Warrantless searches: US senators call for an investigation into car manufacturers’ privacy practices

Two US senators are calling for a Federal Trade Commission (FTC) investigation after learning that some connected car manufacturers provide law enforcement access to drivers’ locations without requiring a warrant. 

Modern cars provide useful services by collecting information about drivers, including their locations. But the senators note that “depending on car companies’ practices, these always-on data connections and the location data collected by cars and sent back to the automaker can seriously threaten Americans’ privacy.” 

In a letter to FTC Chair Lina Khan, Senators Ron Wyden and Edward Markey accused nine major car manufacturers of “deceiving their customers by falsely claiming to require a warrant or court order before turning over customer location data to government agencies.” 

What do the senators say about car manufacturers’ privacy practices? 

Senators Wyden and Markey asked fourteen car manufacturers about their policies around providing law enforcement agencies access to drivers’ location data. 

They learned that the following companies require a warrant before handing over location data: 

• GM 
• Honda 
• Ford 
• Tesla 
• Stellantis 

The senators argue that these companies are doing the right thing and keeping their promises to consumers. 

But they allege that the following car manufacturers do not require a warrant and will turn over location data based on a “mere subpoena”: 

• Toyota 
• Nissan 
• Subaru 
• Volkswagen (which requires a warrant for requests for more than six days’ worth of data) 
• BMW 
• Mazda 
• Mercedes-Benz 
• Kia 

Because a subpoena does not require court approval, and the two senators argue that this practice threatens drivers’ privacy. 

They also note varied data retention policies among the manufacturers. Some collect and retain data for up to 15 years, while others do not systematically retain location data. 

Is that against the law? 

Wyden and Markey argue that obtaining a car’s location data without a warrant violates people’s rights under consumer protection law and the US Constitution. 

Section 5 of the FTC Act 

The senators have requested the FTC to investigate the companies under Section 5 of the FTC Act, which prohibits unfair and misleading commercial practices that risk causing harm to consumers. 

For the past two years, the FTC has been extremely robust in enforcing the FTC Act in the context of digital privacy violations. Several companies, including most recently InMarket and X-Mode Social, have settled FTC allegations that they illegally sold location data collected from mobile devices. 

The FTC Act is a consumer protection law rather than a privacy law. But the FTC has cited the law in many cases where companies go against their promises about privacy to consumers. 

The senators allege that these car manufacturers told consumers they would only grant law enforcement access to their location data subject to a warrant. Because the manufacturers—again, allegedly—provided location data without a warrant, this could be a violation of the FTC Act. 

Carpenter vs. United States 

The letter also cites a 2018 Supreme Court decision, Carpenter vs United States. The case concerns the Fourth Amendment to the US Constitution, which protects people against “unreasonable searches and seizures”. 

In the Carpenter case, prosecutors obtained suspected burglar Timothy Carpenter’s mobile phone location data from his mobile network providers and used the information as evidence against him. Carpenter said this activity violated his civil rights. 

The Supreme Court ruled in favor of Carpenter. They found that accessing certain mobile phone records without a warrant was an “unlawful search” under the Fourth Amendment. 

The senators say that the Supreme Court did not provide a “clear, across-the-board warrant requirement,” so it isn’t obvious that the Carpenter case directly applies here.  

But they note that the authorities already require a warrant to access a person’s emails, search their private photos on the cloud, or search their phone. As such, they argue that a warrant requirement should apply to location data, which is “equally sensitive and deserving of the same strong protections.” 

Don’t law enforcement agencies need quick access to car location data?

The senators acknowledge that in some cases, law enforcement agencies require quick access to information about people’s locations, and they might need to get it from car manufacturers. 

However, they argue that warrant policies “do not undermine public safety” because “companies are permitted under longstanding federal law to turn over data immediately, in emergencies, without a court order.” 

It will be for the FTC, and ultimately a court, to decide whether car manufacturers must demand a warrant before they turn over consumers’ data. 

But with consumers paying more attention to privacy and legislators in states like California working on new connected vehicle privacy laws, there’s clearly a case for more diligence and transparency when processing drivers’ location data.