Most active commenters
  • dghlsakjg(6)
  • sanex(4)
  • sfn42(4)
  • fabian2k(3)
  • Someone(3)

←back to thread

Tesla said it didn't have key data in a fatal crash, then a hacker found it

(www.washingtonpost.com)
650 points clcaev | 60 comments | 29 Aug 25 11:15 UTC | HN request time: 0.421s | source | bottom
1. fabian2k ◴[29 Aug 25 12:38 UTC] No.45063298[source]
Do I understand it correctly? Crash data gets automatically transmitted to Tesla, and after it was transmitted is immediately marked for deletion?

If that is actually designed like this, the only reason I could see for it would be so that Tesla has sole access to the data and can decide whether to use it or not. Which really should not work in court, but it seems it has so far.

And of course I'd expect an audit trail for the deletion of crash data on Tesla servers. But who knows whether there actually isn't one, or nobody looked into it at all.

replies(7): >>45063548 #>>45063617 #>>45064088 #>>45064532 #>>45065580 #>>45067599 #>>45069859 #
2. Someone ◴[29 Aug 25 13:00 UTC] No.45063548[source]
Another reason is if there’s other kinds of data that gets uploaded to Tesla, and the code for uploading crash data reuses that code.

For the first kind of data, deleting the data from the car the moment there’s confirmation that it now is stored at Tesla can make perfect sense as a mechanism to prevent the car to run out of storage space.

Of course, if the car crashed, deleting the data isn’t the optimal, but that it gets deleted may not be malice.

replies(3): >>45063636 #>>45063757 #>>45070858 #
3. lgeorget ◴[29 Aug 25 13:07 UTC] No.45063617[source]
I guess one charitable way to look at it is that after a crash, external people could get access to the car and its memory, which could potentially expose private data about the owner/driver. And besides private data, if data about the car condition was leaked to the public, it could be made to say anything depending on who presents it and how, so it's safer for the investigation if only appointed experts in the field have access to it.

This is not unlike what happens for flight data recorders after a crash. The raw data is not made public right away, if ever.

replies(2): >>45063651 #>>45063981 #
4. fabian2k ◴[29 Aug 25 13:09 UTC] No.45063636[source]
Deleting after a certain time makes sense, certainly. Deleting immediately seems dubious to me. Though the descriptions in the article are vague enough that we might be missing some big aspects.

But in the end we wouldn't be discussing this at all if Tesla had simply handed over the data from their servers. If they can't find it, it isn't actually there or they deliberately removed it this affects how I view this process.

Two copies are better than one. If you immediately erase the data, you better be sure the transmitted data is safe and secure. And obviously it wasn't.

5. fabian2k ◴[29 Aug 25 13:11 UTC] No.45063651[source]
If Tesla securely stored this data and reliably turned it over to the authorities, I wouldn't argue much with this.

But the data was mostly unprotected on the devices, or it couldn't have been restored. And Tesla isn't exactly known for respecting the privacy of their customers, they have announced details about accidents publicly before.

And there is the potential conflict of interest, Tesla does have strong incentives to "lose" data that implicates Autopilot or FSD.

replies(1): >>45063764 #
6. cube00 ◴[29 Aug 25 13:19 UTC] No.45063757[source]
Data retention is legal's bread and butter. There's no chance such a decision is accidently made by reusing code.

Anytime data is recorded legal is immediately asking about retention so they don't end up empty handed in front of a judge.

Every byte that car records and how it is managed will be documented in excruciating detail by legal.

replies(3): >>45064340 #>>45064666 #>>45065418 #
7. sanex ◴[29 Aug 25 13:20 UTC] No.45063764{3}[source]
I would rather my cars not automatically rat me out to the authorities, personally.
replies(5): >>45064121 #>>45064171 #>>45066355 #>>45067755 #>>45072567 #
8. interactivecode ◴[29 Aug 25 13:38 UTC] No.45063981[source]
that's like worrying about external people having access to the drivers wallet in the case of a fatal crash. Like yeah sure but it's more likely that Tesla is sketchy considering their vested interest is controlling crash data reports
9. phkahler ◴[29 Aug 25 13:47 UTC] No.45064088[source]
>> Tesla has sole access to the data

All vehicle manufacturers have sole access to data. There isn't a standard for logging data, nor a standard for retrieving it. Some components log data and it only the supplier has the means to read and interpret it.

replies(3): >>45064415 #>>45064787 #>>45065820 #
10. gmd63 ◴[29 Aug 25 13:50 UTC] No.45064121{4}[source]
I wouldn't want them to have selective memory in favor of juicing Elon's marketing scams either.
11. souterrain ◴[29 Aug 25 13:53 UTC] No.45064171{4}[source]
Your property isn't ratting you out. The software you license from Tesla is ratting you out.
replies(1): >>45064380 #
12. Someone ◴[29 Aug 25 14:08 UTC] No.45064340{3}[source]
> Data retention is legal's bread and butter.

As is deleting data. Also, for, say, training data for Tesla’s software, I don’t see legal requirements for keeping it around,

> There's no chance such a decision is accidently made by reusing code.

At Tesla? I know about nothing about their software development practices, but from them, it wouldn’t surprise me at all if this were accidental.

Edit: one scenario to easily introduce this bug is if the “delete data after upload” feature were added after the “on a crash, upload all data you have, in case the car burns down” feature.

replies(2): >>45064675 #>>45065061 #
13. salawat ◴[29 Aug 25 14:10 UTC] No.45064380{5}[source]
Such a pity there is no way to get an electronics minimal car control unit. Funny how conspicuously unimplemented functionality works.
replies(2): >>45066277 #>>45067141 #
14. __alexs ◴[29 Aug 25 14:14 UTC] No.45064415[source]
There is a world of difference between "you need our special hardware and software to read the data" and "we deleted it lol".
15. ChrisMarshallNY ◴[29 Aug 25 14:23 UTC] No.45064532[source]
It's probably a bit like "This call may be recorded for quality purposes." That's a disclaimer that's usually required by the authorities, to let you know that you're being recorded, but it lets them off the hook, if the recording would be inconvenient to them. If it supports their side, they 100% always have it, but if it supports the caller's side, then it seems they didn't actually record that call ...so sorry...

Tesla's fairly notorious for casual treatment of customer car data (which they have a lot of). There was an article, recently, about how in-car video recordings were being passed around the office.

I know that at least one porn actress recorded a scene in a self-driving Tesla. I'll bet that recording made the rounds "for quality purposes."

replies(3): >>45064690 #>>45065453 #>>45065860 #
16. mattmcknight ◴[29 Aug 25 14:34 UTC] No.45064666{3}[source]
> Anytime data is recorded legal is immediately asking about retention so they don't end up empty handed in front of a judge.

In my experience, they are setting automated 90 deletion policies on email so they don't end up with surprises in discovery.

replies(1): >>45064858 #
17. SoftTalker ◴[29 Aug 25 14:34 UTC] No.45064675{4}[source]
Agreed. Tesla axed their marketing department, why assume they have much of a legal department overseeing how the data uploads are managed?
18. criddell ◴[29 Aug 25 14:35 UTC] No.45064690[source]
> "This call may be recorded for quality purposes."

It's a disclaimer, but it also grants permission for you to record.

replies(1): >>45064830 #
19. dghlsakjg ◴[29 Aug 25 14:42 UTC] No.45064787[source]
Mostly incorrect. At least for the US.

If your car has an EDR, what data it collects is legislated. There is not a standard interface for retrieving it, but the manufacturer is required to ensure that there is a commercially available tool for data retrieval that any third party can use.

https://www.ecfr.gov/current/title-49/subtitle-B/chapter-V/p...

replies(2): >>45065260 #>>45065265 #
20. ChrisMarshallNY ◴[29 Aug 25 14:45 UTC] No.45064830{3}[source]
This is true.

I knew a guy who used to record all his calls with companies, and would let them know they were being recorded, if they didn't have that disclaimer.

He would say "This call is being recorded." He told me that most of the companies hung up immediately, when he said that.

I never heard him say that his recording ever did him any good, though.

replies(2): >>45065808 #>>45065848 #
21. Someone ◴[29 Aug 25 14:47 UTC] No.45064858{4}[source]
Many large companies nowadays have 90 day deletion policies.
22. Retric ◴[29 Aug 25 15:02 UTC] No.45065061{4}[source]
> I don’t see legal requirements for keeping it around,

If you selectively delete data, courts can assume that data is the worst possible thing for a court case against you.

23. onlyrealcuzzo ◴[29 Aug 25 15:17 UTC] No.45065260{3}[source]
Does it legislate that you can't "accidentally" delete all incriminating data?
replies(1): >>45065989 #
24. sidewndr46 ◴[29 Aug 25 15:17 UTC] No.45065265{3}[source]
It looks like this covers "and an unloaded vehicle weight of 2,495 kg (5,500 pounds) or less". From what I understand even my F-150 wouldn't fall under this legislation
replies(3): >>45065367 #>>45065755 #>>45065804 #
25. jayd16 ◴[29 Aug 25 15:26 UTC] No.45065367{4}[source]
Might not cover large trucks but most sedans are under that.

Is this one of those "that's why big cars are cheaper to make" situations?

replies(1): >>45065819 #
26. sidewndr46 ◴[29 Aug 25 15:30 UTC] No.45065418{3}[source]
Not sure where you've worked by the "data retention policy" at places I worked made it abundantly clear that we were not to be retaining any data unless personally ordered to by a court. If a line manager, C-Level executive or board member requested me to retain data, I could refuse it under the policy.

Like many things, the retention policy was actually a destruction policy

27. HillRat ◴[29 Aug 25 15:33 UTC] No.45065453[source]
As an FYI that might be helpful to some, in the case of sales, there's a positive legal obligation to maintain call recordings, so in the event of a courtroom dispute the failure to produce can lead to an adverse inference instruction.
28. FireBeyond ◴[29 Aug 25 15:44 UTC] No.45065580[source]
Absolutely so.

I don't know how accurate it is right now, but previously, people have had to sue Tesla to get telemetry data from their own vehicle, not to use against Tesla, but to use in accident lawsuits against other parties.

Meanwhile, without your consent, Tesla will hold press conferences using your telemetry data to throw you under the bus (even deceptively) to defend themselves. "The vehicle had told the driver to pay attention!" NHTSA, four months later: "The vehicle had issued one inattention alert, eighteen minutes prior to the collision." (emphasis mine)

29. Aurornis ◴[29 Aug 25 15:57 UTC] No.45065755{4}[source]
Unloaded vehicle weight, not gross vehicle weight.

From a quick search, it's technically possible to configure some model year F-150s to have a curb weight over 5,500 pounds with all the right options, but most are lower.

replies(1): >>45067429 #
30. dghlsakjg ◴[29 Aug 25 16:00 UTC] No.45065804{4}[source]
There are other regulations for larger and commercial vehicles. Not sure if there is a light truck ruleset.

Also the rules I posted are only if the manufacturer chooses to equip a recorder. They can opt not to have one.

The point I was making is that the GP was just saying shit that had no basis in fact.

31. Aurornis ◴[29 Aug 25 16:01 UTC] No.45065808{4}[source]
> He would say "This call is being recorded." He told me that most of the companies hung up immediately, when he said that.

If someone calls you and declares that they're recording the conversation, you probably should hang up too. It's usually used as a threat by people who intend to use it against you legally somehow. Your friend may have been an exception, but there's no way for the people on the other end to know either.

If you're acting as a representative of a company on the phone, hanging up and informing your manager or legal counsel is a good idea.

As for customer service recording calls: I didn't understand this until I was on the other side of customer support. The number of people who tell lies about interactions with support is insane. These days it's mostly e-mail and therefore easy to look up. You wouldn't believe how many people would try to throw our customer support people under the bus ("Support said you'd give me a free replacement!") until they realize we can go back and check these things.

replies(1): >>45066099 #
32. dghlsakjg ◴[29 Aug 25 16:01 UTC] No.45065819{5}[source]
No.

The EDR is optional. If the manufacturer chooses to install it, it must meet those standards.

I was just refuting the GPs assertion that they are all proprietary and that only the manufacturer can access the data.

33. advisedwang ◴[29 Aug 25 16:01 UTC] No.45065820[source]
Eh, there's a difference between sole custody (which is what Tesla has created) and sole knowledge/right to access the data.
34. jimt1234 ◴[29 Aug 25 16:03 UTC] No.45065848{4}[source]
I recall reading about a situation where a dude sued Evil Corp based largely on phone conversations he recorded. Evil Corp tried to argue the recorded conversations were illegal because their was no explicit consent and therefore couldn't be used in the lawsuit. However, the dude counter-argued that Evil Corp's own disclaimer clearly states the call can be recorded; it just never mentioned who's doing the recording. The judge agreed with the dude and the lawsuit proceeded. I can't remember, I think "Evil Corp" was his local cable company???
replies(1): >>45066112 #
35. sixothree ◴[29 Aug 25 16:04 UTC] No.45065860[source]
> casual treatment of customer car data

Understatement of the year when employees are supposedly watching people in their homes from the car.

36. dghlsakjg ◴[29 Aug 25 16:14 UTC] No.45065989{4}[source]
Depends on the severity of the crash. If it meets certain thresh-holds (air bag deployment) the recording memory must be permanently locked in the onboard recorder.
replies(1): >>45067079 #
37. dghlsakjg ◴[29 Aug 25 16:23 UTC] No.45066099{5}[source]
The majority (37!) of states do not require consent or notification, and there is no federal requirement (so as long as the recorder is in a one party state, the recording is legal). There is also no requirement that a person let you know that a third party is on their side of the line listening, taking notes and willing to testify.

You should just assume that any phone call with stakes is being recorded and that anything you say can be considered binding. Verbal contracts are valid almost everywhere, so what you say on the phone does have legal consequences regardless of whether it was recorded. Courts will also accept your notes about a phone call as evidence in the absence of a recording.

38. dghlsakjg ◴[29 Aug 25 16:24 UTC] No.45066112{5}[source]
As long as you are in one of the 37 states that do not require consent, the recording is valid as well.
39. MetaWhirledPeas ◴[29 Aug 25 16:36 UTC] No.45066277{6}[source]
When you go to an electrical drive train you quickly realize you need computers for things like battery conditioning, efficiency, forward/reverse, charging, route planning, stop/start, and on and on and on. It's not as simple as engine on, engine off. Tesla (rightly, IMO) chose to lean into this. It will be interesting to see what a company like Slate chooses to do.
replies(1): >>45067086 #
40. sfn42 ◴[29 Aug 25 16:43 UTC] No.45066355{4}[source]
I think a world where drivers are held accountable for their actions sounds like a just and probably safer world.

If you cause an accident by driving distracted or being reckless I think it's only fair that the facts are known so that you can be punished accordingly. Certainly better than someone innocent having to share responsibility for your mistake.

I think that would probably make people think twice about being reckless and even if it doesn't at least they'll get what they deserve.

replies(1): >>45069638 #
41. onlyrealcuzzo ◴[29 Aug 25 17:36 UTC] No.45067079{5}[source]
Is the penalty for "oops, we had a bug, and it's gone," similar to the >$100M penalty they got?

If not, I assume they'll keep losing all incriminating data.

42. salawat ◴[29 Aug 25 17:36 UTC] No.45067086{7}[source]
Note I said minimal. If manufacturers were content to just restrain integrated circuits to those purposes without widespread telemetry or phoning home, or creating software lockouts we'd meet my definition of minimal. Just what it takes to make a functioning device. Instead, we see software used as load bearing supports for predatory or exploitative/surveillance oriented architectures. That is not minimal to me.
replies(1): >>45068363 #
43. connicpu ◴[29 Aug 25 17:40 UTC] No.45067141{6}[source]
If you do an aftermarket EV conversion the car will mostly be built using hardware that you can nearly fully reason about and won't include snitch boxes.
44. briffle ◴[29 Aug 25 18:04 UTC] No.45067429{5}[source]
A Rivian R1s is about 6800 pounds because of its batteries..
45. gamblor956 ◴[29 Aug 25 18:18 UTC] No.45067599[source]
Which really should not work in court, but it seems it has so far.

It actually hasn't worked for them in court at all. They've always had to disclose the data under penalty of sanction (meaning fines, and possible adverse rulings). In most of the cases, the jury decided that the driver was at fault and that Musk's statements were just meaningless marketing fluff.

In the Miami case, if Tesla hadn't turned over the data the judge was prepared to issue an instruction to the jury that they could use Tesla's failure to provide evidence as per se evidence of Tesla's liability (meaning, that Tesla would have to present an affirmatively prove the opposite, which would necessarily entail providing the evidence it was attempting to keep hidden). Judges will frequently also prevent parties found to have hidden evidence from presenting defenses on the matters affected by the undisclosed evidence. In extreme cases, they simply rule against that party on the merits, and the case becomes about the size of damages.

In the Miami case, several of the jurors said that learning that Tesla had tried to hide the evidence from the crash was a big factor in finding Tesla liable, the reasoning being that Tesla wouldn't have tried to hide the evidence if they weren't liable.

46. SR2Z ◴[29 Aug 25 18:32 UTC] No.45067755{4}[source]
If you (or anyone else) has been in a crash, I fully believe that your car should report what you were doing right before to anyone with physical access.

There is no good privacy reason whatsoever to protect that data - the only possible way for the owner of the car to benefit by hiding it is if they caused the accident in the first place.

47. SR2Z ◴[29 Aug 25 19:30 UTC] No.45068363{8}[source]
IMO the rules should be simple: manufacturers of electronics need to be required to provide private keys for the electronics, plus a source-available MVP firmware for getting the thing to work.

I don't care if GM or whoever wants to ship a buggy, ad-ridden, data-siphoning, subscription filled nightmare with new cars. That's their decision. But they should be banned from trying to exercise any kind of control over a piece of hardware that I own outright.

48. atq2119 ◴[29 Aug 25 21:32 UTC] No.45069638{5}[source]
I think this is the right way to look at it. Privacy is extremely important to me, but cars are basically lethal weapons. Using them on public roads has to come with a certain amount of responsibility that balances privacy against other goods.
replies(2): >>45074212 #>>45077594 #
49. ndsipa_pomu ◴[30 Aug 25 00:25 UTC] No.45070858[source]
I've got front and rear cameras on my bicycle and both of them have a simple crash protection feature. If the cameras detect the bike falling over, they'll mark the current video segment (typically split into 5/15 minute segments on the SD card) as protected and won't be overwritten when the SD card fills up which is the usual operating mode.

If Tesla are marking crash data to be deleted, then that's not designed to help the customer, but to protect Tesla.

50. renox ◴[30 Aug 25 07:13 UTC] No.45072567{4}[source]
That is a dumb réaction, sorry. The cars who 'rat' on you can also rat on the other driver or show that you didn't do anything wrong..
replies(1): >>45074204 #
51. sanex ◴[30 Aug 25 12:51 UTC] No.45074204{5}[source]
If it's not my fault then I'll gladly release the data. If it is then I have a 5th amendment right not to. If I'm incapacitated then I don't care and my estate can release it.
replies(2): >>45078512 #>>45090350 #
52. sanex ◴[30 Aug 25 12:52 UTC] No.45074212{6}[source]
Personally I believe the fifth amendment should protect me from self incrimination.
replies(1): >>45074410 #
53. sfn42 ◴[30 Aug 25 13:20 UTC] No.45074410{7}[source]
If you had security cameras at your home, a judge could issue a warrant for that footage.

Seems to me that smart car data is similar - in the event of a crash, a judge could issue a warrant for that data if it is deemed relevant to the case.

And either way, honestly, just don't drive like an idiot and this will never be a problem for you.

54. miohtama ◴[30 Aug 25 20:06 UTC] No.45077594{6}[source]
Cars have been used on public roads a century without trackers
replies(1): >>45078307 #
55. sfn42 ◴[30 Aug 25 21:51 UTC] No.45078307{7}[source]
Yeah and a lot of innocent people have been financially screwed, injured and killed by idiots who don't appreciate the responsibility that comes with driving a car.

If technology can bring those people to justice I'm 100% for it, they deserve it and their victims deserve justice.

replies(1): >>45081848 #
56. mjx0 ◴[30 Aug 25 22:21 UTC] No.45078512{6}[source]
> If it is then I have a 5th amendment right not to.

No, you don't. You have a 5th amendment right not to incriminate yourself. That means:

1. You must have committed a crime, which is not a given in a traffic accident.

2. You may not be coerced by the government into incriminating yourself. You are not protected from your property incriminating you. Imagine how absurd a world that would be: the government couldn't use a bloody knife as evidence of a knife attack because the knife was owned by the attacker.

Importantly, you'll also note that if you try not to provide evidence against yourself in civil discovery, you'll end up in a world of shit involving contempt of court.

replies(1): >>45079601 #
57. sanex ◴[31 Aug 25 01:45 UTC] No.45079601{7}[source]
I think where I take issue is the fact that I believe I should have control and ownership of the data from my vehicle and that such data should be protected by the fifth amendment. The government obviously should be able to look at the car itself or the bloody knife.
58. miohtama ◴[31 Aug 25 09:40 UTC] No.45081848{8}[source]
If you want a society where everything and everyone is tracked, we already have it today. It's called China. No privacy comes with some trade offs.

I you are "100% for it" then you can move to China today.

replies(1): >>45082478 #
59. sfn42 ◴[31 Aug 25 11:53 UTC] No.45082478{9}[source]
I think it's pretty clear that this is not what I'm suggesting, if you can't see that then you're not arguing in good faith and I think my time is better spent on other things than discussing this with you.
60. renox ◴[01 Sep 25 07:28 UTC] No.45090350{6}[source]
And if it is the fault of the other driver and they refused to provide the data?