Data from an advanced electric vehicle that falls into the wrong hands could be used to track people or carry out surveillance, an internal government document warns.

Archived link

The Public Safety Canada memo, prepared to address concerns about Chinese vehicles, urges Canadians to be mindful of the security and privacy risks of the digital devices they buy and use.

“Opening our markets to new players can amplify the presence of high-risk vendors. Connected vehicles, similar to other smart or internet-connected devices, collect significant amounts of data on Canadians, which can have intelligence value,” it says.

“For example, unauthorized access to data and connected vehicle systems could be used to establish patterns of life or conduct surveillance on sensitive sites.”

It points out that companies in Canada must comply with federal privacy law, or provincial equivalents, that set out rules for collecting, using and disclosing personal information.

The memo adds, however, that it’s important to remember the national security laws of certain countries, like China, can compel manufacturers and suppliers to share data with their home government or police.

“The risk that Canadian data collected by connected vehicles are accessed and exploited increases when these data are sent to — or transit through — foreign jurisdictions with more permissive data management frameworks.”

In addition, foreign ownership of the infrastructure — such as the digital cloud — that supports the connected devices can pose a risk to privacy and cybersecurity, the memo says.

  • kbal@fedia.io
    12·
    6 hours ago

    The collection, use, and disclosure of personal information must be limited to reasonable purposes, which organizations must identify to individuals at the time of collection … Organizations must limit their collection of personal information to that which is necessary for the purpose identified to the individual.

    That’s what Canada’s Vehicle Cyber Security Guidance says is required by Canadian privacy law. Maybe start enforcing that law, then? If that principle were adhered to in reality, cars wouldn’t collect any sensitive data at all. It would not have intelligence value for friends or adversaries if it didn’t exist.

    • AGM@lemmy.ca
      7·
      5 hours ago

      Doesn’t seem like much protection at all. Put together some very long Terms of Service document that hardly anyone will read but which is required for full use of your vehicle and an open interpretation of “reasonable” and companies basically have free rein.

  • gibmiser@lemmy.world
    6·
    6 hours ago

    Sure, let’s go with this angle. If we collect all this data an enemy could gain access and use it to target Americans.

    You know, any enemy could do this… foreign or domestic…