H/t to @markomanka for finding this (sadly all too credible) story: American guy crashes his Tesla, his insurance company decides that the car is too damaged to be worth repairing, so it’s “totalled” and sold online for parts. And then it resurfaces in Ukraine, from where it starts sending the owner phone notifications. The new owner is even listening to the American guy’s Spotify playlist, because, of course, the car knows the login information. This is a bit of a problem, because the business model of the car industry is more and more based on value extraction by unlocking, via software, premium functionalities (see). So, the new owner in Ukraine could in some scenarios purchase functionalities that would be charged to the old owner.
The Tesla app comes with a functionality to remove vehicles from your account, but to do that you need to know the information about the new owner. Since totaled cars are sold in online auctions on a secondary market, the American guy has no idea who the new owner is.
In general, this becomes an unholy mess of extractive business models, that impose and reinforce infosec vulnerabilities, compounded by the globalization of supply chains but not of regulation (it is illegal for the totaled Tesla to run on American roads, but OK to do so on Ukrainian ones). Implications for the circular economy are ambiguous: on the one hand, the Tesla gets to be a car again (good!) on the other the facilities for correctly reclaiming the onboard electronics in a war zone are unlikely to be great.
In all this I also discovered a “white hat automotive hacker” that goes by GreenTheOnly, and might be wort talking to! Cc @nica.