July 15, 2009 | By Jennifer Granick

Pay As You Drive “Black Boxes” Threaten Driver Privacy

The California Department of Insurance (DOI) is considering regulations that would enable insurance prices to depend on the precise number of miles a car is driven in a given billing period. But in implementing these "Pay As You Drive" regulations, the DOI appears poised to empower insurance companies to require customers' cars to be outfitted with "black-box" devices that could transmit back to the insurance companies all sorts of data about car motion (acceleration, braking, and so forth) as well as driver behavior (steering and seat-belt wearing).

Although DOI has retreated from its prior position that these devices should track your location – a definite improvement – it's still true that every car already has a reliable, tamper-resistant device that verifies actual mileage: an odometer.

Even worse, there appear to be no restrictions on what the insurance companies would do with that data — of course, when you drive on the public street, you lose some privacy. But 10 years ago, someone interested in your whereabouts would have had to decide in advance to follow you and then physically follow you. Black boxes can collect information pervasively, silently, and cheaply for any later use by the insurance company, private parties or the government. There is real danger that this information would not only be used to ascertain the political or associational affiliations of drivers, but also to charge more if you drive and park in neighborhoods with high vehicle theft and crime rates, to impose higher premiums for people who drive at night or to link your health insurance rates with location data that reveals your lunchtime trips to McDonald's.

In https://www.eff.org/files/payd-comments-revised-final.pdf">comments filed with the DOI this week, EFF has argued that it is unacceptable for insurance companies to coercively require customers to accept such devices in their cars, and that the proposed regulations be amended to permit drivers to participate in any verifed actual mileage program via other means (like your car's odometer). EFF also argued that location privacy requires, at a minimum, that the proposed regulations restrict collection of information to the minimum amount necessary, require that the driver be able to independently verify information collected and require that the insurer have an explicit policy about the use and storage of the collected data.

Interested in protecting driver privacy in California? Consider telling Insurance Commissioner Steve Poizner [contact info] that you agree with EFF's criticisms. Why is the Insurance Commissioner allowing the insurance companies to track drivers? Shouldn't he be tracking insurance companies?

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

We protested and defeated an Internet power grab in 2012. It's happening again—why aren't we talking about it? https://eff.org/r.hxui

Aug 28 @ 10:00am

As thousands of Malaysians prepare a massive rally against corruption, the government decides to censor the Web: https://eff.org/r.y6pv

Aug 28 @ 9:07am

Tech companies should not validate secret trade agreements like TISA as a way to decide new rules for the Internet: https://eff.org/r.hxui

Aug 27 @ 5:58pm
JavaScript license information