SPONSORED CONTENT - MyGovWatch - RFP Cliches Debunked: What Government Buyers...
Automated Vehicles and Privacy Issues: Learning from Experience
1. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Automated Vehicles Symposium 2015
Automated Vehicles and Privacy Issues: Learning
From Experience
Thomas J. Bamonte (@TomBamonte)
Assistant Executive Director, Strategy & Innovation
North Texas Tollway Authority
July 22, 2015
2. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Overview
Toll highways and data generation
Privacy concerns and responses
Application to automated vehicles
3. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
U.S. Toll Highway Network
4. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Overview of Highway Tolling
Toll highways/bridges in 35 states
2,900 miles of tolled interstates in 21 states
5+ billion trips handled annually
Tolls = approx. 35% of federal gas tax revenue
Industry moving to “all electronic tolling” (AET)
5. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Mechanics of Electronic Tolling
6. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Pay-by-Plate Customers
7. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Trip Data Collection
8. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Registered Owner Information
Personal information
Home address
Telephone
Driver license number
Email address
License plate number
Credit card information
Vehicle year/make/model/color/VIN
Sources
Customer accounts
DMV data
Collection efforts
9. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Roadway Camera Coverage
10. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Law Enforcement: ALPR
11. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
HOT Lane Enforcement
12. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Emerging Tolling Methods
13. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Vehicle as Data Generator
14. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
OBD Units
Drivewise by AllstateVinli
15. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
“Black Box” Event Data Recorders
Capture crash-related
data
Pre-crash vehicle dynamics
and system status
Driver inputs
Vehicle crash signature
Restraint usage/deployment
status
Post-crash data such as the
activation of an automatic
collision notification system
Installed in most
vehicles—NTHSA
mandate forward
16. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Driver Fitness Monitoring
17. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Vehicle-to-Cloud Connections
Vehicle as Cellphone on Wheels
18. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Current Highway User Privacy Protections
Contract: Customer account
agreements
Customer account and trip
data shielded from general
disclosure; use allowed –
When conducting tolling business
In response to court order
(e.g., warrant)
When aggregated (e.g., studies)
High data protection
standards in place (e.g., PCI
compliance)
Other data streams covered
by user agreements (e.g.,
Waze)
19. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
State Law Protections
Customer
account
information &
trip data =
FOIA
exception
Mandated
privacy policies
& data security
requirements
Laws governing
ownership &
use of event
data recorders
General data
security &
breach notice
requirements
ALPR
regulation
20. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Federal Law Protections
Drivers Privacy
Protection Act
Various consumer law
protections
Federal legislation
introduced to protect
locational privacy—
including vehicles
Jones & Riley
decisions
21. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Established Principles
Customer account information and trip data
shielded from general disclosure
Used for toll collection purposes
Not disclosed unless legally required (e.g., warrant)
Anonymized data used for analysis
High data protection standards (e.g., PCI compliance)
Vehicle data belongs to vehicle owner
No transfer of data to 3d parties w/out consent
22. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Challenges: Automated Vehicles
Extensions into law
enforcement
“Taking over” vehicle for
safety/traffic management
Sponsored ads in visual
stream on dashboard
Sale of highway user data
Vehicle sensor array poses
own privacy challenges
23. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
Cybersecurity Eclipses Other Privacy Concerns
24. ● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●
North Texas Tollway Authority
Our Mission
Provide a safe and reliable toll road system Increase
value and mobility options for customers Operate the
Authority in a businesslike manner Protect our
bondholders Partner to meet our region’s growing need
for transportation infrastructure
Notas do Editor
1
Toll highways are becoming more important in our national transportation system. As the industry shifts to all-electronic tolling using inexpensive transponders like those shown, toll highways become an even more viable alternative to gas-tax funded roads.
All-electronic tolling uses an RFID transponder read or a picture of a license plate to identify a vehicle. Each passing vehicle gets pinged for a transponder read and a photo is taken of every license plate.
Pay-by-plate is currently a more cumbersome billing collection process, complicated by poor name/address information at many DMVs and the lack of a national standard format for license plates. Tolling authorities work from license plates and with DMVs to get the home addresses of vehicle owners and send them bills. Toll authorities are using technology improvements to turn pay-by-plate users into good-paying customers with similar kinds of accounts.
In addition to customer account information, toll authorities collect vast amounts of trip data from the vehicles passing by tolling points. NTTA has almost 700 million transactions annually and it is only the 10th largest tolling authority in the country. This is a massive data trove showing how, where and when folks in North Texas get around down to the last second.
But there’s more going on out there on the roadways. Now that toll booths have been removed, toll violation enforcement has taken on new importance. One important tool that NTTA is deploying through our law enforcement partner is automated license plate readers. Fixed and mobile ALPR units read the license plates of every passing vehicle. This information is cross-checked against toll violator databases and violators can be intercepted. Note that law enforcement agencies—especially at the local level—are making heavy use of ALPR technology for other law enforcement purposes. Combine tolling databases with ALPR databases and you get a massive regional database of trip data.
The next step may be peering inside the vehicle at the occupants. Highway authorities—but not NTTA I might add—are testing new infrared technology to help enforce HOV and HOT lane vehicle occupancy requirements. Getting a heat signature from a human as opposed to a dummy can result in detailed portraits of the vehicle occupants.
New tolling methods are emerging from private companies using the smartphone GPS and camera functions. These methods will complement and may someday replace traditional tolling. What this means is that private companies, in collaboration with public tolling entities, will be collecting the same kind of detailed locational data by customer vehicle.
Vehicles themselves are increasingly active as data generators. Services such as Waze are turning our vehicles into data probes. Those of us who use Waze are providing Google with lots of information about our travel, and not just from toll gantry to toll gantry, but in real time/real place on every street and highway. My sense is that most of us are comfortable opting in and sharing out data, recognizing that the more we and others share about our travel the better Waze will be in helping us get to where we want to go.
Likewise, insurance companies are mining onboard data about our vehicle operation to customize insurance policies and rates. By monitoring and rewarding drivers whose vehicles exhibit good behavior, these programs seem to be another case where consumers seem willing to exchange their data for better prices and customized customer service. This gets to an important point: Giving highway users the opportunity to opt-in to programs that deliver deliver benefits but may compromise privacy is much preferable to compromising privacy without their knowledge or consent.
Let’s not forget that the vehicles themselves are generating mountains of data, captured by black box event data recorders and other onboard devices. Vehicles now are rolling out with 100 million or more lines of software code.
Upping the level of surveillance, vehicles are being equipped with sensors and cameras to keep track of how drivers are performing—looking for signs of impairment. How will truck drivers feel about always being monitored? Will you and I be willing to have big brother watching us in real time in exchange for better insurance rates or lower car rental rates? This may be a closer question.
Ironically in light of Riley’s focus on cellphone searches, through the efforts of Apple and Google vehicles are turning into rolling smartphones. It seems a short step to say that if a warrant is required before searching a smartphone a warrant is also required before accessing vehicle trip data stored that smartphone or in the vehicle.
High expectation. Customer account/trip data/no use in law enforcement.
User agreement/privacy policy: No disclosure under ordered to do so or necessary for operations
No sale to 3d parties—may do opt in
Not a lot of concern about surveillance--yet
In customer surveys we inquired about privacy issues. Not surprisingly, we’ve learned that customers have high expectations that their account information will be protected. Customers don’t want Target-like data breaches that compromise the credit card and other information they give us. They don’t want their trip data released willy-nilly either. They are resistant to automating enforcement by, for example, getting ticketed automatically if they drive too fast between tolling points. We’ve responded by telling our customers in customer agreements and privacy statements that we won’t share their data with third parties, including law enforcement, unless legally ordered to do so by subpoena or warrants. We also don’t sell or share our customer data to third parties for commercial use, although we are exploring
There is a patchwork of state laws that address privacy issues. Some states such as California have specific laws directing how customer account information and trip data is to be kept confidential. Some have FOIA statutes providing that trip data is not subject to FOIA disclosure. Some mandate toll authorities to adopt privacy policies that protect customer information. About a quarter of states have laws concerning the use of “black box” data and even fewer regulate ALPR data collection, although there is ALPR legislation pending in almost 20 states. Customers are also protected by general data security/data breach notification laws applicable to consumers generally, but those laws do not address highway/vehicle privacy issues directly.
Federal law has not filled in the gaps. The Drivers Privacy Protection Act protects the confidentiality of drivers license information but is of limited scope. The FTC Act (deceptive practices) has some general application. [Electronic Communications Privacy Act of 1986.] There has been legislation introduced to protect the privacy of locational data, but it has not advanced. The biggest federal contribution has been the Supreme Court’s decisions in Jones and Riley, which recognize that sustained warrantless collection of travel pattern data implicates the Fourth Amendment.
XTRA Slide
The challenge is the unrelenting gaze on highway use. Keys to manage = (1) Give opt-in wherever possible; (2) Be wary of sharing individualized data with third parties, even other public entities; and (3) whenever highway user privacy is at stake, make sure there is sufficient transportation benefits to make the legal/political risk worth running. Black box laws may become model: (1) data belongs in first instance to vehicle owner; (2) common sense exceptions—e.g., court order; and (3) vehicle owner can opt out. When buy car make these kind of choices. Riley will be extended to limit law enforcement overreach when it comes to vehicle tracking and data mining.