USDOT Calls for Connected Vehicle Mandate; Security and Privacy Concerns Remain

by Marc Scribner on February 3, 2014 · 2 comments

in Features, Mobility, Precaution & Risk, Privacy, Regulation, Tech & Telecom

Post image for USDOT Calls for Connected Vehicle Mandate; Security and Privacy Concerns Remain

The U.S. Department of Transportation (DOT) announced today it would chart a regulatory path that would require all new automobiles to be equipped with vehicle-to-vehicle (V2V) communications systems sometime in the next several years. This follows a National Transportation Safety Board recommendation that connected vehicle technology be mandated on all new vehicles.

V2V and vehicle-to-infrastructure (V2I) safety systems could provide large safety benefits in the future. Unfortunately, DOT has jumped the gun, requiring systems while large challenges remain, particularly issues related to data privacy and security.

A November 2013 report from the Government Accountability Office (GAO) provides a good description of what DOT is attempting to do:

DOT and the automobile industry have been conducting research on new types of technologies to prevent crashes—called vehicle-to-vehicle (V2V) technologies—in recent years. These technologies facilitate the sharing of data, such as vehicle speed and location, among vehicles to warn drivers of potential collisions. Based on the data shared, V2V technologies are capable of warning drivers of imminent collisions, including some that sensor-based crash avoidance technologies would be unable to detect. DOT’s efforts related to these technologies are being led by NHTSA and the Intelligent Transportation Systems (ITS) Joint Program Office within DOT’s Research and Innovative Technology Administration (RITA). According to NHTSA, if V2V technologies are widely deployed, they have the potential to address 76 percent of multi-vehicle crashes involving at least one light vehicle by providing warnings to drivers.

Sounds good, right? But there are big challenges to V2V deployment, of which GAO identifies five:

1) finalizing the technical framework and management framework of a V2V communication security system, which will be unique in its size and structure; 2) ensuring that the possible sharing with other wireless users of the radio-frequency spectrum used by V2V communications will not adversely affect V2V technology’s performance; 3) ensuring that drivers respond appropriately to warnings of potential collisions; 4) addressing the uncertainty related to potential liability issues posed by V2V technologies; and 5) addressing any concerns the public may have, including those related to privacy.

Requiring that cars “talk to each other” before critical issues related to security (how are hackers prevented from manipulating V2V warnings and how are the security systems financed and operated?) and privacy (who owns the V2V data collected and who may obtain it, and under what conditions may they obtain it?) strikes me as premature. The automakers and senior lawmakers, such as Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., are similarly concerned.

The private sector, in partnership with government researchers, has been methodically developing V2V and V2I technologies. We should allow them to continue this process without the imposition of regulatory mandates, however good the intentions. Once the technologies have been sufficiently improved, we should allow the market to determine V2V deployment. Not only will this maintain consumer and producer choice, but it will reduce the very real safety risks associated with prematurely deploying potentially flawed technologies.

Even if you believe a V2V government mandate is an appropriate public policy position, you should recognize that this call from DOT is premature. Lawmakers should call on the DOT to continue its partnership with the private sector in the development of nonbinding V2V standards, rather than moving forward with strict regulatory requirements.

William February 4, 2014 at 12:50 am

Hi — I’ve been one of the researchers involved in the security for this system. I sympathize with a lot of your concerns but wanted to fill you in on some facts that might help reduce those concerns.

The important thing to bear in mind is that this was an announcement that a process will begin that will eventually (subject to feedback during the public comment period) result in a regulation requiring the technology to be included. This isn’t the same as requiring it to be built in today. The regulation making will take probably three years, and there will then be a grace period to allow it to be implemented. The policymakers are working closely with the auto OEMs and other stakeholders and are keenly aware of the kind of concerns you’re expressing, and will try to ensure they’re properly address.

Requiring that cars “talk to each other” before critical issues related to security (how are hackers prevented from manipulating V2V warnings and how are the security systems financed and operated?) and privacy (who owns the V2V data collected and who may obtain it, and under what conditions may they obtain it?) strikes me as premature

A lot of technical and policy work has been done on these questions; you’ll see more details in the NHTSA documentation when it comes out. These are questions that are being taken seriously, are being widely discussed, and will be addressed before there is a mandate.

The private sector, in partnership with government researchers, has been methodically developing V2V and V2I technologies. We should allow them to continue this process without the imposition of regulatory mandates, however good the intentions.

The process has been going on for almost fifteen years and there’s good consensus that researchers have converged on a set of technologies that will work. The mandate is not the government imposing a solution where there is no agreement; it will be for technology that the OEMs also support. You can only research for so long; at some point you have to deploy. The mandate is supported by the industry because it lets everyone move from research to product development, knowing that everyone else will be deploying compatible products.

Once the technologies have been sufficiently improved, we should allow the market to determine V2V deployment. Not only will this maintain consumer and producer choice, but it will reduce the very real safety risks associated with prematurely deploying potentially flawed technologies.

There’s a first-mover problem here, though. This is supposed to be a cooperative safety system: it only prevents accidents if both the sender and the receiver are equipped. A non-mandated system would have much lower benefits (because the benefit goes as p^2, where p is the percentage of equipped vehicles) but higher costs per unit because of fixed system support costs and fewer economies of scale. With lower benefits and higher costs, it’s harder for a purely voluntary system to succeed than an mandated system. Instead, the mandate is likely to prompt private companies like Qualcomm to come into the market with voluntary-use devices, since they know there will be devices out there to talk to.

Deployment isn’t premature. This is technology that has been developed over thirteen years and been the subject of a large number of field trials. The automakers believe it works.

Even if you believe a V2V government mandate is an appropriate public policy position, you should recognize that this call from DOT is premature. Lawmakers should call on the DOT to continue its partnership with the private sector in the development of nonbinding V2V standards, rather than moving forward with strict regulatory requirements.

I would suggest you talk to representatives of the auto industry about whether they feel this is premature. You should also talk to industry representatives about whether they feel USDOT is acting unilaterally or in partnership with them. This move isn’t unilateral, isn’t a surprise, isn’t unwelcome, and isn’t premature. It just sets expectations so that suppliers can compete to provide the best possible implementation of a system that will have to interoperate between multiple vendors.

Marc Scribner February 4, 2014 at 3:44 pm

Thank you for your comment, William. I mostly agree, especially on the technical side with V2V. But one of the major questions remaining is who pays for the fixed costs of securing the system? Particularly if there is a roadside infrastructure component, I see this as a major problem. I don’t know a single practitioner on the public finance side who is optimistic about this — DOTs can barely fill potholes and there is no sign that funding levels will significantly increase in the near-term.

I disagree with you on the mandate. Given the low cost of equipping individual vehicles and the expected benefits, why not expect a scenario similar to what we saw with event data recorders? The auto industry was enthusiastically embracing them (to the point that virtually all new vehicles had EDRs) long before the mandate was imposed.

It is quite possible to have a FMVSS without requiring the component be installed for all new vehicles. Mandates, especially when anything is remotely related to privacy, will create a political backlash. It would be a mistake to barrel ahead without properly considering public opinion and doing the necessary outreach and education.

The auto industry is supportive broadly of connected vehicle technology, as am I. I am certainly more cautious on the mandate in principle than them (I dislike the entire federal safety regulatory regime, but that’s for another, much longer post), but the industry will not accept a mandate lying down until NHTSA and others resolve remaining questions related to security and funding/financing. They’re justifiably skeptical of claims made by the ITS community, given how advanced we supposedly were 15 years ago. And again, infra. and ops practitioners and researchers generally believe the public finance reality makes V2I a non-starter, so anything that relies upon large public expenditures likely isn’t going anywhere anytime soon. Also, most industry vehicle automation researchers are skeptical of connected vehicle technology as it relates to highly automated or autonomous vehicles and even more skeptical when it comes to connected vehicle mandates that might impact the direction of these automated vehicles.

Comments on this entry are closed.

Previous post:

Next post: