Automobile Event Data Recorders (Black Boxes) and Privacy
- Connected Vehicles Bill Moves Forward in Senate, Privacy Reporting Added: Today the Senate Commerce Committee favorably reported the "AV START Act," a bill that aims to facilitate the deployment of connected vehicles. The Committee adopted Senator Edward Markey's (D-MA) amendment that directs the National Highway Traffic Safety Administration to create a publicly accessible database to determine the personal data collected by connected cars, how that information is used, data minimization and retention practices, security measures, and privacy policies of car manufacturers. EPIC has long supported privacy protections for automated vehicles. (Oct. 4, 2017)
- NHTSA Revised Automated Vehicle Policy Lacks Privacy Safeguards, Senate Considers Draft Bill: The National Highway Traffic Safety Administration released revised guidance for automated vehicles. The modified guidance encourages manufacturers to develop best practices to minimize cybersecurity risks. However, the NHTSA guidance lacks mandatory standards and fails to safeguard privacy stating that the Federal Trade Commission is responsible for consumer privacy. Previous NHTSA guidance established privacy standards and required developers to minimize data collection. The Senate Commerce Committee is now considering the "AV START Act" concerning automated vehicles. The draft bill proposes voluntary cybersecurity and also lacks consumer privacy standards. Today the NSTB also released findings that Tesla's autopilot feature contributed to a highway fatality earlier this year. EPIC has long advocated for privacy and cybersecurity safeguards to be a central component of automated vehicle development. (Sep. 12, 2017) More top news »
On December 13, 2012, the National Highway Traffic Safety Administration (NHTSA), published in the Federal Register a request for public comment on a proposed rule that would mandate that all automobiles manufactured for sale in the United States after September 1, 2014 must have an Event Data Recorder (EDR) or black box. The deadline for EDR public comment is February 11, 2013.
EDRs are devices that can internally record, retain and report 30 seconds of data related to drivers' operation of an automobile. The data stored may be accessed by third parties such as law-enforcement for post crash investigations or repair shops for diagnostic purposes. Since 1996, EDR technology has been included in automobiles sold in the United States. The amount of data required by NHTSA (30 seconds) is outlined in agency specifications, but the amount of data that may be collected is not limited by NHTSA.
Automobiles and computing technology are creating a new level of data services that drivers may access while traveling in lightweight vehicles. Computing technology is facilitating automation of many driving functions through applications such as cruse control, hands free telephone calling, turn-by-turn directions, and Telematic (satellite) communication based services. The increased use of computing components and telecommunication technology in cars is raising the level of data collection and sharing that is associated with drivers/owners. The volume and type of information collected can include location, condition of the car, data services accessed (phone use, programs listened to, radio station consumption), time spent in automobiles, operation data on automobile, etc. The full list of data collection is known by automobile manufacturers and is depended on the design of the computing and telecommunications capacity of the automobile. In many ways cars are becoming fully integrated with computing and telecommunication technologies--which makes them a new source of data collection on consumers.
Today, some high-end automobiles utilize wireless data transfer capabilities. This approach in the future may become more common. The United States Patent and Trademark Office (USPTO) has a patent application for remote wireless management of a vehicle's electronic control unit. The patent is currently under appeal. Wireless transfer of information means that no vehicle contact is necessary to access information. However, this method does not reduce the need to properly secure the vehicle’s Diagnostic Link Connector (DLC) and anyone with the compatible reader could access data such as the Vehicle Identification Number (VIN) and could alter the VIN, if it is not properly protected. The protection of the wireless data should be assured by taking steps to disallow access by unauthorized third parties to the DLC. Strong encryption may offer import security protection for the data and the EDR software. However, physical control over the device itself would remain a key component of protecting the data. If the integrity of the data is questioned then the purpose of EDRs is undermined.
The key to securing EDR data from misuse or abuse according to the IEEE-1616a Standard is to seal the physical port of the EDR device with a lock with the key held by the automobile owner. IEEE, a large, global technical professional organization, is dedicated to advancing technology for the benefit of humanity. Through its highly cited publications, conferences, technology standards, and professional and educational activities, IEEE is the trusted voice on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics.
The IEEE Standards Association, a globally recognized standards-setting body within IEEE, develops consensus standards through an open process that engages industry and brings together a broad stakeholder community. IEEE standards set specifications and best practices based on current scientific and technological knowledge. The IEEE-SA has a portfolio of over 900 active standards and more than 500 standards under development. The IEEE EDR standard is IEEE-1616a.
In the Federal Register/Vol. 77, No. 240, published on Thursday, December 13, 2012/Proposed Rules (PDF version see page 74147, under "Data Retrieval," the following is stated: "Part 563 requires that each vehicle manufacturer ensure, by licensing agreement or other means, the commercial availability of retrieval tool(s) for downloading or imaging the required EDR data. The data-imaging tool must be commercially available no later than 90 days after the first sale of the vehicle for purposes other than resale."
In the digital information economy, law and policy advocates work in advance of broad adoption of new mobile telecommunication and computing technology to protect consumer privacy and sometimes civil liberty rights. Prudent measures to protect the public are welcomed, but when these measures are not accompanied by limitations that restrict the collection and use of personal information to the purpose of the collection then secondary uses and potential abuses or misuses of personal information are likely.
For example, the E911 policy proposal advanced as a consumer safety measure required that all cell phones sold in the US must use the Global Position System (GPS) or cell tower triangulation techniques to assure that the location of a cell phone could be determined. E911 Cell Phone and Smart Location identification requirements became law but are now used by third parties e.g. cell phone app developers, cell phone companies, and law-enforcement to record data on the location of users.
The sole expressed purpose for E911 at the beginning of the policy debate was to locate cell phone users who were in need of emergency assistance. However, because limitations on the use of cell phone location data were not established in the law that created E911 on cell phones this data has created a new area of advocacy work to protect consumer privacy and has opened legal arguments by law-enforcement. The law-enforcement argument over cell phone location data asserts that it should not be protected by the 4th Amendment to the Constitution of the United States. This Amendment's enforcement would require due process.
The relevance to the EDR debate is that without safeguards and appropriate security measures EDR data would someday create privacy and civil liberties challenges similar to those associated with E911 telecommunication technology. Further, the court decision in EPIC US v Jones" dealt with legal questions that may not answer privacy and civil liberties challenges that involve the Telematic and EDR features associated with automobiles.
Automobiles are integrating computing technology that enhance the ability of others to collect location and operation data in near real time. In the data driven economy this data is of value. There are only 13 states with laws that address EDRs and vehicle operators.
- Lack of consumer knowledge of the technology's presence in vehicles
- Driver Access to EDR data
- Security of EDR data to assure chain of custody and accuracy
- Transparency on each type of event that would trigger data collection
- Universal law that outlines the purpose of the data collection and limits the use of EDR data to the purpose of the collection
- Driver control (ownership) of data
- Integration of EDR data collection with non-vehicle operation related features
- There are no limits on the number of data elements that NHSTA may require in the future
- There are no limits on EDR data collection, retention and use by third-parties
- EPIC et al., Comments to NHTSA Docket No. NHTSA-2012-0177 (2013)
- EPIC Comments to NHTSA Docket No. NHTSA-2004-18029 (2004)
- EPIC Comments to NHTSA Docket No. NHTSA-2002-13546 (2003)
- The Next Data Privacy Battle May be Waged Inside Your Car, Jaclyn Trop, The New York Times, January 10, 2014
- A Black Box for Car Crashes, Jaclyn Trop, The New York Times, July 21, 2013
- Are Vehicle Black Boxes a Good Idea?, Marc Rotenberg, The Costco Connection, April 2013
- Black Boxes in Cars: Privacy, Safety Concerns with On-board Tech, CBS This Morning, April 1, 2013
- Another View: Steer Clear of Cars That Spy, Marc Rotenberg, USA Today, August 18, 2011
- Hackers Remotely Kill a Jeep on the Highway, WND, July 22, 2015
- The Times They Are A-Changin' for Transportation, Tom Kowalick, The Institute, March 10, 2014
- Driving Freedom: Black Boxes Still Lack Consumer Protection, Tom Kowalick, The Institute, February 12, 2014
- Keeping Your Car's Data Private, Kathy Pretz, The Institute, February 7, 2014
- Michigan gets $1.6M of 29-state Toyota settlement, BY DAVID SHEPARDSON DETROIT NEWS WASHINGTON BUREAU, February 15, 2013
- Can Both Tesla And The New York Times Be Right? Maybe., Joann Muller, Forbes, February 14, 2013
- Tesla To New York Times: It's On, BY NEAL UNGERLEIDER, FEBRUARY 14, 2013
- Tesla, New York Times trade shots over Model S coverage, by James Holloway, Ars Technica Feb 14, 2013
- Editorial: 'Black boxes' are in 96% of new cars, USA Today, January 6, 2013
- Analyst worries auto black boxes invite privacy abuse by officials, Mark Tapscott, Examiner, December 13, 2012
- Gov't Calls For Black Boxes In New Cars, JOAN LOWY, Associated Press, December 7, 2012
- NHTSA gets White House OK to mandate vehicle 'black boxes', David Shepardson Detroit News Washington Bureau, December 6, 2012
- Justice Dept. to defend warrantless cell phone tracking, Declan McCullagh, CNET, October 2, 2012
- The Automotive Black Box Data Dilemma, Willie D. Jones, IEEE Spectrum, April 4, 2012
- Emerging Technologies at Odds with Long-Held Privacy Tenets, Leslie A. Gordon, ABA Journal, May 1, 2011
- Senator Ed Markey, Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk, February 2015.
- A Policy Review of the Impact Existing Privacy Principles have on Current and Emerging Transportation Safety Technology, The National Surface Transportation Safety Center for Excellence, May 12 2011
- Toyota Recalls and Government Response
- National Highway Safety Administration EDR Page
- EPIC Driver Privacy Page
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
Privacy in the Modern Age