474. The Car That Knows Too Much

Show Notes

Check out host Bidemi Ologunde's new show: The Work Ethic Podcast, available on Spotify and Apple Podcasts.

Email: bidemiologunde@gmail.com

In this episode, host Bidemi Ologunde examines the push to mandate surveillance-adjacent safety technology in new cars by 2027, with a sharp focus on the United States. As regulators, automakers, insurers, and privacy advocates clash, one question looms over the future of driving: when your car is built to watch for danger, who else is watching you? Will these systems save lives without turning every commute into a stream of data? And if safety becomes the justification, where should the limits be?

Sponsors and partners:

Promeed: 100% mulberry silk pillowcases and bedding that feel incredibly soft, stay breathable, and are naturally gentle on hair and skin.

SurviveX: professional-grade FSA/HSA eligible first aid and preparedness kits designed in Virginia, USA and produced in an FDA-registered facility.

Alison US CA: Alison is the world's largest free online learning and skills-training platform, helping more than 50 million learners in 193+ countries build career-ready skills with 6,000+ free courses, certificates, and diplomas.

eSign (iOS only): eSign is a clean, privacy-first document-signing app that works entirely on your device, letting you sign PDFs, DOCX files, images, and scans, edit and assemble pages, and export crisp 300 DPI PDFs in seconds, without accounts, cloud uploads, or compromising sensitive documents.

Support the show

Transcript

SPEAKER_00 0:16

By 2027, the car is not just transportation. In many jurisdictions, it is becoming a regulated sensing platform, one that can infer alertness, destruction, impairment, and after a crash, a high resolution record of what happened. So here is the core story, especially for the United States. First, the US Congress already ordered a new federal safety standard requiring advanced drunk and impaired driving prevention technology in new passenger vehicles with a compliance date set 2 to 3 years after the final rule is issued, and with a statutory mechanism that originally made late 2026 to 2027 sound plausible. Second, the federal government is not yet at a final rule. The National Highway and Traffic Safety Administration's own February 2026 report to Congress emphasizes that commercially available, passive and accurate alcohol impairment detection is still not ready, and that false positives, basically blocking sober drivers, are a serious safety and civil liberties problem at national scale. Third, while Washington debate mandates, the market has already built the infrastructure of surveillance, connected cars generating location and driving behavior data at high frequency shared outward into data ecosystems. The Federal Trade Commission's actions against General Motors and OnStar, finalized in January 2026, showed how quickly safety and convenience data can become an insurance and profiling product without meaningful consent. Fourth, globally, the EU's safety rules provide a revealing contrast. The EU mandates driver drowsiness and attention warnings and distraction warnings, but it hardcodes data minimization principles, no continuous recording, no third-party access, and immediate deletion after processing. That's a regulatory model the US has not yet matched. Finally, the policy choice is not safety versus privacy. The real choice is what kind of safety system we mandate, one that works mostly in a closed loop inside the vehicle, or one that quietly expands a national database of movement, behavior, and biometrics. In 2024, a driver in the Seattle area noticed something strange. His car insurance jumped. Despite no crashes, no tickets, no obvious change in his driving behavior. The explanation did not come from his insurer's underwriting department. It came from a report he didn't know existed, built from data he didn't realize his car was collecting and sharing. The story, widely covered afterward, centered on connected car telematics, where heartbreaking, acceleration, trip characteristics, and other behavioral markers can be packaged and sold into the insurance ecosystem. So that anecdote matters because it captures the new bargain drivers are being pushed into, often without realizing it. The modern car can behave like a smartphone on wheels, streaming out behavioral data. And once that pipeline exists, the next step is almost inevitable. Lawmakers, regulators, and insurers ask, if the car can already measure behavior, why not require it? That is the tightrope we're working toward 2027. Safety mandates that can save lives, especially from drunk driving, arriving in a society that has already learned the hard way that data collection expands far beyond its original purpose. So let's map the mandate's landscape. Global first, then the US, and explain why 2027 became the headline year. In November 2021, Congress passed the Infrastructure Investments and Jobs Act. Buried in the vehicle safety provisions is section 24220, Advanced Impaired Driving Technology. It uses unusually direct language. It must be able to do at least one of these things passively. First, monitor driving performance to identify potential impairment and prevent or limit operation. Two, detect when a driver's blood alcohol concentration is at or above the legal limit and prevent or limit operation. 3. Combine both approaches. So now to the timeline mechanics. Congress set a deadline. Subject to an extension mechanism if NHTSA determined the safety standard requirements could not be met. Congress also insisted on a compliance window. The standard's compliance date must be not earlier than two years or not more than three years after the final rule is issued. So that's where 2027 came from. If the final rule landed in 2024, the compliance window points to 2026 to 2027. But here is the key update. NHTSA did not finalize a rule by 2024. NHTSA issued an advanced notice of proposed rulemaking in January 2024 to gather information for a future standard. And by early 2026, the agency was still evaluating the technology landscape and analyzing public comments. And in February 2026, NHTSA reported to Congress that based on its 2024 assessments, there was not commercially available technology that detects driver alcohol impairment accurately and passively, and that current systems have not demonstrated the precision, speed, and reliability needed to meet the mandate and the safety act's requirement. So, the 2027 label persists in popular discussion, but the real compliance date is now more likely to slide later unless the regulatory process accelerates. While the US is debating how to mandate impairment prevention, the EU has already built a more explicit framework for driver states and crash data systems through its general safety regulation regime. Under regulation EU 2019-2144 structure, motor vehicles shall be equipped with advanced vehicle systems, including one driver drowsiness and attention warning, two advanced driver distraction warning, and three an event data recorder among other systems. So here are two details about the EU approach that matter for American listeners. First, the EU makes driver monitoring surveillance like, but restrains it with strong purpose limitation. The regulation states that drowsiness or attention warning and distraction warning systems must not continuously record or retain data beyond what is necessary for their purposes in a closed loop system. The data must not be accessible or made available to third parties and it must be deleted after processing. Second, the EU system includes an explicit phased schedule. In the annex table, driver drowsiness and attention warning is tied to phase B, while advanced driver distraction warning is tied to phase C, and the notes define what those phases mean in calendar terms, moving from type approval requirements to prohibitions on registration if requirements are not met. This matters because it demonstrates something the US is still struggling to do mandate safety monitoring while legally fencing off broad secondary issues. Even before the federal impaired driving mandate is in force, US states have begun responding to connected car surveillance risks in at least three ways. One, state privacy regulators and enforcers are explicitly targeting connected vehicles. In July 2023, the California Privacy Protection Agency announced a review of connected vehicle manufacturers' privacy practices, recognizing that these vehicles can automatically gather location and other sensitive data. 2. State are writing vehicle-specific safety and privacy rules. In September 2024, California enacted SB 1394, requiring car manufacturers to allow drivers, especially survivors of domestic abuse, to terminate remote access to a vehicle to reduce misuse like tracking and remote manipulation. 3. State Attorneys General are suing over connected car data collection and sale, framing it as consumer deception. Ken Paxton sued General Motors in August 2024 over alleged unlawful collection and sale of Texans driving data. In February 2026, Brenner Bird filed suit in Iowa alleging deceptive practices related to connected vehicle data collection and sale. In other words, the U.S. privacy landscape is becoming a patchwork, some of it aimed at consumer rights, some of it at domestic safety, some of it at business practices, while the federal safety mandate is still forming. So now to the core technical question. What are these mandated surveillance technologies in practice? What do they collect and how might they work by 2027? In the US, the statute defines an outcome, prevents or limit vehicle operation when impairment is detected using passive monitoring of driver performance and or passive detection of blood alcohol concentrations above a legal limit. It does not specify a specific sensor. That ambiguity is where the privacy stakes live. Technology neutral sounds flexible, but it also means a final rule could lean toward physiology-based sensing, for example, breath alcohol concentration proxies, tissue spectroscopy or touch sensors integrated into a start button or steering wheel. Camera-based driver monitoring systems that infer impairment from eyes, face, and attention cues, vehicle kinematics and ADAS derived signals like swerving patterns or lane position variability or hybrids that combine these signals. NHTS's February 2026 report explicitly lists these categories, touch sensors, cameras, and vehicle data among them, and note that its 2024 research did not find commercially available technology that can detect alcohol impairment accurately and passively. So as of now, the most realistic 2027 pathway in the US isn't a mature universal BAC detector. It is more likely a driver state inference system or a constrained impaired driving prevention package that blends ADAS behavior cues with limited physiological sensing, unless the technology suddenly leaps forward and clears the false positive hurdle. The EU's mandate is more explicit in one sense. Driver drowsiness or attention warnings and distraction warnings are required, but with a built-in privacy architecture. The regulation requires no continuous recording beyond what is necessary. It prohibits third-party access and calls for deletion after processing. That matters because it shows the design principle the US could adopt, mandate the safety function, and legally require the safety data to die inside the car. Event data recorders are another surveillance adjacent mandate globally and a de facto reality in the US. In the EU framework, an event data recorder is defined as a system with the only purpose of recording and storing critical crash-related parameters shortly before, during, and immediately after a collision. The EU also specifies constraints that are surprisingly privacy forward. EDRs cannot be deactivated. They must record crash-relevant parameters such as speed, braking, safety system status, and more, and they must not record identifiers like vein segments that could allow the vehicle or the owner to be identified. In the US, Congress separately addressed privacy for EDR data through the Driver Privacy Act of 2015. EDR data is the property of the owner or LEC, and access is restricted except through consent, certain investigations, emergency response, or traffic safety research with limits on personally identifiable information. That is an underappreciated fact. US law has a relatively clear ownership and access model for EDRs, even while connected car telemetry outside the EDR context remains far less constrained. So here is the central systems question. Does the mandated safety function require data to leave the vehicle? The answer is usually no in principle, especially for driver state warnings. But market incentives often say yes. Remote diagnostics, fleet analytics, subscription services, and of course, insurance scoring. And we have hard evidence that this data is already being externalized at scale. The FTC's finalized order describes allegations that millions of vehicles, precise geolocation, and driving behavior data were collected and sold without adequate notice and affirmative content, and it imposes long-term consent and opt-out requirements. So a mandate layered onto that ecosystem risks creating what civil liberties advocates fear most, a safety requirement that becomes a normalized sensor backbone for third-party profiling. The surveillance mandate debate is not only technical, it is a conflict among institutions with different incentives and different legal powers. For regulators, at the federal level, NHTSA sits under the U.S. Department of Transportation and is responsible for setting vehicle safety standards. The IIJA mandate pushes NHTSA to turn research uncertainty into enforceable performance requirements. For manufacturers and telematics subsidiaries, automakers have to ship compliant hardware at enormous scale while protecting usability and minimizing false positives. But they also have incentives to monetize connected services. The connected car data market has already created reputational risk, especially after the FTC's connected vehicle enforcement. For insurers and data brokers, usage-based insurance and risk scoring depend on behavioral signals such as hardbreaking, speeding, time of day driving, and location-derived context. The problem is not telematics itself, it is opacity, content, and secondary uses. The public learned this in the most direct way possible, rate changes tied to data pipelines that they did not recognize. For law enforcement, modern investigations increasingly use connected car location data and other records. Reporting based on FOIA records indicates wide variability in manufacturer policies, some requiring court orders for location, others complying with subpoenas, creating what critics call policy-made law. For civil liberties and privacy advocates, groups including the American Civil Liberties Union and the Electronic Frontier Foundation have long argued that persistent, high-resolution location and behavior data can enable near-perfect surveillance in ways that strain traditional legal doctrines. This concern is amplified when surveillance capacity is embedded by mandate. U.S. constitutional law does not have a single car data doctrine, but Supreme Court decisions on tracking and digital records shape the terrain. In United States v. Jones, the court held that attaching a GPS device to a vehicle and monitoring movements constitutes a Fourth Amendment search. In Carpenter vs. United States, the court held that the government's acquisition of historical cell site location information is a Fourth Amendment search requiring a warrant in the ordinary case, recognizing how comprehensive location records can be. In Riley vs California, the court held that police generally need a warrant to search digital information on a cell phone seized incident to arrest. So here is the relevance. Connected vehicles generate data sets that look more and more like the data described in Carpenter, longitudinal, effortless, and quite revealing. If the law mandates in-vehicle monitoring and then allows those records to leak outward, the legal tension escalates. But there is also statutory law, and here the US is uneven. For EDRs, Congress created an ownership and access framework in the Driver Privacy Act of 2015. EDR data is the property of the owner or lessee, and access is limited except for consent, court authority, certain investigations, emergency response, or anonymized safety research. For connected vehicle telemetry and driver monitoring data, there is no single comparable federal statute. The enforcement hook has often been consumer protection. That is why the FTC's GM OnStar case matters. It is not a niche dispute. It is a federal signal that connected vehicle data practices can be treated as deceptive or unfair when content and disclosure are deficient. Surveillance capable systems are also cybersecurity liabilities. The NHTSA's own guidance emphasizes layer defenses, risk-based protection of safety critical control systems, and following frameworks like the NIST Cybersecurity Framework in developing vehicle cybersecurity protections. That is crucial because a prevent or limit operation system is inherently safety critical. If it is compromised, the result could range from privacy breaches to denial of service against mobility. Now to the money and the mood because mandates don't land in a vacuum. The safety case is massive. NHTSA reports that in 2023 there were 12,429 traffic fatalities in crashes involving at least one driver with a BSE at or above 0.08, about 30% of all traffic fatalities, and it estimates social safety costs around$165 billion for 2023 alcohol impairment related fatalities. Congress's own findings in the IIJA framed impaired driving as roughly one third of highway fatalities and argued that advanced technology must be standard equipment in all new passenger vehicles. So the mandate pressure is not arbitrary. It is a response to a persistent, deadly externality. Public trust is not keeping pace with connectivity. A 2024 JD Power US Mobility Confidence Index release reported that data privacy and hacking remain major concerns, with 64% of consumers concerned that data collected in the vehicle is not safe and secure, and many saying an automaker's data protection policy could influence purchase decisions. At the same time, Watchdog Research has argued that modern cars represent a worst-case category for privacy and security based on broad collection and sharing practices across brands. And consumer protection regulators are no longer treating these issues as hypothetical. The FTC's GM On-Star order shows real consequences, content requirements, opt-out mechanisms, and a ban on certain disclosures for five years. Because the US standard is not final, there are at least three plausible scenarios. Scenario 1, accelerated rulemaking, and then later compliance. A final rule is issued in 2026-2027 after NHCSA finishes analysis. Compliance then comes two to three years later. That makes 2027 more like 2029 to 2030. Scenario 2. Extension and technology maturation. The statute allows up to a 3-year extension of the issue the rule deadline. The compliance clock still starts after the final rule. This scenario produces the same result. Compliance after 2027, but with potentially better technology. Scenario 3. Even without a final FMVSS, automakers deploy more driver monitoring, partly for advanced driver assistance safety, partly for liability management, creating soft mandates through insurance incentives and safety ratings, not just law. So let's end with what should be done by regulators, by industry, and by drivers so that safety mandates do not become a surveillance blank check. Recommendation one. Make closed loop by default the US safety standard design goal. The EU provides a model, mandates the safety function, but legally require that the driver monitoring data not be continuously recorded, not be accessible to third parties, and be deleted after processing. A US FMVSS could embed similar principles for impermanent prevention systems wherever feasible. Recommendation 2. Performance standards must address false positives as a civil liberties issue. NHTSA's report is explicit. Even extremely high accuracy could generate millions of mistakes at national scale, given how many trips occur yearly. The standard must define acceptable error rates, fallback procedures, and remediation paths for drivers incorrectly blocked. Recommendation 3. Create a driver bill of rights for connected vehicles at the federal level. The US already did this for EDRs, ownership and access limits. Extending a similar approach to connected vehicle telemetry, especially location and biometric driver monitoring data would shrink the gap between black box data and smart card data. Recommendation 4. Limit insurance use unless the driver affirmatively opts in. The FTC order against GM underscores the consent problem. For risk scoring, opt-in should be explicit, revocable, and auditable, particularly when the data can affect essential services like insurance. Recommendation 5. Harmonize state innovations into national baselines. California's SB1394 shows a concrete safety privacy interface, the ability to terminate remote access to a vehicle to reduce tracking and coercive control. That is a specific operational consumer protection that could be generalized beyond one state. Last but not the least, recommendation six. Require security engineering and independent testing for any system that can limit operation. NHTSA's cybersecurity guidance stresses layer defense, protecting safety critical controls, and using NIST functions. Identify, protect, detect, respond, recover. For an impairment prevention system, this should not be voluntary practice. It should be certification grade. So if you're listening and thinking, so what can drivers do right now without hacking anything? Here are some practical lawful controls. First, use your rights where they exist. The FTC's GM order requires mechanisms for consumers to request a copy of their data and seek deletion and to opt out or disable certain collections when available. Even outside GM, state privacy laws increasingly provide access, deletion, and opt-out rights. Next, turn off what you can from inside a car. California's SB1394 model focuses on terminating remote access to prevent fracking and misuse, an approach that is likely to spread as a safety norm. Next, be intentional about enrollment. Many connected features ride on default enrollment or bundled consent flows. Regulatory complaints highlight how misleading enrollment can be. Treat connected car apps like financial apps. Only opt in when you've decided the trade-off is worth it. And finally, prioritize updates and security hygiene. As monitoring expands, so does attack surface. Following well-known best practices such as keep software updated, use strong credentials, limit shared access is a safety issue, not just a privacy preference. So to wrap up this episode, by the time we reach 2027, the central question won't be whether cars can watch us. They already can. The question will be when governments mandate safety sensing, will they also mandate the limits so that the safety system protects drivers from crashes without turning every commute into a data product? If you like this episode, please share it with a relative, a friend, a coworker, a neighbor, an acquaintance, and so on. And then please leave a rating andor a review on your favorite podcast app. My name is BDM Logunde, and this is the Big Picture Podcast. Thank you for listening.