Tesla Phones Home

Catching up on the news this weekend I came across a piece by an automotive reviewer who found an ethernet port in his Tesla Model S. By hooking up to that port and poking around a bit, he found some fun stuff. The Model S runs, partly, on a Linux distribution with services like SSH, HTTP and X11 providing some of the car’s functionality. Further he was able to access the system and run some of his own commands. That’s pretty cool and gets me thinking about the possibility that the car can be jailbroken.

This discovery brings up the obvious concerns for the security of the system and speculation about whether components such as the accelerator, steering or braking system could be hacked compromising the safety of the vehicle. These are valid concerns, and although the reviewer found no evidence that the part of the system he accessed had access to any major system in the car, my heart skip a beat when the post noted that the car had “phoned home.”

We should also note that apparently Tesla engineers detected this hacking or exploring and sent a nastygram to the cars owner, “Tesla USA engineers have seen a tentative of hacking on my car.”, “can be related to industrial espionage and advised me to stop investigation, to not void the warranty”.

Whoa! How freaked out would you be if this happened on your MacBook, ThinkPad laptop or Samsung tablet? Imagine getting a notice on your Galaxy tablet that says, “we noticed you went to the command shell…” Now, I get that hacking a car in inherently more dangerous than hacking a tablet, but I am uncomfortable with the tight connection Tesla has with its vehicles. The underlying question is what else do they know.

We do have a pretty good idea that Tesla can track quite a bit. You may recall the public battle between the them and John Broder where Tesla and the New York Times did a little “he said, she said” over the performance of the Model S. At the time it was explained that the information collected by Tesla that was used as evidence to disprove Broder’s claims was opt-in. This information, such as where the car was driven, and how the car was driven would be considered by most sensitive information. And to Tesla’s credit, providing user’s the choice of whether Tesla gets this information or not is just the kind of considerations they should be providing.

The lingering question that no one seems to be talking about, can Tesla owners opt out of sending lower-level type of information as well? Information such as a potential tampering of the OS. And if Tesla, as a means to protect the safety of their vehicles as well as it’s intellectual property, knows when the system OS is being tampered with, what else do they automatically know? I’m not a conspiracy kind of a guy, and I believe Tesla has the best intentions, but over collection of information, whether it is intentional or accidental is wrong and is risky. Even the perception of over collection at this moment in time (thank you Mr. Snowden) is a risky proposition.

I’m a huge fan of Tesla. More precisely I’m a huge fan of Elon Musk. I love rooting for a guy who is boldly disrupting some of the most entrenched industries, including the automotive industry with Tesla, the energy industry with [Solar City](hhttp://www.solarcity.com/media-center/elon-musk.aspx) and space industry with SpaceX. He is truly an incredible entrepreneur and in the same way I want the Patriots to succeed each season, I want Musk to succeed as well. Particularly because he is so different than much of the rest of the crop of newly minted billionaires.

The striking difference between Musk and other wildly successful industry disrupting entrepreneurs such as Mark Zuckerberg, Sergey Brin, Larry Page and Jeff Bezos is that his businesses do not rely on personal data as a fundamental underpinning of his business models. Not that there is anything wrong with the way Facebook, Google and Amazon make there money, but those business models seems so much more fragile as they are reliant on the whims of social norms.

Musk, don’t blow this. You have a great thing going. If you haven’t already, you need to hire yourself a Chief Privacy Officer. A CPO who is a hacker at heart – not someone who is a corporate general counsel or enterprise-running MBA – one who knows technology and understands the mindset of the early-adopter consumers who are flocking to your products. That person should report directly to you. Someone who can tell you not to create a car that mysteriously “phones home” and raises the specter that Telsa is acting like a big brother secretly watching. Someone who will demand full transparency.

 
2
Kudos
 
2
Kudos

Now read this

Getting Your Privacy Policy Off The Ground

I’ve been critical of those collecting personal data on their site who don’t offer a privacy policy. The common defense has been “we can’t afford a lawyer.” I’m here to tell you that even if you can’t afford a lawyer you should still... Continue →