German constitutional protection officer warns against data collection by Chinese EVs
German constitutional protection officer warns against data collection by Chinese EVs
cross-posted from: https://mander.xyz/post/45981222
The head of Thuringia's Office for the Protection of the Constitution, Stephan Kramer, warns of data-protection risks from electric cars from China. "The espionage risk posed by Chinese electric cars is real," he told Handelsblatt. However, what is meant is less traditional espionage and more "data harvesting on a large scale." How dangerous that is depends heavily on where and by whom the vehicles are used.
[...]
For security-relevant areas such as the Bundeswehr (Germany's armed forces), police, critical infrastructure, and the government sector, Kramer thus rates the risk as "high." Even the transmission of location data to external IT systems in the cloud is problematic. For companies with sensitive research and development, Kramer sees a "medium to high risk." This applies especially when vehicles regularly visit research sites, are used by executives, or serve as a "mobile meeting room".
It's not just about Chinese electric cars
According to Kramer, electric cars fundamentally pose a spying risk, not only Chinese ones. "Modern electric cars are rolling computers," he said. The vehicles collected and transmitted a large amount of information. These included location and movement data, in-cabin data from microphones or cameras, phone and contact data from the connection with smartphones, information on driving behavior, as well as data from the surroundings via driver-assistance systems.
The Federal Ministry of the Interior wants to monitor the situation. "Because of the rising market shares of Chinese car manufacturers in the European market, the geopolitical situation and China's power ambitions, there is a need to keep a close eye on possible risks posed by Chinese vehicles," a spokesman told Handelsblatt. He noted that Chinese vehicles "have highly complex, networked systems that generate, store and transmit large amounts of data."
[...]
Under EU type-approval law, manufacturers are obliged to protect vehicles adequately against cyberattacks and to prevent unauthorized access to vehicle data. The exact scope of the data generated and their transmission is, however, often opaque to customers.
[...]