Computer experts find speed data collected by some insurance companies could compromise a customer’s privacy
In our constantly connected, information-rich society, some drivers are jumping at the chance to let auto insurance companies monitor their driving habits in return for a handsome discount on their premiums.
What these drivers may not know is that they could be revealing where they are driving, a privacy boundary that many would not consent to cross.
A team of Rutgers University computer engineers has shown that even without a GPS device or other location-sensing technology, a driver could reveal where he or she traveled with no more information than a starting location and a steady stream of data that shows how fast the person is driving.
Insurance companies and customers both have incentive to monitor driving speeds, said Janne Lindqvist, assistant professor in the Department of Electrical and Computer Engineering at Rutgers. Drivers who avoid jackrabbit starts and sudden stops are typically lower-risk drivers, and insurance companies benefit by rewarding such behavior. So some companies are offering lower premiums to customers who install a device that constantly measures, records and reports their speed.
“The companies claim this doesn’t compromise privacy, because all they are collecting is your speed, not your location,” said Lindqvist, who is also a member of the university’s Wireless Information Network Laboratory, or WINLAB. “But we’ve shown that speed data and a starting point are all we need to roughly identify where you have driven.”
Lindqvist doesn’t claim that insurance companies are actually processing the data to reveal locations. The techniques he and his colleagues are exploring are in their early stages and are not obvious to implement. Insurance companies likely wouldn’t benefit from knowing this information, especially if it is costly to obtain. But, he believes, it’s conceivable that law enforcement agencies could subpoena this information and run these kinds of complex analyses if they want to find out where someone has driven.
“I’m not saying that insurance companies should not monitor speeds like this,” he said. “I’m just saying that they should not imply that their speed data collection is privacy preserving. In any case, collecting just speed data compared to GPS data is a better practice since the locations are not directly available.”
To test how well the elastic pathing technique worked, Lindqvist and his colleagues examined data from six drivers in New Jersey traveling to 46 different destinations over 240 trips, and from 21 drivers in Seattle over 691 trips. For more than 20 percent of the trips, the technique predicted the final destination within a little less than one-third of a mile from the actual endpoint.
“In time, we expect improvements will be made to our initial approach,” he said. “The data, once collected, do not go away, and improvements may make it possible to plumb more private information.” Lindqvist suggests that insurance companies consider alternatives to collecting speedometer readings that can afford better privacy protection.
Lindqvist’s doctoral student, Xianyi Gao, will present the results of the team’s research at the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp 2014) Sept. 13-17 in Seattle. Other student contributors include Bernhard Firner, Shridatt Sugrim, Victor-Kaiser Pendergrast, and Yulong Yang. The National Science Foundation funded the research.
Rutgers Today article by Carl Blesch