Spying On My Wife
Surveillance gizmos are a part of my life. What do they reveal?
My wife was fine, but her 2005 Honda Pilot was totaled. On Interstate 95 between New Haven and Boston, the SUV had been picked up by the wind from a passing 18-wheeler and hurled against the median strip. My wife told me she wasn’t speeding, but I didn’t really believe her. So I bought a CarChip and (with her permission) installed it in our family’s other SUV, a 1996 Jeep Cherokee. Now I know if she’s been speeding or not–and a whole lot more.
The CarChip is a 35-by-48-by-25-millimeter data recorder that plugs into a connector found under the dashboard of most cars and light trucks sold in the United States and Canada since 1996. The connector lets the CarChip continuously record data, such as speed and acceleration, fed to it by the car’s onboard diagnostics system. To get the data out of the chip, you just unplug it, attach it to a Windows-based computer, and run a downloader program.
The CarChip’s reports contain an incredible amount of data. The report for each trip notes when the engine was started, when it stopped, and how fast the car was going every five seconds in between–all in the form of a pretty graph. The graph is annotated with warning lines that show excessive speed, as determined by the user (my settings are for 70 miles per hour), as well as incidents of sudden braking and acceleration. You can feed the data into a spreadsheet, and if you buy enough chips and special software, you can maintain records for all the cars in your family or corporate fleet.
Davis Instruments makes three versions of the CarChip. The basic chip holds 75 hours of data and costs $139. I bought the CarChip E/X, which holds 300 hours of data, can monitor any 4 of 23 engine parameters (including such geeky things as the oxygen sensor voltage and the engine load), and has an “accident log” that stores the speed of the car for the last 20 seconds before a crash. The E/X costs $179. Finally, for $199, the CarChip E/X with Alarm allows you to set alarms for excessive speed, hard braking, or sudden acceleration. This device is designed to deliver an audible warning when drivers are engaging in risky behavior.
But as any scientist will tell you, it’s one thing to collect data and another thing to understand what the data actually mean. In the case of the CarChip, understanding requires a deep knowledge of the car’s driver and her habits.
One evening two months after I installed the CarChip, I suggested to my wife that we light some candles, put on some soft music, gather at my computer, and review her driving record.
Although the CarChip records only how fast the car is moving, the patterns in my wife’s daily routine made it easy for us to figure out where it had been traveling at which points on the graph. When the car starts at 8:50 a.m., drives three miles, and stops at 9:15 a.m., that’s a pretty good indication that my wife has just taken our twins to school–and gotten there 15 minutes late. She does this with staggering regularity.
Then we discovered a 74-mile drive with several instances of travel over 70 miles per hour, two acts of sudden braking, and one act of very fast acceleration. And it was on a Sunday, when she was driving our daughter to camp. Whoops, actually I was driving that time. But you get the idea.
The CarChip is just one of a growing number of products that let us collect extraordinarily detailed data about the people we know and love–or work with. Memory chips are getting bigger, networks are becoming better connected, and sensors are becoming more accurate and affordable. And more and more products come with built-in tracking that’s turned on by default. If you don’t want your own belongings tracking your movements, it’s up to you to find out what they’re doing and make them stop.
For example, according to the National Highway Traffic Safety Administration, about 64 percent of the model 2005 cars sold in the United States were equipped with event data recorders (EDRs). Similar to the so-called black boxes in airplanes, these systems continuously monitor a variety of statistics and preserve their most recent readings if the vehicle crashes. According to the NHTSA, EDRs typically record “pre-crash vehicle dynamics and system status” (such as the car’s speed), “driver inputs” (the position of the steering wheel and throttle and whether the brake is engaged), the “vehicle crash signature” (the car’s change in velocity during a crash), and “restraint usage/deployment status” (how quickly the air bags were released). Consumers typically don’t get access to this information. Its purpose, instead, is to help industry and the government make cars and roads safer. Increasingly, it is being used in the courtroom as well.
The problem with these EDRs is that most drivers don’t know they’re there. This creates the risk that the information will only be used against you. For example, the police might pull the data from your EDR if they think it will prove you were speeding, but intentionally neglect to pull it if there is an eyewitness to testify that you were. That’s a problem, because observers who witness a messy crash might inadvertently exaggerate how fast a car was going. In two recently reported cases, EDRs have shown that cars were traveling slower than eyewitnesses thought.
The Electronic Privacy Information Center argued in 2004 that in addition to being informed about EDRs’ presence, car owners should be allowed to control whether the devices collect information and how that information is disseminated. This year the NHTSA issued a rule requiring that EDRs be mentioned in owner’s manuals and that they record a consistent set of data; but those rules won’t go into effect until 2010.
Cell phones are another great source of personal data. Sprint’s Family Locator service allows parents to see where their cell-phone-carrying children (or spouses) are. The system can also record a phone’s position at specified times or follow the phone and leave “bread crumbs” on an interactive map that’s viewable over the Web or from a Web-enabled phone.
Even door locks can provide useful information for someone wanting details on the comings and goings of others. Not old-fashioned lock-and-key systems, that is, but “access control” systems based on codes, pass cards, or radio frequency identification (RFID). Years ago, for example, I had a biometric, voiceprint-based lock on the front door of my house in Cambridge, MA. Everybody had a unique code, of course, so I was able to use the system to see if my live-in girlfriend was coming home on nights when I was out of town. (She wasn’t.)
All these data surveillance systems certainly prove themselves useful from time to time, and increasingly they’re being used by parents and corporations to keep track of children and employees. I recently spoke with a computer forensics specialist who told me that he used the log of a card-key system to show convincingly that an employee suspected of visiting pornographic websites and trying to break in to corporate computers had actually been framed by someone in his company’s IT support group. The attack happened at 2:00 a.m., when the employee was home in bed; the IT person often worked late.
Any monitoring system can be defeated, of course. A child who doesn’t want her cell phone tracked can turn it off or “accidentally” leave it at a friend’s house. I can wait at the front door of an office until it’s opened by a coworker. And my wife can unplug her CarChip if she doesn’t want to be tracked. The CarChip tries to defend itself against this ploy by recording the fact that it was unplugged and then plugged in again at a later time, but it can’t tell you what happened in the interim.
That’s why I think the real use of these systems isn’t surveillance but self-knowledge. I want to know if I am routinely driving faster than the speed limit, or if I am gunning the engine and then hitting the brakes. That’s why I ordered a CarChip for my little blue sports car. If I ever do get in an accident, I want to have proof that I wasn’t at fault. Unless, of course, I was, in which case I expect this little Big Brother to get mysteriously lost in the confusion that follows.
Simson Garfinkel researches computer forensics at the Harvard Center for Research on Computation and Society.