Legal Side Effects of Logging User Behavior (esp. when driving)

«It’s not that I have something to hide. I have nothing I want you to see.»
Anon, why she hides her life in an age of digital surveillance, in «Anon»

Yesterday, a group of students presented their app designed to help people drive more environment friendly. The app uses a Bluetooth dongle to read the data from the car (e.g., speed, acceleration, etc.), sends it to the smartphone where the information is evaluated and stored to provide the user with information on how to improve his behavior — in real time and based on past driving behavior (hence, the storage). At least, if I understand it correctly.

There are some issues with this approach (see also this posting: “The Lure of the Screen in App Development“) but what struck me was the possible legal consequences.

Think about it, you are essentially turning the smartphone into a black box, otherwise used in planes and … installations where things can go terribly wrong. So what happens if the users car gets into an accident. You can now access the smartphone and check the information at the time of the crash (i.e., shortly before a very sharp acceleration/deceleration and before the movement stops). Easy peasy to identify. So, now you have information on how fast the user was driving. And that can make a difference is many cases.

Also, you could have a look at the driving behavior itself. If there are driving patterns associated with impaired driving, e.g., when tired, or on legal or illegal drugs, the records could identify this as well.

Scared yet?

How about having a look at the driving records to determine whether the person adhered to traffic regulations. Very easy if you have the GPS data, but even without it this would be possible. You know the speed, after all, and can likely identify the turns as well. Would be possible to match it to a map, compare it with the traffic regulations.

That is, if the app is actually storing the information. But with increasing memory and the trend to log (almost) anything, this might be a real risk.

And yeah, sure, we should adhere to traffic regulations and drive carefully. But we should also not be stabbed in the back by data recorded onto a device that should be loyal to us, and to nobody else. And yeah, there might be laws that prevent the police from accessing your device. But frankly, laws are a weak defense. Especially if you use your fingerprint to secure access to your device (I do too, because I am more concerned with cameras capturing me entering my code than with someone replicating my fingerprint with superglue or a laser printer).

And the funny thing — depending on which data is stored by the cellphone, these problems exist even if you do not use a logging app that helps you drive more ecologically.

P.S.: It’s not that black boxes are always negative. On the contrary. They led to the discovery of major flaws. And there are other uses. Best one I’ve seen so far was in the movie “Flight”:

[In the cockpit of a plane that is in an — at the moment likely fatal — uncontrolled descent: pilot, after announcing he’s gonna roll the plane to fly inverted to try to stop the dive, to stewardess]
“Margaret, what’s your son’s name?”
“Say ‘I love you Trevor.'”
“Black box. Say ‘I love you Trevor.'”
“I love you Trevor, you be a good boy. Mommy loves you.”
“Okay, here we go …”

But it should be in the user’s choice — or their legal representative — how the data is used.