The California Department of Insurance (DOI) is considering regulations that would enable insurance prices to depend on the precise number of miles a car is driven in a given billing period. But in implementing these "Pay As You Drive" regulations, the DOI appears poised to empower insurance companies to require customers' cars to be outfitted with "black-box" devices that could transmit back to the insurance companies all sorts of data about car motion (acceleration, braking, and so forth) as well as driver behavior (steering and seat-belt wearing).
Although DOI has retreated from its prior position that these devices should track your location – a definite improvement – it's still true that every car already has a reliable, tamper-resistant device that verifies actual mileage: an odometer.
Even worse, there appear to be no restrictions on what the insurance companies would do with that data — of course, when you drive on the public street, you lose some privacy. But 10 years ago, someone interested in your whereabouts would have had to decide in advance to follow you and then physically follow you. Black boxes can collect information pervasively, silently, and cheaply for any later use by the insurance company, private parties or the government. There is real danger that this information would not only be used to ascertain the political or associational affiliations of drivers, but also to charge more if you drive and park in neighborhoods with high vehicle theft and crime rates, to impose higher premiums for people who drive at night or to link your health insurance rates with location data that reveals your lunchtime trips to McDonald's.
In https://www.eff.org/files/payd-comments-revised-final.pdf">comments filed with the DOI this week, EFF has argued that it is unacceptable for insurance companies to coercively require customers to accept such devices in their cars, and that the proposed regulations be amended to permit drivers to participate in any verifed actual mileage program via other means (like your car's odometer). EFF also argued that location privacy requires, at a minimum, that the proposed regulations restrict collection of information to the minimum amount necessary, require that the driver be able to independently verify information collected and require that the insurer have an explicit policy about the use and storage of the collected data.
Interested in protecting driver privacy in California? Consider telling Insurance Commissioner Steve Poizner [contact info] that you agree with EFF's criticisms. Why is the Insurance Commissioner allowing the insurance companies to track drivers? Shouldn't he be tracking insurance companies?