Recently, the auto blogger "Lee mouse said the car" revealed that the dash cam of Gaohe car, a smart car brand, has a button similar to "WiFi" in the lower right corner. After clicking, you can see the user list of other Gaohe car owners. After selecting one of them to display the user name of Zhengzhou, the real-time screen of Zhengzhou owner's dash cam appears on the central control screen. This caused people's doubts about personal data disclosure, and the news quickly rushed to the hot search.
Smart cars involve various questions related to personal data security. There have also been many discussions on smart car brands such as Tesla, Weilai, Xiaopeng and Weima in the past few years. Behind these social doubts is the anxiety about personal data security in the era of smart cars.
However, in the eyes of new energy vehicle manufacturers, personal data security is not the main selling point. Generally speaking, new energy vehicle enterprises put more emphasis on endurance mileage, automatic driving, appearance design, chip computing power, charging and changing services, etc. functions and services related to personal data security rarely appear in publicity materials.
For the smart car industry, personal data is a "less transparent" problem, and there is no unified standard in the whole industry. Many people in the industry even believe that this is a "no need to discuss it now".
01
An "important but not urgent" question
To answer this question, we can review the development history of China's new energy vehicles. Since 2009, China began to vigorously promote the development of new energy vehicles. In the early stage, it mainly focused on electrification. Until Tesla entered China and new car making forces such as Weilai and Xiaopeng rose, intellectualization was paid attention to.
Up to now, the development history of China's new energy manufacturers is only more than ten years, and the new forces of car making such as Wei Xiaoli are less than eight years, most of which are still in the early verification stage from 0 to 1. In this process, the most important thing for enterprises is to live first, give full play to their strengths, create user value ignored by the original leaders, and realize the rapid improvement of sales.
In the case of limited resources, the OEMs will give priority to the differentiated functions and services that users can clearly perceive, such as Tesla's early three electricity system capability, Weilai automobile's user service capability, Xiaopeng automobile's intelligent driving capability, and the product capability of the ideal automobile facing the family user group.
In contrast, personal data security is not the explicit demand of users, but just as the underlying services and functions, which are designed by the host factory by default. If we say that endurance, automatic driving, in car interaction, price and service are players who cooperate with each other to "score goals" on the court, the functions and systems related to personal data security are at most the role of sparring in the team.
Relying on this strategy, weixiaoli has basically completed the stage from 0 to 1 in 2021, with sales of more than 90000 vehicles. Among them, ideal car has obtained a 3% share in 250000 to 500000 passenger cars, which verifies the product power for family user groups.
When will data security become one of the competitiveness of smart cars? If we refer to the experience of the smartphone industry, personal data security is developed by [Apple] after 10 years of industry development( https://apple.pvxt.net/c/1251234/435400/7639?u=https%3A%2F%2Fwww.apple.com%2Fcn%2Fmusic%2F ) Opened the global data security revolution. Since April last year, Apple has officially implemented the att policy to solve the problem of personal data security. Att gives the control of the unique serial number of the device, that is, the advertiser identifier (IDFA), to the user, who decides whether to share and with whom to share the data.
This has not only further shaped Apple's corporate image that attaches importance to personal data, but also become one of its brand characteristics and competitiveness. Subsequently, Google also responded to this trend and initially realized the "privacy security compliance wall" established by large cloud service manufacturers.
Like smart phones, smart cars seem to have to develop for 10 years before the society pays attention to the basic issue of personal data security. But at present, although users' perception of personal data security is not obvious and can not significantly improve sales, from the perspective of the granularity of user data collection, smart cars are much higher than mobile phones, so it is necessary to pay attention to this problem from the beginning**
The founder of dog safety technology, which is engaged in intelligent vehicle data security technology & amp; CEO Li Jun told geek park that smart cars equipped with rich sensors have become powerful remote data acquisition terminals. When the car is as smart as the mobile phone, the data collection capacity of the car will greatly exceed that of the mobile phone.
This is indeed the case. Taking Tesla Model 3 as an example, there are 21 sensors in total. Including 8 high-definition cameras, 12 ultrasonic sensors and 1 forward millimeter wave radar system. HD camera, which can provide 360 degree omni-directional view within 250 meters; Ultrasonic sensor can sense and monitor obstacles within 8m around the vehicle; Millimeter wave radar, with a maximum detection range of 160 meters, can penetrate heavy rain, dust and even vehicles in front.
With the "arms race" of car enterprises becoming more and more involved, the number of sensors is increasing. The new et7, which has just been delivered by Weilai, has as many as 33 sensors, including 11 nearly ten million pixel cameras, 12 ultrasonic radars, 5 millimeter wave radars, 1 lidar, etc. In the future, with the development of intelligent vehicles, the number and quality of sensors may be greatly improved.
Through these sensors, OEMs and Internet of vehicles service platform providers have collected a large amount of data. It is understood that an intelligent connected vehicle generates about 8g of data per second and can collect at least 10TB of data every day** These data are of great value to automobile manufacturers, mobile operators, insurance companies and other service providers.
In addition to a large number, the information collected by intelligent vehicles also has the characteristics of many kinds. An expert once said in an interview that Tesla can collect more than 200 information covering the owner's personal information, vehicle environment information, vehicle driving information, owner's mobile phone information, and more than 170 items collected by similar domestic manufacturers.
Generally speaking, the data types collected by intelligent networked vehicles include dozens of categories, such as vehicle driving data, body data, control data, video data, image data, coordinate data and so on.
Among them, a large part of users are most concerned about personal data, including the names, ID cards and telephones of car owners and passengers, as well as their consumption and living habits information, user body temperature, heartbeat frequency, etc., and even the image and voice data, location information, driving track, etc. of car owners and passengers. In addition to serving users, the information transferred by these users is also used by car companies for background analysis for product improvement and experience optimization.
02
How to protect personal data security
At present, smart cars are still in the early stage of development, and there are indeed many problems in personal data security. Chen Hong, the head and chairman of SAIC Group, once said publicly that in the process of data acquisition and use, there are some problems, such as unclear responsibilities and specification requirements for data acquisition and storage, unclear requirements for commercial use constraints of data, insufficient prevention of data leakage, insufficient punishment for data violations and so on.
However, countries around the world seem to be aware of these problems and begin to strengthen the top-level design of intelligent networked vehicle safety. In particular, 2021 is regarded as the first year of intelligent networked vehicle data security. Both at the United Nations level and at the national level, many laws and regulations related to personal data protection have been formulated.
For example, in the field of Internet of vehicles in China, relevant departments have successively issued several provisions on automobile data security management (for Trial Implementation), opinions on strengthening the access management of intelligent Internet connected automobile production enterprises and products, information security technology and safety requirements for Internet connected automobile data collection, so as to strengthen the management of data security, network security, functional security and expected functions.
"From the perspective of actual development, the current legal standard system has a certain gap compared with the United States, Europe and other regions, and can not fully meet the needs of industrial development." Chen Jingxiang, deputy general manager of Neusoft's network security division, once said that it still needs to be strengthened from the aspects of formulating standard guidelines, establishing evaluation system and establishing supervision mechanism.
At the same time, the industry has not reached a consensus on the specific operation details in many aspects. For example, with a large amount of data collected, who is the ownership of personal data? This is a complicated problem. At present, from the perspective of control, the initiative of data collection, analysis and use of intelligent vehicles is in the hands of the main engine factory; However, from the perspective of the ownership of personal data information, the mainstream view in the industry believes that it should belong to users**
In reality, it is also difficult to define the ownership of driving data. Chen Wen, director of the digital economy research center of the school of finance of Southwest University of Finance and economics, once said that personal data information has storage costs. Enterprises or operators often store valuable data out of consideration of commercial value, and these data constitute an organic part of the enterprise's "core assets"; In addition, personal data has the attribute of social network, especially in the Internet era. Personal data is often mixed with other people's data. If the data is completely classified into one person, it may infringe on other people's data privacy.
For a simple example, during the Shanghai auto show last April, rights owners accused Tesla of brake failure and said that Tesla's claimed vehicle driving data were untrue. Subsequently, Tesla disclosed the data one minute before the accident at the end of April of that year. But later, the owner's family said Tesla's move violated the owner's privacy.
The core of this dispute is EDR data (automobile incident data). The system records the operation and safety status information of the vehicle in a period of time before and after the collision accident, including vehicle speed, steering angle of steering wheel, acceleration and brake pedal status, use of safety belt, vehicle braking system, etc. it is the basis of accident cause analysis and identification. Under the current legal framework, it is difficult to define the attribution of such data, which has triggered discussion in the industry.
On how to ensure the security of users' personal data, Shen Hui, founder of Weima automobile, said that the decisive factor is users' demand, and the main engine factory is under pressure. For users, if "reject" is selected for all options, they may not even be able to enter the vehicle system. Information is safe, but it also gives up the intelligent attribute of the car, which is not worth it; Choose all "agree" and completely hand over their information security to the host factory. They have lost the initiative to protect their privacy, which is inappropriate. Therefore, what users need is an "electronic fence" with multiple choices and personalized privacy and data protection.
This seems to represent the relatively unified thinking of today's automobile enterprises, but it also raises another problem, formally, intelligent automobile enterprises can hand over the option to users, but when the automobile intellectualization has just begun, when the personal data security has not been put on the table and automobile enterprises generally avoid talking about it, users may not know what those options mean under the complex technical mechanism**
Take the Android system of the smart phone for example. It has a powerful developer mode inside. For example, after the "USB debugging" is turned on, a variety of operations can be realized through ADB, such as sending broadcasts, disabling applications, pulling files, opening activities, etc.
However, for ordinary users, most people have not contacted or even heard of it. It is very unrealistic to educate users to make rational use of these "options". As a result, enterprises are exempted from the responsibility for personal data problems, but many hidden dangers will be left, which may not promote the safe use of personal data in the end.
The era of smart cars is inevitable. According to the national development and Reform Commission, by 2025, the penetration rate of intelligent vehicles in China will reach 82%, and the number will reach 28 million; By 2030, the penetration rate will reach 95% and the number will be about 38 million.
In the short term, personal data security has little impact on improving market share, and occasional disputes are soon forgotten. However, in the long run, it is indeed indispensable for the long-term development of the industry. Establish a more consensus bottom line standard, so that users can fully understand the most dynamic intelligent terminal in the new era under the understanding of transparency as much as possible, instead of always questioning and distrusting intellectualization in stages.
It is not necessary to rhyme with history. The "pit" of personal data security buried by smart phones in the past decade should not be repeated by smart cars.