Dude, what did you do in your car?
Data privacy has long been a hot contested topic fought between privacy advocates and governing bodies. The definitions of privacy laws and ownership of data are increasingly challenged as electrical systems today become more sophisticated and accrue more information. In recent years, the automotive industry has provided more kindling for the fire with the installation of event data recorders (EDR) – much like a black box in an aircraft – in most (85+%) new vehicles. Without regulation of these devices, whose presence is generally unknown, everyday drivers are potentially vulnerable to their vehicles’ data being misused by authorities and insurance providers for their own self-interests.
An EDR device is typically the size of a deck of playing cards and is installed as part of the airbag control module – storing data produced by automobile safety systems networked throughout the vehicle in the event of a crash. The EDR was originally installed by auto manufacturers to verify that their airbags had deployed as designed. As these devices matured and collected more data, researchers and automakers were able to refine and improve various safety systems. Devices today are capable of recording several variables in the event of a crash such as: the speed the vehicle was travelling, whether or not the brake was applied, the number of and time between crash events, whether or not the driver was using a safety belt, and more.
It comes as little surprise that this valuable information is making its way into courtrooms, influencing the verdicts of criminal and civil cases. Also unsurprising, insurance agencies are interested in ERD data to learn about your habits and capabilities as a driver to set price quotes and policy parameters. With no federal laws deciding who should have access to black box data, the states were left to develop their own laws surrounding the issue. Today, only 13 states across the country have passed laws governing the ownership of ERD data – leaving 37 states with no rules preventing law enforcement or insurance agencies from obtaining data.
However, the potential for conflict over data reliability and security currently prohibits EDR from regularly standing up in court. Privacy advocates argue that EDR devices are a means to ‘spy on them’ and some have gone as far as to use lockable mechanical covers to block access to their vehicles’ OBD-II ports from which EDR data is typically extracted. Furthermore, they argue that EDR devices effectively violate several amendments of the U.S. Constitution including: the Fourth Amendment (freedom from search and seizure), the Fifth Amendment (privilege against self-incrimination) and the Sixth Amendment (the right of the accused to cross-examine any witnesses testifying against them).
Auto manufacturers and EDR OEMs do have a guiding light in this foray with standards established by the National Highway Transportation Safety Administration (NHTSA). To be clear, black boxes are not mandatory under NHTSA rules – but as of Sept. 1, 2012, all EDR-equipped light vehicles manufactured in the model year 2013 and beyond must comply. These standards enforce auto manufacturers to disclose all onboard safety-related data recording functions to consumers. Additionally, EDRs must keep a record of 15 discrete variables and be able to withstand a multievent crash.
Predictions for 2013 are cloudy as ever with changes possibly coming from a variety of authorities. OEMs must prepare to adapt their EDR systems as consumers become more aware of the technology and further regulations are passed. This may involve installing additional components (such as the aforementioned lockable covers), designing more complex recording devices, or even further ruggedization for reliability. Perhaps the data itself will be protected – presenting a possible opportunity for encryption solutions providers like Mocana and Revere Security.
Pending legislation could change the courtroom landscape dramatically. The Motor Vehicle and Highway Safety Improvement Act of 2011, or Mariah’s Act, would make any data in a vehicle’s black box the property of the vehicle’s owner. The bill remains in limbo waiting for approval from the senate since December 2011.
As EDR devices become standard and vehicles are increasingly connected (BMW’s vehicles now come with an EDR that communicates a car’s information to local dealerships for maintenance scheduling), data privacy and ownership will become a hotter topic still. OEMs must remain versatile to address further new or changing requirements presented by either the NHTSA or local states – possibly even the federal government. Just remember that your car will likely have a story to tell the next time (hopefully not!) you get into a fender bender.