Focusing public attention on emerging privacy and civil liberties issues

Automobile Event Data Recorders (Black Boxes) and Privacy

Latest News

  • EPIC Urges Department of Transportation to Protect Driver Privacy: EPIC has submitted detailed comments to the National Highway Traffic Safety Administration, urging the agency to protect driver privacy for "vehicle-to-vehicle" (V2V) technology. The technology transmits data between vehicles to "facilitate warnings to drivers concerning impending crashes." NHTSA is in the initial stages of mandating vehicle-to-vehicle technology. EPIC's comments pointed to several privacy and security risks with V2V techniques. EPIC urged NHTSA to "complete a more detailed privacy and security assessment of V2V communications" and to: "(1) not collect PII without the express, written authorization of the vehicle owner; (2) ensure that no data will be stored either locally or remotely; (3) require end-to-end encryption of V2V communications; (4) require end-to-end anonymity; and (5) require auto manufacturers to adhere to the Consumer Privacy Bill of Rights." Last year EPIC, joined by a coalition of consumer privacy organizations and members of the public, urged NHTSA to protect driver privacy and establish privacy safeguards for car "black boxes." For more information, see EPIC: Event Data Recorders and EPIC: Internet of Things. (Oct. 21, 2014)
  • Car Data Privacy Bill Moves Forward in Senate: The Senate Commerce Committee voted unanimously to approve the Driver Privacy Act, a bipartisan bill that would provide privacy safeguards for event data recorders or "black boxes." Introduced by Senators John Hoeven (R-ND) and Amy Klobuchar (D-MN), the bill prohibits unauthorized access to data that records the activities of drivers. Under the Act, data could only be obtained with: (1) written consent of all of the car owners or lessees; (2) a court or administrative order; (3) a federal transportation safety investigation if personally identifiable information is redacted; (4) emergency car crash medical response; or (5) traffic safety research if personally identifiable information is redacted. Last year EPIC, consumer privacy organizations, and members of the public, urged the National Highway Traffic Safety Administration to protect driver privacy by establishing many of the proposed safeguards in the Driver Privacy Act. For more information, see EPIC: Event Data Recorders and Privacy. (Apr. 10, 2014)
  • EPIC, Coalition Seek Privacy Safeguards for Car Data: EPIC, joined by a coalition of privacy, consumer rights, and civil rights organizations, and members of the public, urged the National Highway Traffic Safety Administration to protect driver privacy and establish privacy safeguards for "event data recorders." The agency has proposed mandatory installation of "black boxes" in all cars and small trucks by 2014. Thirteen states have passed laws that limit the use of EDRs. EPIC recommended that the agency: (1) restrict the amount of data that EDRs collect; (2) conduct a comprehensive privacy impact assessment; (3) uphold Privacy Act protections; (4) require security standards for EDR data; and (5) establish best practices to fully protect the privacy rights of vehicle owners and operators. EPIC argued that it is contrary to reasoned decisionmaking for the agency to mandate massive data collection and not fully amend its current regulations to protect individual privacy. For more information, see EPIC: Event Data Recorders and Privacy and EPIC: The Drivers Privacy Protection Act (DPPA) and the Privacy of Your State Motor Vehicle Record. (Feb. 12, 2013)
  • EPIC Urges Public Support for Driver Privacy Safeguards: The National Highway Traffic Safety Administration has proposed regulations for event data recorders (EDR) that will become mandatory in all cars and small trucks by 2014. Building on state privacy laws, EPIC has urged the federal agency to adopt comprehensive privacy safeguards for vehicle owners and operators, including driver ownership of data, limitations on disclosure, and better security for the data collected. EPIC has also launched a national campaign to encourage public comments to the federal agency. To support EPIC’s comments Tweet: "@EPICprivacy [Your Name] supports EPIC’s EDR Comments #EDRprivacy" or email EDRprivacy@epic.org with Your Name and the subject line "I support EPIC’s EDR Comments." The public can also submit comments directly to the agency. For more information, see EPIC: Event Data Recorders and Privacy. (Feb. 6, 2013)
  • Federal Agency Proposes "Black Box" Mandate for Cars: The National Highway Traffic Safety Administration has proposed that, beginning September 1, 2014, all new cars will be required to have Event Data Recorders. The devices record detailed information about drivers, which can be made available to insurance companies, the police, and others. Currently, there are minimal privacy protections in the draft regulation. The public will have until February 11, 2013 to provide comments to the agency. EPIC recommends that commentators urge the agency to "Strengthen privacy safeguards." For more information see EPIC - Event Data Recorders and Privacy and EPIC - Driver Privacy Protection Act. (Dec. 14, 2012)

Background

On December 13, 2012, the National Highway Traffic Safety Administration (NHTSA), published in the Federal Register a request for public comment on a proposed rule that would mandate that all automobiles manufactured for sale in the United States after September 1, 2014 must have an Event Data Recorder (EDR) or black box. The deadline for EDR public comment is February 11, 2013.

EDRs are devices that can internally record, retain and report 30 seconds of data related to drivers' operation of an automobile. The data stored may be accessed by third parties such as law-enforcement for post crash investigations or repair shops for diagnostic purposes. Since 1996, EDR technology has been included in automobiles sold in the United States. The amount of data required by NHTSA (30 seconds) is outlined in agency specifications, but the amount of data that may be collected is not limited by NHTSA.

Automobiles and computing technology are creating a new level of data services that drivers may access while traveling in lightweight vehicles. Computing technology is facilitating automation of many driving functions through applications such as cruse control, hands free telephone calling, turn-by-turn directions, and Telematic (satellite) communication based services. The increased use of computing components and telecommunication technology in cars is raising the level of data collection and sharing that is associated with drivers/owners. The volume and type of information collected can include location, condition of the car, data services accessed (phone use, programs listened to, radio station consumption), time spent in automobiles, operation data on automobile, etc. The full list of data collection is known by automobile manufacturers and is depended on the design of the computing and telecommunications capacity of the automobile. In many ways cars are becoming fully integrated with computing and telecommunication technologies--which makes them a new source of data collection on consumers.

Today, some high-end automobiles utilize wireless data transfer capabilities. This approach in the future may become more common. The United States Patent and Trademark Office (USPTO) has a patent application for remote wireless management of a vehicle's electronic control unit. The patent is currently under appeal. Wireless transfer of information means that no vehicle contact is necessary to access information. However, this method does not reduce the need to properly secure the vehicle’s Diagnostic Link Connector (DLC) and anyone with the compatible reader could access data such as the Vehicle Identification Number (VIN) and could alter the VIN, if it is not properly protected. The protection of the wireless data should be assured by taking steps to disallow access by unauthorized third parties to the DLC. Strong encryption may offer import security protection for the data and the EDR software. However, physical control over the device itself would remain a key component of protecting the data. If the integrity of the data is questioned then the purpose of EDRs is undermined.

The key to securing EDR data from misuse or abuse according to the IEEE-1616a Standard is to seal the physical port of the EDR device with a lock with the key held by the automobile owner. IEEE, a large, global technical professional organization, is dedicated to advancing technology for the benefit of humanity. Through its highly cited publications, conferences, technology standards, and professional and educational activities, IEEE is the trusted voice on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics.

The IEEE Standards Association, a globally recognized standards-setting body within IEEE, develops consensus standards through an open process that engages industry and brings together a broad stakeholder community. IEEE standards set specifications and best practices based on current scientific and technological knowledge. The IEEE-SA has a portfolio of over 900 active standards and more than 500 standards under development. The IEEE EDR standard is IEEE-1616a.

In the Federal Register/Vol. 77, No. 240, published on Thursday, December 13, 2012/Proposed Rules (PDF version see page 74147, under "Data Retrieval," the following is stated: "Part 563 requires that each vehicle manufacturer ensure, by licensing agreement or other means, the commercial availability of retrieval tool(s) for downloading or imaging the required EDR data. The data-imaging tool must be commercially available no later than 90 days after the first sale of the vehicle for purposes other than resale."

History

In the digital information economy, law and policy advocates work in advance of broad adoption of new mobile telecommunication and computing technology to protect consumer privacy and sometimes civil liberty rights. Prudent measures to protect the public are welcomed, but when these measures are not accompanied by limitations that restrict the collection and use of personal information to the purpose of the collection then secondary uses and potential abuses or misuses of personal information are likely.

For example, the E911 policy proposal advanced as a consumer safety measure required that all cell phones sold in the US must use the Global Position System (GPS) or cell tower triangulation techniques to assure that the location of a cell phone could be determined. E911 Cell Phone and Smart Location identification requirements became law but are now used by third parties e.g. cell phone app developers, cell phone companies, and law-enforcement to record data on the location of users.

The sole expressed purpose for E911 at the beginning of the policy debate was to locate cell phone users who were in need of emergency assistance. However, because limitations on the use of cell phone location data were not established in the law that created E911 on cell phones this data has created a new area of advocacy work to protect consumer privacy and has opened legal arguments by law-enforcement. The law-enforcement argument over cell phone location data asserts that it should not be protected by the 4th Amendment to the Constitution of the United States. This Amendment's enforcement would require due process.

The relevance to the EDR debate is that without safeguards and appropriate security measures EDR data would someday create privacy and civil liberties challenges similar to those associated with E911 telecommunication technology. Further, the court decision in EPIC US v Jones" dealt with legal questions that may not answer privacy and civil liberties challenges that involve the Telematic and EDR features associated with automobiles.

EDR Privacy Risks

Automobiles are integrating computing technology that enhance the ability of others to collect location and operation data in near real time. In the data driven economy this data is of value. There are only 13 states with laws that address EDRs and vehicle operators.

  • Lack of consumer knowledge of the technology's presence in vehicles
  • Driver Access to EDR data
  • Security of EDR data to assure chain of custody and accuracy
  • Transparency on each type of event that would trigger data collection
  • Universal law that outlines the purpose of the data collection and limits the use of EDR data to the purpose of the collection
  • Driver control (ownership) of data
  • Integration of EDR data collection with non-vehicle operation related features
  • There are no limits on the number of data elements that NHSTA may require in the future
  • There are no limits on EDR data collection, retention and use by third-parties

EPIC on EDRs

Articles

Resources