On May 6, a topic of "Gaohe driving recorder suspected of leaking privacy" attracted attention. Car blogger @Li Mouse said that the driving recorder of Gaohe Automobile can receive signals from other Gaohe cars through the owner's interconnection function and read the contents of these car driving recorders. The next day, Gaohe Automobile responded to this, saying that the function is mainly used for fleet travel and vehicle-road coordination, and requires the consent of users when opening, without privacy security risks.
Gaohe was caught in the privacy leak storm
Is this functional design of Gaohe Automobile reasonable? Are there any violations? What possible safety hazards may exist in the real-time shared dashcam screen? A senior lawyer told Nandu reporter that the picture collected by the dashcam includes the personal information of people outside the car, and it is illegal for Gaohe Automobile to provide audio and video information collected by Gaohe Automobile to other vehicles, and the pictures involving people outside the car should be deleted or anonymized.
1
The interconnect function reads the contents of other vehicle recorders
On May 6, @Li Mouse, a well-known car blogger on Weibo, said that Che posted a video saying that he found that his car had a "terrible function." The video shows that in the driving recorder section of Gaohe Automobile, the owner can receive the signal of other Gaohe cars through the owner interconnection function and read the driving recorder content of these cars. The blogger randomly selected a car owner located in Zhengzhou, Henan Province, 639.4 kilometers away from him, and then successfully read the contents of the dashcam of the vehicle he was parked on the side of the road.
Vehicles that can read a dashcam
The blogger reads the driving recorder of a car owner in Zhengzhou, Henan Province
The next day, Gaohe Automobile issued a public statement on the matter, saying that the function "car-car interconnection" mentioned by the blogger is an integral part of the fleet travel and vehicle-road coordination system, which is closed by default when leaving the factory, and the user can actively open the pop-up window by confirming the privacy clause twice after the vehicle is powered on. This function cannot be enabled after power-down, cannot be opened remotely, and there is no storage, and there is no problem of leaking user privacy.
Gao He responded
However, the explanation of this function by Gaohe Automobile does not seem to dispel the doubts of car owners and netizens. "This is the leakage of personal information", "equivalent to the remote camera function", "Completely unable to understand the significance of this function"... The information security risks of Gaohe Automobile have attracted widespread attention. As of press time, the total number of views on related topics has risen to nearly 50 million, and the number of discussions has exceeded 10,000.
During the discussion, the owner of a High-Hood car posted a pop-up reminder page that appeared when the function was turned on, and the pop-up window asked "Are you sure you want to turn on the video sharing function?" At the same time, there is a line of words to explain that "after sharing, others can see the picture of your driving recorder, please ask if you need to open", below there are "Cancel" and "Still open" two options. This means that the feature is activated by the owner and requires their consent.
Pop-up page
According to public information, Gaohe Automobile is an electric vehicle company founded by Ding Lei in 2017, and the parent company is named Huaren Express Technology Co., Ltd. Gaohe Automobile sold 4237 vehicles last year, and the sales volume of the Gaohe HiPhiX series in the first quarter of this year was 1364 vehicles, with an average transaction price of nearly 700,000 yuan, occupying the top spot in the sales list of more than 500,000 luxury pure electric appliances for four consecutive months.
Nandu reporter combed and found that this is not the first time that domestic smart electric vehicles have fallen into a privacy and security storm. In September last year, Ideal Auto stipulated in the updated intelligent system software agreement that during the user's use of the in-vehicle application platform, it will collect the use information of its vehicle driving behavior, car navigation application data, in-car entertainment system data, etc., and if you do not agree with the agreement, you can no longer use the car. The "overlord clause" of the ideal car has also been questioned.
2
It is illegal to provide unprocessed footage to the outside of the car
Is this functional design of Gaohe Automobile reasonable? Are there any violations of the law? What possible safety hazards may exist in the real-time shared dashcam screen?
Xiong Dingzhong, chief partner of Qinglu Law Firm, said that if the "car-car interconnection" function does require the owner to confirm the privacy clause pop-up window twice to actively open, this prompt is sufficient for the owner himself, but it does not take into account the situation of the owner's replacement.
"Automotive system designers should take into account the substitution of car owners and provide certain design solutions to deal with similar problems." If the owner is replaced, the new owner may be exposed to sensitive personal information such as whereabouts without knowing it, but at this time, other car owners who read their whereabouts information and Gaohe have not obtained the authorization of the new owner. He said.
To this end, Xiong Dingzhong gave an example to explain, "I bought a high-he-he car, and I agreed to turn on this function as my willingness. If the feature continues to work after it is turned on, then tomorrow when my wife drives the car, she is completely unaware of it, and she has not given any consent to Gaohe. In this case, Gaohe's approach is illegal and the situation is more serious. ”
In his view, the most compliant approach in theory is "single driving single request", that is, after opening the function, it is only valid in the current driving of the day, and it is necessary to open the function again and obtain consent after restarting the car. Since the car generally defaults to the owner of the car every time, the driver will not be considered to change, at this time it is necessary to inform again and obtain new consent. He also added that this practice is based on the Personal Information Protection Law, and the trajectory of the movement is sensitive personal information, and the individual's separate consent is required when processing.
In addition, Xiong Dingzhong also pointed out another problem that Gaohe had in this incident - the function violated the personal information of people outside the car.
The Several Provisions on the Security Management of Automobile Data (Trial Implementation) (hereinafter referred to as the "Provisions"), jointly issued by the Cyberspace Administration of China and other departments, clearly require that operators collect personal information should obtain the consent of the person being collected, except where laws and regulations stipulate that individual consent is not required. In practice, it is difficult to achieve (such as collecting audio and video information outside the car through the camera), and it is really necessary to provide it, it should be anonymized or desensitized, including deleting pictures containing natural persons that can identify natural persons, or locally contouring the faces in these pictures.
He believes that under the premise of obtaining the consent of the owner, Gaohe can collect its whereabouts, but the picture collected by the camera also includes the personal information of people outside the car, such as faces, geographical location, etc. The owner of the high-end vehicle can read the driving recorder content of other vehicles, which means that the high-speed cooperation will provide the audio and video information it collects to the outside of the car, which is also illegal.
Xiong Dingzhong stressed that even if the owner agrees to share the contents of the dashcam, Gaohe should delete or anonymize the pictures involving people outside the car, and cannot share all the pictures. "On this issue, they (GAOHE) don't have any room for compliance."
Blogger @Li Mouse said that the video of the car caused a lot of controversy after it was issued, and many netizens did not buy it" in response to Gaohe. "Even if it's for the sake of a convoy, what convoy needs to look at the contents of a driving recorder hundreds of kilometers away?" And expressed doubts about the original design of the feature.
In this regard, Xiong Dingzhong said that at present, the compliance ability of some car manufacturers is not very strong, and to achieve this function in a fully compliant form, it may face higher technical costs, such as the car needs to identify whether the owner is replaced, reconfirm to the owner whether to open the dashcam sharing function, and real-time anonymization of the collected pictures. In addition, Gaohe also needs to limit the sharing range of the recorder content, such as sharing with vehicles within one kilometer.
It is worth mentioning that "there are many product designers who may not consider its 'boundary' when designing a function, and without considering compliance issues, they may ignore the need to limit the sharing range of the car owner's dashcam." ”
Article 11 of the Provisions requires that operators handling important data shall report in advance to the provincial-level internet information departments and relevant departments on the type of data, scale, scope, location and time limit for preservation, method of use, and whether it is provided to third parties.
In terms of safety hazards, Xiong Dingzhong said that this function of Gaohe Automobile may bring serious safety risks. If a high-speed car is driven to a military management area, a national defense unit or a party and government organ, the geographical location, personnel flow, vehicle flow, etc. of these places are important data and need to be handled more strictly. "If they do, I don't think the CAC will approve this feature." He said.
Written by: Nandu trainee reporter Fan Wenyang
![Thirteen departments have issued cyber security review measures, and enterprises listing in Hong Kong do not need to voluntarily declare for review[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)