Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 66 Section 4: Review of Law Articles A series of law journal and freely available law/policy articles can be found on C/AVs/HAVs. The research team reviewed these, and listed here are brief summations of articles released in 2016. This should not be construed as a full bibliography of all articles; the research team conducted a Lexis Nexis search along with Google Scholar searches for journal/article titles that included the terms âlawâ and âautomated vehiclesâ or âautonomous vehicles.â A bibliography detailing articles titles, authors, journals, dates and URLs (where available) for articles since 2008 can be found in Appendix C (provided as a separate, sortable Excel spreadsheet) if readers wish to conduct further analysis. In addition, the Uniform Law Commissionâs (ULCâs) 2014 recommendations are included in this section along with an overview of a legal review that Wendy Wagner and Lisa Loftus-Otway conducted for the Texas Department of Transportation (TxDOT) in 2016 (Kockelman et.al, 2016). Ms. Wagner and Loftus-Otway reviewed legislation for the TxDOT to prepare for how the DOT will plan, design, and finance infrastructure as C/AV/HAV penetration increases. A review of Washington Universityâs School of Law Technology Clinicâs comments on the ULCâs report was conducted, and the clinicâs model bill is also discussed (and provided as Appendix C to this technical memorandum). This review found that many articles are beginning to parse out how laws may or should be changed in light of this new technology, but few have crafted distinct and tangible recommendations that could be utilized in the short- through to the longer-term adoption of C/AV/HAV technologies around the world. For the title of this particular research project, no single article could be found that discussed with substantive detail how motor vehicle codes should be changed. Most articles could be described as being at the theoretical or discussion stage. In July 2014, the ULC set up a drafting and study committee to review state regulation of driverless cars; their revised report was released in late December of 2014 (ULC, 2014). The full report of the ULC Subcommittee is provided in Appendix B of this technical memorandum. The ULC Subcommittee listed three major reasons why a uniform act would be beneficial. 1. Motor vehicles regularly cross state lines, a uniform law is necessary so that vehicles operating in multiple jurisdictions are not subject to contradictory requirements. 2. Manufacturers of vehicles need uniform laws so that they may build â50-state vehicles.â 3. A uniform act would foster innovation in AV technology by assuring developers that if their products met a single set of requirements, the commercialization of these products would not be impeded by inconsistent state requirements (ULC, 2016, p.1). The ULC Subcommittee adopted five general principles: 1. To the extent feasible, the uniform act should avoid including provisions that would require additional state spending. 2. The uniform act should, to the extent possible, do nothing that would dampen or impede innovation or substantially increase costs to industry and small entrepreneurs as they advance autonomous vehicle technology. 3. The uniform act should address issues relating to deployment as well as testing 4. The subcommittee is divided on the question of whether the uniform act should address issues in considerable detail or limit itself to general principles 5. The subcommittee recommends that the drafting committee consider separate regulatory schemes based upon the vehicleâs use and the degree of automation The ULC subcommittee recommended that a uniform act not address the following:
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 67 ⢠Major changes to existing law regarding liability of vehicle owners and operators o States have already developed robust tort liability rules that have evolved and been adapted to a variety of products, which the ULC Committee feels the law can do for AVs as they are tested and deployed. No existing statute has yet âwaded into this minefieldâ to substantially alter the current landscape. ⢠Data and privacy issues o Due to the volume of data in the possession of vehicle manufacturers, including personal information, the ULC Committee felt that these issues should be dealt with separately and that they required specific expertise, and may have required a considerable drafting effort, resulting in the committee completing its work in a short time. ⢠Insurance requirements o This should be left to the states, although ULC Committee noted that the California and Nevada requirements for $5 million in insurance may keep some smaller manufacturers out of AV development. ⢠Accident reporting requirements for owners of deployed AVs o Owners and operators of deployed AVs should be subject to same accident reporting requirements as other vehicle owners. The University of Washington School of Lawâs technology law and policy clinicâs AVs team (clinic), provided commentary to the ULCâs recommendations at the request of a ULC committee member. (University of Washington School of Law, n.d.). This analysis made recommendations on additional language required for definitions of C/AVs/HAVs, including common terms to be defined, especially when SAE Level 3 AV operators switch their AVs in and out of autonomous mode, and where potential liability will shift between manufacturer and driver each time the vehicle is switched out of autonomous mode. They also agreed with ULCs recommendation that there was not a clear need for the $5 million minimum insurance requirements, and they suggested language along Michiganâs lines was sufficient. They also suggested that test drivers must re-assume control of a C/AV/HAV if the autonomous technology appeared to be failing, to reduce incentive to not take control in test mode so that an intervention does not have to be reported. The clinic recommended a hybrid between California and Nevadaâs approach to geographic ring fencing, as well as environmental types of pilot test areas and road types. They suggested having two types of permits. The first would be an unlimited test permit, allowing testing on any public road in any environmental condition (day versus night driving, clear weather or inclement weather, such as rain, fog, snow or high crosswinds) if the applicant believes it can demonstrate this action based on controlled tests. The second type of permit would be a limited test permit, where the applicant would operate on limited categories of public roads under limited environmental conditions. The clinic takes a similar approach to test driver and C/AV/HAV permitting requirements. They suggest that the ULC could have gone a step further than Californiaâs standard of âreasonably concludingâ that the vehicle is safe to operate on public roads and required manufactures to sign a certification based on controlled testing. On requiring crash data records on test and deployed C/AVs/HAVs, the clinic drafted a provision that expands upon the ULCâs EDR recommendation. The clinic also recommended amending distracted driving laws to read âexcept as otherwise provided in state and federal laws governing the operation of autonomous vehicles in autonomous mode.â This passive-monitoring requirement then defines the scope of attentiveness required by C/AV/HAV operators while in autonomous mode. The clinic also drafted language for drivers intervening when safety and efficiency so requires: âthe driver of an autonomous vehicle must actively and physically intervene and disengage the vehicle from autonomous mode whenever roadway safety or efficiency so requires.â Further, the clinic also recommend that all C/AVs/HAVs, whether in testing or deployed for consumer use, should be equipped with the following:
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 68 ⢠An accessible means to immediately engage or disengage the autonomous technology, such as a button, knob, or lever. ⢠A means to immediately disengage the autonomous technology when a human driver reasserts control by turning the steering wheel or depressing the gas or brake pedal. ⢠A prominent and immediate visual indicator that the autonomous technology has been activated or deactivated and a continuing indication that the technology remains active or inactive. The indicator must be viewable by any visually-enabled individual in the driverâs seat. The clinic also recommended that the ULC should outline and bracket for state consideration, using Nevada and D.C.âs rules and regulations, provisions requiring C/AV/HAV operators to obtain an endorsement on their driverâs licenses. The clinicâs analysis of the ULCâs recommendations reviewing tort liability provisions agreed with ULCâs general recommendation that no major changes to tort law need to be made, but they noted that there may be a role for clarification on potential liability under common law for driver and manufacturer, depending on whether or not the vehicle is in autonomous mode. Finally, the clinic wrapped up with a review of allowing operation without a driver on board. They suggest that, âunless otherwise permitted by state or federal regulation, autonomous vehicles must be operated with a human aboard and in the driverâs seat.â In December 2016, Wendy Wagner and Lisa Loftus-Otway released âEvaluating Policies for the Evolving Autonomous Vehicles Field.â This chapter in TxDOT Project 0-6838 Bringing Smart Transportation to Texas, took a first cut at mapping out the larger legal terrain governing C/AVs/HAVs in Texas. Specifically, the chapter considers whether the testing and deployment of C/AVs/HAVs on Texas highways is legal and explores the scope of existing regulatory oversight with respect to ensuring a safe transition to driverless cars. Figure 7 shows the chapterâs initial findings on the operation of C/AVs/HAVs in Texas. Operation of C/AVs on Texas Roadways While there are ambiguities, the most plausible reading of the Texas Motor Vehicle Code with respect to C/AVs is that to be operated legally on Texas roadways, each vehicle must have an identified and legally responsible human operator with a valid driverâs license. Specifically, the general structure of the Texas Motor Vehicle Code places full responsibility on âoperatorsâ of vehicles to comply with all Code requirements, rules of the road, and other laws. While âoperatorsâ are defined as âpersonsâ who need not be humans by definition (Texas Transportation Code § 541.001(4)), these âpersonsâ must nevertheless obtain a driversâ license in order to operate a vehicle on a highway in the state (§ 521.021). Existing driverâs license requirements, moreover, include a number of requirements (e.g., thumbprint; photo; signature; residence) (§ 521.121) that can only be satisfied, as currently designed, by humans. Although this licensed âoperatorâ need not be actively driving the vehicle, the most plausible interpretation of the statute does demand the âoperatorâ to at least be present in the vehicle while it is moving in order to be in compliance with the law. Violations of the Code, moreover, fall on the licensed âoperatorâ of the vehicle, although they can be imposed jointly on other operators as well. Despite a relatively clear structure that seems to tolerate the operation of C/AVs on Texas roadways, there are nevertheless gaps and ambiguities in the law regarding the legality of 1) vehicles without a designated operator; 2) the operatorâs physical role in operating the vehicle; 3) nonhuman âoperatorsâ; and 4) the ultimate legal responsibility for violations. Each is discussed in turn. Figure 7. Operation of C/AVs on Texas roadways. Source: Wagner and Loftus-Otway, 2016
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 69 The chapter also considers whether litigation over crashes involving C/AVs/HAVs may alter existing liability rules, including the liability of state agencies like TxDOT; what the advent of C/AVs/HAVs means for consumer privacy; and whether C/AVs/HAVs also present added security risks for Texas citizens. As a mapping exercise, however, the chapter provides an initial overview of these many important pieces and how they connect and relate within the current state and federal legal system. A number of topicsâe.g., the Fourth Amendment treatment of various types of data in C/AVs/HAVs â will require additional and perhaps continuous research as the technologies evolve and their capabilities become clearer. Wagner and Loftus-Otway also concluded, in much the same way as the Washington Law School clinic, that major amendments to Texas tort law were not necessary, and that adjustments may be required as the technology evolves. In December 2016, writer Bryan Casey, in an essay for Stanford Law Review, discusses the promise driverless vehicles hold for disabled and elderly populations, but notes that whether this technology will ultimately be accessible to such populations is far from guaranteed. In fact, it is unclear whether key provisions of the Americans with Disabilities Act (ADA) will even apply to the type of autonomous vehicles Uber is deploying. That is because the ADA imposes vehicular-accessibility requirements on private transportation providers by mandating that all ânew vansâ in their fleets be accessible to individuals with disabilitiesâbut never actually defines the term âvan.â (Casey, 2016) Casey thinks that the loophole, which has allowed companies to sidestep ADA requirements, remains unaddressed. Casey notes that with Uberâs introduction of vehicles in Pittsburgh, and other proposed and pending trials, the definition that will automatically attach to the single term âvanâ will have economic and moral implications. Casey notes that as Uber purchases new vehiclesâvan-like SUVsâthey will retrofit them with driverless capabilities so they arguably provide what is almost certainly an ADA- covered transportation service. Casey suggests that a âsleeping ADA giant may be awakened, and that title IIIâs long dormant requirement may be the new area of litigation with billions of dollars at stakeâ (Casey, 2016). Author Ryan Jenkins, in September 2016, begins his article âAutonomous Vehicles Ethics & Lawâ by noting that the clear presumptive case for adoption of AVs is safety. However, while predictions on the reductions in accidents could provide significant benefits in terms of social costs, increased convenience, and productivity, it would be unreasonable to expect AVs to be perfect. Jenkins notes, âSoftware and hardware undergo continuous development, and their failures are sometimes catastrophic. Since there is nothing intrinsically different about the software and hardware to be used in AVs, the same possibility for catastrophic failure exists.â Jenkins notes that the set of conditions an AV can expect to face is an âopen setâ and manufactures cannot therefore exhaustively test each and every possible scenario as they cannot predict such. Therefore, manufactures will be unable to ensure that AVs can drive on their own under all conditions and situations. He posits that, as a consequence, stakeholders should think carefully about requirements, including non-discrimination capabilities, to be met before AVs are deployed on public roads (Jenkins, 2016). The article explores issues through the following series of questions: ⢠Is it merely enough that AVs be superior to human drivers? ⢠How should AVs be programmed to behave in the event of a crash? ⢠Is it permissible for AVs to change the outcome of a crash by redirecting harm? ⢠Should we be worried about people who are killed or injured by AVs when they would not have been otherwise?
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 70 The Brookings Center for Technology Innovation, in September 2016, featured an article by Darrell West discussing the legal regimes for self-driving vehicles in China, Europe, Japan, Korea, and the U.S. West looks at different types of C/AVs/HAVs, shows their potential impact, and discusses the budgetary, policy, and regulatory issues raised by driverless cars and trucks. His article argues that CVs are likely to improve highway safety, alleviate traffic congestion, and reduce air pollution. However, to do that, designers must overcome obstacles such as poor infrastructure, bad weather, inadequate spectrum, hacking threats, and public acceptance (West, 2016). Another article, published in September 2016 in the Straits Times, by Simon Chesterman Dean of the National University of Singapore Faculty of Law, discusses regulatory challenges posed by the introduction of C/AVs/HAVs, including ethical dilemmas on how these vehicles respond to emergency situations In his article, titled âDo Driverless Cars Dream of Electric Sheep,â Chesterton (2016) posits a situation in which an individualâs smart watch detects a person having a heart attack and shares this data with the AV. The AV sees that the road is clear, and exceeds a posted speed limit to save a life. While necessity is a possible defense for a human driver, he argues whether this defense should be given to the robot counterpart. If yes, this type of possibility would need to be included in the vehicleâs parameters, which in turn raises further questions of how vehicles should behave in emergency situations. In June 2016, Casey and Niblett (2016), Professors of Law, explored in a joint article how machines refine and improve products and how AI may soon have the same effect on the law. They note that machine learning will cut costs associated with current rules and standards. By extending this status, they predict a world of precisely tailored laws called micro-directives which will specify exactly what is permissible in every unique situation. These micro-directives, they argue, will be largely automated, such that if the state of the world, or an objective of law changes, the law will instantly update. This evolutionary path, they posit, will be incremental but they suggest that this will increasingly reflect principles and prescriptions that are machine developed. They examine how technology will be used as a means of command by the state, how technological changes will affect âcontracting behavior,â and the effect of the micro directives on social norms. Road Vehicle Automation 3 was released by Springer publishing house in May 2016. Part V of this book has four articles on law and liability. Tom Michael Gasser discuses fundamental and special legal questions for AVs; Stephen S. Wu discusses product liability issues in the U.S. and associated risk management; Bryant Walker Smith discusses regulation and the risk of inaction; and Thomas Winkle discusses development and approval of AVs considering technical, legal, and economic risks. In April 2016, Crane, Logue and Pilz (2016) surveyed legal issues arising from the deployment of C/AVs. Their paper reviewed state and federal regulatory issues, tort liability models for C/AVs and opportunities for incentivizing deployment and issues arising from industry coordination on technology integration. The authors noted that NHTSA was unlikely to preempt state testing or administrative regulations regarding licensing, permits, and driver training, but would likely preempt most state safety standards. Within the liability analysis Crane et al. undertook for V2V readiness, they noted that the OEM or other technology provider could be at fault due to the manner in which the AV technology reacted to, or incorporated, safety messages. In addition, they noted that the public entities (or quasi-public entity), as the likely deploying entity for transportation infrastructure, might be at fault for any of its failings. In analyzing cyber-security, they discussed how the FTCâs public position had been resistant to any type of cybersecurity liability safe harbor for vehicle manufacturers. Manufacturers could face increased liability for private actions brought from cybersecurity failures, although case law showed that private plaintiffs have struggled thus far to succeed. This was mainly attributed to lack of standing, limits in torts claims for economic loss, and contractual limitations of liability issued by software manufacturers. However, the authors noted that some of the limitations may not apply to covert attacks on the C/AVs if the loss is not only exposure of private information, but also property damage or personal injury. In their final section,
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 71 they reviewed evolving insurance models for C/AVs including the transition to HAVs where there is no human in control of the vehicle. Another item they discussed was platooned vehicles, and the potential for tort liability by the C/AV/HAV industry in large scale, multiple car accidents that are beyond the existing risk of auto product liability claims. Rizaldi, Immier and Althoff (2016), in a paper on safe distance traffic rules for AVs, note that one barrier in introducing C/AV/HAV technology is liability when vehicles are involved in an accident. To overcome this, C/AV/HAV manufacturers should ensure that their vehicles always comply with traffic rules. The paper focuses on the safe distance traffic rule from the Vienna Convention on Road Traffic. The authors developed a formally proved prescriptive definition of how large the safe distance must be. The prescriptive definition they developed is obtained by (1) identifying all possible relative positions of stopping (braking) distances; (2) selecting those positions from which a collision can be deduced; and (3) reformulating these relative positions such that lower bounds of the safe distance can be obtained. The lower bounds become the prescriptive definition of safe distance. The definition can serve as a specification for C/AV/HAV manufacturers, and they argue, could be used to determine liability through online verification of C/AVâs/HAVâs trajectory planners. Surden and Williams (2016) issued âTechnological Opacity, Predictability and Self-Driving Cars,â which focused on HAVs operating near human drivers, pedestrians, and cyclists. Their articleâs major premise was that HAVs must consciously communicate. Utilizing a theory-of-mind mechanism, which allows accurate modeling of the minds of âother people,â they discuss how the interpretation of communicative signals of attention and intention will be challenging for non-human driven HAVs. They argue that standardization of certain self-driving vehicle behaviors should be required at the level of common driving contexts. One example would be crosswalks with pedestrians present. This, they note, will require a coordinating mechanism, and in some instances, enforcement will need to occur. They argue that regulatory rules requiring increased communication for predictability should be promulgated in a functional manner as performance standards. Two Masterâs students in City and Regional Planning and Urban Planning at California Polytechnic and the University of Washington, respectively, published theses in 2016. Charlie Coles, in Automated Vehicles: A Guide for Planners and Policy Makers (2016), began to look at potential impacts resulting from AVs and developed a proposed future scenario of vehicle automation for the next 5â10 years to guide principles for policy makers. Jacob Brett, in his thesis, argued that a flexible place-based framework should drive local development of AVs. AVs will create different benefits and costs in safety, energy use/emissions, employment, congestion, and the built environment. He notes that, âHowever, variation in spatial patterns will lead to different outcomes with self-driving cars across urban, suburban, and rural areas in the United States.â He created a flexible local policy framework to analyze case studies in King County, Washington through demographic, geographic, and transportation data. His case studies were representative of urban, suburban, and rural areas throughout the county. The spatial variability in each community, he argues, will influence how policy and planning shape the path for AV development. Through analyzing the fundamental differences between demographics, geography, and transportation behaviors in each study area, he concludes that local policymakers and planners should account for spatial variability when crafting tools to manage AV development in each neighborhood (Brett, 2016). The aforementioned author, Bryant Walker Smith, a major contributor to the area of C/AVs/HAVs and the law, has issued other writings throughout 2016. In Select Legal Considerations for Shared Automated Driving, Walker Smith outlines legal considerations for shared automated driving to discuss the likely implementations of shared automated driving. He considers the kinds of legal actions that developers and regulators of these ADSs might take to promote or police them. He then connects these potential actions to existing law by describing three ways of adapting that law to automated driving. The paper wraps up with specific perspectives and recommendations (Walker Smith, June 2016).
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 72 In March 2016, Walker Smith also issued a paper titled How Governments Can Promote Automated Driving (Walker Smith, March 2016). In this writing, Walker Smith responded to a simple question: âwhat can we do to get self-driving cars here now?â He developed a strategy check-list (see Table 6 below) to guide public sector officials at all levels of government. His short-term recommendation is that states designate a point person within a single agency who has authority and credibility to coordinate among various state and local agencies intrastate. This would also assist in preparing government for the transition to this new driving paradigm. Table 6. Strategy Checklist for Government Promotion of Automated Driving Administrative Strategies Legal Strategies Legal Strategies Continued Prepare Government Analyze Existing Law Reduce parking subsidies Identify a point person Conduct a legal audit Raise insurance minimums Understand automated driving Consider all relevant law Rationalize Insurance Cultivate broader expertise Consider existing legal tools Embrace Flexibility Review planning processes Review enforcement discretion Tailor legal mechanisms Develop break-the-glass plans i.e. for first major incident occurring Calibrate Existing Law Clarify enforcement discretion Provide resources Collaborate with private actors Formalize exemption authority Prepare Infrastructure Facilitate uniformity Encourage public safety cases Maintain roadways Reference levels of automation General Strategies Review design policies Extend regulatory reciprocity Anticipate a surprising future Implement design policies Codify interpretive conventions Appreciate the risks of driving generally Train roadway personnel (e.g. maintenance and construction crews, DPS and other emergency service providers) Distinguish passengers from drivers Expect more from all vehicles and drivers Standardize data Permit the use of electronic devices Community Strategies Update registration databases Enforce Safety Requirements Identify local needs and opportunities Cooperate on DSRC Enforce speed laws Identify allies and constituencies Improve wireless networks Enforce distracted driving laws Prepare society Manage congestion Enforce intoxicated driving laws Be public
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 73 Administrative Strategies Legal Strategies Legal Strategies Continued Calm neighborhood traffic Enforce (and update) seatbelt laws Plan Infrastructure Enforce vehicle laws Leverage Procurement Internalize the Costs of Driving Advocate for AEIS Mandates Raise fuel taxes Source: Walker Smith, 2016 Liability, Privacy, and C/AV/HAV Regulation Federal Safety Standards and Liability While federal safety standards have not yet been created for C/AVs/HAVs, if and when they are promulgated, they are likely to exert an influence on the states. Texas, for example, in its Texas Civil Practice and Remedies Code at Section 82.008, in a products liability action, allows a defendant (in the case of an OEM or third party manufacturer) to establish a rebuttable presumption that they are not liable if their product conforms to mandatory safety standards or regulations or to pre-market licensing requirements promulgated by the federal government or a federal agency (Tex. Civ. Prac. & Rem. Code Ann. §82.008 [West, 2015]). NHTSA or FMCSA standards that satisfy this provision would potentially offer manufacturers added protection from tort liability in the State of Texas. However, the presumption can be rebutted by the plaintiff showing that the regulations, standards, or pre-market licensing requirements were⦠⢠inadequate to protect the public from unreasonable risks or damage, or ⢠by a showing that the defendant withheld material information from the federal government or agencies. Wagner and Loftus-Otway noted that depending on the nature of federal involvement, it is also possible that the federal standards will expressly or implicitly preempt state common law claims, including claims of inadequate warning. While this preemption is disfavored and appears to be precluded under current law (49 U.S.C. § 30103[e]), it remains a future possibility if the U.S. Congress passes legislation with express preemptive effect. (Wagner & Loftus-Otway, 2016) The EDR and Liability While EDR use and protections predate the introduction of C/AVs/HAVs, EDRs may also be utilized as evidence in a liability case, notwithstanding privacy concerns regarding data protection. EDRs are programmed to collect data on the vehicle and occupant information shortly before an impact or crash. EDRs are voluntarily installed in the majority of vehicles under production and are required by some states for HAVs, as noted earlier. In many states, EDR data can be retrieved under a court order, or other specialized circumstances. Wagner and Loftus-Otway noted that in cases where EDR data will prove probative in determining the cause of an accident, the court will acquiesce. In crashes in which both or all cars involved in the accident have an EDR and/or other additional data recording devices, this added evidence should prove invaluable in sorting out responsibility (Wagner & Loftus-Otway, 2016). Where
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 74 the EDR data is vital to determine evidentiary facts on HAV crashes, it will, however, be important that no data manipulation has occurred. If the integrity of the EDR data cannot be protected, the use of data may only play a qualified role in C/AV/HAV litigation within the states. C/AV/HAV Modification by Third Parties and Liability Another area of concern is retrofitting of C/AV/HAV technology by either the owner or a shop or mechanic, due to potential safety concerns surrounding the modifications. The ULC (ULC, 2014) noted that some states were beginning to review this issue, not just because of the potential of safety hazards, but because when the issue of modifications was coupled with a traditional tort liability analysis regarding of cause and fault, it might be problematic, and may not provide a sufficient deterrent to those who are modifying vehicles to ensure modifications meet basic standards. The ULC Subcommittee identified this as an area of potential legislative attention, while leaving traditional tort liability alone. This would seem to be an area where the law falls into this projectâs obsolete or obsolescence category, as the law needs to be amended through modification. As an example of how this might play out, in Texas, under common law, manufacturers are actually relatively well-positioned to defeat a claim that could arise because of third party modifications to HAVs. This is because the case of Ford Motor Co. v. Ridgway 135 SW3d 598, 600 (Tex. 2004) held that the plaintiff has the burden of proving that a defect introduced by the manufacturer was a âproducing cause of plaintiffâs injuries.â The Texas Supreme Court has also refused to apply and adopt elements from the 3rd Restatement of Torts (§ 3), which provides a plaintiff with an inference that harm was caused by defect which existed at the time of sale/distribution (when certain conditions are met), even if the product is not new/nearly new and has been previously modified or repaired (§ 3). Moreover, Texas Civil Practice and Remedies Code § 82.002 does not require manufacturers to indemnify sellers (which appears to include any commercial entity performing the modification) in cases where the harm was the result of the seller ânegligently modifying or altering the product for which the seller is independently liable.â Wagner and Loftus-Otway note that âwhile this latter provision does not immunize the manufacturer from liability, it suggests that primary liability will not necessarily lie with the manufacturer in cases of their party modificationsâ (Wagner & Loftus-Otway, 2016). Privacy Concerns Another major policy challenge facing C/AVs/HAVs is ensuring the appropriate level of privacy and security for owners and consumers. As C/AVs collect large amounts of data, issues concerning how much data will be collected and/or recorded within the vehicle, who will own or have access to the data, and the resulting implications for personal privacy of users (Anderson et al., 2014, p. 94) are paramount. In contrast to tort liability, as privacy and cybersecurity are somewhat new social issues, there is not a coherent legal infrastructure in place to manage them. When combining technological uncertainties with legal instability, the challenge will be quite acute for states at the cutting edge of integrating this new technology. The regulation of C/AVs/HAVs is also complicated because of conflicting regulatory priorities and overlapping jurisdiction held by the NHTSA, the FTC, and the FCC regarding bandwidth, communication architecture, and privacy. These federal agencies have all taken a focused interest in restricting hacking and intrusions on the privacy of consumer data in C/AVs/HAVs (Kohler and Colbert-Taylor, 2015). Glancy (2012) has separated privacy into three broad categories of privacy rights: 1. autonomy, 2. personal information, and
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 75 3. surveillance. Autonomy Privacy Protecting oneâs autonomy privacyâas it relates to C/AVsâ according to Glancy, (2012) will involve four areas of control (via government scrutiny): 1. choice (when, how, where to go?) 2. consent (of the individual); 3. intrusion protection (e.g., freedom from targeted advertising); and 4. anonymity (e.g., hiding the identity of a driver). This positive side of autonomy privacy involves the freedom to act and make choices. It applies to transportation choices, including an individualâs right to determine where to go, how to get there, and when to travel (Glancy, 2012). In the future, when a person chooses either to drive or to use an AV, such a choice will be an exercise of positive autonomy. The negative side of autonomy privacy involves freedom from interference or preventing access to the person. This constructional freedom from harassment originates from the early colonists being harassed by British troops (government). However, it has evolved into other types of external harassment, by government or others. This freedom protects an individualâs ability to make independent decisions âwithout observation, intrusion, or interference.â (Glancy, 2012) Many privacy laws, such as cyberstalking (Glancy, 2012) and spam laws, protect persons from unwanted interferences with negative autonomy. The negative autonomy right will be important for unwanted, targeted advertising while a passenger is âstuckâ in the driverless car. So, one question that may emerge, not from an obsolete law perspective, is whether automakers or the technology platform maker (who may have an aggressive advertising platform within their business model) will prevent this from happening, or whether federal or state legislation may be required? In bringing enforcement actions against online advertising networks that failed to honor opt-outs, the FTC has attempted to deal with violations of autonomy privacy in online behavioral advertising. For example, in the case of Google, an order was designed to ensure that when consumers choose to opt out of tracking by advertisers, their choice would be effective. However, when Googleâs mobile operating system was storing and transmitting geolocation data without the informed consent of the users, a class action lawsuit was filed and the FTC voiced its concerns. In the lawsuit, the location data that Android devices sent to Google âseveral times per hourâ was tied to a unique (though random) device identification which was allegedly sent to Google unencrypted, and was accessible to anyone, which placed users at âserious risk of privacy invasions, including stalking,â according to the complaint (Foreseman, 2011). Cyberstalking and spam are other areas the FTC regulates in order to protect the autonomous choices and travel behavior of individuals from the scrutiny of others. 190 Cyberstalking Federal law provides some tools to combat cyberstalking. Under 18 U.S.C. 875(c), it is a federal crime, punishable by up to 5 years in prison and a fine of up to $250,000, to transmit any communication in interstate or foreign commerce containing a threat to injure the person of another. Section 875(c) applies 190 Federal Trade Commission Act 15 U.S.C. §§41-58 as amended. See: https://www.ftc.gov/sites/default/files/documents/statutes/federal-trade-commission-act/ftc_act_incorporatingus_safe_web_act.pdf
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 76 to any communication actually transmitted in interstate or foreign commerce, and thus it includes threats transmitted in interstate or foreign commerce via the telephone, e-mail, beepers, or the internet191 The shortcomings of 18 U.S.C. 875 are evident from the dismissal of the Alkhabaz case. It is construed to apply only to communications of actual threats; thus, it does not apply in a situation where a cyberstalker engaged in a pattern of conduct intended to harass or annoy another (absent some threat). Also, it is not clear that it would apply to situations where a person harasses or terrorizes another by posting messages on a bulletin board or in a chat room encouraging others to harass or annoy another person. Certain forms of cyberstalking also may be prosecuted under 47 U.S.C. 223. One provision of this statute makes it a federal crime, punishable by up to 2 years in prison, to use a telephone or telecommunications device to annoy, abuse, harass, or threaten any person at the called number. The statute requires that the perpetrator not reveal his or her name. See 47 U.S.C. 223(a) (1) (C). Although this statute is broader than 18 U.S.C. 875âin that it covers both threats and harassmentâSection 223 applies only to direct communications between the perpetrator and the victim. Thus, it would not reach a cyberstalking situation where a person harasses or terrorizes another person by posting messages on a bulletin board or in a chat room encouraging others to harass or annoy another person. Moreover, Section 223 is only a misdemeanor, punishable by not more than 2 years in prison. President Clinton signed a bill into law in October 1998 that protects children against online stalking. The statute, 18 U.S.C. 2425, makes it a federal crime to use any means of interstate or foreign commerce (such as a telephone line or the internet) to knowingly communicate with any person with intent to solicit or entice a child into unlawful sexual activity. While this new statute provides important protections for children, it does not extend to harassing phone calls to minors absent a showing of intent to entice or solicit the child for illicit sexual purposes (U.S. Department of Justice, 1999). Personal Data Privacy That C/AVs/HAVs will pose threats to traditional understandings of individual privacy has widespread consensus among legal theorists. The traditional risk of disclosure of PII, like a driverâs license, is a given. However, what makes the bulk of newly identified concerns is related to risks posed by having PII collected and usedâto a consumerâs detrimentâby manufacturers, insurers, and others involved with C/AV/HAV deployment. Large amounts of data on location, movement, and other features/habits of drivers can become available in C/AVs/HAVs and can also be recorded and potentially accessed in C/AVs/HAVs that are self-contained (Woodyard and OâDonnell, 2013; Markus, 2013; Glancy, 2012). Kohler and Colbert-Taylor (2015, p. 120â121) conclude that â[e]ven if this data is scrubbed of unique individual identifying markers, for instance VIN-numbers, or IP- or MAC- addresses, data-mining techniques will almost certainly be able to reconstruct PII about particular vehicles and by extension their regulator occupants.â Glancy (2014) argues that CVs that rely on infrastructure or vehicle communications present the greatest risk of loss of private information, particularly if they cannot be turned âoffâ by the user so that information continues to be shared with third parties. For C/AVs/HAVs this is problematic, as the operating mechanism of these vehicles is premised on sharing information with other vehicles and infrastructure either through direct communications or through the cloud. In addition, data on vehicle movement and operation, particularly in connected systems, may need to be stored for analysis in order to improve the system, for optimizing route choice, and in the case of full deployment, potentially for intersection management and for platooning, possibility with interaction of state and local transportation, traffic and licensing agencies. 191 United States v. Alkhabaz. 104F.3d 1492 (6th Cir.) 1997.
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 77 The sheer volume of data collected was highlighted by Glaskin (2014, p. 40), who notes that âa CV/HAV may have more than 145 actuators and 75 sensors, which produce more than 25GB of data per hour, and is analyzed by more than 70 onboard computers to ensure safe and comfortable travel.â Driversâ PII may be collected in multiple ways. Devices may collect information on vehicle occupants, such as location, near misses, entertainment preferences, etc., and transfer this data to manufacturers and other sellers in real time. Other information may be stored and retrieved in the vehicle itself. Manufacturers have shown through agreements and other information notices that they do intend to collect data. For example, Walker-Smith notes that the telematics services subscription agreement by Tesla reserves the right to obtain information about the vehicle and its operation, accidents, and the operatorsâ use of the vehicle and services (Walker-Smith, 2014). While the Tesla agreement (and a similar one by Nissan) makes it clear that data may be collected, a user may not understand the extent to which their privacy could be compromised. Walker-Smith notes that the agreement allows the company to collect the following: information about the vehicle and its operation, including without limitation, VIN, location information, speed and distance information, battery use management information, battery charging history, battery deterioration information, electrical system functions, software version information, and other data to assist in identifying and analyzing the performance of your Tesla EV; (y) information about your use of the Services; and (z) data about accidents involving your Tesla EV (for example, the deployment of air bags). (Walker-Smith quoting Tesla agreement, at 1789) Walker-Smith goes on to note that under the agreement, the customer âownsâ these data but âgrant[s] to Tesla a worldwide, royalty free, fully paid, transferable, assignable, sub-licensable (through multiple tiers), perpetual license to collect, analyze and useâ them. These data may help the company to check, maintain, analyze the performance of, and help in the maintenance of the vehicle; âresearch, evaluate and improveâ its technology; âcomply with the law and any and all legal requirements,â including valid enforcement requests and orders; âprotect the rights, property, or safety ofâ the company, the customer, or others; and âperform market research for Teslaâs own purposes,â a list that âis not meant to be exhaustive. (Walker-Smith at 1790). Companies, like Google, who mine individual data and use it for marketing, value protected PII. While an assumption may be made that data in C/AVs/HAVs can be anonymous, the moment this data is identifiable with an individual, it becomes personal information with rights attached to it. A personâs past, present and future travel plans can be taken from C/AVs/HAVs and be used for unintended purposes (Glancy, 2012). Where, when, and how a person moves from one geographical place to another is information that can be used by marketers, identity thieves, law enforcement, and intelligence agencies. Trapping a person by secretly collecting information about them without their knowledge or consent is unconstitutional. Ironically, even if car manufacturers could require an opt-in from C/AVs/HAVs consumers before collecting their data, the choice is not really a choice if C/AVs/HAVs manufacturers make opting in a requirement for using the technology. And even if individuals are given the choice to opt out of sharing their data, the average consumer may not understand what rights they are relinquishing upon signing the terms of service since they are many pages of complex language to read. Consumers may need to continue to depend on the FTC and other agencies to protect their personal info privacy rights.
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 78 The constitutional choice to be anonymous is protected by the Driverâs Privacy Protection Act (DPPA).192 The Act prohibits the release or use by any State DMV (or any officer, employee, or contractor thereof) of personal information about an individual obtained by the department in connection with a motor vehicle record. It sets penalties 193 for violations and makes violators liable on a civil action to the individual to whom the released information pertains.194 The latest amendment to the DPPA requires states to get permission from individuals before their personal motor vehicle record may be sold or released to third- party marketers. The DPPA requires all states to protect the privacy of personal information contained in an individualâs motor vehicle record, including the driverâs name, address, phone number, Social Security Number, driver identification number, photograph, height, weight, gender, age, certain medical or disability information, and in some states, fingerprints. It does not include information concerning a driverâs traffic violations, license status, or accidents.195 The DPPA196 imposes statutory damages197 for improper use or disclosure of personal information provided for the purposes of licensing drivers and vehicles. The statute protects certain categories of personal information, such as name and address, and provides even more protection for highly sensitive personal information, such as race. Several states have begun to register C/AVs/HAVs and many require a special driverâs license endorsement. Some states also provide additional protection with regard to vehicle and driver licensing information under their own state statutes and regulations. History of the DPPA The DPPA was passed in reaction to the series of abuses of driversâ personal information held by the government. The 1989 death of actress Rebecca Schaeffer was a prominent example of such abuse. In that case, a private investigator, hired by an obsessed fan, was able to obtain Rebecca Schaefferâs address through her California motor vehicle record. The fan used her address information to stalk and to kill her. Other incidents cited by Congress included a ring of Iowa home robbers who targeted victims by writing down the license plates of expensive cars and obtaining home address information from the stateâs DMV. The DPPA has a number of exceptions. A driverâs personal information may be obtained from the DMV for any federal, state or local agency use in carrying out its functions; for any state, federal or local proceeding if the proceeding involves a motor vehicle; for automobile and driver safety purposes, such as conducting recall of motor vehicles; and for use in market research activities. Ironically, personal data is also available to licensed private investigators. Other criticisms include the types of upfront validation of the requesterâs credentials for making a request and the fact that enforcement is alleged to occur only after there is a notorious and widespread public violation, or an incident that prompts investigation after unauthorized access and use occurs. The DPPA imposes criminal fines for non-compliance and grants individuals a private right of action, including actual and punitive damages, as well as attorneyâs fees.198 192 See Driversâ Privacy Protection Act, 18 U.S.C. §§ 2721â2725 (2012). The statute has a number of exceptions such as for law enforcement uses; Public Law No. 103-322 codified as amended by Public Law 106-69, was originally enacted in 1994 to protect the privacy of personal information assembled by State Department of Motor Vehicles (DMVs). 193 18 U.S.C. § 2723 Penalties. 194 18 U.S.C. § 2724 Civil Action. 195 DPPA, Id. 196 Id 197 18 U.S.C. § 2723 Penalties. 198 Id, sec. 2723.
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 79 Permissible Uses of a Driverâs Motor Vehicle Record The DPPA limits the use of a driverâs motor vehicle record to certain purposes. These purposes are defined in 18 U.S.C. § 2721: ⢠Legitimate government agency functions. ⢠Use in matters of motor vehicle safety, theft, emissions, product recalls. ⢠Motor vehicle market research and surveys. ⢠âLegitimateâ business needs in transactions initiated by the individual to verify accuracy of personal information. ⢠Use in connection with a civil, criminal, administrative or arbitral proceeding. ⢠Research activities and statistical reports, so long as personal information is not disclosed or used to contact individuals. ⢠Insurance activities. ⢠Notice for towed or impounded vehicles. ⢠Use by licensed investigators or security service. ⢠Use by private toll transportation facilities. ⢠In response to requests for individual records if the State has obtained express consent from the individual. ⢠For bulk marketing distribution if State has obtained express consent from the individual. ⢠Use by any requestor where the requestor can show written consent of the individual. ⢠For any other legitimate State use if it relates to motor vehicle or public safety. If an individual has not given consent to the release of a motor vehicle record, the DPPA limits sharing of information once it is obtained. Information may only be shared with other approved users, and only for permitted uses. In addition, records must be kept of each additional disclosure identifying each person or entity that is receiving the disclosure and for what purpose. The disclosure records must be kept for a period of 5 years. The DPPA, like many other federal privacy statutes, provides a federal baseline of protection for individuals. The DPPA is only partially preemptive, meaning that state legislatures may pass laws to supplement the protections made by the DPPA. States were required to comply with the minimum requirements of the DPPA by September 1997. Many states have passed laws that are more restrictive than the federal rules (for example, Arkansas and Wyoming). States differ as to whether the DPPA applies to records of vehicles owned by corporations, proprietorships, partnerships, limited liability partnerships, associations, estates, lien holders, or trusts. State governments also collect personal data on operators utilizing the system, applying for licenses (driver and for vehicle registration), for taxes and safety inspections, including commercial vehicle enforcement of national apportionment components for fuel taxes and truck and tractor registration, and through use of toll tags, and other electronic type stickers used on vehicles. With V2V and V2I on the near-term horizon, the possibility that this data may need to be readable and accessible through the cloud may mean that state transportation entities might collect private data on consumersâ travel habits as a byproduct of other data collection and dissemination. Kohler and Colbert-Taylor, also note that government routing decisions could be viewed as infringing on an individualâs right to privacy, including the right to physical autonomy (Kohler & Colbert-Taylor, 2015). With the deployment of HAVs, the traditional conceptions of privacy and autonomy of individuals may change, although infringement of these concepts by both the public and private sector may not be as intense as some imagine. However, when data is hacked or where security issues may trump privacy
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 80 issues to disclose private data is currently very much in the open-to-debate stage of public policy discourse. States have laws addressing privacy concerns, including protection of sensitive information held by the state, and the ability to access this information under specific limited circumstances, including restrictions on the public sector from allowing access to data held on individuals without their informed consent, especially highly sensitive data such as medical information, social security information, and financial information like bank records or credit cards. Froomkin (2009) has also reviewed state sovereign immunity in private tort claims where private data information was shared, or disclosed in violation of state laws. Many state agencies and municipalities are immune from suit regarding negligent acts that lead to disclosure of information, including confidential or sensitive information. In addition, some states are not required to notify persons of a breach leading to data release, even if this is because of the stateâs negligence. âOnly a few states allow a suit to be brought by an individual against the state if it does not report the breach in a timely manner. Louisiana, for example, dictates that the fine is not to exceed $5,000 for each violation. In New Hampshire, the plaintiff receives damages at the level that âthe court deems necessary and proper.â Agencies in states that do not allow individuals to bring suit can still face fines or suits from the stateâs Attorney General or other centralized authority. Federal Constitutional Privacy and Case Law The Fourth Amendment to the U.S. Constitution also imposes constraints on governmental entitiesâ ability to collect private information on drivers (Glancy, 2014). The Fourth Amendment guarantees that individuals shall be âsecure in their persons, houses, papers, and effects, against unreasonable searches and seizures.â199 Under present case law, the Fourth Amendment (search and seizure clause) creates a broad right to privacy, including a right to have electronic communications and private data protected, especially where individuals have a âreasonable expectation of privacy,â (such as their homes) and where it would be unreasonable for the government to violate this expectation of privacy.200 This right to privacy is strongest when the government is the one authorizing the dataâs release. However, if a private party releases the data to law enforcement, the law is less clear.201 However, the demarcation point at which these protections may be triggered, where individualized personal data is collected or analyzed by the government beyond the infrastructure needs of V2I and V2V (Kohler & Colbert-Taylor, 2015), is not clear. Glancy (2014) posits that the routine management and oversight of a C/AV/HAV system would not trigger these constitutional protections because they do not have surveillance or the search of individuals as their primary purpose and may not provide PII. Government Collection of Information and Law Enforcement This may be an areaâas HAVs are deployed and where states are providing data to OEMs and third parties on routes, construction programs, and other traffic notification itemsâwhere a potential hack may allow access into state databases that may be addressed by policy makers. 199 U.S.CONST. amend. IV. 200 See Katz v. United States, 389 U.S. 347, 361â62 (1967) (Harlan, J, concurring). 201 United States v. Miller, 425 U.S. 435 (1976); Smith v. Maryland, 442 U.S. 735 (1979).
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 81 Surveillance Privacy If government surveillance were to happen via C/AVs/HAVs, it could threaten the political and social well-being of a society (Glancy, 2012). In Jones, Supreme Court Justice Sonia Sotomayor noted in her concurring opinion, âAwareness that the Government may be watching chills associational and expressive freedoms. And the Governmentâs unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse.â202 Surveillance systemsâwhether they are law enforcement programs, traffic management systems, or private marketing systemsâall directly affect the autonomy of travelers by overriding individual control over who or what watches and keeps track of their movements from place to place (Glancy, 2012). One area where surveillance privacy may come into play is the area of V2V and V2I where vehicles and infrastructure are communicating between and among one another. In December 2016, the USDOT issued proposed rules to mandate deployment of V2V technologies on all new light-duty vehicles. This includes the use of DSRC technology to be installed in vehicles. NHTSA has emphasized that V2V systems must have secure communications between devices without interference, and that owner/driversâ PII must be protected (NHTSA, December 2016). Privacy-related issues arise mainly from the interconnectivity of C/AVs/HAVs. The data sharing and network aspects make the car just another mobile device that can gather any information about an individual. This information gathering varies from tracking of the routes taken (e.g., through use of transportation networking company (TNC) mobile apps such as Uber and Lyft (LaFrance, 2016), to voice recording, video recording, preferences in media consumed in the car, behavioral patterns, and many more streams of information (Boeglin, 2016). The federal government (FTC) appears to defer to industryâs ability to self-regulate privacy from the beginning of product design in that it encourages âprivacy by designâ as a policy.203 The USDOTâS recent announcement of proposed V2V regulations is, as Lars Reger, Chief Technology Officer of NXPâs Automotive business unit, put it, a âstrong signalâ to the entire automotive community that the industry needs to âcome together and generate the network effectâ (Yoshida, 2016). Without regulations, the development of auto technology using the DSRC spectrum was more limited to certain automakers testing projects in private. Now, the industry knows it can continue to invest in and develop this type of detection system with possibly a uniform, networked system. EDRs and Privacy In 2013, NHTSA introduced regulations requiring all new vehicles sold in the U.S. to be equipped with an EDR (NHTSA, 2013b and 2012). EDRs can internally record, retain, and report 30 seconds of data related to driversâ operation of an automobile. Also known as âblack boxesâ or sensing and diagnostic modules (SDMs), EDRs capture information, such as the speed of a vehicle and the use of a safety belt, in the event of a collision to help understand how the vehicleâs systems performed. The amount of data required by NHTSA (30 seconds) is outlined in agency specifications, but the amount of data that may be collected is not limited by NHTSA. Most car manufacturers currently install these devices in new vehicles, but they will also be in C/AVs/HAVs in some advanced format. The current regulatory structure of these EDRs is instructive. The data stored may be accessed by third parties, such as law-enforcement, for post-crash investigations or by repair shops for diagnostic purposes. The collection of data from the 202 United States v. Jones, 132 S. Ct. 945, 956 (2012) (Sotomayor, J., concurring). 203 See FTCâs Discussion of âprivacy by designâ -In the Matter of Google Inc., F.T.C. Docket No. C-4336 (Oct. 13, 2011).
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 82 EDR has raised concerns about privacy in the event that the data were used for reasons unrelated to safety, such as, for example, law enforcement or insurance litigation. Several organizations have informed NHTSAâs decisions on data collection via comments (EPIC, 2013). One privacy rights group, Consumer Watchdog, has been very vocal and active in affecting legislation, such as in the development of HB 1298 in California (Consumer Watchdog, 2012). In December 2015, the federal Driver Privacy Act of 2015 was enacted.204 It places limitations on data retrieval from EDRs and provides that information collected belongs to the owner or lessee of the vehicle. Seventeen statesâArkansas, California, Colorado, Connecticut, Delaware, Maine, Montana, Nevada, New Hampshire, New Jersey, New York, North Dakota, Oregon, Texas, Utah, Virginia and Washingtonâhave enacted statutes relating to EDRs and privacy. Among other provisions, these states provide that data collected from a motor vehicle EDR may only be downloaded with the consent of the vehicle owner or policyholder, with certain exceptions (NCSL, December 2016).205 If EDR data collected for safety reasons were to be released for non-safety reasons, certain constitutional rights might be triggered. For example, if EDR data such as seatbelt use or driver speed were released to a law enforcement or a government entity, privacy rights might intersect with criminal laws. Now that NHTSA has proposed a rulemaking on V2V systems, perhaps the intersection of federal EDR data regulation and state data breach laws will create a need for more specific C/AV/HAV privacy legislation at the federal level. Third Party Access to Data Legal access to personal information is easier when such information is held by someone other than the data subject. For example, constitutional protections do not apply to law enforcement and national security officials if they seek access to personal information, not from the subject of an investigation, but from others who have the personal information.206 In this âThird Party Doctrineâ situation, a âsubpoena, court order, or administrative order, often without notice to the data subject, can provide relatively easy access to personal data in the hands of someone other than the person who is the subject of the personal information,â since no warrant or probable cause finding is required (Glancy, 2012; Kerr, 2009).207 Because this âThird Party Doctrineâ circumvents constitutional privacy protections (warrant), information privacy risks are magnified. Personal information derived from C/AVs/HAVs, such as a carâs location information derived from the Global Positioning System (GPS) data, personal data devices, or other tracking technology (all of which may have dramatically different terms of service contractual obligations), may lead the courts to apply a test of the âreasonable expectation of privacyâ in evidence collection by law enforcement. If government has trouble obtaining evidence, such as locational data history of a C/AVs/HAVs and/or subject, it may turn to private sources who technically âownâ the information. In one case, the driverâs GPS records (historical location data) were considered business records since the driverâs locations were voluntarily shared with the cellular service company.208 The court held that law enforcement did not per se violate the accusedâs Fourth Amendment right by requesting a court order requiring cellular phone 204https://www.congress.gov/bill/114th-congress/house-bill/22/text#toc-H7E76328B2CD946219201C9FF6470C491 205http://www.ncsl.org/research/telecommunications-and-information-technology/privacy-of-data-from-event-data-recorders.aspx 206 United States v Miller, 425 US (1976); Smith v Marytland, 442 US 735 (1979). 207 re Application of the United States for an Order Pursuant to 18 U.S.C. § 2703(d), Misc. Nos. 1:11âDMâ3, 10âGJâ3793, 1:11â ECâ3, 2011 WL5508991 (E.D. Va. Nov. 10, 2011). 208 In re U.S. for Historical Cell Site Data, 724 F.3d 600, 602 (5th Cir. 2013)
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 83 service companies to provide historical location data of three cell phone users suspected of criminal activity without having first obtaining a warrant or demonstrating probable cause.209 There are concerns as to the rightful ownership of the data once it is collected. Does the car owner or the data collector own the information? Did the car owner/driver consent to the release of that data? As per NHTSAâs proposed rule, the collected data would include vehicle speed, whether the brake had been activated, crash forces at the moment of impact, the state of the engine throttle, airbag deployment timing, and whether or not seatbelts were in use. NHTSA has a policy that EDR data would be treated as the property of the vehicle owner and not accessed without his or her permission. However, the agency also noted that it does not have any authority to establish legally-binding rules regarding the ownership or use of a vehicleâs EDR data. Certain privacy advocates have questioned who controls the data, since it is unclear if the data can be accessed by anyone with a court order (EPIC, 2013). NHTSA requires owner permission be obtained before the data are used. The stored, collected data also presents concerns. Many EDRs transmit data to emergency response centers at the time of a crash. The collection of multiple vehiclesâ computer data and storage in a central location like an emergency response center presents a liability risk for data privacy. Any loss or improper disclosure of personal data could impose liability upon those who collect and store personal information. Personal information privacy from C/AVs/HAVs needs to be protected at the state level by regulations. One model for such state C/AVs/HAVs data privacy regulation could be the existing state laws that address data breaches. Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private, governmental, or educational entities to notify individuals of security breaches of information involving private information (NCLS, January 2016). Many states have enacted legislation that also provides remedial action if personal information is lost or disclosed through a data breach. Since these data breach laws vary from state to state, C/AVs/HAVs driving across state lines could be subject to privacy breach laws of several different states. These security breach laws typically have provisions regarding who must comply with the law (e.g., businesses, data/ information brokers, government entities, etc.); definitions of âpersonal informationâ (e.g., name combined with social security number, driverâs license or state ID, account numbers, etc.); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information). CV and V2V Regulation Moving Forward The FTC has also been actively involved in protecting consumersâ data since 2009 (FTC, 2009) through the regulation of the use of consumer data in various networked systems in the internet of things, including connected cars. On December 13, 2016, NHTSA issued a proposed rule that would advance the deployment of CV technologies throughout the U.S. light vehicle fleet. The NPRM would mandate V2V communication technology on all new light-duty vehicles, which would enable new crash-avoidance applications that can help vehicles communicate with each other (NHTSA, December 2016). The proposed rule would require automakers to include V2V devices that use DSRC to transmit data and âspeak the same languageâ through standardized messaging developed with industry. NHTSA seems to think that V2V technology will also be useful for medium- and heavy-duty trucks and buses. 209 Id. At 602.
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 84 The FHWA also plans to issue guidance for V2I communications, which will integrate the new technology to allow vehicles to âtalkâ to roadway infrastructure such as traffic lights, stop signs, and work zones to improve mobility and safety. Speed and other data would be updated and broadcast up to 10 times per second to nearby vehicles, thereby providing warnings to other drivers to avoid imminent crashes. NHTSA mentions that âprivacy is also protected in V2V safety transmissions. V2V technology does not involve the exchange of information linked to or, as a practical matter, linkable to an individual, and the rule would require extensive privacy and security controls in any V2V devices.â Many details, however, are left to manufacturers to determine. NHTSA and industry research partners developed a security system design based on public key infrastructure (PKI). PKI is widely used by the public in such forms as banking and credit card transactions. However, the system envisioned for V2V is unique in that involves machine-to-machine PKI, which improves some of the vulnerabilities associated with other PKI systems. A privacy leak can still be a factor, as we learned in the famous Target credit card data breach, which was due to an integrity breach (malware) rather than. a confidentiality breach, according to some. The question is, will each automaker be willing to share the information and proprietary technology needed to have a uniform network system and language? The USDOT ITS Joint Program Office has also been engaged in the research of protecting privacy in CVs. The Joint Program Office attempts to ensure that deployment of CV technology will protect consumer privacy and unauthorized access. The ITS Joint Program Office assures the public that V2V technologies have been designed to help protect against vehicle tracking, will not collect financial information, personal communications, or PII about individuals or vehicles, and will have protection against third parties tracking. Further the ITS Joint Program Office claims that V2V systems will allow NHTSA and OEMs to find âproduction runsâ of defective equipment, but will not use VIN numbers or other specifically identifiable vehicle or driver information. Data de-identification/anonymization will be the method used with physical, technical and administrative controls. Physical controls would include protection of the equipment such as tamper-proof casings. Technical controls would include methods and systems designed to protect user data, including firewalls, encryption, and access management. Administrative controls would include laws and regulations âregarding unauthorized collection, storage, and disclosure of dataâ and the Fair Information Practice Principles (ITS Joint Program Office, Connected Vehicle Fact Sheet, n.d.). ITS also claims that the basic safety messages (BSM) exchanged by vehicles cannot be used by law enforcement or private entities to identify a speeding or erratic driver (ITS, Connected Vehicle Fact Sheet, n.d.). The FTC filed a comment in NHTSAs advance NPRM related to V2V communications. The FTCâs comments focused largely on privacy and security concerns about V2V technologies. The FTC comments highlighted its previous work on CVs at its Internet of Things workshop held in November 2013, which, in part, examined privacy and security issues relating to connected car technologies. The workshop highlighted three key concerns related to increased vehicle connectivity: (1) concerns over the ability of connected car technology to track consumersâ precise geolocation over time; (2) concerns over information about driving habits being used to price insurance premiums or set prices for other auto- related products without driversâ knowledge or consent; and (3) concerns regarding the security of connected cars. The FTCâs comments support NHTSAâs efforts to take privacy and security concerns into account as it continues its development of V2V policy.
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 85 FTCs Authority to Protect Consumer Privacy Section 5 of the FTC Act (15 U.S.C. § 45) prohibits ââunfair or deceptive acts or practices in or affecting commerce.â An act or practice is unfair where it⦠1. causes or is likely to cause substantial injury to consumers; 2. cannot be reasonably avoided by consumers; and 3. is not outweighed by countervailing benefits to consumers or to competition. An act or practice is deceptive where⦠1. representation, omission, or practice misleads or is likely to mislead the consumer; 2. a consumerâs interpretation of the representation, omission, or practice is considered reasonable under the circumstances; and 3. the misleading representation, omission, or practice is material. This provision of the FTC Act allows the FTC to intervene in instances where companies failed to reasonably protect consumersâ personal information. The FTC can step in where â[a] company was not adhering to the practices to protect a consumerâs personal information that the company claimed to abide by in its privacy policy.â The FTC is involved in developing regulation on CVs, having offered testimony before Congress, participated in workshops related to privacy and security in connected cars, presented papers on security and privacy in the internet of things, and provided commentary to NHTSA on its proposed V2V privacy and data collection rulemaking. FTC recommendations have included building security into devices from the start (i.e., privacy by design), vendor security, vetting and oversight, as well as the use of multiple layers of security to defend against unauthorized access (defense in depth), and monitoring. The FCC also is involved in CV regulation and its related data protection and security. The FCC regulates wireless communication standards used by C/AVs/HAVs. The automobile industry is engaged in the development of DSRC for V2V communication use and has reserved DSRC for wireless V2V and V2I communication. V2V communication and V2I will be dependent on system interoperability and effectiveness. IEEEE Standards for DSRC were established in 2013. Thus, the FCC is engaged on development of cooperative standards for interoperability between C/AVs/HAVs. The U.S. auto industry has also made a unified effort to self-regulate. Several U.S. auto manufacturers came together in 2014 in the creation of the Consumer Privacy Protection Principles for Vehicle Technologies and Services, a sort of best practices guide on manufacturersâ collection, use and sharing of sensitive consumer information collected, generated, recorded or stored in electronic format in automobiles. The guide promotes the practice of seven principles of data practices: transparency, choice, respect for context, data minimization, de-identification and retention, data security, integrity and access, and accountability. Though the principles apply only to signatory auto manufacturers, they represent recognition of the issues in data privacy protection in the automobile industry.
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 86 Cybersecurity Concerns Another connected but different risk from the data-intensive operations of C/AVs/HAVs is the potential for cyber security breaches that endanger not only financial and other private information, but also the safety and life of an individual as a consequence of criminal hacking of data and/or infrastructure. This is in addition to potential terrorist hacks that could direct infrastructure into a critical melt-down type of situation. For example, Douma and Palodichuck (2012) posit a scenario where a terrorist hacks into a C/AV/HAV system and directs all cars to drive off bridges or crash into one another. Hacking risks are not trivial, as the Jeep hack, and hacks of credit card systems and other data have shown over the past 20 years. Designing a completely hack-free transportation system is not realistic. Within C/AVs/HAVs, a stop button could be used to electronically disengage the vehicle from the network and allow a human or other operator to take control. The C/AV/HAV hacking issue became public after a Wired reporter detailed his test drive experience with some researchers who were able to control a Chrysler vehicleâs brakes, steering, and transmission through its wireless entertainment system in July 2015 (Greenberg, 2015a). The hacking publicity resulted in some class action lawsuits (Greenberg, 2015b) and Fiat Chrysler had to recall 1.4 million vehicles and release a software patch for the vulnerability, which did not foster public trust in CVâs. After the publicity over the Jeep hacking incident, Congress took notice (Trujillo, 2015). In July, 2015, Senator Markey introduced the federal Spy Car Act of 2015 (S. 1802). The Act required automakers to develop hacking and privacy protections for their cars and trucks. The proposed law directed NHTSA to promulgate a rule that protects against unauthorized access to information regarding the owner, speed of the vehicle, data stored in the car, and also required cars manufactured with accessible data to be capable of reporting and intercepting unauthorized access. The bill also directed NHTSA to conduct a rulemaking to require a cyber dashboard to inform consumers about the extent of their privacyâs protection beyond a narrow set of data. Finally, the bill instructed the FTC work with NHTSA to develop standards to protect driversâ privacy and to guard against a potentially deadly hack of a vehicle. It directed the FTC to conduct a rulemaking that would require purchasers to be notified of personal data access and collection. It required carmakers to provide consumers the option to opt out of this collection and retention (except for critical safety and post-accident information), and to prohibit manufacturers from using the collected information without the consent of the owner or lessee.210 In protecting physical integrity of data, the bill would require the NHTSA to set standards to ensure all wireless access points of a vehicle are protected, that critical systems are isolated, that the vehicle has technology to detect and stop a hack in real time, and that all information collected is secured. The Act would also require the FTC to develop rules to force car companies to give notices to customers of collected data and give them the option to opt out of much of it. It would also prohibit marketers from using driving information for ad targeting. Senator Markeyâs bill did not make it through committee, but the report generated from testimony found that nearly all cars on the market include wireless technology that could be vulnerable and (in 2015) only two manufacturers could describe any capabilities to respond to an attack in real time (Markey, 2015). It also indicated that despite the industryâs attempt to agree on privacy principles, there were still disparities and differences in data collection practices (Markey, 2015). And, though the bill was not enacted, it does signal congressional interest in addressing the privacy (and hacking) issues associated with C/AVs/HAVs (U.S. Congress, 2015). 210 http://www.markey.senate.gov/imo/media/doc/SPY%20Car%20legislation.pdf
NCHRP Web-Only Document 253, Vol. 1: Legal Landscape 87 Senator Markeyâs bill was actually preceded by President Obamaâs broader 2012 call for a Consumer Privacy Bill of Rights, which called for providing protections for consumer privacy across a broad range of areas (Kohler & Colbert-Taylor, 2015). NHTSA and the FTC have taken a focused interest in restricting hacking and intrusions on the privacy of consumer data in C/AVs/HAVs (Glancy, 2014; Kohler & Colbert-Taylor, 2015). The FTC, for example, through its regulation of unfair or deceptive trade practices, which could include unjustified invasions of consumer privacy, shows where existing law is engaged in some oversight of this new market (Glancy, 2014). Only California has passed a specific law to address consumer privacy in C/AVs/HAVs. California requires that a âmanufacturer of the autonomous technology installed on a vehicle shall provide a written disclosure to the purchaser of an AV that describes what information is collected by an autonomous technology equipped on the vehicleâ (Chapter 570, Division 16.6. § 38750[h]). As the law is so new, Wagner and Loftus-Otway consider it too early to predict its implications for manufacturers of C/AVs/HAVs sold in the state or even sold outside the state. The California law was criticized by consumer groups for taking too soft a stance on the ability of OEMs and others to collect private information (Lenth, 2013, p.796). Some federal statutes, while not specifically tailored around the hacking of C/AVs/HAVs, appear to penalize these attempts. These include the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Wiretap Act, and the USA Patriot Act (Kohler & Colbert-Taylor, 2015). States may also have components within the criminal codes. For example, Texas Penal Code (Title 7, Chapter 33) provides an anticipatory deterrence against hacking: âA person commits an offense if the person knowingly accesses a computer, computer network, or computer system without the effective consent of the ownerâ (Tex. Penal Code Ann. § 33.02[a]). The penalty is dependent upon the aggregate amount of money involved (id. at § 33.02[b-2]). The aggregate amount consists of the âbenefits obtained and the losses incurred because of the fraud, harm, or alterationâ (id. at § 33.02[c]). A violation of this statute ranges from a Class B misdemeanor to a felony of the first degree (id. at § 33.02[b-2]). If the hacker obtains the PII of another person, the violation is upgraded to either a second degree or first degree felony regardless of the amount in question (id.). Wrap-Up Fully automated or connected cars carry the promise of enhanced efficiency, increased safety, and other benefits. As the automation increases, however, and cars move towards becoming completely driverless, more and more data will be generated, collected, stored, transmitted, and shared. This data will include vehicle system data and accessory system data, as well as personal identifiable data from the ownersâ, driversâ, and passengersâ personal devices. Vehicles and their systems will be at risk for unauthorized access, hijacking, and theft. Ownersâ, driversâ, and passengersâ PII will also be at risk for unauthorized access and use. Since the collection, storage, and use of the data from connected cars carries such significant privacy risks, regulators such as the NHTSA, ITS Joint Program Office, FTC and FCC, as well as the auto industry itself, must prepare regulations or standards to ensure that those risks are minimized. Whether at the federal level or the state level, the benefits from improved technology in C/AVs/HAVs will need to be balanced against the growing need for data security and privacy.
