In this episode of Security Ledger Podcast (#164): your car is spying on you. But who owns the data it collects? Also: LastPass’s Dan DeMichele joins us to talk about why password security is still so hard.
Who owns your Car Data?
Whether you know it or not, your car is watching you. The same technology that makes it possible for you to load up Spotify or Waze on your drive into work is helping auto manufactures monitor everything about your car: from the performance of your engine to how and where you drive and even whether you’ve gained weight.
You create that data – refereed to as “telematics” – using your own vehicle. But is that data yours or the car maker’s? The answer – for now- is buried in the small print of a licensing agreement you probably signed when you purchased the vehicle. In that way, automobiles are starting to look a lot like smart phones, or smart home appliances.
The question of who owns the telematic data your car generates isn’t just a brainy legal question. Access to vehicle data is critical to performing maintenance on the car and fixing problems when they arise. But automakers are loath to share the data with owners – let alone independent auto shops that compete with their own dealerships and licensed repair facilities. That has created a battle over telematic data that parallels the fight to create a digital right to repair.
To understand the issue a bit better and get caught up on where things stand, we invited Aaron Lowe, the Senior Vice President for Government Affairs at the Auto Care Association into our studio. ACA has launched a new program called Your Car Your Data Your Choice.
In this conversation, Aaron and I talk about the competitive as well as privacy and security implications of the automakers harvesting and even reselling reams of telematic data from their customers. We also talk about the national public awareness campaign that Auto Care Association has launched: Your Car, Your Data, Your Choice which is trying to raise awareness about the privacy and data ownership issues surrounding smart cars.
Why Companies struggle with Passwords
In our second segment: the latest State of the Password Report by LastPass has some good news: use of two factor authentication is increasing rapidly.: up more than 10% over last year.
But not all the news is good: less than 50% of businesses are employing a single sign on solution, LastPass found. And employees at businesses large and small still struggle to stay on top of their passwords and keep their accounts secure.
Also: a severe password gap exists as well: at small businesses, employees may have up to 85 separate passwords per employee. But at larger firms that number could be a third the size: just 25 passwords per employee.
To understand why and how companies struggle with password security, we were joined by Dan DeMichele the Vice President of Products for Identity and Access Management Unit at LogMeIn. In this conversation, Dan and I talk about the challenges that companies face, including rampant password sharing and the use of weak passwords.
(*) Disclosure: This podcast was sponsored by LastPass, a LogMeIn brand. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.