware-prone areas when planning a route or suggesting a destination of interest such as a gas station.

Within a MAAS system the vulnerabilities of centralized platforms coordinating personalized trip planning, pick up and payment (e-commerce) are also likely to be a target for client/server security threats as well as cyber identity thefts (Sharma, Singh & Sharma 2009). 

Case study: Hacks on infrastructure

Identity theft and credit card theft is common in the online environment, with marketplaces for stolen data established in many spaces, including cryptomarkets (Aldridge & Décary-Hétu 2014). E-commerce platforms regularly have their cyber security ‘tested’ by hackers seeking passwords, credit card information, personal identifiers for identity theft or other valuable data points. This has already been the case for Uber, who was reported to have concealed a massive global breach of the personal information of 57 million customers and drivers in October 2016 and paid the attackers $100,000 to delete the data and keep the breach quiet (Wong 2017). Similarly, in 2018, a ride-hail app called Careem based in Dubai reported hackers for stealing data belonging to 14 million riders and drivers, including customer names, email addresses, phone numbers and trip history, but no evidence of password or credit card information (Dickey 2018). E-commerce platforms holding credit card information and personal information are subject to identity and financial theft by malicious actors. 

Not only are the ride-share platforms already demonstrated to be vulnerable and targeted, so too is the public transport system. In 2016, a breach of the Western Australian transport systems initiated the organization shutting down real-time train tracking, amongst other systems, in response (Coyne 2016). Another instance, this time related to payment systems, the San Francisco public transit system was hacked with commuters unable to pay for their journeys and a ransom demaned. Monitors in station agent booths were seen with the message, “You Hacked. ALL data encrypted,” and the culprit allegedly demanded 100 Bitcoin (about $73,000). In response, the public transit service turned off the payment machines and opened the gates as a precaution. 

As Bergal (2018) reports in her article for a public service IT audience discussing instances of hacks of public transportation infrastructures, transportation systems are ripe targets for cyber criminals. From the smart cities perspective, journalist Ian Hardy (2016) draws on cybersecurity experts who say that it’s only a matter of time before hackers become interested in smart city transportation clouds and taking control of parking, traffic lights, signage, street lighting, automated bus stops and many other systems. He provides an existing example from Moscow, which has already experienced its first major transportation hack. Denis Legezo, a researcher with Kaspersky Lab, was able to manipulate traffic sensors and capture data simply by looking up a hardware user manual that was readily available online from the sensor manufacturer. With public infrastructure data likely hosted on an array of cloud servers, some within the jurisdiction and others not, this risk of malicious online activity and inability to apply local jurisdictional controls over the data (Ward & Sipior 2010) is only increased.

From these case studies we can see that there are several implications for an Internet of Vehicles that follow along the same concerns as the Internet of Things (of which they are a part) however hold their own unique implications that must be a part of the consideration of the implementation of these emerging technologies and mobility futures.

How do new generation technologies, like 5G, end up as conspiracies?

The new generation of connected self-driving cars is a convergence of a long list of technologies. This list includes AI, Big data, 5G, Cloud computing, IoT .. and some others. One technology in particular is interesting because it is stirring a lot of controversy (including being blamed for Covid 19 a few months ago), and that is 5G.


This observation that I will be called on to comment about for the upcoming industry focused Mobility panel, held for Hatch Quarter’s “Tech Tank” series, sent me on a rampage through the scholarly literature, from which I emerged with my sanity mostly intact but my hopes for a better future complicated. However, to bring in social change is to understand humanity in both its capacity for beauty and innovation, alongside how our darkness and anxieties that pass amongst us like wild fire shape that potential.

First, I begin with a sanity statement to pin us to the beauty and innovative capacities that we hold and how we develop technologies to realise this. Researchers, Ahmed et al (2020), state that compared to the current 4G networks, 5G wireless communications provide high data rates, have low latency, and increase base station capacity and perceived quality of service. They observe that the popularity of this technology arose because of the burst in smart electronic devices and wireless multimedia demand, which created a burden on existing networks. A key benefit of 5G, they suggest, is that some of the current issues with cellular networks such as poor data rates, capacity, quality of service, and latency will be solved.

Despite these promising innovations of this emerging telecommunications technology, Mansel & Plantin (2020) observe that fifth Generation mobile technology is at the centre of multiple controversies. They note that this controversy has gained momentum in early 2020 when conspiracy theories conflated the global spread of Covid-19 with China and 5G networks. From this point, we take a deep dive into the conspiracy theories and paranoia that are embedded in the cultural logics of our pandemic plagued times.

Ahmed et al (2020) observe that since the beginning of December 2019, the coronavirus disease (COVID-19) has spread rapidly around the world, which has led to increased discussions across online platforms. These conversations have also included various conspiracies shared by social media users. Amongst them, a popular theory has linked 5G to the spread of COVID-19, leading to misinformation and the burning of 5G towers in the United Kingdom.

In March 2020, Dr. Tedros Adhanom Ghebreyesus, the Director General of the World Health Organization (WHO), warned that the world is not just fighting an epidemic but an infodemic (Ghebreyesus, in United Nations, 2020), with real world implications and actions. These fears have fuelled specific conspiracies connecting 5G with COVID-19, animating protests and acts of vandalism that have occurred during the pandemic (Meese et al 2020).

When considering this tendency towards real world impacts of conspiracy theories, researchers Imhoff & Lamberty (2020) observe from existing research on the topic that a conspiracy-prone worldview does not only reduce trust in official versions and adherence to norms but is also linked to a stronger acceptance of violence. They suggest that conspiracy worldviews also make it more plausible to engage in illegal, nonnormative forms of action to reach one’s goals. Drawing from their own prior research, they argue that people high in conspiracy mentality see it as more defensible to use force and other illegal means to pursue one’s political goals.

However it is not just those active on social media the spread 5G related conspiracy theories. Prior to the pandemic relationship, conspiracies related to 5G pointed to Huawei, as a Chinese 5G equipment manufacturer, as being implicated in international trade wars, leading to suspicions of foreign interventions in domestic affairs in the UK (Mansel & Plantin 2020). This conspiracist mentality was pervasive in the British press coverage of the topic in 2017. Researchers Mansel and Plantin highlight the role of British news media coverage of 5G as containing forms of bias that make it difficult for citizens to assess the benefits and risks in an informed way. They found that whilst references to 5G in relation to urban life generally present an optimistic view, reporting on UK government policy in relation to 5G was frequently is linked to applications such as “Surveillance”, “Military Uses” or to the discussion of “Security”, “Data Control”, “Mobile Coverage”, “Personalised Services” and “Virtualisation”.

Building on this finding of the key role of news media in the spread of conspiracy theories, alongside the previous observation of the role of social media in dissemination networks, Australian researchers Bruns et al ( 2020) worked across media formats to trace the dissemination dynamics of rumours that the pandemic outbreak was somehow related to the rollout of 5G mobile telephony technology in Wuhan and around the world. Initially they observed that the rumour built upon a series of related narratives regarding the possible health and environmental impacts of 5G technology, that likely flourished in large part due to pre-existing networks and misinformation surrounding it.

In their analysis, Bruns and co-authors traced the rumour on Facebook from its obscure origins in pre-existing conspiracist groups through greater uptake in more diverse communities to substantial amplification by celebrities, sports stars and media outlets. This finding suggests that pointing the finger at social media, is a diversion from the role of more mainstream and traditional players in the amplification of information.

Past research shows that the increase in conspiracy theories during a pandemic is not a new phenomenon. DeCook (2020) argues that conspiracies surrounding the Covid-19 pandemic are also not unique or “new” in how they mobilize and rally against government institutions, science, and both “democrats” and “liberals.”

In a survey of the scholarly literature it appears that conspiracy thinking increases substantially during times of uncertainty, especially in times of crises and thrive in environments of low confidence and low trust. Conspiracy worldviews have also been connected to refusal to trust science, the biomedical model of disease, and legal means of political engagement and are reflective of the ever-evolving fears of technology and of bodily invasion.

Providing explanations is psychologically advantageous for several reasons, with one sticking out in the previous literature: granting an illusion of control. Considering this reasoning, it is not surprising that a lack of control has been identified as one of the key drivers of conspiracy beliefs. When people are not able to gain control in the real world, they compensate for this lack by perceiving patterns, even if they are an illusion.

The current coronavirus crisis is an almost ideal breeding ground for conspiracy thinking, as there is no easily comprehensible mechanistic explanation of the disease, it is an event of massive scale, it affects people’s life globally and leaves them with lots of uncertainty. Additionally, Mansel & Plantin (2020) identify that new infrastructure projects are always accompanied by conflicting visions or imaginaries and political and economic interests.

5G is also linked to long-standing concerns about potential health hazards of electromagnetic frequencies. Meese et al (2020) detail long-standing concerns around mobile technologies and infrastructures and how they translate to specific worries about 5G technology. They argue that a productive way to understand what is happening with 5G is to look beyond conspiracy theories to a larger set of concerns. DeCook 2020 observes that conspiracy theories often reveal something about the underlying anxieties and fears of the sociohistorical period they are created in as well as the personal anxieties of the adherents themselves

In the current situation, disinformation and conspiracy theories are being pushed from people all along the political spectrum, although DeCook 2020 argues this is more so in far-right information networks. She also observes that all over the world, and particularly in the United States, the anti-science, anti-intellectualist, and anti-establishment ideologies which fuel these movements have been long ongoing.

However, of our current moment, Evans (2020) observes a strange convergence of extremist politics between the new age movements and the far right. From this, perhaps we can say that in times of chaos, everybody regardless of political beliefs is grasping for a nugget of truth to make sense of the situation.

Aupers (2012) has argued that conspiracy theories and paranoia are embedded in the cultural logic of modernity – and that conspiracy culture is not a fringe phenomenon but rather has been absorbed into the mainstream. From this position, DeCook observes that from their pervasive influence, through wide ranging spread due to digital technologies and continual evolution, conspiracy theories as adaptive epistemologies have real and dangerous consequences on societies around the world.

Sources and further reading

Ahmed, W., Vidal-Alaball, J., Downing, J., & López Seguí, F. (2020). COVID-19 and the 5G Conspiracy Theory: Social Network Analysis of Twitter Data. J Med Internet Res, 22(5), e19458. doi:10.2196/19458
Aupers, S. (2012). ‘Trust no one’: Modernization, paranoia and conspiracy culture. European Journal of Communication, 27(1), 22-34. doi:10.1177/0267323111433566
Bruns, A., Harrington, S., & Hurcombe, E. (2020). ‘Corona? 5G? or both?’: the dynamics of COVID-19/5G conspiracy theories on Facebook. Media International Australia, 1329878X20946113. doi:10.1177/1329878X20946113
DeCook, J. R. (2020). The culture of conspiracy and the radical right imaginary. The American Ethnologist. Retrieved from https://americanethnologist.org/features/pandemic-diaries/making-sense-of-things/the-culture-of-conspiracy-and-the-radical-right-imaginary
Evans (2020) Nazi Hippies: When the New Age and Far Right Overlap: Both the New Age and the far right are drawn to conspiracy theories. https://gen.medium.com/nazi-hippies-when-the-new-age-and-far-right-overlap-d1a6ddcd7be4
Imhoff, R. and Lamberty, P. (2020). A bioweapon or a hoax? the link be- tween distinct conspiracy beliefs about the coronavirus disease (covid-19) out- break and pandemic behavior. Social Psychology and Personality Science, DOI: https://doi.org/10.1177/1948550620934692.
Mansell, R., & Plantin, J.-C. (2020). Urban futures with 5G: British press reporting. London School of Economics and Political Science, June. eprints.lse.ac.uk/105801/ ISBN 978-1-909890-65-7
Meese, J., Frith, J., & Wilken, R. (2020). COVID-19, 5G conspiracies and infrastructural futures. Media International Australia, 1329878X20952165. doi:10.1177/1329878X20952165