For as long as electric cars have been on the roads of the world, people have needed to find a place to plug in.
So what happens when a company obtains and publishes details of several hundred addresses and contact details for a privately-run and moderated peer-to-peer charging network?
That’s exactly what has happened in the U.K., when information held on the privately-run EV-Network.org became publicly available on both a website and an iPhone application.
Enter Plugsurfing. Ran by e-xite Ltd, the website came under criticism yesterday after several EV-Network members alleged that PlugSurfing was publishing their personal details on both its website and via its newly-released iPhone application as if they were publicly accessible charging stations.
As more people complained, it became apparent that Plugsurfing’s data was the same as the data on the EV-Network.
Under the original EV-Network membership, electric car owners agree to give their own private address to other members on the list under the condition that they will provide emergency recharging facilities -- if convenient -- to fellow members who are struggling to find somewhere to plug in nearby. Members were expected to plan their trips, telephoning ahead to arrange convenient times to recharge en-route.
That’s a far cry from an iPhone application and website open to anyone who wants to use it.
2011 Nissan Leaf and 2011 Chevy Volt, with charging station visible; photo by George Parrott
It’s this publishing of private data which has many former EV-Network owners worried that strangers will turn up at their homes expecting a free recharge -- or worse still, that someone will use the database to steal everything from new electric cars to rare, classic electric vehicles.
“Starting yesterday evening I have received several complaints by e-mail from EV-Network members claiming that their personal data is appearing on a web site called Plugsurfing,” wrote EV-Network founder Tim Nicklin in an email to us earlier. “Until that point I had never heard of this website and certainly no agreement exists providing them access to personal data from EV-Network members. I am very concerned about this - indeed my own home address is listed on the PlugSurfing website.”
Although we have been unsuccessful in contacting e-xite Ltd and Plugsurfing’s support department via telephone and email, Adam Woolway of PlugSurfing UK made a public statement earlier detailing that the company was looking into the security breach.
[Update: Mr. Woolway has contacted us to say that he has not heard from us via either telephone or email, but we would like to reiterate that any attempted calls went to voicemail, and our email remains unanswered]
“As with all faults and concerns that crop up in beta testing, and in particular with those concerning data security, we are taking this feedback very seriously. We have removed the data of those that have asked us to directly, and this morning we decided to remove ALL private data from our database. This is a temporary measure whilst we gain the explicit consent of all involved to display the data.”
However, once data has been released into the public domain, it isn’t particularly easy to remove it.
With so many groups now trying to cash in on electric car charging, we suspect this will be the first -- but not last -- time we’ll see private data about charging stations suffer this kind of security breach.