Jim Farley Discusses Switch to NACS

[JohnFoxeSheets]

I figured it was the road trip that did it.

All I can say is that if was going through Harris Ranch to get from Tahoe to Monterey, he was really lost! Maybe he didn't want to charge in Los Banos because of what happened to Todd (@DevSecOps) there!

 

[JohnFoxeSheets]

That’s not what he said. He said they don’t even know that it’s a Ford so anonymity doesn’t even come into play.

Go back and give it a re-listen. (starting at 22:50) Farley doesn't say that Tesla doesn't even know it's a Ford. Tom said he was going to ask if data is anonymized but given Farley's "No" that doesn't apply.

Obviously Tesla needs to know it's a Ford EV. We don't know exactly how that's done. (I presume someone will figure it out soon.) But Farley was unequivocal and I'm happy about that. (CEOs of publicly traded companies lying is never a good look and can lead to serious repercussions.)

To be clear, I don't especially love Farley. I mean he doesn't even know how to get from Tahoe to Monterey!

 

[benk016]

If they get the VIN during the handshake, how would they not know it’s a Ford? From my understanding, only Fords can connect, not GM, not VW, etc. And that must come from the VIN decoding, right? I can’t imagine a giant database of all valid VINs to look at.

There is a certificate in the car that identifies you. Same as Electrify America. This is why at EA when you use plug and charge it just shows you as "Mach E Driver" or something similar. It just shows up to them as Ford, and they bill Ford, who then matches the transaction to your account once they get the info from EA/Tesla.

What we don't know is what is in that certificate. If it's just the VIN or some other ID that ford can identify you with, such as your Ford account number.

 

[mdolan92869]

There is a certificate in the car that identifies you. Same as Electrify America. This is why at EA when you use plug and charge it just shows you as "Mach E Driver" or something similar. It just shows up to them as Ford, and they bill Ford, who then matches the transaction to your account once they get the info from EA/Tesla.

What we don't know is what is in that certificate. If it's just the VIN or some other ID that ford can identify you with, such as your Ford account number.

Ah, I do remember the certificate issue thread. Forgot about that.

 

[kodiakng]

There is a certificate in the car that identifies you. Same as Electrify America. This is why at EA when you use plug and charge it just shows you as "Mach E Driver" or something similar. It just shows up to them as Ford, and they bill Ford, who then matches the transaction to your account once they get the info from EA/Tesla.

What we don't know is what is in that certificate. If it's just the VIN or some other ID that ford can identify you with, such as your Ford account number.

agreed.

however, there is data leakage in the initial setup that includes the MAC address of the vehicle independent of what may happen in the encrypted session data to ford. since telsa will also know the charging session data (they have to in order to send it to ford for settlement) they can easily track by MAC address and connect that to other sessions you might do with a tesla account directly.

so, if you never, ever, ever charge with tesla outside of a ford P&C session i think farley was as correct as you can be in this situation.

on the other hand, there IS data leakage that can track your vehicle charging sessions separately.

 

[AliRafiee]

If they get the VIN during the handshake, how would they not know it’s a Ford? From my understanding, only Fords can connect, not GM, not VW, etc. And that must come from the VIN decoding, right? I can’t imagine a giant database of all valid VINs to look at.

Right. But they still have my vin. So not totally anonymous. It’s EUPI (End User Pseudonymous Identifiers). It can be linked to me from two databases.

Obviously Tesla needs to know it's a Ford EV. We don't know exactly how that's done. (I presume someone will figure it out soon.)

Ford vin has F as the second letter.

 

[JohnFoxeSheets]

Ford vin has F as the second letter.

I know that the manufacturer can be determined by the VIN. What I don't know is how the VIN is transmitted to Tesla. For instance there are ways that blinded information can be used for this purpose. We know that Tesla needed to make changes on their side, as did Ford. It's entirely possible that things were done in a way that do not give Tesla the entire VIN. I'm not saying this is necessarily how its done - just that it could be done that way.

 

[timbop]

however, there is data leakage in the initial setup that includes the MAC address of the vehicle independent of what may happen in the encrypted session data to ford. since telsa will also know the charging session data (they have to in order to send it to ford for settlement) they can easily track by MAC address and connect that to other sessions you might do with a tesla account directly.

The assumption we're all making is that the VIN is in the clear. For all we know the VIN is encrypted with a Ford public key and what Tesla is using is the CN in the certificate to figure out that it is Ford. It is also likely that there is a handshake that contains a random nonce, so the encrypted VIN would never be the same twice. Or it could be that a fake VIN with the F as a second digit is sent in the initial handshake with Tesla to identify Ford as the client, and then later in the initialization the real VIN is sent encrypted.

I don't know for a fact how it works, but that would seem to be a smarter way to do it and the folks who wrote the P&C protocol were probably pretty smart.

 

[kodiakng]

The assumption we're all making is that the VIN is in the clear.

sorry, i wasn't making that assumption at all. the vehicle MAC address is used to setup the SLAC connection (via power line communication, PLC) which is similar to an ethernet connection. the MAC address is independent of the VIN but unique and tied to it. there is also a field called Electric Vehicle Communication Controller ID (EVCCID) that is unique to the vehicle sent in the clear during session setup. the EVCCID is also not the VIN.

For all we know the VIN is encrypted with a Ford public key and what Tesla is using is the CN in the certificate to figure out that it is Ford. It is also likely that there is a handshake that contains a random nonce, so the encrypted VIN would never be the same twice. Or it could be that a fake VIN with the F as a second digit is sent in the initial handshake with Tesla to identify Ford as the client, and then later in the initialization the real VIN is sent encrypted.

I don't know for a fact how it works, but that would seem to be a smarter way to do it and the folks who wrote the P&C protocol were probably pretty smart.

for ISO 15118 p&c the communication is encrypted to the secure endpoint ford designates in their certificate. but if you aren't doing p&c encryption isn't required.

in any case, i'll take ford and farley at their word that the p&c session data aren't shared with tesla.

that doesn't mean tesla can't track data and correlate using MAC addresses. associating that data to you personally could definitely be done if you charge with tesla using their payment mechanism and not p&c via ford.

 

[AZBill]

If they get the VIN during the handshake, how would they not know it’s a Ford? From my understanding, only Fords can connect, not GM, not VW, etc. And that must come from the VIN decoding, right? I can’t imagine a giant database of all valid VINs to look at.

They are most likely using the modem MAC address, which is what EVGO uses for Autocharge+. Each manufacturer gets a unique ID for the first few digits of the MAC address, which is publicly available. EVGO uses the full address to tie your account to the car.

 

[Mach-Lee]

Jim laughing hysterically about the free adapter thing was great. Good humored guy. A lot of us were operating with a "I'll believe it when I see it" attitude on that one, but Jim got the final word.

 

[timbop]

sorry, i wasn't making that assumption at all. the vehicle MAC address is used to setup the SLAC connection (via power line communication, PLC) which is similar to an ethernet connection. the MAC address is independent of the VIN but unique and tied to it. there is also a field called Electric Vehicle Communication Controller ID (EVCCID) that is unique to the vehicle sent in the clear during session setup. the EVCCID is also not the VIN.



for ISO 15118 p&c the communication is encrypted to the secure endpoint ford designates in their certificate. but if you aren't doing p&c encryption isn't required.

in any case, i'll take ford and farley at their word that the p&c session data aren't shared with tesla.

that doesn't mean tesla can't track data and correlate using MAC addresses. associating that data to you personally could definitely be done if you charge with tesla using their payment mechanism and not p&c via ford.

Yeah, I was trying to respond to multiple posts last night and wasn't being careful enough which post I quoted. Yes, you're right the MAC address is something that Tesla could use to correlate Tesla-known PII with the car. I guess I shouldn't post right before bed.

Nonetheless, Ford is clearly keeping the PII they know as secret as then can - which is good enough for me.

 

[TRP]

Not trying to be an a$$hole here..........but why does it matter to people that Tesla or any other EV charge location knows who is charging? We gave up total anonymity years ago when we adopted home PCs and put smart phones in our pockets and started using credit cards for all transactions instead of cash.

I am not gonna put a tinfoil hat on just to charge my car. I'll be happy to have a larger charging choice and happily pay for the privilege by using their app so I can get a discount on it as well.

Not directed at anyone, just my little rant..............carry on

 

[AliRafiee]

Not trying to be an a$$hole here..........but why does it matter to people that Tesla or any other EV charge location knows who is charging? We gave up total anonymity years ago when we adopted home PCs and put smart phones in our pockets and started using credit cards for all transactions instead of cash.

I am not gonna put a tinfoil hat on just to charge my car. I'll be happy to have a larger charging choice and happily pay for the privilege by using their app so I can get a discount on it as well.

Not directed at anyone, just my little rant..............carry on

It doesn’t. It’s just the fact that Farley said that Tesla won’t know that I find hard to swallow.

 

[Beewize2]

Really enjoyed that. It's an evolving situation and as companies continue to invest things will improve.

Sponsored