National Academies Press: OpenBook
« Previous: Introduction
Page 3
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 3
Page 4
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 4
Page 5
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 5
Page 6
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 6
Page 7
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 7
Page 8
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 8
Page 9
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 9
Page 10
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 10
Page 11
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 11
Page 12
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 12
Page 13
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 13
Page 14
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 14
Page 15
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 15
Page 16
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 16
Page 17
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 17
Page 18
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 18
Page 19
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 19
Page 20
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 20
Page 21
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 21
Page 22
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 22
Page 23
Suggested Citation:"Section 1: Federal Law Review." National Academies of Sciences, Engineering, and Medicine. 2018. Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape. Washington, DC: The National Academies Press. doi: 10.17226/25296.
×
Page 23

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 3 Section 1: Federal Law Review The U.S. Department of Transportation’s (USDOT’s) NHTSA is the chief agency charged with overseeing the safe implementation of C/AVs/HAVs in the U.S. transportation network. Under the National Traffic and Motor Vehicle Act of 1966 (“Safety Act”), NHTSA is statutorily directed by Congress to conduct research, promulgation, and enforcement of Federal Motor Vehicle Safety Standards (FMVSS). NHTSA issues information on the safety features in new vehicles to aid in consumer adoption and market saturation. NHTSA also releases comparative performance rating data to encourage manufactures to improve their vehicles’ safety on a voluntary basis. Finally, NHTSA is now playing a role in guiding the development of C/AV/HAV use, ensuring that development and use of this technology does not occur in a piecemeal regulatory fashion, and that industry and the public can know, understand, and respond to the rules of the road. In this role, according to Lindsay et al., NHTSA has the power to preempt state actions related to C/AV/HAV regulations and operational activities regarding design standards (2014). As a rule, the preemption provision in the Safety Act authorizes NHTSA to intervene in state activities should vehicles and equipment not comply with the standards in place at the time of manufacture (NHTSA, 2016f). This section is broken down into several sub-sections covering topical areas upon which the federal government has drafted policy or regulations. Automated and Highly Automated Vehicle Policy In 2013, NHTSA issued a “Preliminary Statement of Policy Concerning Automated Vehicles” (NHTSA, 2013). This statement acknowledged the challenges faced by regulatory agencies in developing performance requirements for, and ensuring the safety and security of, vehicles with increased levels of automation and automated control functions. NHTSA outlined the Agency’s C/AV/HAV research plan in accordance with concurrent technological developments in the automotive sector, and defined the levels of vehicle automation. At this juncture, NHTSA encouraged states to play the primary role in overseeing the “licensing, testing, and operation of self-driving vehicles on public roads,” but added that they did not believe that, currently, “self-driving vehicles [were] ready to be driven on public roads for purposes other than testing” (NHTSA, 2013, p.10). The preliminary statement of policy recommended eight principles for states with respect to overseeing the operation and use of C/AV/HAVs (while reserving for federal regulation oversight the actual design features of the vehicles and technology). Although these principles were non-binding, they highlighted the agency’s concern about states’ premature and prescriptive C/AV/HAV design regulation that could stifle innovation or conflict with a “significant regulatory objective” (NHTSA, 2013). In September 2016, NHTSA (NHTSA, 2016e) issued an update to its Federal Automated Vehicle Policy (FAVP). NHTSA noted that they issued this policy as agency guidance rather than as rulemaking in order to speed delivery of an initial regulatory framework and best practices to guide manufacturers and other entities in the safe design, development, testing and deployment of C/AVs/HAVs (NHTSA, 2016e, p. 8). The policy includes performance guidance for C/AVs/HAVs, a model “state” policy section, a review of NHTSA’s current regulatory tools, and a final section on modern regulatory tools. It should be noted that the policy is targeted toward HAVs; i.e., SAE Level 3 and above. The vehicle performance section outlines best practices for safe pre-deployment, design, development and testing of HAVs prior to commercial sale or operation on public roads. Deployment is defined as “the operation of an HAV by members of the public who are not the employees or agents of the designer, developer, or manufacturer of the HAV” (NHTSA, 2016e p. 8).

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 4 The guidance sets the USDOT’s expectations of the industry by offering reasonable practices and procedures that “manufacturers, suppliers and other entities should follow in the immediate short term to test and deploy HAVs.” NHTSA notes in the policy that under current law, manufacturers bear the responsibility to self-certify that the vehicles they manufacture for use on public roadways comply with FMVSS. If a vehicle is compliant within this framework and maintains a conventional vehicle design, there is currently no specific federal legal barrier to an HAV being offered for sale. The model state policy confirms that the states retain their traditional responsibilities for vehicle licensing and registration, traffic laws and enforcement, and motor vehicle insurance and liability regimes. The model state policy framework identifies where new issues fit within existing state and federal structures. The goal is to ensure the creation of a consistent national framework, rather than a patchwork of laws, some of which may be incompatible. NHTSA will continue to exercise its available regulatory authority for interpretations, exemptions, notice and comment rulemaking, and its enforcement authority, including defect recognition, and recall of vehicles or equipment that pose an unreasonable risk to safety, even if there are no applicable standards from the FMVSS. As part of the policy, NHTSA also streamlined its review process and committed to issuing simple HAV-related interpretations within 60 days, and ruling on simple HAV exemption requests within 6 months. NHTSA will publish this section in the federal register for review, as it has implications beyond HAVs. Finally, the policy identifies potential new tools, authorities, and regulatory structures that could aid in the safe and expeditious deployment of new technologies by making the agency nimbler and more flexible. NHTSA has created a vehicle performance guidance chart (Figure 1), wherein it is the manufacturer or other entity’s responsibility to determine their system’s C/AV/HAV level in conformity with SAE International’s published definitions. This framework applies to both test and production vehicles. Figure 1. Framework for vehicle performance guidance. Source: NHTSA, 2016e

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 5 The applicability of the guidance to SAE level 2–5 AV/HAV systems can be seen in Table 1. Table 1. Applicability of Guidance Areas to SAE Automation Levels 2–5 Levels of Automation SAE Levels 3, 4, 5 (HAVs) SAE Level 2 (AVs) Safety Assessment Letter to NHTSA Yes Yes C. Cross-Cutting Areas Fully Partially C.1 Data Recording and Sharing Yes Yes C.2. Privacy Yes Yes C.3. System Safety Yes Yes C.4. Vehicle Cybersecurity Yes Yes C.5. Human Machine Interface Yes Yes C.6. Crashworthiness Yes Yes C.7. Consumer Education and Training Yes Yes C.8. Registration and Certification Yes Yes C.9. Post-Crash System Behavior Yes Yes C.10. Federal, State, and Local Laws Yes Clarify to Driver C.11. Ethical Considerations Yes Yes F. Automation Function Fully Partially F.1. Operational Design Domain (ODD) Yes No F.2. Object and Event Detection and Response Yes No F.3. Fall Back (Minimal Risk Condition) Yes No F.4. Validation Methods Yes Yes G. Guidance for Lower Levels of Automated Vehicle Systems No Yes Source: NHTSA, 2016e The model state policy in the guidance outlines federal and state roles. NHTSA responsibilities include the following (NHTSA, 2016e, p. 38): • Setting FMVSS for new motor vehicles and motor vehicle equipment (to which manufacturers must certify compliance before they sell their vehicles) • Enforcing compliance with the FMVSS • Investigating and managing the recall and remedy of non-compliances and safety-related motor vehicle defects and recalls on a nationwide basis • Communicating with and educating the public about motor vehicle safety issues • Issuing guidance for vehicle and equipment manufacturers to follow, such as the Vehicle Performance Guidance for HAVs presented in this Policy State responsibilities include the following: • Licensing (human) drivers and registering motor vehicles in their jurisdictions • Enacting and enforcing traffic laws and regulations

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 6 • Conducting safety inspections, where states choose to do so • Regulating motor vehicle insurance and liability NHTSA notes that these general areas of responsibility should remain largely unchanged for HAVs. The federal government will continue to be responsible for regulating motor vehicles and equipment, and the states will remain responsibility for regulating the human driver and most other aspects of motor vehicle operation. However, NHTSA notes that as vehicle equipment increasingly performs “driving tasks,” each state department of transportation’s exercise of its authority and responsibility to regulate the safety of this equipment will increasingly encompass tasks that are similar to the “licensing” of a non-human driver (hardware and software that performs part or all of the driving tasks currently performed by a human). States are encouraged to evaluate their current laws and regulations to address unnecessary impediments to the safe testing, deployment, and operation of HAVs, and update references to a human driver as appropriate. States may still wish to experiment with different policies and approaches to create consistent standards to contribute to the development of the best approaches and policies to achieve uniform regulatory objectives. Elements of the model state framework are placed into eight thematic areas: 1) administrative, 2) application for testing, 3) jurisdictional permission to test, 4) testing by manufacturer or other entity, 5) deployed vehicles and “drivers,” 6) deployed vehicles’ registration and titling, 7) law enforcement, and 8) liability and insurance. Following are NHTSA’s key recommendations by thematic area: 1. Administrative: states should identify a lead agency responsible for consideration of HAV testing, and create a jurisdictional automated safety committee with representation from major government agencies and stakeholders representing various interested users, groups and parties. The designated lead agency should take steps to use or establish statutory authority to implement a framework and regulations and examine its existing laws in five areas: licensing/registration, driver education and training, insurance and liability, enforcement of traffic laws/regulations, and administration of vehicle inspections. States should create an internal process that includes an application process for testing HAVs. 2. Application for testing: applications should be submitted by manufacturers/entities noting they are following FMVSS and any other standards created by NHTSA. Applications should identify each vehicle to be used for testing by vehicle identification number (VIN), vehicle type, or some other unique type identifier (e.g., year/make/model). The application should identify test operators and have the manufacturers’/entities’ safety and compliance plan for testing vehicles, and should also include the summary safety assessment submitted to NHTSA. Evidence of ability to satisfy a judgment for damages for personal injury, death, and property damage should be no less than $5 million. 3. Jurisdictional permission to test: lead agency should involve law enforcement prior to responding to the testing request. Lead agency can choose to test with restrictions or in a specific area, or restrict areas (e.g., school zones and other safety sensitive areas). It is suggested that a letter of authorization for the test be issued. A vehicle-specific permit should be carried in the test vehicle, and the test vehicle should be registered/titled. 4. Testing by manufacturer or other entity: vehicle used in test should be operated by an authorized user who has received training regarding its capabilities and limitations. It is recommended that this user hold a valid driver’s license. All crashes must be reported. 5. Deployed vehicles and drivers: to make the transition from human-driven vehicles with safety technologies to fully automated vehicles, gaps in current regulations should be identified and addressed by states. These could include statutes/regulations for enforcement/emergency response, occupant safety, motor vehicle insurance, crash investigation/crash reporting, liability

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 7 (tort, criminal, etc.), motor vehicle safety inspections, education and training, vehicle modifications and maintenance, and environmental impacts 6. Deployed vehicles’ registration and titling: HAV technologies that allow vehicle to be operated without a human driver should be identified on title and registration documents. Aftermarket installation of HAV technologies should be reported to the motor vehicle agency. 7. Law enforcement: it is important for first responders and law enforcement to consider how HAVs will affect their duties. Training and education regarding interaction with drivers and operators will be needed for testing and deployment of the technologies. In addition, for vehicles that offer less than full automation, the potential for distracted driving may increase (e.g., using devices, eating, drinking) and regulations to limit these activities in these vehicles should be consistent across jurisdictions. 8. Liability and insurance: states should consider how to allocate liability among HAV owners, operators, passengers, manufacturers, and others when a crash occurs. The Competitive Enterprise Institute, a libertarian think tank, said NHTSA failed to include a test driver license reciprocity provision in the policy recommendations, which it believes could hamper the development and operations of AVs in metropolitan areas that span multiple states (Scribner, Adams, & Szoka, 2016). The U.S. Senate Committee on Commerce, Science and Transportation held a hearing on June 14, 2017 regarding the release of bipartisan principles for self-driving vehicle legislation. Those principles are reproduced in Table 2. Table 2. Principles for Bipartisan Legislation on Self-Driving Vehicles Prioritize Safety: As with conventional vehicles, federal standards will be important to self-driving vehicle safety. Legislation must consider both the near-term and long-term regulatory oversight of these vehicles, recognizing that new safety standards governing these vehicles should eventually be set. Promote Continued Innovation and Reduce Existing Roadblocks: Currently, there is a body of regulations governing conventional vehicles, developed over decades, that does not directly address self-driving vehicles. Developing new standards takes significant time. Legislation must allow the life-saving safety benefits of self-driving vehicle technology to move forward as new standards development is underway. Legislation must find ways to preserve and improve safety while addressing incompatibility with old rules that were not written with self-driving vehicles in mind. Remain Tech Neutral: Self-driving vehicles are likely to take different forms, use diverse technologies, serve consumers with varying capability levels, and follow multiple business models. Legislation must be technology neutral and avoid favoring the business models of some developers of self-driving vehicles over others. Reinforce Separate Federal and State Roles: Traditionally, the federal government has regulated the vehicle itself, while states have regulated driver behavior. Legislation must clarify the responsibilities of federal and state regulators to protect the public and prevent conflicting laws and rules from stifling this new technology. Legislation must be based on the existing relationship between federal and state regulators and their current separation of authority, but make necessary targeted updates for new challenges posed by the current regulatory environment with respect to self-driving vehicles. Strengthen Cybersecurity: Cybersecurity should be a top priority for manufacturers of self-driving vehicles and it must be an integral feature of self-driving vehicles from the very beginning of their development. Legislation must address the connectivity of self-driving vehicles and potential cybersecurity vulnerabilities before they compromise safety. Educate the public to encourage responsible adoption of self-driving vehicles: Government and industry should work together to ensure the public understands the differences between conventional and self-driving vehicles.

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 8 Legislation must review consumer education models for self-driving vehicles and address how companies can inform the public on what self-driving vehicles can and cannot do based on their level of automation and their individual capabilities. Source: US Congress, 2017 In June 2017, the U.S. House of Representatives Committee on Energy and Commerce’s Subcommittee on Digital Commerce and Consumer Protection introduced an unnumbered bill regarding highway AV testing and deployment (U.S. Congress, 2017 (a)). The Highly Automated Vehicle Testing and Deployment Act of 2017 would clarify the federal and state roles for regulating HAVs (bill is not numbered). The legislation requires NHTSA to publish rulemaking and a safety priority plan for HAVS, and requires submission of safety assessment certifications by HAV manufacturers (although it does not stipulate if the term “manufacturer” means only OEMs or includes technology companies or after-market manufacturers). The legislation also calls for manufacturers to develop written cybersecurity plans. This must include a vulnerability detection and response practice with an individual responsible for cybersecurity management. It also requires a process for controlling access to automated driving systems and providing employee training and management. A federal advisory committee within NHTSA is to be created, with subcommittees to examine various areas, including mobility access for communities underserved by traditional public transportation. NHTSA is required to undertake rulemaking for all new passenger cars with a gross vehicle weight (GVW) under 10,000 pounds to be “equipped with a check rear designated seating positions after the vehicle is deactivated by the operator.” This would provide much needed guidance in how HAVs will ensure that back seat restraints and/or child seats or boosters are used when these passengers are present in the vehicle. The bill was last marked up on July 19, 2017 according to the Subcommittee’s website (U.S. Congress 2017 (a)). On July 25, 2017, the U.S. House introduced the Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution Act (Self Drive Act) H.R. 3388. H.R. 3388 was reported out by the House Committee on Energy and Commerce on September 5, 2017 and referred to the Senate Committee on Commerce, Science and Transportation on September 6, 2017. The bill, clarifies federal and state roles and preempts states or political sub divisions to maintain, enforce, prescribe or continue in effect laws or regulation regarding design, construction of performance of HAVs, automated driving systems of components of automated driving systems, unless such law or regulation is identical to any prescribed within this chapter. It requires NHTSA within 18 months to issue rules on submission of safety assessment certifications on how safety is being addressed by manufacturers of highly automated vehicles or automated driving systems. For highly automated vehicles, NHTSA should identify elements that may require performance standards including human machine interface, sensors, and actuators, and consider process and procedure standards for software and cybersecurity as necessary (US House 2017 (b)). The act also amends Chapter 3001 of Subtitle VI of Title 49 USC by adding a new section on rear seat occupant alert system. The Secretary shall, no later than 2 years after the date of enactment of this section, issue a final rule requiring all new passenger motor vehicles weighing less than 10,000 pounds GVW to be equipped with an alarm system to alert the operator to check rear designated seating positions after the vehicle motor or engine is deactivated by the operator. The Act requires manufacturers to develop written cybersecurity plans. The Act would also create a Highly Automated Vehicle Advisory Council six months after the enactment of the act. Membership is to be diverse, and will be determined by the USDOT Secretary (US House 2017 (b)).

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 9 On July 26 2017 the U.S. House introduced H.R. 3416 to establish in NHTSA Administration a Rural and Mountainous Advisory Council to make recommendations regarding the testing and deployment of highly automated vehicles and automated driving systems in areas that are rural, remote, mountainous, insular, or unmapped (U.S. House, 2017 (c)). The council would be convened by NHTSA within six months of the bills enactment. Members will be appointed by the Secretary for 3 years. The Committee will undertake information gathering, develop technical advice, and present best practices or recommendations to the secretary. The council will terminate six years after enactment. Within Section 1 automated driving system, dynamic driving task, highly automated vehicle and operation design domain are defined. The bill notes that if SAE revises definitions, it will notify the secretary who is required to publish these within the federal register for comment. The secretary will then notify SAE that it has determined that the definition does not meet the need for motor vehicle safety or is otherwise inconsistent with United States Code, the existing Section 1 definition shall remain in effect. If the Secretary does not reject a definition revised by SAE it will amend regulations and standards as necessary. On July 28 2017, the U.S. House introduced H.R. 3401 To amend chapter 301 of subtitle VI of title 49, United States Code, to update or provide new motor vehicle safety standards for highly automated vehicles, and for other purposes. The bill defines automated driving systems, dynamic driving task, highly automated vehicle and ODD. The bill requires the secretary no later than 24 months to issue final rules requiring the submission of safety assessment certifications regarding how safety is being address by each entities developing HAVs or automated driving system (ADS). (U.S. Congress, 2017 (d)). The bill, would require in the interim that safety assessment letters are submitted to NHTSA under its policy issued in September 2016 or under any successor guidance. If this bill moves forward amendment to NHTSA’s September 2017 guidance, which now only has a voluntary safety self-assessment guidance, where entities can choose to submit or not submit, will be necessary. On July 28, 2017 the U.S. House introduced H.R. 3411 to amend chapter 301 of subtitle VI of title 49, United States Code, to update or provide new motor vehicle safety standards for highly automated vehicles, and for other purposes. (U.R. Congress, 2017 (e)). The bill proposes an ADS cyber security council that will be convened within six months of the bills enactment. Representation will be diverse, and set by the Secretary, and is capped at 30 members. In the same fashion as H.R. 3416, this bill notes that if SAE revises definitions, it will notify the secretary who is required to publish these within the federal register for comment. The secretary will then notify SAE that it has determined that the definition does not meet the need for motor vehicle safety or is otherwise inconsistent with United States Code, the existing Section 1 definition shall remain in effect. If the Secretary does not reject a definition revised by SAE it will amend regulations and standards as necessary. On September 8 the Senate Commerce Committee circulated a draft AV bill called the American Vision for Safer Transportation through Advancement of Revolutionary Technologies Act, (AV START Act – not numbered) (ENO, 2017). The draft bill has similarities to the House’s SELF Drive Act, but also some major departures within specific sections. Most notably including addressing trucking, The definitions section includes brackets pertaining to a vehicles weight, so inclusion of trucks and buses is considered within this bill. The draft bill makes major differences in the approach to preemption, with AV laws and regulations enacted by states considered to be pre-empted if they pertain to any of nine subject areas of the Safety Evaluation Report that this bill requires (Eno, 2017). In September 2017 NHTSA issued a new draft of policy for highly automated vehicles called Automated Driving Systems 2.0 A Vision for Safety. As before this is introduced as a policy document and not through NHTSA’s rulemaking authority process. The document was also responding comments on the 2016 NHTSA policy document. This new document fully replaces the 2016 policy. The document will be updated annually. The document is split into two sections Section 1 has voluntary guidance which details

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 10 ADS safety elements and ends with a voluntary safety self-assessment component. Section two covers technical assistance to the states. The policy states that: The purpose of this Voluntary Guidance is to help designers of ADSs analyze, identify, and resolve safety considerations prior to deployment using their own, industry, and other best practices. It outlines 12 safety elements, which the Agency believes represent the consensus across the industry, that are generally considered to be the most salient design aspects to consider and address when developing, testing, and deploying ADSs on public roadways. Within each safety design element, entities are encouraged to consider and document their use of industry standards, best practices, company policies, or other methods they have employed to provide for increased system safety in real-world conditions. The 12 safety design elements apply to both ADS original equipment and to replacement equipment or updates (including software updates/upgrades) to ADSs. (NHTSA, 2017). Further, the levels of automation as defined in SAE J3016 (SAE International, 2016b) are presented below in Figure 2. Figure 2. SAE J3017 levels of automation

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 11 The 12 ADS Safety Elements with brief descriptions are outlined in Table 3. New elements that have been highlighted include the fallback minimal risk condition, data recording, human machine interface and post-crash ADS behavior. Table 3. NHTSA’s 2017 Policy ADS Safety Elements Safety Element Brief Descriptor 1 System safety Follow a robust design and validation process based on systems engineering approach. Goal to design ADSs free of unreasonable safety risks. Process should consider including a hazard analysis and safety risk assessment for overall vehicle design into which it is integrated. Design decisions should be linked to assessed risk that could impact safety-critical system functionality. 2 Operational design domain Define and document ODD for each ADS available on their system. Would include at minimum, roadway types, geographic area, speed range, environmental conditions and other domain constraints. 3 Object and event detection and response Detection by driver or ADS of circumstance relevant to immediate driving task, and implementation of appropriate driver of system response. Documented process is encouraged, along with assessment, testing and validation. Documented process for variety of behavioral competencies for ADSs, and document process for crash avoidance. 4 Fallback minimal risk condition Encouraged to create a documented process for transitioning to a minimal risk condition when a problem is encountered and ADS cannot operate safely. In cases of higher automation where human driver may not be available, ADS must be able to fall back into minimal risk condition without the need for driver intervention. 5 Validation methods As scope, technology and capabilities widely, entities are encourage to develop validation methods to appropriate mitigate safety risks associated with ADS approach. 6 Human machine interface At minimum the ADS should be capable of information the human operator or occupant through various indicators the ADS if functioning properly, currently engaged in ADS mode, currently unavailable for use, experiencing a malfunction and/or requesting control transition from ADS to the operator. 7 Vehicle cybersecurity Entities encouraged to follow a robust product develop process based on systems engineering approach to minimize safety risks due to cybersecurity threats and vulnerabilities. Documentation is encouraged, including changes, design choices, analysis and testing. Entities encouraged to report to the Auto ISAC all discovered incidents, exploits threats and vulnerabilities from internal testing and consumer reports. Entities involved with ADSs should also consider adopting a coordinated vulnerability reporting/disclosure policy 8 Crashworthiness As vehicle mix may be operating (those with and without ADS), entities should consider scenarios of another vehicle crashing into ADS equipped vehicle and how to best protect. 9 Post-crash ADS behavior Entities engaged in testing or deployment should consider how to return ADS to a safe state immediately after an incident, e.g. shutting off fuel pump, moving to a safe spot. If the vehicle is a connected vehicle, communication with a relevant entity is encouraged to share and help reduce any harm resulting from a crash. 10 Data recording It is critically important to learn from crash data. Entities engaged in testing/deployment are encouraged to establish a process for data collection and validation to establish crash causes for fatal and non fatal personal injury

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 12 Safety Element Brief Descriptor and damage requires towing. For crash reconstruction recommended ADS data stored, and maintained to be readily available for retrieval. 11 Consumer education and training Entities encouraged to develop, document, and maintain employee, dealer, distributor and consumer education and training programs to address anticipated differences in use and operation of ADS from conventional vehicles owned and operated today. 12 Federal state and local laws Entities encouraged to duument how they intent to account for federal, state and local laws in vehicle design and ADSs. Using ODD, development of ADS should account for all traffic laws governing when operating in automated mode. Given that laws and regulations change, document how to update and adapt ADS to address these new legal requirements. Source: NHTSA, 2017 The final piece of section one is the voluntary safety self-assessment. The difference between this requirement and the previous NHTSA 2016 policy is that entities will not be required to submit this safety assessments. These are now entirely voluntary. Section two of the document details federal and stae roles, and the DOT ‘strongly encourages states to allow DOT alone to regulate the safety design and performance aspects of ADS technology. If a state does pursue ADS performance-related regulations, they ‘should consult with NHTSA’ Given that this is a guidance document however, this is not prescriptive requirements, so states could possibly chose to not consult with NHTSA as NHTSA is not fully preempting this space. The state responsibilities as detailed have also not changed, and still surround licensing, traffic laws, inspections and insurance. Best practices for legislatures have four major bullets: • Provide a technology neutral environment • Provide licensing and registration procedures • Provide reporting and communications for public safety official • Review traffic laws and regulations that could serve as barriers to operation of ADS. Best practices for state highway safety officials are detailed under 1. Administrative – consider new oversight activities to support states roles including, • Identifying a lead agency, creating a jurisdictional ADS technology committee, open communication, establish statutory authority to implement polici8es and regulations, develop internal process including testing applications and then issuing ADS test permits. 2. Application for entities to test ADSs on public roadways • Develop process for applicant submission, and details specific information for recording keeping, include entities safety and compliance plan. • Inclusion of evidence to satisfy a judgment or judgments for damages for personal, injury, death or property should be consider, and summary of training provided to employees, contractors and testers. 3. Permission for entities to test ADSs on public roadways • States hat grant permission for testing it is recommended this remain at state level, and not local governments should coordinate.

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 13 • If the state allows local government applications these should involve law enforcement agencies and suspension of permission if the entity fails to comply with insurance or driver requirements. 4. Specific considerations for ADS test drivers and operators • Including request summary of training. Evidence that test driver will follow all traffic rules and report crashes to state,. States still regulate human drivers, and licensed drivers will be required for vehicles at level 3 and under. • For level 4 and 5 that require no human driver, entire driving operation should be performed by the automated system from origin to destination. 5. Considerations for registration and titling • Consider identification on title and registration for ADS or those capable of operating without human driver • Notification regarding upgrades to unit post sale, consider amending applicable state forms 6. Working with public safety officials • These agencies need to understand vehicles and needs develop training these officials to aid with ADS deployment, and allow officers to understand ADS operation and potential interactions • Coordination among states for developing policies on human operator behaviors. 7. Liability and Insurance • Begin to identify allocation of liability among ADS owners, operators, passengers, manufacturers and other entities for crash situations. • Determine who should carry insurance. • States should consider laws and rules on tort liability. Source: NHTSA, 2017 On June 28th 20187 the Federal Trade Commission (FTC) held a workshop to examine consumer privacy and security issues posed by AVs (FTC, 2017). Workshop attendees, included public and private sector stakeholders and consumer advocates. Topics discussed included: • the types of data vehicles with wireless interfaces collect, store, transmit, and share; • potential benefits and challenges posed by such data collection; • the privacy and security practices of vehicle manufacturers; • the role of the FTC, NHTSA, and other government agencies regarding privacy and security issues related to CVs; and • self-regulatory standards that might apply to privacy and security issues related to CVs (FTC, 2017a). Cybersecurity Policy In October 2014, NHTSA released three cybersecurity reports (McCarthy, Harnett, & Carter, 2014a; McCarthy, Harnett, & Carter, 2014b; McCarthy & Harnett, 2014) describing its initial work in its Automotive Cybersecurity Research Program. An important activity that occurred under these reports was the creation of an Information Sharing and Analysis Center (Auto-ISAC), which is a partnership with the automotive industry to help the industry proactively and uniformly address cybersecurity threats. This also aligned with 1998’s Presidential Decision Directive 63, which looks at ways for public and private sector partners to share information about physical and cyber threats to critical infrastructure. In the 2016 policy update, NHTSA also stated that it will explore a mechanism to facilitate anonymous data sharing among those parties testing and deploying C/AVs/HAVs (NHTSA, 2014d).

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 14 In April 2016, the Government Accounting Office (GAO) assessed vehicle cybersecurity and noted that the USDOT needed to define its role in responding to a real-world attack (GAO, 2016). The GAO recommended key practices to identify and mitigate vehicle cybersecurity vulnerabilities (see Table 4 and Figure 3 below). Table 4. Key Practices to Identify and Mitigate Vehicle Cybersecurity Vulnerabilities Identified by Industry Stakeholders Key Practicea Deception Conduct risk assessments Assess threats and vulnerabilities related to vehicles’ electronic systems, including the potential impacts if known vulnerabilities are exploited, to inform and prioritize cybersecurity protections. Incorporate security-by- design principles Consider and build in cybersecurity protections starting in the early vehicle-design phases. Create domain separation for in-vehicle networks To the extent possible, locate safety-critical systems (I.e., steering, braking, etc.) and non-safety-critical systems on separate in-vehicle networks and limit communication between the safety-critical and non-safety-critical domains. Implement a layered approach to security Incorporate cybersecurity protections at multiple vehicle layers (e.g., at the electronic control unit level and the in-vehicle network level) to create multiple hurdles for cyber attackers and reduce the impact of a cyber breach. Conduct penetration testing Employ skilled assessors/evaluators who can simulate real-world vehicle cyberattacks in an attempt to identify ways to circumvent and defeat the vehicle’s cybersecurity protections. Conduct code reviews Employ skilled assessors/evaluators to systematically examine the vehicle’s software code so that any mistakes overlooked in the initial development phase can be addressed. Develop over-the-air update capabilities Establish mechanisms to remotely and securely update vehicle software and firmwareb over the life of the vehicle in response to identified vulnerabilities. Source: GAO, 2016 p. 21 aThese key practices are organized based on the vehicle development process, beginning with the vehicle concept and design phases and ending with the vehicle operation and maintenance phase. bFirmware is the combination of a hardware device and computer instructions and data that reside as read-only software on that device.

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 15 Figure 3. Example of vehicle’s cybersecurity mitigation technologies shown along an in-vehicle network. Source: GAO 2016 p. 24 In October 2016, NHTSA issued a policy on Cybersecurity Best Practices for Modern Vehicles (NHTSA, 2016e). This non-binding guidance was developed for improving motor vehicle cybersecurity. NHTSA notes that it is important for the automotive industry to make vehicle cybersecurity an organization priority, which should include proactively adopting and using any available guidance and establishing internal processes and strategies to ensure that systems will be reasonably safe under expected real-world conditions. As recently seen in the November 2016 San Francisco Transit hack, and in the Jeep/Chrysler hacking videos from Wired.com, the possibility of a hack is real. In this case, the hackers demanded 100 bitcoins ($73,000) in ransom. The agency did not pay the ransom, and instead turned off the payment machines and opened the gates, resulting in a weekend’s worth of lost revenue (Wired, 2016). The 2016 vehicle cybersecurity policy is intended to cover all motor vehicles, not just C/AVs/HAVs, and is applicable to motor vehicle and motor vehicle equipment designers, suppliers, manufacturers, alterers, and modifiers. The policy recommends a layered approach, which reduces the probability of an attack’s success and mitigates the ramifications of potential unauthorized access. NHTSA says that this approach should • be built upon risk-based prioritized identification and protection of safety-critical vehicle control systems and personally identifiable information; • provide for timely detection and rapid response to potential vehicle cybersecurity incidents in the field; • design-in methods and measures to facilitate rapid recovery from incidents when they occur; and • institutionalize methods for accelerated adoption of lessons learned across the industry through effective information sharing, such as through participation in the [Auto-ISAC] (NHTSA, 2016e, p.10). The policy further recommends review and consideration of the ISO 2700 series of standards and other best practices used in the financial, energy, communications and internet technology sectors, such as the Center for Internet Security’s Critical Security Controls for Effective Cyber Defense (CIS CSC). NHTSA recommends that the industry consider CIS CSC’s recommended approaches for • performing cybersecurity gap assessment, • developing implementation roadmaps, • effectively and systematically executing cybersecurity plans,

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 16 • integrating controls into vehicle systems and business operations, and • reporting and monitoring progress through iterative cycles. NHTSA’s policy also recommends that companies developing or integrating safety-critical vehicle systems… • create corporate leadership teams to foster a culture prepared to handle increasing cybersecurity challenges, • prioritize cybersecurity by allocating resources and facilitating direct and seamless communications related to product cybersecurity, and • enable independent voices for cybersecurity-related considerations during the development and vehicle safety design process (NHTSA, 2016e, p.10). Information sharing through the Auto-ISAC, which was established in 2015, is also recommended. Reporting and disclosure policies, along with self-auditing, are recommended for incidents, vulnerabilities, and remediation actions along with associated testing. The vehicle cybersecurity policy further suggests that the industry develop and use a risk-based approach to assess vulnerabilities and potential impacts through the entire supply-chain of operations. At minimum, NHTSA recommends that organizations consider cybersecurity risks to safety-critical vehicle control functions and personally identifying information (PII). They suggest using the CIS CSC approach with some modifications, including asking the following questions during documentation processes: • What are the functions? • What are the implications if they were compromised? • What are the potential safety hazards that could be exposed by these vulnerabilities? • What is the safety risk to society and the value risk to the organization? • What can be done to minimize exposure to the potential loss or damage? • What design decisions could be made with respect to the risk assessment process? • Who/what are the threats and vulnerabilities? Penetration testing and documentation is also recommended, and should include stages that deploy qualified testers who have not been part of the development team, and who are “incentivized” to identify vulnerabilities. The automotive industry is also encouraged to establish procedures for documentation and review of cybersecurity-related activities. One suggested approach is through the use of annual reports on the state of their cybersecurity practices, which should discuss the current state of implemented cybersecurity controls, findings from self-auditing, and records maintenance. Table 5 outlines fundamental cybersecurity protections recommended by NHTSA. Table 5. Fundamental Vehicle Cybersecurity Protections Limit Developer/Debugging Access in Production Devices Developer access should be limited/eliminated if there is no foreseeable operational reason for continued access to an engine control unit (ECU) on deployed units. If continued developer access is necessary, any developer-level debugging interfaces should be appropriately protected to limit access to authorized privileged users. Physically hiding connectors, traces, or pins intended for developer debugging access should not be considered a sufficient form of protection

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 17 Control Keys Any key (e.g., cryptographic) or password which can provide an unauthorized, elevated level of access to vehicle computing platforms should be protected from disclosure. Any key obtained from a single vehicle’s computing platform should not provide access to multiple vehicles. Control Vehicle Maintenance Diagnostic Access Diagnostic features should be limited as much as possible to a specific mode of vehicle operation which accomplishes the intended purpose of the associated feature. Diagnostic operations should be designed to eliminate/minimize potentially dangerous ramifications if misused or abused outside of their intended purposes. Control Access to Firmware Firmware precisely determines the actions of an ECU. Extracting firmware is often the first stage of discovering a vulnerability or structuring an end- to-end cyberattack. Developers should employ good security coding practices and use tools that support security outcomes in their development processes. Platforms may be able to support whole disk encryption of external non-volatile media: encryption should be considered a useful tool in preventing unauthorized recovery and analysis of firmware. Firmware binary images may also be obtained from a firmware updating process. Organizations should reduce any opportunities for a third party to obtain unencrypted firmware during software updates. Limit Ability to Modify Firmware Limiting the ability to modify firmware would make it more challenging for malware to be installed on the vehicles. Use of digital signing techniques may make it more difficult and perhaps prevent an automotive ECU from booting modified/unauthorized and potentially damaging firmware images. Firmware updating systems which employ signing techniques could prevent the installation of a damaging software update that did not originate from an authorized motor vehicle or equipment manufacturer. Control Proliferation of Network Ports, Protocols and Services Use of network servers on vehicle ECUs should be limited to essential functionality only. Services over such ports should be protected to prevent unauthorized party use. Any software listening on an internet protocol port offers an attack vector which may be exploited. Unnecessary network services should be removed. Use Segmentation and Isolation Techniques in Vehicle Architecture Design Privilege separation with boundary controls is important to improving security of systems. Logical and physical isolation techniques should be used to separate processors, vehicle networks, and external connections as appropriate to limit and control pathways from external threat vectors to cyber-physical features of vehicles. Strong boundary controls, such as strict white list-based filtering of message flows between different segments, should be used to secure interfaces. Control Internal Vehicle Communications When possible, sending safety signals as messages on common data buses should be avoided. For example, providing an ECU with dedicated inputs from critical sensors eliminates the common data bus spoofing problem. If critical safety information must be passed across a communication bus, this information should reside on communication buses segmented from any vehicle ECUs with external network interfaces. A segmented communications bus may also mitigate the potential effects of interfacing insecure aftermarket devices to vehicle networks. Critical safety messages, particularly those passed across non-segmented communication buses, should employ a message authentication scheme to limit the possibility of message spoofing. Log Events An immutable log of events sufficient to reveal the nature of a cybersecurity attack or a successful breach should be maintained and

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 18 periodically scrutinized by qualified maintenance personnel to detect trends of cyber-attack. Control Communication to Back-End Servers Widely accepted encryption methods should be employed in any IP-based operational communication between external servers and the vehicle. Consistent with these methods, such connections should not accept invalid certificates. Control Wireless Interfaces It may be necessary to exert fine-grained control over a vehicle’s connection to a cellular wireless network. Industry should plan for and design-in features that could allow for changes in network routing rules to be quickly propagated and applied to one, a subset, or all vehicles. Source: NHTSA, 2016e p. 17-20 On November 1, 2016, NHTSA announced the first in a series of public meetings to be held on its newly released FAVP. The first meeting was to be held November 10, 2016, in Washington, D.C. to gather both overall policy input and input specifically on the safety assessment letter that was outlined in this new policy (NHTSA, 2016g). Safety and Data Congress allocated over $25 million to the USDOT for the modernization of the National Automotive Sampling System (NASS) in 2012 as part of continued research into advanced automotive safety technology. The funding purpose was to ensure that the modernization of NASS could assist in decision- making at the federal, state and jurisdictional levels for what was expected to be a faster-than-anticipated outflow of C/AV/HAV technologies (NHTSA, 2015a). NHTSA proposed substantial changes to two existing systems: a) general estimates and b) crashworthiness data. NHTSA proposed deployment of the new Crash Report Sampling System in 2016 at 60 sites, and the Crash Investigation Sampling Systems in 2017 at 24 sites (NHTSA, 2015a). In April 2016, NHTSA issued a request for public comments on safety related defects and emerging automotive technologies. The docket summary notes: This proposed Enforcement Guidance Bulletin sets forth NHTSA’s current views on emerging automotive technologies—including its view that when vulnerabilities of such technology or equipment pose an unreasonable risk to safety, those vulnerabilities constitute a safety-related defect—and suggests guiding principles and best practices for motor vehicle and equipment manufacturers in this context. (NHTSA, 2016a) The request was issued to gather comments concerning the proposed guidance for motor vehicle and equipment manufacturers in developing and implementing new and emerging automotive technologies, safety compliance programs, and other business practices in connection with such technologies. Event Data Recorders The Fixing America’s Surface Transportation Act (FAST Act) passed in December 2015, includes, in Section 24302, limitations on the data retrieved from Event Data Recorders (EDRs). Any data retained by an EDR, regardless of when the motor vehicle it is installed in was manufactured, is defined as the property of the owner. For a leased vehicle, the lessee of the vehicle is considered the owner (§24302 [a]). Under Section b, data recorded or transmitted by an EDR may not be accessed by a person other than an owner or a lessee unless…

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 19 1. a court or other judicial or administrative authority having jurisdiction authorizes the retrieval of the data; and to the extent that there is retrieved data, it is subject to the standards for admission into evidence required by court or administrative authority; 2. an owner or lessee of the vehicle provides written, electronic, or recorded audio consent for data retrieval for any purpose, including diagnosing, servicing, or repair, or by agreeing to a subscription that describes how data will be retrieved and used; 3. the data is retrieved pursuant to an investigation or inspection authorized under section 1131(a) or 30166 of title 49, United States Code, and the PII of the vehicle’s owner or lessee and the VIN is not disclosed in connection with the retrieved data, except that the VIN may be disclosed to the certifying manufacturer; 4. the data is retrieved for the purpose of determining the need for, or facilitating, emergency medical response in response to a crash; or 5. the data is retrieved for traffic safety research, and the PII of the vehicle’s owner or lessee and the VIN are not disclosed in connection with the retrieved data. The Act requires NHTSA to determine, no later than 1 year after the Act’s enactment, the amount of time EDRs “installed in passenger motor vehicles should capture and record for retrieval vehicle-related data in conjunction with an event in order to provide sufficient information to investigate the cause of motor vehicle crashes.” (§24303 [a]). The Act also requires NHTSA, no later than 2 years after the Act’s enactment, to “promulgate regulations to establish the appropriate period during which event data recorders installed in passenger motor vehicles may capture and record for retrieval vehicle-related data to the time necessary to provide accident investigators with vehicle-related information pertinent to crashes involving such motor vehicles” (§24303 [b]). EDRs are not mandated by the federal government, although approximately 96% of model year 2013 passenger cars are already equipped with EDR capability according to NHTSA estimates (NHTSA, 2012). Prior to passage of the FAST Act, NHTSA put forth a proposal indicating that they would not require EDRs, although they chose to promulgate a rule mandating standardized requirements for voluntary installation of EDRs (49 CFR Part 563). The proposal requires public access to information on the protocol for downloading EDR data; however, NHTSA stated that they did not believe access to protocol information would result in public access or intrusion into the C/AV/HAV EDR data itself (NHTSA, 2015). Furthermore, in 2013, NHTSA noted that it believed access to EDR data would be a matter of state law. Within C/AV/HAVs, data access would only continue to be possible in limited situations. Much of the same data are routinely collected during crash investigations, but are based on estimations and reconstruction rather than on direct data (NHTSA, 2012b). The Act also requires the USDOT to submit a report to Congress on the operations of the Council for Vehicle Electronics, Vehicle Software and Emerging Technologies (Electronics Council), which was established in the Moving Ahead for Progress in the 21st Century Act (MAP-21), which was passed in 2012 to provide a forum for research, rulemaking, and enforcement officials to coordinate and share information internally on advanced vehicle electronics and new technologies (Pub. L. No. 114-94 §31402, 129 Stat. 1312 [2015]).

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 20 Privacy In 2015 Congress introduced H.R. 3876 – Autonomous Vehicle Privacy Protection Act of 2015, which would require the GAO to make publicly available a report that assesses the USDOT’s organizational readiness to address C/AV/HAV technology challenges, including consumer privacy protections. The bill is currently referred to the subcommittee on Highways and Transit. The Security and Privacy in Your Car Act, introduced on July 21, 2015 (S 1806), would require NHTSA to establish a “cyber dashboard” that displays an evaluation of how well each automaker protects the security and privacy of vehicle owners and would require automakers to adhere to government standards for vehicle cybersecurity. It would also require the FTC to conduct rulemaking to… 1. require motor vehicles to notify owners or lessees about the collection, transmission, retention, and use of driving data; 2. provide owners or lessees with the option to terminate such data collection and retention (except onboard safety systems required for post-incident investigations, emissions, crash avoidance, and other regulatory compliance programs) without losing navigation tools or other features; and 3. prohibit manufacturers from using collected information for advertising or marketing purposes without the owner’s or lessee’s consent. Violations are to be treated as unfair and deceptive acts or practices under the FTC Act. The Security and Privacy in Your Car Study Act introduced in the House on November 11, 2015 (H.R. 3994) would require NHTSA to conduct a study to determine and recommend standards for the regulation of the cybersecurity of motor vehicles manufactured or imported for sale in the U.S. The study is intended to identify… • isolation measures that are necessary to separate critical software systems that can affect the driver’s control of the movement of the vehicle from other software systems; • measures that are necessary to detect and prevent or minimize anomalous codes, in vehicle software systems, associated with malicious behavior; • techniques that are necessary to detect and prevent, discourage, or mitigate intrusions into vehicle software systems and other cybersecurity risks in motor vehicles; and • best practices to secure driving data about a vehicle’s status or about the owner, lessee, driver, or passenger of a vehicle that is collected by the electronic systems of motor vehicles. Vehicle-to-Vehicle Infrastructure In November 2015, the USDOT, as part of its Intelligent Transportation Systems (ITS) Joint Program Office, indicated it would provide a total of $42 million to three pilot projects demonstrating the feasibility and safety of C/AV technology (USDOT, 2015a). The three test sites were New York, New York (urban testing); Tampa, Florida (fringe and transitional area testing); and the State of Wyoming (emissions and rural testing). The pilot program included the installation of vehicle-to-infrastructure (V2I) instruments along public and private right of ways. A separate but parallel pilot program was deployed by the USDOT in New York City in November 2015, for its ITS Testing Wave One: New York City Fleet, [vehicle-to-vehicle] V2V and V2I for Urban Roadways (USDOT, 2015a and 2015b). The USDOT is providing the city of New York and the New York DOT with $20 million for testing vehicles retrofitted with technology in hopes of reducing traffic

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 21 congestion, curbing greenhouse gas emissions, and making drivers and pedestrians safer on the roads. The pilot program will collect data for up to 10,000 cars, buses, and limousines (USDOT, 2015b). In October 2015, NHTSA requested public comments on Crash Warning System Data Collection (NHTSA 2015d), This followed an October 9, 2015, NHTSA request for approval on new information collection (NHTSA, 2015e). In May 2015, the Transportation Secretary announced that NHTSA would advance the schedule for issuing a proposal to require V2V communication devices in new light vehicles (NHTSA, 2015e). NHTSA also issued, in 2015, a notice of proposed rulemaking (NPRM) mandating that V2V communications will be required for heavy vehicles, such as commercial motor vehicles and buses. NHTSA will determine the best course of action with regard to the exercise of its regulatory and research authority within this context (NHTSA, 2015b). With regard to this NPRM, NHTSA originally planned for an Agency Decision by 2016. However, substantial feedback following a request for information in an August 2014 Advance NPRM allowed NHTSA to signal its intentions to deploy a limited amount of V2V devices earlier than originally anticipated. The early rulemaking focuses on enhancing existing advanced safety technologies. According to a February 2014 press release, NHTSA was working on a regulatory proposal that would require V2V devices to be consistent with applicable legal requirements, executive orders, and federal guidance (NHTSA, 2014b). Though NHTSA indicated it would send a proposal to the Office of Management and Budget for review at the end of 2015 (NHTSA, 2015b), neither the NHTSA website nor the safer.car.gov website have any news releases showing that this has been done. On December 13, 2016, the USDOT announced an NPRM on V2V communications. The NPRM would require automakers to include V2V communication technology on all new light-duty vehicles, enabling a multitude of new crash-avoidance applications that, once fully deployed, could prevent hundreds of thousands of crashes every year by helping vehicles “talk” to each other (NHTSA, 2016f). The rule proposes requiring V2V devices to “speak the same language” through standardized messaging developed within industry. According to NHTSA’s press release, V2V devices would use DSRC to transmit data, to send information such as location, direction, and speed, to nearby vehicles. That data would be updated and broadcast up to 10 times per second to nearby vehicles, and using that information, V2V-equipped vehicles could identify risks and provide warnings to drivers to avoid imminent crashes. Vehicles with automated driving functions—such as automatic emergency braking (AEB) and adaptive cruise control— could also benefit from the use of V2V data to better avoid, or reduce the consequences of, crashes. Privacy is also protected in V2V safety transmissions, as V2V technology does not involve the exchange of information linked to or, as a practical matter, linkable to, an individual. The rule would also require extensive privacy and security controls in any V2V device (NHTSA, 2016f). Spectrum There has also been proposed rulemaking, legislation and collaboration with other federal agencies regarding Wi-Fi spectrum sharing. In October 2014, NHTSA received approval comments from the FTC after addressing the following three FTC concerns (FTC, 2014, p. 8): 1. assessing the data collected and stored by V2V systems and the ability for connected technology to track consumers, 2. providing information about driving habits without consent, and 3. ensuring overall security (FTC, 2013). Currently V2V communication devices developed specifically for C/AVs/HAVs operate on a lightly controlled band of the Wi-Fi spectrum at the 5.8–5.9 GHz frequency. This reserved band and spectrum supports the safety applications that require fast response times needed for mitigating crashes and

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 22 advanced safety applications. Since 2003, the DOT/NHTSA have reserved use of this band for the purposes of developing, researching, and testing V2V communication devices as part of ongoing ITS research programs. The Federal Communications Commission (FCC) has been investigating the opportunity for opening this “unlicensed information infrastructure” to meet the growing need for increased access to Wi-Fi for the public at large. Senators Cory Booker and Marco Rubio reintroduced H.R.821, the “Wi-Fi Innovation Act,” in 2015 by to open the 5 GHz band for Wi-Fi use. The bill directs the FCC and National Telecommunications and Information Administration (NTIA) to test the feasibility of spectrum sharing for Wi-Fi devices, which would line up with the executive office’s goal for freeing up 500 MHz of spectrum by 2020 (Sonni, 2015). In August 2015, the USDOT released its DSRC Spectrum Sharing Plan to test the feasibility and safety impact of devices sharing the 5.8–5.9 GHz band of Wi-Fi spectrum (NHTSA, 2015c). Through a partnership with the FCC and the NTIA, the USDOT would test and determine the safety impact of wireless devices sharing the same spectrum. The potential for interference on the Wi-Fi spectrum is one of the many concerns raised by stakeholders over onboard V2V devices and aftermarket V2V conversion (NHTSA, 2015c). The FCC issued a proposed rule in June 2016 that would refresh the status of potential sharing solutions between proposed Unlicensed National Information Infrastructure (U-NII) devices and DSRC operations in the 5.850–5.925 GHz (U-NII-4) band. The FCC also solicited the submittal of prototype unlicensed interference-avoiding devices for testing and sought comment on a proposed FCC test plan to evaluate electromagnetic compatibility of unlicensed devices and DSRC. The collection of relevant empirical data will assist the FCC, DOT, and NTIA in their collaborative efforts to analyze and quantify the interference potential introduced to DSRC receivers from unlicensed transmitters operating simultaneously in the 5.850-5.925 GHz band (FCC, 2016). The FCC on July 13, 2017 announced the unlocking of new airwaves for vehicular radar use (FCC, 2017). The FCC’s Press Release noted: “The Commission’s action expands the current 76-77 GHz spectrum allocation to include the entire 76-81 GHz band and transitions radars out of the 24 GHz band. This is consistent with the spectrum that is available internationally, avoiding the need to customize the radars in vehicles for different markets.” The FCC noted that access to this additional spectrum will enable innovation; allow these types of radar devices to better distinguish between objects in areas close to the vehicle; and improve performance for applications such as lane change warnings, blind spot detection, parking aids, “stop and follow,” “stop and go,” autonomous braking, and pedestrian detection. (FCC, 2017). The order authorizes amendment of Parts 1, 2, 15, 90 and 95 of the Commission’s Rules to Permit Radar Services in the 76-81 GHz Band (FCC, 2017 a). Braking In March 2017, NHTSA and the top 20 automakers outlined an agreement to include AEB in all new cars no later than manufacture year 2022 (NHTSA, 2016c). On November 5, 2015, NHTSA issued a final agency decision recommending the use of crash imminent braking and dynamic brake support as key features for AEB for cars manufactured in and after 2018 through NHTSA’s New Car Assessment Program (NCAP) (Federal Register, 2015).

NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 23 In January 2016, the USDOT announced that the president’s budget proposal included a 10-year, nearly $4 billion investment to accelerate the development and adoption of safe vehicle automation through real- world projects (USDOT, 2016). Trucking The FMCSA held a public listening session on HAVs on April 24, 2017 (FMCSA, 2017). Held in Atlanta GA, the public listening session was accompanied by an online portal for stakeholders to listen in and to make comments. The notice in the federal register stated that the FMCSA seeks information on issues that need to be addressed to ensure that the Federal safety regulations provide appropriate standards for the safe operation of HACVs from design and development through testing and deployment. Specifically, FMCSA welcomes comments and information on the application of the following regulatory provisions in title 49 CFR to HACVs: Part 383 (Commercial Driver’s Licenses); part 391 (Qualifications of Drivers); sections 392.80 and 392.82 (use of electronic devices); part 395 (Hours of Service of Drivers); and part 396 (Inspection, Repair, and Maintenance). The FMCSA also requests public comments on how enforcement officials could identify CMVs capable of various levels of automated operation and the types of HACV equipment that can be effectively inspected at roadside. (FR Doc 2017-07723, 2017).

Next: Section 2: State Law Review »
Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB's National Cooperative Highway Research Program (NCHRP) Web-Only Document 253: Implications of Connected and Automated Driving Systems, Vol. 1: Legal Landscape explores federal, state, and international legal activities and practices regarding Connected and Automated Vehicles and Highly Automated Vehicles (C/AV/HAVs):

  • Section 1 reviews United States federal activities within the sphere of regulating C/AV/HAVs.
  • Section 2 reviews practices in each of the 50 states and local activities that have amended motor vehicle codes. For a review of legislation that has been introduced across all 50 states (some of which has not passed out of state legislatures as law), refer to Appendix C, which is a sortable Excel spreadsheet delineating activities at the federal and state level.
  • Section 3 highlights activities being undertaken by transportation agencies within this field, specifically highlighting the American Association of Motor Vehicle Administrators (AAMVA’s) activities.
  • Section 4 provides brief summaries of law journal articles that address subject matter focus areas for policy-makers and legislators to consider as C/AV/HAV market penetrations grow. It includes a review of privacy laws.
  • Section 5 provides a review of international activities being undertaken in this area. The team reviewed related activities taking place among our North American Free Trade Agreement (NAFTA) trade partners, Canada and Mexico, as well as in European countries and the European Union, Australia, and Japan.
  • Section 6 offers conclusions based on information presented in sections 1 through 5.

View all volumes of NCHRP Web-Only Document 253:

  • Vol. 1: Legal Landscape
  • Vol. 2: State Legal and Regulatory Audit
  • Vol. 3: Legal Modification Prioritization and Harmonization Analysis
  • Vol. 4: Autonomous Vehicle Action Plan
  • Vol. 5: Developing the Autonomous Vehicle Action Plan
  • Vol. 6: Implementation Plan
  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!