BYD electric cars waiting to be loaded onto a ship at the international container terminal of Taicang Port in Suzhou, China, in February, 2024.-/AFP/Getty Images
Canadians tempted by low-priced Chinese EVs should know those vehicles could, potentially, be used to spy on them – and worse.
They should also know the same holds for any modern car.
Ontario Premier Doug Ford has dubbed Chinese-made electric vehicles “spy cars” and urged Canadians to boycott them after Ottawa agreed to import small quantities of them in a recent deal with Beijing. Federal Conservative Leader Pierre Poilievre has similarly dubbed the cars “roving surveillance operations.” And policy analysts have long warned that even private Chinese companies can legally be forced to spy for Beijing.
In fact, eavesdropping isn’t even the worst of it. Talk to a cybersecurity expert if you want to hear hypotheticals that sound like sci-fi horror. The nightmare scenario is one in which, say, all cars of a certain type suddenly freeze in the middle of the road or accelerate erratically. It wouldn’t take many of them to clog a country’s streets with accidents.
But those what-ifs don’t apply only to EVs made in China. Most new-ish automobiles, including gas-powered ones, could be hacked or weaponized by independent groups or hostile governments. Cars have become data-syphoning computers on wheels. They are just as vulnerable to bugs and cyberthreats as our phones and laptops.
Five lower-priced EVs we could possibly get with the new China deal
The question for Canadian consumers, then, isn’t simply whether they would buy a Chinese EV, given the privacy and security concerns. It’s also whether they feel comfortable driving a Tesla or any other vehicle made by American companies that are regulated by an increasingly belligerent U.S. administration.
And, then, of course, there is the potential for any internet-connected car to be targeted by your run-of-the-mill, politically unaffiliated computer whizzes.
The risk of hacks, bugs and privacy breaches isn’t as far-fetched as you might think. In 2015, WIRED journalist Andy Greenberg drove a Jeep Cherokee on the highway while two hackers sitting kilometres away killed the car’s engine to showcase how smart cars could be hijacked.
In 2023, Reuters reported that some Tesla employees had privately shared highly sensitive videos captured by customers’ car cameras, including one of a man walking toward a vehicle completely naked and one showing a Tesla hitting a child on a bike.
Things aren’t much better today, according to David Shipley, chief executive officer at Beauceron Security, a cybersecurity firm. If anything, risks have increased. Nearly half of the cars on the roads in Canada today are always connected to the internet. Software controls almost every function of the vehicle, and automakers collect data on anything from geolocation to drivers’ behaviour and, in some cases, biometric information.
Opinion: Carney’s China deal isn’t a sign of confidence in Canada’s auto sector
Security researchers have skewered automakers for lax standards. But even if the industry excelled at detecting and addressing vulnerabilities, patching software bugs is a game of whack-a-mole.
That’s why Mr. Shipley would like to see Canada adopt some guardrails. Among them is a switch-off feature that would allow consumers to manually disconnect a car from the internet. Another is mandatory, independent testing of both smart cars and the infrastructure that supports them.
Also, Mr. Shipley argues, automakers, along with tech companies, should have to comply with comprehensive data-privacy standards backed by regulators willing to impose big fines, as is the case in the European Union under the block’s General Data Protection Regulation.
So far, those have been low priorities for Ottawa, but rising tensions with the U.S. have pushed concerns about who controls digital technology and data closer to the top of the political agenda.
On the spectrum of national security concerns, connected cars stand somewhere between a telecom tower and smart fridge, according to Tom Nunlist at Trivium China, a strategy consultancy.
A compromised mobile network could mean system-wide vulnerabilities, he said via e-mail.
Smart cars and fridges, by contrast, are devices that run on that network. But as connected devices go, smart cars are among the ones that make for better spies and more dangerous weapons.
A fridge to which you can dictate your shopping list is capable of listening in to your conversations. A smart car can also gather information about everywhere you go – or smash into people and things.
It is telling that China itself has banned Teslas from its military bases.
Yet Canada, along with Europe, is just in the early stages of grappling with how to limit tech and data vulnerabilities.
In the meantime, Canadian car shoppers will have to decide what privacy risks and hypothetical doomsday scenarios they can live with.