Tesla Win In Court Exposes Potential For Cyber Abuse In A Connected World – CleanTechnica

Sign up for daily news updates from CleanTechnica on email. Or follow us on Google News!

---

A well known 1983 song by Sting and The Police seems like a simple plaint by a jilted lover but its words, when separated from the music, take on a more sinister meaning. “Every breath you take and every move you make, every bond you break, every step you take, I’ll be watching you.” Sting himself said, “I think it’s a nasty little song, really rather evil. It’s about jealousy and surveillance and ownership.” And yet, it became the band’s biggest hit and has even been included in marriage ceremonies. It also presaged a new phenomenon — cyber abuse.

In May of 2020, a distraught woman went to the San Francisco police and said she was in fear of her estranged husband after she found a baseball bat in the back seat of the 2016 Tesla Model X co-owned by the couple. When the car was purchased, the husband set himself as the administrator on the account and listed the wife as an additional driver. That meant she could not remove his access without his password.

The woman told the police the bat was the same one her husband had used to threaten her with previously, implying he had used his access to the car to open the rear door and place the bat on the seat. Tesla allows owners to remotely access their car’s location and control other features through a smartphone app.

According to Reuters, the woman sued her husband in state court later in 2020 on claims including assault and sexual battery. She later named Tesla as a defendant, accusing the automaker of negligence for continuing to provide the husband access to the car despite the restraining order against him. Her lawsuit sought monetary damages from Tesla.

After the woman asked the police for help, they requested the access logs to the vehicle but were told they were only available for the past 7 days. A Tesla service center manager contacted Tesla deputy general counsel Ryan McCarthy for advice, the manager said in a deposition reviewed by Reuters. McCarthy said the woman needed to have her husband removed from the vehicle’s title in order for the company to disable his account, the service manager testified.

In its successful defense against the woman’s lawsuit, Tesla cited the husband’s denials and said she had “no proof other than her “belief and imagination” that her husband used the car’s technology to stalk her. It also noted the restraining order against the husband did not name Tesla specifically.

San Francisco Superior Court judge Curtis Karnow agreed with Tesla, writing in a 2022 opinion that both the woman and her husband “had a right” to use the car’s technology. He said it was unclear how Tesla was supposed to determine whether her allegations were legitimate. “A jilted partner might fabricate misuse charges to punish the other,” Karnow wrote, adding that the consequences of imposing liability for car manufacturers “would be broad and incalculable.”

Cyber Abuse Is Real

Now before you dip your pens in acid and send me nasty comments, let me say this is not an anti-Tesla hit piece. It is instead a warning about how, in an increasingly connected society, we are more at risk than ever from something I call cyber abuse — the ability to use internet connected devices to harass, intimidate, and sometimes terrify others in ways Sting never thought possible. As Reuters points out, cases of cyber abuse that involve stalking of others by monitoring their cars are becoming more common as automakers add sophisticated features such as location tracking and remote control of certain functions such as locking doors or honking the horn.

According to interviews Reuters conducted with divorce lawyers, private investigators, and advocates for domestic violence victims, using  phone spyware or tracking devices to track others has long been a concern, one that has prompted Google and Apple to design safeguards into their products. The San Francisco case exposes the often complex considerations these technologies pose for car companies and law enforcement officials.

The Alliance for Automotive Innovation, a trade group for automakers and suppliers that focuses on technology, cited spousal violence as a reason why California regulators should not require carmakers to release location or other personal data in most cases under a new state privacy law. The law sought to give consumers the right to access their personal data being tracked by companies. The auto group argued some car owners might improperly request personal data on other drivers of the same vehicle. Disclosing location-tracking data to an abuser could create “the potential for significant harm,” wrote the AAI. The group’s membership includes many major automakers, but not Tesla.

Some automakers have taken steps to prevent the misuse of the data their vehicles track. General Motors spokesperson Kelly Cusinato told Reuters her company’s OnStar system allows all drivers to mask their location, even if they are not the vehicle’s owner or primary user. Rivian, which makes electric trucks and SUVs, says it is working on a similar function, according to Wassym Bensaid, senior vice president of software development. He said Rivian has not encountered a case of domestic abuse enabled by its vehicle technology, but believes “users should have a right to control where that information goes.” GM declined to comment on whether its technology had been involved in any alleged domestic abuse.

Cyber Abuse Involves More Than Just Cars

Apple launched its AirTag location tracking device in 2021 as a way to help people find lost purses or keys. The small tags can easily be concealed in a car’s interior or other locations, and soon became a favorite tool for one partner to track another.

Earlier this year, Apple and Google jointly proposed standardized technology that could be adopted by any tech company that would allow for alerting people who are being tracked without their knowledge through tags or smartphone features. The idea, presented to a tech industry standards organization, won praise from some anti-domestic abuse advocates. Apple and Google had no comment for the Reuters story. In the San Francisco case, Tesla said in response to a plaintiff’s written request for information that it “does not have a specific company-wide policy” regarding how to handle stalking allegations involving its vehicles’ technology.

Catherine Crump, a Berkeley Law School professor specializing in privacy issues involving technology, told Reuters that stalkers always find a way to use location data, making this problem “totally foreseeable.” She said, “It is disappointing that a company as sophisticated and well resourced as Tesla doesn’t have better answers to this.” Crump is a former adviser to the White House Domestic Policy Council.

Crump is right but her statement is not complete. Tesla may be singled out in the Reuters report but the cyber abuse problem applies to all automakers as they race to incorporate ever more sophisticated connectivity into their products.

A Personal Note

When I got out of the Army back at the end of the last Ice Age, I returned to my home state to practice law. Most attorneys want nothing to do with domestic relations cases, and so they slough them off on the newest lawyers in the office. I handled a ton of them and I can tell you that until you have dived into the cesspool of family court, you have no idea what depths people will sink to in order to inflict emotional pain on those they once promised to love, honor, and obey until death do them part. The Family Court in my home state was most frequently known as The Zoo or The Swamp. I could tell you stories that would make your fingernails curl, stories you would say could not be true. But they are.

Cyber abuse is real and the courts and governments have no idea how to control it. When we put a cell phone in our pocket, or use an AirTag, or drive a connected car, we are inviting unseen actors into our lives, actors who can steal our identities and cause us untold amounts of psychic harm.

It is understandable why car companies don’t want to get dragged into this mess. But is inconvenience to the companies an adequate reason to relieve them of the burden of disclosing who is abusing their services? That question has no answer at the present time.

My take is that if a company benefits from an online resource, it should be required to shoulder some of the burdens that access creates. I would not expect Tesla or any company to respond to every request for information about who is accessing its system, but can think of no reason why it should not do so pursuant to a court order. If it only maintains access logs for 7 days, perhaps it and other companies need to amend their data storage policies to meet the evolving needs of society.

One thing is clear. Cyber abuse can cause real harm. Victims should be able to get help when they need it from companies like Tesla, even if the involvement of those companies is tangential or an administrative burden. Inconvenience is not an adequate reason to avoid helping victims of cyber abuse.