Author: Marie Weber, Lexy Kassan
Publisher: Data Science Ethics
Publication Year: 2019
Summary: The following podcast episode discusses how Tesla had a bug bounty program running in 2019 which led people to try and hack wrecked Tesla cars. The reason was that all the footage, precise geolocation, and other related information was being stored in the car’s computer. The (supposedly ethical) hackers were able to extract personally identifiable information using all the phones that had ever paired with the car including their contact lists, calendar entries, and the last several locations the car had been at in unencrypted format. This posed a huge risk since any user could be easily triangulated and footage could be accessed, potentially even incriminating the driver in some cases. The 2 biggest concerns here are the collection and storage of data and the unencrypted manner of storage. Even though Tesla promptly resolved this issue, the data from the users had the potential for misuse because of the company’s aim to beef up its security by launching a bug bounty program, something they could have notified the users about.