You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

Automobile Event Data Recorders (Black Boxes) and Privacy

Latest News

Background

On December 13, 2012, the National Highway Traffic Safety Administration (NHTSA), published in the Federal Register a request for public comment on a proposed rule that would mandate that all automobiles manufactured for sale in the United States after September 1, 2014 must have an Event Data Recorder (EDR) or black box. The deadline for EDR public comment is February 11, 2013.

EDRs are devices that can internally record, retain and report 30 seconds of data related to drivers' operation of an automobile. The data stored may be accessed by third parties such as law-enforcement for post crash investigations or repair shops for diagnostic purposes. Since 1996, EDR technology has been included in automobiles sold in the United States. The amount of data required by NHTSA (30 seconds) is outlined in agency specifications, but the amount of data that may be collected is not limited by NHTSA.

Automobiles and computing technology are creating a new level of data services that drivers may access while traveling in lightweight vehicles. Computing technology is facilitating automation of many driving functions through applications such as cruse control, hands free telephone calling, turn-by-turn directions, and Telematic (satellite) communication based services. The increased use of computing components and telecommunication technology in cars is raising the level of data collection and sharing that is associated with drivers/owners. The volume and type of information collected can include location, condition of the car, data services accessed (phone use, programs listened to, radio station consumption), time spent in automobiles, operation data on automobile, etc. The full list of data collection is known by automobile manufacturers and is depended on the design of the computing and telecommunications capacity of the automobile. In many ways cars are becoming fully integrated with computing and telecommunication technologies--which makes them a new source of data collection on consumers.

Today, some high-end automobiles utilize wireless data transfer capabilities. This approach in the future may become more common. The United States Patent and Trademark Office (USPTO) has a patent application for remote wireless management of a vehicle's electronic control unit. The patent is currently under appeal. Wireless transfer of information means that no vehicle contact is necessary to access information. However, this method does not reduce the need to properly secure the vehicle’s Diagnostic Link Connector (DLC) and anyone with the compatible reader could access data such as the Vehicle Identification Number (VIN) and could alter the VIN, if it is not properly protected. The protection of the wireless data should be assured by taking steps to disallow access by unauthorized third parties to the DLC. Strong encryption may offer import security protection for the data and the EDR software. However, physical control over the device itself would remain a key component of protecting the data. If the integrity of the data is questioned then the purpose of EDRs is undermined.

The key to securing EDR data from misuse or abuse according to the IEEE-1616a Standard is to seal the physical port of the EDR device with a lock with the key held by the automobile owner. IEEE, a large, global technical professional organization, is dedicated to advancing technology for the benefit of humanity. Through its highly cited publications, conferences, technology standards, and professional and educational activities, IEEE is the trusted voice on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics.

The IEEE Standards Association, a globally recognized standards-setting body within IEEE, develops consensus standards through an open process that engages industry and brings together a broad stakeholder community. IEEE standards set specifications and best practices based on current scientific and technological knowledge. The IEEE-SA has a portfolio of over 900 active standards and more than 500 standards under development. The IEEE EDR standard is IEEE-1616a.

In the Federal Register/Vol. 77, No. 240, published on Thursday, December 13, 2012/Proposed Rules (PDF version see page 74147, under "Data Retrieval," the following is stated: "Part 563 requires that each vehicle manufacturer ensure, by licensing agreement or other means, the commercial availability of retrieval tool(s) for downloading or imaging the required EDR data. The data-imaging tool must be commercially available no later than 90 days after the first sale of the vehicle for purposes other than resale."

History

In the digital information economy, law and policy advocates work in advance of broad adoption of new mobile telecommunication and computing technology to protect consumer privacy and sometimes civil liberty rights. Prudent measures to protect the public are welcomed, but when these measures are not accompanied by limitations that restrict the collection and use of personal information to the purpose of the collection then secondary uses and potential abuses or misuses of personal information are likely.

For example, the E911 policy proposal advanced as a consumer safety measure required that all cell phones sold in the US must use the Global Position System (GPS) or cell tower triangulation techniques to assure that the location of a cell phone could be determined. E911 Cell Phone and Smart Location identification requirements became law but are now used by third parties e.g. cell phone app developers, cell phone companies, and law-enforcement to record data on the location of users.

The sole expressed purpose for E911 at the beginning of the policy debate was to locate cell phone users who were in need of emergency assistance. However, because limitations on the use of cell phone location data were not established in the law that created E911 on cell phones this data has created a new area of advocacy work to protect consumer privacy and has opened legal arguments by law-enforcement. The law-enforcement argument over cell phone location data asserts that it should not be protected by the 4th Amendment to the Constitution of the United States. This Amendment's enforcement would require due process.

The relevance to the EDR debate is that without safeguards and appropriate security measures EDR data would someday create privacy and civil liberties challenges similar to those associated with E911 telecommunication technology. Further, the court decision in EPIC US v Jones" dealt with legal questions that may not answer privacy and civil liberties challenges that involve the Telematic and EDR features associated with automobiles.

EDR Privacy Risks

Automobiles are integrating computing technology that enhance the ability of others to collect location and operation data in near real time. In the data driven economy this data is of value. There are only 13 states with laws that address EDRs and vehicle operators.

  • Lack of consumer knowledge of the technology's presence in vehicles
  • Driver Access to EDR data
  • Security of EDR data to assure chain of custody and accuracy
  • Transparency on each type of event that would trigger data collection
  • Universal law that outlines the purpose of the data collection and limits the use of EDR data to the purpose of the collection
  • Driver control (ownership) of data
  • Integration of EDR data collection with non-vehicle operation related features
  • There are no limits on the number of data elements that NHSTA may require in the future
  • There are no limits on EDR data collection, retention and use by third-parties

EPIC on EDRs

Articles

Resources

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security