[gleenn]

I don't understand how you think this isn't nefarious based on your own post. I didn't ask my car to basically give a backdoor to all my texts and contacts to law enforcement. If that exists, it is certainly being used. I find it very sad that you have to prove injury despite the fact that is is clearly not in a user's benefit. Laws are always playing catchup to tech and we shouldn't have to play wackamole for every new absurd way our privacy is being abused just becawe can't prove that police aren't doing parallel construction to avoid the direct "injury" to us.

[bri3d]

Why do I think these features are not nefarious?

* There's an obvious, legitimate want for the vehicle's head unit to ingest this data, in order to display a UI (or provide a voice UI) which allows the user to call a contact by name or read a recently received text message. Is this a poor implementation concept which has mostly been supplanted by better implementations (Android Auto / CarPlay), sure, absolutely but it's not some thing that was added for the express purpose of "stealing" information. It's a long-standing set of features which use obvious, standardized Bluetooth technologies to fill an obvious, straightforward user need. Nothing weird there.

* There's no sign whatsoever that there was any collusion with law enforcement in the construction of these systems. They're just badly implemented, vulnerable software which is exploited by a forensics vendor (just like literally every other piece of hardware and software under the sun).

[lrvick]

I have worked for enough IoT and whitelabeled tech companies to know spying is normally never a plan from the start.

It is the lack of planning to prevent it that is years later branded as a feature to sell when company leadership looking to boost numbers or build political capitol start talking to law enforcement. Often after an acquisition or two.

I personally know a release engineer that was required to quietly send all new code changes to an NSA ftp server, presumably to make sure none of the bugs they rely on were fixed.

If something is in popular use and -can- collect data covertly, it will be co-opted to do so by someone for power or money without fail.

[zlg_codes]

I want to include with your great post that civil action will not stop a government hellbent on gathering data.

Destroying the means of surveillance, capturing targets, and reverse blackhatting is what will work.

[philsnow]

> I personally know a release engineer that was required to quietly send all new code changes to an NSA ftp server, presumably to make sure none of the bugs they rely on were fixed.

... what would they have your acquaintance do if a bug they relied on were fixed? Push back on the change?

[lrvick]

That was implied, but never happened that they know of.

Could be they just decide to go take maximum risky advantage of the flaw before it is patched.

[zlg_codes]

You're totally falling for the plausible deniability governments engage in when conducting surveillance and espionage on their own citizens.

"Oh it wasn't our fault the software was wrote poorly. Not like we wrote laws around it or paid companies to share data with us."

What else do you believe that comes from the govt's mouth? Would you simply never believe they'd take advantage of us unless caught in some precise way, in some precise situation?

Government can start showing us it's loyal to us, or face attack of its own networks.