Who Actually Owns Tesla’s Data?

The company, says the company—but other interpretations persist

4 min read
Nighttime photograph of a man in a car at an outdoor Tesla charging lot.

A Tesla user charges his Model S in Burbank, Calif.

Philip Cheung/The New York Times/Redux

On 29 September 2020, a masked man entered a branch of the Wells Fargo bank in Washington, D.C., and handed the teller a note: “This is a robbery. Act calm give me all hundreds.” The teller complied. The man then fled the bank and jumped into a gray Tesla Model S. This was one of three bank robberies the man attempted the same day.

When FBI agents began investigating, they reviewed Washington, D.C.’s District Department of Transportation camera footage, and spotted a Tesla matching the getaway vehicle’s description. The license plate on that car showed that it was registered to Exelorate Enterprises LLC, the parent company of Steer EV—a D.C.-based monthly vehicle-subscription service.

Agents served a subpoena on Steer EV for the renter’s billing and contact details. Steer EV provided those—and also voluntarily supplied historical GPS data for the vehicle. The data showed the car driving between, and parking at, each bank at the time of the heists. The renter was arrested and, in September, sentenced to four years in prison.

“If an entity is collecting, retaining, [and] sharing historical location data on an individualized level, it’s extraordinarily difficult to de-identify that, verging on impossible.”
—John Verdi, Future of Privacy Forum

In this case, the GPS data likely came from a device Steer EV itself installed in the vehicle (neither Steer nor Tesla responded to interview requests). However, according to researchers, as discussed in previous entries in Spectrum's investigative series on Tesla's data (installment one; installment two), Tesla is potentially in a position to provide similar GPS tracks for many of its 3 million customers.

For Teslas built since mid-2017, “every time you drive, it records the whole track of where you drive, the GPS coordinates and certain other metrics for every mile driven,” says Green, a Tesla owner who has reverse engineered the company’s Autopilot data collection. “They say that they are anonymizing the trigger results,” but, he says, “you could probably match everything to a single person if you wanted to.”

Each of these trip logs, and other data “snapshots” captured by the Autopilot system that include images and video, is stripped of its identifying VIN and given a temporary, random ID number when it is uploaded to Tesla, says Green. However, he notes, that temporary ID can persist for days or weeks, connecting all the uploads made during that time.

Black and white photo of a man in a suit looking off into the distanceElon Musk, CEO of Tesla MotorsMark Mahaney/Redux

Given that some trip logs will also likely record journeys between a driver’s home, school, or place of work, guaranteeing complete anonymity is unrealistic, says John Verdi, senior vice president of policy at the Future of Privacy Forum: “If an entity is collecting, retaining, [and] sharing historical location data on an individualized level, it’s extraordinarily difficult to de-identify that, verging on impossible.”

Tesla, like all other automakers, has a policy that spells out what it can and cannot do with the data it gets from customers’ vehicles, including location information. This states that while the company does not sell customer and vehicle data, it can share that data with service providers, business partners, affiliates, some authorized third parties, and government entities according to the law.

Owners can buy a special kit for US $1,400 that allows them to access data on their own car's event data recorder, but this represents just a tiny subset of the data the company collects, and is related only to crashes. Owners living in California and Europe benefit from legislation that means Tesla will provide access to more data generated by their vehicles, although not the Autopilot snapshots and trip logs that are supposedly anonymized.

Once governments realize that a company possesses such a trove of information, it could be only a matter of time before they seek access to it. “If the data exists…and in particular exists in the domain of somebody who’s not the subject of those data, it’s much more likely that a government will eventually get access to them in some way,” says Bryant Walker Smith, an associate professor in the schools of law and engineering at the University of South Carolina.

“Individuals ought to think about their cars more like they think about their cellphones.”
—John Verdi, Future of Privacy Forum

This is not necessarily a terrible thing, Walker says, who suggests that such rich data could unlock valuable insights into which roads or intersections are dangerous. The wealth of data could also surface subtle problems in the vehicles themselves.

In many ways, the data genie is already out of the bottle, according to Verdi. “Individuals ought to think about their cars more like they think about their cellphones,” he says. “The auto industry has a lot to learn from the ways that mobile-phone operating systems handle data permissions…. Both iOS and Android have made great strides in recent years in empowering consumers when it comes to data collection, data disclosure, and data use.”

Tesla permits owners to control some data sharing, including Autopilot and road segment analytics. If they want to opt out of data collection completely, they can ask Tesla to disable the vehicle’s connectivity altogether. However, this would mean losing features such as remote services, Internet radio, voice commands, and Web browser functionality, and even safety-related over-the-air updates.

Green says he is not aware of anyone who has successfully undergone this nuclear option. The only real way to know you’ve prevented data sharing, he says, is to “go to a repair place and ask them to remove the modem out of the car.”

Tesla almost certainly has the biggest empire of customer and vehicle data among automakers. It also appears to be the most aggressive in using that data to develop its automated driving systems, and to protect its reputation in the courts of law and public opinion, even to the detriment of some of its customers.

But while the world’s most valuable automaker dominates the discussion around connected cars, others are not far behind. Elon Musk’s insight—to embrace the data-driven world that our other digital devices already inhabit—is rapidly becoming the industry standard. When our cars become as powerful and convenient as our phones, it is hardly surprising that they suffer the same challenges around surveillance, privacy, and accountability.

This article appears in the October 2022 print issue as “The Radical Scope of Tesla’s Data Hoard.”

{"imageShortcodeIds":[]}
The Conversation (0)

Strange Topological Physics Could Help Enable 6G Tech

Topological chips can enable on-chip data rates of 160 gigabits per second

3 min read
A pattern of red triangles with some that are yellow

A new silicon device can help control terahertz communications on chips.

Nanyang Technological University/Nature Communications

The next generation of wireless communications, 6G, will likely rely on terahertz rays to help reach unprecedented speeds. Now research suggests that unusual topological physics may help control terahertz radiation on chips for 6G applications.

Terahertz waves (also called submillimeter radiation or far-infrared light) fall between optical waves and microwaves on the electromagnetic spectrum. Ranging in frequency from 0.1 to 10 terahertz, these waves could be key to future 6G wireless networks.

Keep Reading ↓Show less

Flying Robots 3D-Print Structures in Flight

New drone strategy may help build structures in remote, difficult-to-reach sites

3 min read
two drone flying in the air, one printing a 3d structure
University College London

Flying 3D-printing robots modeled after wasps and birds may one day repair and build structures at remote sites beyond the reach of standard construction teams, a new study finds.

Construction robots that can 3D-print structures on sites may one day prove faster, safer, and more productive than human teams. However, construction robotics currently focuses mostly on ground-based robots. This approach is limited by the heights a robot can reach, and large-scale systems that require tethering to a power supply are limited in where they can be deployed.

Keep Reading ↓Show less

GPIOs: Critical IP for Functional Safety Applications

Understand the safety mechanisms in an automotive-ready GPIO IP library suite to detect the faults in GPIO cells

1 min read
GPIOs: Critical IP for Functional Safety Applications

The prevalence and complexity of electronics and software in automotive applications are increasing with every new generation of cars. The critical functions within the system on a chip (SoC) involve hardware and software that perform automotive-related signal communication at high data rates to and from the components off-chip. Every SoC includes general purpose IOs (GPIOs) on its periphery.

For automotive SoCs, GPIO IP is typically developed as Safety Element out of Context and delivered with a set of Assumptions of Use. It is important that the GPIO blocks are treated as a safety related logic. In this role, GPIOs need safety analysis to mitigate any faults occurring in them before the result of fault occurrence causes a system-wide failure.

Keep Reading ↓Show less