Your car's hidden 'black box' and how to keep it private
Most commercial airplanes have an indestructible flight recorder, also called a "black box" — even though the casing is actually bright orange. Actually, there are two of them: One records information from the flight computers, and the second box records cockpit audio and other sounds inside the plane. In the event of a crash, investigators can recover the black boxes and find out exactly what happened.
Cars can have black boxes, too. In fact, it's a good bet your current car has one already, and if it doesn't your next new car certainly will. That's why you should know exactly what that black box is recording, who can get that information and how you can stay in control of it.
A bit of history
Black boxes in cars aren't a new idea. The practice started in 1994 with cars from Cadillac, Buick, Chevrolet and Pontiac. The black boxes were meant to help manufacturers learn how their cars performed in crashes.
Since the early 2000s, the National Highway Traffic Safety Administration (NHTSA) has been collecting black box information to get a better picture of the circumstances surrounding car accidents. In 2013, 96% of every new car sold in the United States came with a black box, and as of Sept. 1, 2014, every new vehicle must have one installed.
Black box data has been used in a few high-profile investigations. In 2011, Massachusetts Lt. Gov. Timothy Murray totaled a government car (he walked away). He claimed he was driving the speed limit and wearing a seat belt. Investigators used his black box data to show he was driving 100 mph without a seatbelt at the time of the crash.
Wondering if your car has a black box? The Harris Technical site lists the year, make and model of nearly every car that includes a black box. You can also check your car's manual. If you're buying a car from a dealership, they have to tell you if the car has a black box.
What do black boxes record?
While the first-generation event data recorders did little more than track whether or not the car's airbags deployed, recording and sensor technologies have become smaller and much more powerful. The NHTSA has mandated that every new recorder must track 15 variables.
The information includes vehicle speed, throttle position, airbag deployment times, whether the brakes were applied, if seatbelts were worn, engine speed, steering angles and more. Manufacturers may also have up to 30 additional data points if they want, excluding, they say, GPS location, video and audio. Also, a black box only stores information for 20 seconds around the crash.
Still, many privacy advocates worry that the recording length might eventually increase and include more identifying information. That raises the question of who can access the data in the first place.
Who can pull the data?
Getting your hands on black box data requires professional training, and a Crash Data Retrieval system that starts at $2,000 and can cost up to $20,000 with accessories. The CDR system plugs into the on-board diagnostics port under the dashboard on the driver's side and transfers the information to a special computer program.
Obviously, car manufacturers have the equipment. The NHTSA and law enforcement have the resources to get the information either directly or through specialized third parties. Third-party shops often pull the data as part of an accident reconstruction service. Insurance companies and law firms may also use third parties to get data for accident investigations or court cases.
Then there's the group everyone worries about: hackers. In most cases, I doubt hackers want your black box data. It would need to have a lot more information on you to make it worth their while.
Hackers are more interested in hacking cars so they can take control from a distance. Unfortunately, they're getting good at it, and it's getting easier as cars become more and more computer controlled.
That's the technical side of downloading black box data, but there's a legal side as well. As of this writing, 15 states — Arkansas, California, Colorado, Connecticut, Delaware, Maine, Nevada, New Hampshire, New York, North Dakota, Oregon, Texas, Utah, Virginia and Washington — have passed regulations regarding who can pull the information with and without the car owner's permission.
You can find an up-to-date list of the states and their rules at the National Conference of State Legislatures site. In general, however, no one can pull data without your permission or a court order. Insurance companies can't use the data to set your rates unless you opt into a program, and those programs usually use another tracking unit. The rules are much less clear in states that haven't passed any legislation yet.
Can you keep your data private?
Still, anyone with a court order, or just the right tool and a little time, can get at your black box information. There's no way you can delete the data or disable the black box.
Fortunately, there is a simpler option. Products like AutoCYB, OBD Lock and OBD Saver put a lock on the diagnostic port so no one can plug anything into it without your permission. That keeps people from resetting information, extracting data or falsifying records that could be used against you.
Whether a court order would require you to hand over the keys to the lock is another story. I'll leave that one for the lawyers to decide. However, you can at least make sure that nothing short of a court order lets someone get your data.