Motor insurance 'black boxes' / by Dan Lockton

Norwich Union Black Box Last month, Norwich Union (one of the UK's largest insurers) opened up its 'black box'-based car insurance policy (see here) to a wider range of drivers, with a lot of publicity.

Branded Pay As You Drive, the insurance is aimed at young drivers, and charges not just on mileage, but on time of day the journey was taken: night-time journeys result in a significantly higher fee. The box uses GPS to determine how far, and when you drive, in order for Norwich Union to decide what to take from your bank account (it seems to be only available via Direct Debit, which makes the "There will even be a monthly bill so you'll be able to control just how much you spend" statement rather disingenuous).

It doesn't appear to charge based on where you drive, or indeed on what speeds you do although those data will of course be logged. If they're going to identify driving at night as being a major risk factor (personally I prefer driving at night, with less traffic and open roads), then surely speed must be important too?

They also advise young drivers "To keep costs low...ask your friends to contribute to the running costs" (here) which I would think would perhaps invalidate your insurance, since you are effectively using the vehicle for private hire purposes. Maybe I'm wrong on that, but I'm sure it's in the small print of my own car insurance—I've certainly seen it cited as a reason why 'official' car-pooling schemes can be tricky to set up.

Anyway, as an architecture of control, there are a few issues which it's worth considering:

• What happens to the data?
"If approached, we shall only provide information about you to those legally entitled to it, and where we are obliged to release it"—here. So if you have an accident, and the police ask Norwich Union for the black box log, and it shows that you were speeding, what happens then? Can you be convicted on the basis of that information? (At least in North Dakota, this issue seems to have been resolved in the customer's favour—not likely in the UK). What if the police asked Norwich Union for the data for, say, all the drivers who have the black boxes fitted? OK, they probably wouldn't, but think of the possibilities for instant, automatic speeding fines to be generated by linking the Norwich Union black box database to the police national computer... absolutely no escape. A disciplinary architecture in your own car—similar to a tachometer in a truck, but one which would automatically fine the driver (and 'endorse' his/her licence) with no human intervention.

• Will they use location data for any other purpose?
"I wasn't there at the time, officer. My wife will confirm, I was here at home mowing the lawn." "Well, that's not what your Norwich Union box shows, Sir. Oh, and by the way, I know you went down that one-way street the wrong way last month, too. That's an instant £100 fine, I'm afraid." Of course, the massive interconnected network of numberplate-recognition CCTV and other traffic cameras that's already underway in the UK (see, e.g. "Spy cameras to spot drivers' every move" in The Times from a couple of weeks ago) will also provide a nice correllation. "Details of any vehicle passing a camera will be stored in a database for at least two years—even if the owner has not committed an offence." It's all fine, of course, because if you haven't done anything wrong, you have nothing to fear. Not to mention the possibilities for blackmail, stalking, and so on.

• So, can it be hacked?
How can it be circumvented? Could you take the box out and put it in someone else's car? For example, an elderly relative who only drives a couple of miles a week down to the shops? Will your MoT (annual vehicle test) certificate record that such a black box is in place? (i.e. will the insurers ever find out it's been removed?) Will the police have a record of which cars have the box fitted? If they stop you and check, and you've removed the box, will you be automatically deemed to be driving without insurance, and your licence taken away?

Does it only use GPS or is there any other way of it getting its data? This says that it's "It is wired to you [sic] car battery for power and to your ignition to record the start and end of each journey. It is designed to record mileage when the car is switched on and therefore, will not affect the battery when the car is not in use. There is also one aerial [for transmitting the data back to Norwich Union—in real time] that is placed inside your car."

So if it only draws current when the ignition's on, what's to stop you disconnecting it from the ignition (once it's switched off) and driving to your heart's (and wallet's) content? It won't record that it's been disconnected any differently—or is it cleverer than that? Is the installation checked each year by Norwich Union-appointed personnel to make sure it hasn't been tampered with? Why does this page say that they'll only offer the insurance to cars from 1986 onwards?

The patents for the device used by Norwich Union are registered to Progressive, who have a number of patents for this type of device. They include a vast number of possible data that could be logged:

"RPM, transmission setting (Park, Drive, Gear, Neutral), throttle position, engine coolant temperature, intake air temperature, barometric pressure [from powertrain sensors]; brake light on, turn signal indicator, headlamps on, hazard lights on, back-up lights on, parking lights on, wipers on, doors locked, key in ignition, key in door lock, horn applied [from electrical sensors]; airbag deployment, ABS application, level of fuel in tank, brakes applied, radio station tuned in [!—what next? "Your honour, the defendant was most likely not in full control of his car at the time of the accident, because the black box log shows he was listening to the Remix on Xfm, and, well, that music's just so good there's just no way he could've been paying attention to the road"], seat belt on, door open, tail gate open, odometer reading, cruise control engaged, anti-theft disable, occupant in seat, occupant weight [from body sensors]; and of course vehicle speed, vehicle location, date, time, vehicle direction, pitch and roll, relative distance to other objects, deceleration, acceleration, vehicle in skid, wheels in spin, closing speed on vehicle in front, closing speed of vehicle in rear, closing speed of vehicle to side (right or left), space to side of vehicle occupied, space to rear of vehicle occupied, space to front of vehicle occupied, lateral acceleration, sudden rotation of vehicle, sudden loss of tire pressure, driver identification (e.g., through voice recognition, code, fingerprint or retinal recognition), distance travelled and environmental hazard conditions (e.g. icing, etc.), vehicle speed in excess of speed limit, observation of traffic signals and signs, road conditions, traffic conditions."

But if the Norwich Union implementation literally only takes in GPS data (when the ignition's on—i.e., it isn't even connected to the ECU) and sends that information back to the control centre continuously, it would suggest that it may be fairly easy to circumvent it. If one were so minded. Of course it would be wrong, etc., and I don't endorse any investigation, reverse engineering, circumvention attempts, curiosity, etc.

I've possibly missed something obvious here—if anyone has any comments or ideas, please post away!