Brake pedal data can fingerprint drivers with 87% accuracy in 15 minutes

Have you opted for lower car insurance premiums via installing an insurance-supplied dongle? If so, then did you realize that dongle could narc you out when brake pedal usage is used as a biometric identifier?

If you are thinking surely not, then think again, as researchers had nearly a 90%  accuracy in identifying drivers via brake pedal sensor data after only 15 minutes of driving.

Yesterday, researchers from the University of Washington and of California presented “Automobile Driver Fingerprinting” (pdf) at PETS 2016, short for Privacy Enhancing Technologies Symposium.

The abstract states: “While we do not know of attempts by automotive manufacturers or makers of after-market components (like insurance dongles) to violate privacy, a key question we ask is: could they (or their collection and later accidental leaks of data) violate a driver’s privacy?”

They used 15 drivers for their study and logged data from 16 in-vehicle sensors collected by a car’s CAN (controller area-network) bus. For the study, they had the drivers perform maneuvers in an isolated parking lot, as well as drive in traffic along a 50-mile loop in Seattle.

The researchers determined that “drivers are indeed distinguishable using only in-car sensors.” The top sensor to fingerprint drivers was the brake pedal.

Some of the researchers’ key findings included:

• 100% driver ID among 15 drivers is possible using 15 sensors and the entire database of driving data.
• 100% driver ID among 15 drivers is possible using just the brake pedal and the entire database for training.
• 100% ID among 15 drivers is possible given short training datasets (8 mins, 15 mins, 1 hour) and multiple sensors.
• 87% accuracy is achievable using a single sensor (brake pedal) and only the first 15 minutes of open-road driving as a training database; the 15 minutes was broken down as 13.5 minutes training and only 1.5 minutes of test data.

They aren’t saying it’s all bad, as driver fingerprinting could be used for vehicle theft detection, but there are plenty of privacy risks. There is also a growing data-sharing aftermarket, such as insurance companies offering dongles for rate reductions, dongles that offer diagnostics and even some that offer concierge services.

Potential driver fingerprinting privacy violations

It’s not a new idea that companies can tell a great deal about you, good and bad, via the data collected from modern vehicles. For example, Jim Farley, executive vice president for Ford Motor Co., said in 2014, “We know everyone who breaks the law. We know where and when you are doing it. We have GPS and other technologies in your car, so we know what you are doing.”

After Farley’s statements caused an uproar, he retracted his statements.

Since drivers can be “fingerprinted” by the data, the researchers proposed potential privacy risks. They wrote:

While we anticipated some level of de-anonymization success, our results are surprising given the apparent potential of vehicle sensor data present in stock vehicles to distinguish between individuals given limited time and restricted access to sensors. We view this as a significant result since it implies that even simple devices—such as insurance dongles attached to a car’s internal computer network—have the potential to violate privacy.

Good ole Alice and Bob were featured in numerous scenarios about potential privacy problems. If a red-light camera snaps a shot of a car running a light, and Alice says she wasn’t driving because she loaned her car to Bob, then police could obtain data from the insurance dongle connected to the car. Then it’s bad news for Alice when the data indicates she was driving, not Bob.

If Alice and Bob rented a car together, but Alice was the only “authorized driver” and Bob also drives, then the rental company could tap into the dongle data to detect Alice was not driving. Say hello to fines and added fees from the rental agency after the rental agreement was broken.

In another scenario, Alice bought only daytime insurance coverage for her son, Bob. But the insurance company uses the data from its dongle to detect that Bob is driving at night and then cancel Alice’s insurance.

Alice could install a monitoring dongle in Bob’s car if she wanted to know if his “significant other” was driving, and then receive a real-time text message if the dongle detects a driver other than Bob.

The dongle in Alice and Bob’s car could detect which one was driving and then push targeted ad text messages, such as for a favorite restaurant, depending upon who was driving.

The researchers advised drivers to be wary about sharing their vehicle data “without substantial guarantees for superior service.” The companies collecting that data have a responsibility to offer privacy controls for users and “develop safeguards for data processing and retention that keep up with the evolving threat model landscape.”