It looks like you’ve had an accident! Every new car sold in the EU has a black box in it that will activate the car’s microphone and call emergency services in the event of a crash, supplying them with the car’s location. A system that’s ripe for explotation as spyware.
Welcome to the 53rd episode of The Private Citizen! Back to its usual Wednesday release slot. Sorry for last week, by the way. It was Sleepy Joe’s fault, he got inaugurated too slowly.
There is also a live recording of how the sausage is made on YouTube, as always.
I’ve recently finished playing Cyberpunk 2077. In it, Keanu Reeves' character is the lead singer of the band Samurai, which can be heard in-game performing a number of songs (they were actually recorded by the Swedish punk band Refused). One of these songs is called A Like Supreme. Check it out. And read the lyrics. They are very much on topic for what this podcast here is all about.
Speaking of privacy, today’s topic is modern cars and a feature called eCall that is now mandatory in the EU.
The European Union’s eCall Legislation
In 2015, the European Parliament decided that from 2018 onwards, all new cars sold in EU must be fitted with a system they called eCall.
What is eCall?
The eCall system consists of a GSM/GPRS modem that has its own SIM card and is connected to the car’s entertainment and telemetric systems. It has access to the car’s speakers, microphone and GPS location data. It is supposed to initiate once the car’s built-in electronics have recognised the car as having been in a crash – i.e. the airbags have deployed. In this case, it automatically calls 112, the EU-wide emergency number.
eCall is more an implementation standard than a hardware specification and it is a black box system. Meaning each car manufacturer has its own proprietary solution in place and there’s very little information on actual implementation details. Most car manufacturers refuse to tell customers how to turn the system off and implementation varies in regards to giving the car owner the ability to tell if the system is in use. Usually, cars include a manual “call” or “SOS” button, but with some models, the system is hard to find and almost invisible.
The stated goal of this system is to reduce the number of deaths from traffic accidents in the EU by 10% each year. Which is ludicrous. Here’s a look at how that’s been going:
Road deaths in the EU compared to the EU government’s traffic death prevention target (Source: The European Transport Safety Council)
One reason while the EU isn’t reaching its unrealistic target is that automobile manufacturer are actually shirking the obligation to build eCall into their cars (more on that later). Another could be that it is utterly unfathomable by anyone with common sense how such a system is supposed to save so many lives. An overwhelming number of traffic accidents in the EU happen in highly populated areas (because those have more traffic). Most accidents, especially serious ones, are therefore called in immediately.
And there are questions around mobile coverage and eCall being viable in lightly populated areas.
→ eCall minimum set of data transmission – Results from a field test in Finland, Risto Öörni and Timo Korhonen
The EU Parliament says about the eCall system:
It communicates the vehicle’s exact location to emergency services, the time of incident and the direction of travel (most important on motorways), even if the driver is unconscious or unable to make a phone call. An eCall can also be triggered manually by pushing a button in the car, for example by a witness of a serious accident. eCall will transmit the data that is absolutely necessary in case of accident. Information only leaves the car in the event of a severe accident and is not stored any longer than necessary.
The Commission estimates that, once the system is fully implemented, eCall could save hundreds of lives every year and help injured people quicker.
To assuage privacy concerns, the EU has put up a document addressing questions about eCall. It includes some general information about the system:
The public Pan European 112 eCall In-Vehicle System (IVS) remains dormant (that means not connected to the mobile phone networks) until a serious accident happens, therefore no tracking or transmission of data takes place during the normal operation of the system. Only when a serious accident takes place,the information contained in the Minimum Set of Data (MSD)1is transmitted to the Public Safety Answering Point (PSAP).The data included in the MSD are those strictly needed by the emergency services to handle the emergency situation, and may include the triggering mode (automatic or manual), the vehicle identification number, vehicle type and propulsion, timestamp, vehicle direction, current and previous positions, and number of passengers. These data are transmitted and stored by the PSAP in compliance with the relevant legislation on personal data & consumer protection. PSAP are used to deal with personal data respecting citizens’ privacy in the course of their normal operations in accordance with European and national legislation (e.g., when citizens call to the single European emergency number, 112).
While in normal operation the eCall IVS is not registered to any telecommunications network. Registration and voice/data communications take place only in case of an accident. During its normal operation, theIVS may only scan the radio spectrum for available networks, but without communicating with the Mobile Network Operators (MNOs).No intermediate parties (including the MNOs) have access to the MSD that is transmitted from the IVS to the PSAPs.
Therefore, there are absolutely no reasons to be worried about your privacy if public Pan European 112 eCall is installed in your vehicle. The European Commission has taken all the necessary measures to safeguard privacy of the vehicles’ occupants, after consulting with data protection authorities and the European Data Protection Supervisor office.
The problem here is that there’s no technical information I can find that specifies exactly how automobile manufacturers are supposed to implement this. So we will just have to take the EU’s and the auto maker’s word that the system is secure and works as intended in every single make of car? Specifically, that the system can’t be tricked into thinking an accident has occurred or otherwise activated, maybe even silently. What about backdoors built into an implementation by a car manufacturer?
The EU document itself specifies security and privacy problems that the car manufacturers must address, but neglects to tell us how this is being done.
Manufacturers shall ensure that the eCall in-vehicle system is not traceable and is not subject to any tracking before the eCall is triggered.
How will they ensure this?
In the internal memory of the eCall in-vehicle system, retention of previous locations of the vehicle is permitted, but that data must be continuously removed to ensure that only data strictly necessary to specify the current location and the direction of travel are retained. This data must not be available outside the in-vehicle system to any entities before the eCall is triggered.
How do I check that this data is being removed? What if it isn’t? What if the data is in fact available, let’s say over the internet via the car’s entertainment system or over the CAN bus?
Privacy enhancing technologies shall be embedded in the in-vehicle eCall system in order to provide eCall users with the appropriate level of privacy protection, as well as the necessary safeguards to prevent surveillance and misuse.
Indeed? What are those magic “privacy enhancing technologies”?
Seeing as how car manufacturers have an appaling track record when it comes to safely implement electronic systems or to be honest about their product and how it works, I have little faith that a) they are doing this correctly and b) the EU has effective checks in place to ensure it is being done correctly.
eCall in the Real World
Now, the good news is that eCall isn’t as widely deployed as the EU would like to make us think. This is because automobile manufacturers, despite being legally obligated to build it into their vehicles, are by and large doing everything they can not to. Since the requirement came into effect, just over 30 different car types with eCall have been approved for use on EU roads. But there are many more new car models that have entered the market in the EU since then. How does that work?
Well, it seems car manufacturers are using a loophole in the EU’s type approval system for motor vehicles. They simply aren’t registering new car models as separate vehicle types and are using existing type approvals where they can. This is being done because of many other reasons than simply avoiding to have to build in an eCall system. It saves the manufacturer a lot of money as the approval process is much quicker and less complicated. This means they only register a new type when they introduce a completely new car, let’s say the Volkswagen ID.3. Whereas a new Golf would most likely use the type approval from the previous generation model. Since most new cars are just improvements on existing designs, this kind of thing is happening a lot.
So the car manufacturers aren’t shirking the eCall requirement because they care about privacy. It saves them money to not build in an additional component. And there are other problems. The biggest one is that eCall uses 2G/3G networks to connect to the emergency services. And those are going away. In Germany, 2G will probably stay around for a long time as a fall-back for old devices, but 3G is being phased out by all three network operators by the end of 2021 or 2022. In other countries, 2G is on the chopping block as well to clear up frequencies for other uses. There are plans for a “next generation” eCall system that will use 4G (LTE) and 5G networks, but it is stuck in the preliminary planning stages at the moment.
Sadly, there’s a clear lack of transparency around this system. So it is often impossible to find out if the car you want to buy has eCall fitted before you’re at the dealer. And even then it is hard sometimes. The only absolutely safe bet is to buy a car that was built before 2018, even better would be one built before 2015.
This is also not a problem that affects only people who live in the EU. As with many such regulations, once manufacturers are pressured to do something in one market, they will also introduce it in others – or will be forced to do so by similar, copycat legislation. In the US, for example, OnStar is being built into cars for more than ten years now. In fact, one of the show’s producers has it in his car and is trying to get rid of it. Ford’s Sync system has similar functions and is much harder to remove or disable, because it is fully integrated with the entertainment system.
Can I Turn It Off?
According to this research by blogger Fernando Negro, the standard that governs the implementation of the eCall system (EN 16072:2015) allows for the system to be shut off – even though there are some questions if this is still the case in 2021. Getting manufacturers to do that when you buy a new car seems to be a lot trickier than simply asking for it to be disabled, though.
Most of them claim the law prohibits them from turning the system off. Even though the actual EU legislation seems to only specify that manufacturers have to built in this system, not that it has to be working for the car to be road legal. It also doesn’t impinge on what I would think was the right of the consumer to control what the product they purchased does and does not do. There is nothing in the road safety code that I am aware of (at least here in Germany) that says cars need to be fitted with such a device.
So what can you do if you simply have no other option than to buy a car with eCall? Or if you already own such a car? Well, there is always the “crowbar solution” that forum user mentioned – i.e. removing the eCall device, cutting its power or destroying its antennas. But if you are able to do that, indeed if you are actually able to find and access your car’s eCall module, depends very much on the specific make of your car. Since manufacturers use proprietary solutions and seem to be very unwilling to provide any information about them, it might be next to impossible for you to figure out where that system lives. Especially since modern cars are very complicated and have tons of tightly integrated electronics systems.
Another option, which is my personal preference, is simply to buy used, older cars. This has several upsides: They generally look better, mostly don’t patronise you with electronic “helpers”, are easier to repair and instead of expending energy and resources to have a new car built, you are using something that is already there and works. Granted, it can be hard to not get scammed when buying used, but modern online car sales platforms help with this. And buying used, if done right, can save you a ton of money. Especially if you buy a model that has a well earned reputation for being reliable and sturdy.
And if you want something flashy, look at it this way: You can get a beautifully kept ’80s Mustang for significantly less than you would pay for a contemporary competitor from BMW or the like. And there’s no question which of those has more style.
Producer Feedback
Stephen corrects a mistake I made in episode 52:
In the midst of listening to this episode. Just wanted to clarify that the “CHAZ” (a.k.a. CHOP) isn’t in Washington DC but rather in Seattle, Washington, the other side of the country. This “Capitol Hill” is a neighbourhood in Seattle.
Also in reference to the previous episode, Jackie said via Discord:
Excellent episode guys… I actually listened in one sitting. PS You know I love ya Fab but I’m with Mike re the UK COVID situation. It’s been very badly mishandled and as a result we have had some terrible death rates. But meh… Tories, and in particular, we have the clown Tories in charge.
Galteran, also in the Discord discussion on that episode, said:
Hi, I just finished listening to episode 52 and wanted to thank both Fab and Mike for their ever inspiring discussions, be it politics, media or other stuff. I also like the attention to detail Fab puts into the show and since episode 1 I am proud to have been able to support the show as a producer as I really appreciate the value TPC is delivering to its listeners.
Regarding the political discussion about left-right or democrates-republicans in the US (and if I remember well I think Fab also once mentioned the so called horseshoe topic brought up in German politics) I found a very interesting statement by Jimmy Dore saying that the left-right issue which the M5M is pushing is in fact a top-down or us-vs-them issue. I find this viewpoint very interesting and I have also heard about it on Adam Curry‘s podcasts (both No Agenda and Moe Factz with Adam Curry) which btw I strongly recommend to anybody who has not yet checked them out if they are interested in US politics, history and media.
Bazzawill chimed in later in the same discussion:
Just one thing on the COVID-19 vaccine. The flu vaccine is a little different to the COVID ones. It takes a long time to produce a flu vaccine so they need to guess the upcoming flu strain many months before flu season. The COVID vaccine is using a RNA vaccine which has a shorter lead time. Hopefully this could mean they can be more reactive with mutations.
If you have any thoughts on the things discussed in this or previous episodes, please feel free to contact me.
Toss a Coin to Your Podcaster
I am a freelance journalist and writer, volunteering my free time because I love digging into stories and because I love podcasting. If you want to help keep The Private Citizen on the air, consider becoming one of my Patreon supporters.
You can also support the show by sending money to via PayPal, if you prefer.
This is entirely optional. This show operates under the value-for-value model, meaning I want you to give back only what you feel this show is worth to you. If that comes down to nothing, that’s OK with me. But if you help out, it’s more likely that I’ll be able to keep doing this indefinitely.
Thanks and Credits
I like to credit everyone who’s helped with any aspect of this production and thus became a part of the show.
Aside from the people who have provided feedback and research and are credited as such above, I’m thankful to Raúl Cabezalí, who composed and recorded the show’s theme, a song called Acoustic Routes. I am also thankful to Bytemark, who are providing the hosting for this episode’s audio file.
But above all, I’d like to thank the following people, who have supported this episode through Patreon or PayPal and thus keep this show on the air: Georges, Niall Donegan, Michael Mullan-Jensen, Jonathan M. Hethey, Butterbeans, Dave, Steve Hoos, Mark Holland, Shelby Cruver, Vlad, Jackie Plage, 1i11g, Philip Klostermann, Kai Siers, Jaroslav Lichtblau, ikn, Fadi Mansour, Dirk Dede, Joe Poser, Matt Jelliman, David Potter, Mika, Martin, Dave Umrysh, Michael Small, S.J., RikyM, drivezero, Larry Glock, Bennett Piater, MrAmish, Jonathan Edwards, Barry Williams, avis, Neil, Captain Egghead and also Christoph Martin and Filipe Carvalho (sorry for the late credit, PayPal ate your transactions). Many thanks to Twitch subscribers as well: Mike_TheDane, jasonw3rt, Galteran, redeemerf, indiegameiacs and andyp4nts.
End of show song: Sunset Drive by Future Joust
End of show music and some sound effects licensed via Epidemic Sound.