When State Farm Insurance announced its telematics-based roadside assistance program, everyone said OnStar had gained a new competitor. What didn't get as much attention, however, is that the insurance company also opened an electronic window into your driving habits.
The system, called In-Drive, is two small boxes -- one that clips onto your visor, another that plugs into your car's OBD II diagnostic port -- that can summon a tow truck, alert the police and even locate a stolen vehicle or a teen who has missed curfew. It's all very helpful, and quite innocuous. But In-Drive also lets drivers opt in to Drive Safe and Save, State Farm's usage-based insurance program that calculates drivers' premiums based on their recorded driving habits.
The insurer is offering discounts on insurance premiums of as much as 50 percent, in addition to roadside assistance, in exchange for tracking its customers. State Farm says the program, which costs motorists between $5 and $15 monthly, is designed to provide conveniences like emergency assistance while encouraging -- and rewarding -- safe driving habits.
"This combined offering represents a first in our industry," said Mike Wey, State Farm senior vice president. "It will provide drivers with a wide range of new options that will make for a smarter vehicle and even smarter driver."
But the practice raises questions about privacy, including what information is recorded and where it is stored. Though there are significant legal protections dictating what insurance companies can use to set rates, other data that is collected is subject to less transparent privacy policies.
Usage-based insurance, also known as "pay as you drive," gained favor in the last decade or so, when actuaries realized they could use data gleaned from telematics and GPS systems to rate an individual driver's risk, based on empirical evidence. Perhaps the most widely marketed example is Snapshot, the Progressive program that offers discounts of as much as 35 percent to those drivers who don't go out late at night and use a light touch on the accelerator.
Many states limit how much data insurers can collect, in many case letting them track nothing more than how many miles accrue between policy renewals. But drivers who opt into these programs may be divulging more information than they realize.
And, although they're collecting a rich set of data, insurance companies risk lavishing rewards on good drivers while doing little to encourage safer behavior behind the wheel.
Show And Tell
In many ways, In-Drive operates much like OnStar and any other vehicle telematics system offerings roadside assistance. And that's what opens the door to insurance company snooping.
The system, developed by Hughes Telematics -- the same folks behind Mercedes-Benz' mBrace system -- records the stream of diagnostic information sent through a vehicle's on-board diagnostic (OBD II) port, including emissions data and vehicle-dynamics info like speed and braking.
That data is encrypted and sent to Hughes through a dedicated cellular connection. Much of that information is used only for roadside assistance programs -- for instance, GPS data is used to track a stolen vehicle -- because many states limit the amount of information a company like Hughes can provide to insurers. In-Drive is currently available in Illinois and will be offered in California, Colorado, Ohio and Texas at a later date. Snapshot is offered in 38 states. In most states, auto insurers face further restrictions in setting rates based on data they collect.
Kevin Link, vice president of marketing at Hughes Telematics, says the only info passed on to State Farm is speed, time of day, miles driven, acceleration, braking and the number of left and right turns made. State Farm sends customers a "report card" after 30 days and begins lowering premiums, if applicable, after 100 days of continuous data collection.
Interestingly, you can pull the device out of your car at that point and enjoy the cheaper rate until your next policy renewal, at which point you'll need to reinstall it so State Farm can collect another 100 days of data.
Until recently, in many states it wasn't legal for insurers to collect even that much data. In California, for example, insurance companies lobbied the state to allow electronic tracking devices for usage-based insurance. It was part of "pay as you drive" legislation passed in 2009 that made mileage a major rating factor. With it came new regulations, designed to protect customer privacy, prohibiting insurers from collecting where, when and how a vehicle is driven.
So how can State Farm collect exactly that kind of data? There's a loophole in the law.
"Insurers are allowed to collect location information only as part of an emergency road service program, theft-tracking service, map service or travel service," says Dorothy Glancy, a professor at the Santa Clara University School of Law who specializes in privacy issues in transportation.
In other words, if they're collecting acceleration data through a system that can, say, locate your stolen car, they're on solid ground.
To be clear, State Farm doesn't use location data in setting rates, and the information they do receive is only as accurate as a 10th of a degree of latitude. Snapshot doesn't even include GPS technology, nor does it track vehicle location.
According to Richard Hutchinson, Progressive's general manager of usage-based insurance, it's by design. "By having not included GPS, and thereby not having location, we've avoided all that activity," he said. It also saves them from getting into divorce disputes and other messy legal proceedings.
Link says In-Drive doesn't use location data to help determine premiums, but it does feature GPS for roadside assistance, stolen-vehicle tracking and the optional Co-Pilot service that customers can use to monitor the driving habits of their teen or elderly relatives.
The continued privacy of location data is protection that Glancy says must be maintained.
"Someone could make a lot of money from using the insurance location data, or selling it to data brokers," she says.
Like a Nosy Neighbor
Even if State Farm and Progressive can track more than mileage, they can only use those most basic data points outlined above to set premiums. What, then, do they do with the rest of the stream of data flowing from the OBD-II?
They store it. Then, they study it.
In their respective privacy policies, both Progressive and State Farm explicitly say they will not sell identifiable information to third parties, but that's where things get vague.
Progressive says it can, with a customer's permission, use data gleaned through Snapshot to resolve a claim. According to Hutchinson, the data is only called out when a customer specifically asks for it, usually because they feel it will support their case.
State Farm says it may share information with third parties "as required or permitted by law," while Progressive says it will do so if "it’s necessary or appropriate to service your insurance policy, prevent fraud, perform research, or comply with the law."
Both Link and Hutchinson said their respective companies would be required to share info with law enforcement if there were a legal requirement to do so.
According to Link, State Farm's data is stored with "significant data encryption." Hutchinson said that Progressive, like all insurance companies, is required by state laws to store identifiable data for seven years for auditing purposes.
Beyond that, the data is scrubbed of personal information and stored "indefinitely," though he said that there's currently at least a decade of data on hand that actuaries are studying to create more predictive models for rating. That's what insurance companies have done since Lloyd's tried to predict the risk of shipping tea to the New World.
"We keep the driving data, and we keep the loss data associated in our database. We view that data as being valuable from an actuarial standpoint," he said. "Our primary objective is to find data that we believe is representative and will give us an indication of being in an auto insurance accident." For example, he said actuaries are currently studying altitude data to determine whether there's any correlation between accidents and driving on mountain roads.
Hearing Hutchinson say it, we were surprised that such an explicit explanation didn't make it into Progressive's relatively obtuse privacy policy. Glancy says this lack of transparency is a common problem.
"The trouble with most of the insurance programs that seek to collect such data is that the insurance companies do not adequately explain in terms that an average driver would understand precisely what data they are collecting," she says.
A Calculated Risk
State Farm and Progressive stress that their usage-based insurance programs are strictly opt-in, which is the ultimate protection for those concerned about privacy. But that's exactly what makes such programs less attractive to those drivers whose behavior insurers most want to change.
To encourage safer driving, insurers hope that bad drivers will succumb to illusory superiority -- the false belief that they are better than most at a particular task, such as driving. It's also known as the "Lake Wobegon Effect," after Garrison Keillor's fictional town where "all the children are above average."
Such drivers believe they're safer and more skilled than they actually are. They're the type to sign up for usage-based insurance, expecting a big discount. When they don't receive it, insurers hope they'll change their behavior to save some money, becoming better drivers. This is why State Farm provides a "report card" concretely telling In-Drive users how to drive in a manner that reduces premiums.
That's the theory. Reality is far different.
Evidence suggests that those willing to have their driving habits tracked tend to drive very little. There isn't a whole lot of empirical evidence about usage-based insurance yet, but Glancy says a pay-by-the-mile program from British insurer Norwich Union ended quickly in 2008 when the only people who signed up rarely ventured out in their cars. The company was essentially providing an additional discount to those already presenting the lowest risk.
If insurers really wanted to encourage participation in usage-based programs, they would offer safe-driver discounts and incentives only to those who agree to have their driving habits tracked. Glancy says that would be "possible, even likely" -- if it weren't barred by state laws.
That's why offering the convenience of a program like In-Drive -- Hey folks! We'll call an ambulance if you crash, or find your car if it's stolen! -- is important to insurers. It provides them with access to more data streams and entices policyholders to sign up for tracking.
Even collecting and storing the data exposes insurance companies to some financial risk. Should there be a data breach, the companies may face fines and penalties.
"The cost of reacting to data breaches can be very high," says Glancy. "The other type of expensive risk come from demands for access to the data by law enforcement, civil litigants, national security agents, etc. Responding appropriately can be very costly."
In the future, increasingly connected cars may be charged mileage-based user fees in place of a gas tax.
Following California's lead, Massachusetts is considering a pilot "pay as you drive" program for environmental reasons.
For now, though, it's still a customer's choice whether to participate.
"This program is strictly voluntary," State Farm spokesman Kip Diggs says. "We expect this program won’t be for everyone."
Photo: Library of Congress
See Also:- Automotive Black Boxes, Minus the Gray Area
