12v: Going ‘InCargnito’ – Privacy4Cars
With so many vehicles being leased today, infotainment units are crammed full of the information of the last user. Way back when you purchased a used car, usually the only telltale signs of the last owner were the presets of the radio and the lint remnants in the ashtray. However, in today’s day and age, there can be a full personal-data trove left from the last owner within the infotainment unit. That infotainment system could be connected to the cloud, ripe for hacking. Even worse – everyone’s nightmare – the navigation system shows the home address of the last owner – and the garage door openers are still programmed to the house! The new owner of your used car now has access to all your contacts and phone numbers, and potentially, your house.
For the most part, most new owners will not care and the info will dwell dormant as they add their own smartphone data. But what if the new owner doesn’t like the car, and flips it quickly to a shady car lot? There are some nefarious individuals out there. In some cars, the data stays dormant in the infotainment system eternally unless specifically purged. A quick look at a rental car infotainment system will usually give a list of the last five or six phones paired with the system. Some of that contact information becomes fair game for bad people. This includes contacts, phone numbers and even text messages. The problem is that erasing that information can be tedious at best, and even the most tech-savvy infotainment gurus will still need to consult the owner’s manual. And no one wants to delve into the hundreds of pages of the manual, especially when there can be infotainment sub-manuals that are commonly misplaced.
Privacy4Cars thought there must be a better way. The company offers a smartphone-based service designed to help erase personal information from vehicle systems. The first-of-its-kind app was developed by Andrea Amico, an expert in vehicle privacy and cybersecurity. Amico founded Privacy4Cars amidst growing industry frustration over how modern vehicles retain Personally Identifiable Information, or PII, and the complexity required to remove all information properly. Amico's goal with Privacy4Cars was to offer the same simplified vehicle security and privacy compliance solution to consumers, dealers, fleets and retailers.
We spoke with Andrea Amico on the subject. “To date,” he noted, “there has not been an adequate effort to educate vehicle users on the dangers of leaving their Personally Identifiable Information in vehicles they no longer use. People would not want to hand their phones and all their data to strangers – yet they often fail to realize that this is what they do every time they sell a vehicle, return a rental car, or participate in a car-sharing or subscription program. In the wake of General Data Protection Regulation, consumers around the world are demanding to know where their personal information is being stored, and to use their right to be forgotten. A simple way that vehicle owners and operators can protect their privacy is to be mindful of the data stored in vehicle infotainment systems and properly erase the information – especially if a car is sold, leased, rented, or shared.”
The Privacy4Cars platform involves a patent-pending step-by-step tutorial with visual images to select the appropriate infotainment system you are working with. This helps users quickly erase personal information such as phone numbers, call logs, location history and garage door codes from vehicle infotainment systems. Although most of us are familiar with HomeLink systems, and holding the outer two buttons for 30 seconds will erase garage door codes, some vehicles integrate the garage door controls into the infotainment system. Additionally, as we see more connectivity with the smart home, more garage door openers are using IP addresses. Getting rid of this sensitive information is the best practice, and probably will reduce anxiety in a lot of folks – including your customers. The app users are able to select from hundreds of vehicle makes, models and years. New vehicle makes and models are added weekly.
So how can Privacy4Cars work for you as a retailer? A lot of savvy shops have been capitalizing on removing equipment and prepping vehicles just before a lease return. Sometimes it is something simple, like removing the front door window tint on an SUV (some leasing clauses are stringent on that) – or removing audio equipment from a mild system upgrade.
We suggest offering a ‘swipe-clean’ service a day before the leased car is scheduled to be returned, for a modest fee. It will give retailers the opportunity to discuss what new car the customer is getting, and if they can be helpful in adding window film, paint protection and audio upgrades. After all, consumers would not dream of sending off their smartphone somewhere before it was wiped clean of all personal data. The same should be said for their motor vehicle. Let the next owner enjoy the car without a trace of who was using it before. Amico notes, “We just got back from the National Auto Dealers Association show, which was not a market we were thinking about. But we got a request from a pre-lease-return vehicle inspection company. We are now exploring other areas to expand.” Believe it or not, car dealerships themselves are interested in service at the F&I office. They can potentially offer it as part of a comprehensive vehicle protection program.
The service has to work well, and Amico notes how hard their team works to define proper procedures for erasing data. In fact, he has contacted auto makers directly in frustration to show the discrepancies between what is shown in the owner’s manual and the proper procedure. “You would think they would get it right, but the owner’s manuals can be very misleading… if not wrong,” he says. It has taken his team four years to gather data. He says some vehicles need as many as 30 keypad strokes to remove some personal data. This goes beyond the scope of what a customer is willing to do, and just removing the negative battery terminal does not do the trick any more.
America’s Auto Auction
One of Privacy4Cars latest cases was for America’s Auto Auction, the largest independent auction group in North America. The company was founded in 2005 and is the largest and fastest-growing independent member of the National Auto Auction Association (NAAA), with 23 locations across various states. America’s Auto Auction specializes in conducting wholesale auctions of automobiles from franchised new-car dealers, fleet-lease businesses and repossession companies to used-car dealers. They get vehicles that should be, and now will be, swiped clean. This leads to less exposure for the auction company and the used-car dealers who receive the vehicles. “We are excited to partner with such a leader in the auto auction industry as America’s Auto Auction,” Amico says. “We often see consignors bringing vehicles to auctions that still contain the previous drivers’ Personal Information stored in their electronic systems. Now, thanks to this relationship, consignors can rely on America’s Auto Auction to dispose of the personal information stored in their vehicles, whether it’s to be compliant with internal record disposal guidelines, to provide peace of mind to their customers, or to meet the requirements of privacy and security of connected devices laws in a growing list of states in the United States.”
Matt Arias is America’s Auto Auction’s Assistant Vice President. He acknowledges how complicated the process can be – and Privacy4Cars makes it easier. “We see all types of cars come through our lanes,” Arias says. “It would be a mistake to underestimate how challenging it is to standardize and efficiently perform the clearing of the personal information. This is a manual process, and there is nothing standard about the vehicles that are consigned. We realized we needed a consistent method to efficiently clear all of the information. In short, we needed this tool. Privacy4Cars is the best solution… not just because the operators get step-by-step directions on how to clear the systems, but it also comes with detailed and on-demand records we can rely on to both provide proof of work to our consignors and operational metrics to efficiently run the process.” Amico of Privacy4Cars states: “We know from multiple studies what data is collected and how often is it left behind. We also know many consumers who are growingly frustrated by this issue and the associated risks. We also know that even skilled operators specializing in a single-make have a hard time getting the deletion of the personal information right, vehicle after vehicle.”
You can even give it a shot on your own vehicle. If you struggle with the process of removing your personal information yourself, knowing the ins-and-outs of infotainment systems, imagine the plight of your customers – and the opportunity you have, as an expert, to help them.