Data from Internet-Connected Vehicles Could Be Used in Govt Surveillance by Law Enforcement Agencies

• Unveiled police documents show US law enforcement agencies regularly trained on how to take advantage of “connected cars.” 
• Subscription-based features increase the amount of data that can be accessed during police investigations.
• The records show that driver privacy is determined by corporate policies and technologies instead of the law.

Recent police records highlight how "connected cars" give law enforcement expanded access to vast amounts of vehicle data, potentially infringing on privacy rights and increasing surveillance risks.

Documents from the California State Highway Patrol (CHP), obtained via nonprofit Property of the People, reveal that U.S. police agencies actively utilize data generated by connected cars for investigations and train on how vehicle data can be acquired based on the year, make, and model of a vehicle.

This data, which is often transmitted through telematics systems, includes precise location details, communication records, and other vehicle activities. The presence of an active subscription significantly increases the volume of data available for access. 

Notably, manufacturers and internet service providers are critical in determining how much data is accessible.

For example, automakers such as General Motors use subscription services like OnStar that collect location data and other telematics, often transmitting this data more frequently compared to other manufacturers. 

However, manufacturers may also voluntarily limit the scope of data shared, while law enforcement often resorts to subpoenas or warrants to access this information.

Police use methods such as “pings,” which pinpoint a vehicle's location in real-time, or “tower dumps,” wherein large amounts of data from cell towers connected to vehicle devices are retrieved. 

Although effective for identifying suspects, these techniques often capture data from unrelated individuals, raising Fourth Amendment concerns.

The CHP documents reveal differences in how carmakers handle law enforcement data requests. A General Motors spokesperson stated that the company requires a court order before sharing location data. 

However, other manufacturers, such as Ford and Toyota, did not provide clarity on their policies. Some, like Tesla, have policies to inform customers of data requests, while most manufacturers do not notify users, even when permitted.

According to advocacy organizations like the Electronic Frontier Foundation, car data—including GPS coordinates and behavioral patterns—is among the most revealing and sensitive information generated by modern technology. Experts warn of the potential for misuse and eroding civil liberties if this data is collected without consent.

Senators Ron Wyden and Edward Markey recently called on the Federal Trade Commission (FTC) to investigate automakers’ practices, pointing out discrepancies between privacy commitments and actual compliance. Their letter highlighted the troubling trend of car companies sharing location data with law enforcement without warrants while failing to inform affected customers.

In January, Subaru patched a flaw in its Starlink system that permitted an unauthorized party to access precise car location tracking data and logs.