A heads up to Jaikumar Vijayan over at Computerworld.com for picking up on this really interesting study (PDF) conducted at the University of Denver that shows how driver monitoring technology that is becoming very popular in the insurance industry may constitute a big breach of privacy.
If you haven’t heard of them before, use-based insurance (or so-called “Pay as You Drive” or PAYD) programs are all the rage in the auto insurance industry. They make a lot of sense: rather than penalize good drivers for the crummy driving of others, leverage on board technology within the insured vehicle to monitor the miles traveled, speed, braking and other vital statistics.
The technology allows infrequent, safe drivers to pay much lower premiums, while drivers who rack up tens of thousands of miles a month, or career around the roads at breakneck speeds to pay premiums that are appropriate given the amount of driving and their behavior behind the wheel. Insurers either install their own hardware in the automobile (like Progressive Insurance’s Snapshot program), or work with companies like OnStar that already have tracking and telematics hardware installed.
Most insurance companies who offer these programs are careful to say that they don’t record GPS data that tracks the movements of policy holders, or track their whereabouts. But researchers at the University of Denver show in newly published research that drivers’ movements are easily derived from the data insurance companies do collect, including vehicle speed, turns, time traveled and information such as traffic stops. The researchers found that “a number of trips can be geographically matched to their destination using simple driving features.”
A team of researchers at the University of Denver’s Department of Computer Science consisting of Rinku Dewri, Prasad Annadata, Wisam Eltarjaman and Ramakrishna Thurimella found that driving metrics, like other sensor data, can be highly revealing about individual behavior when collected in bulk. Their study used a commercial tracking device that was capable of collecting the time, driving speed and distance traveled. They then observed automobiles in the Denver area over a period of 15 days, comprising 30 trips ranging from 1 mile to 25 miles.
With knowledge just of the origin of a trip, they found, they could accurately predict the destination of the journey absent any GPS data. They accomplished this using a strategy they called “stop-point matching,” on the theory that the pattern of stop points from a known origin will be more or less unique for any location, unless the layout of streets is very regular (such as Manhattan’s grid layout.)
The study could raise important data privacy questions for the (many) “pay as you drive” programs now being piloted, or offered to drivers – not to mention other programs that seek to match remote sensors and realtime monitoring with products and services. The data points collected by these remote sensing devices are what the researchers call “quasi-identifiers” – attributes that are “non-identifying by themselves, but can be used to unique identify individuals when used in combination with other data.”
Their findings align with other research, including a study by scientists at MIT and the Université Catholique de Louvain in Belgium, which found that mobile device data from just four, randomly chosen “spatio-temporal points” (for example, mobile device pings to carrier antennas) was enough to uniquely identify 95% of the individuals studied based on their pattern of movement alone.
The research doesn’t suggest that PAYD programs should be banned – but it does put the onus on insurance companies to disclose the potential privacy implications of data collection to their customers. ”
“Privacy advocates have presumed the existence of location privacy threats in non-tracking telematics data collection practices; our work shows that the threats are real,” the authors say. “Enough information should be conveyed to consumers so that an informed decision can be made.”