One of the goals of this year's Computers Freedom and Privacy conference is to ask the question, "Can we be 'smart' and private?" Wednesday's panel on Intellegent Transportation Systems (ITS) asks, As we make driving safer, more efficient and more comfortable, how can we at the same time protect the privacy of drivers?
Panel moderator Frank Kargl, Associate Professor, Distributed and Embedded Security at University of Twente in the Netherlands gave a brief introduction to the ITS concept. The stated goal of ITS is to increase safety, efficiency, and comfort of drivers. For example, a driver traveling on a foggy road could, through ITS be alerted to an accident ahead. In these systems vehicles communicate to other vehicles, things like speed, and direction. Kargl also promoted an upcoming workshop on this issue taking place in Berlin this July. Details here.
Each panelist then gave a short presentation sharing his perspective on ITS.
European Perspective and the ITS Action Plan
Antonio Kung, Co-Chair, eSafety Forum eSecurity Working Group in Trialog in France began his talk by acknowledging the European Commission for providing his slide materials. The current policy initiative for ITS Action Plan to be adopted by parliament includes four areas:
- Optimal Use of Road Traffic and Travel Data
- Continuity of traffic and freight over international borders
- Road safety and security (ex: creating single emergency phone number across borders)
- Integration of Vehicle Transportation Infrastructure (car to car communication)
There have been a few European Commission Initiatives related to ITS:
- eSafty initieve in 2003
- Bringing eCall to Citizens in 2005 (single European emergency number)
- i2010 Intelligent Car Initiative in 2010
Some of the impact of the privacy community on the ITS Action Plan thus far has been come from the Article 29 Working Group in 2006 with the recommendation that users be allowed to disable communication boxes in cars. Also, in 2009, EDPS provided an opinion on the ITS directive encouraging "Privacy by Design," or integration of privacy features and privacy enhancing technology at the design level.
The Challenge of ITS for the Law of Privacy in the United States
Frank Douma, Assistant Director, Hubert H. Humphrey Institute of Public Affairs at the University of Minnesota provided an American legal perspective on the ITS issue. He described one main problem in the US as the existence of an apparent gap in the perception of privacy rights and what Americans' legal privacy rights are. Actual privacy law at the federal level defines these rights much more narrowly than many people perceive. Some states do however have more broadly defined privacy laws. The toolbox developed by the ITS Institute at the University of Minnesota emphasizes consent and limitations on use of collected data.
Technical Solution Approaches
Johann-Christoph Freytag, Professor at Humboldt-Universitaet zu Berlin described his project that attempts to addresses privacy of ITS in Europe. As a starting point, Freytag defines privacy from what he calls a computer science point of view, focusing on when, how, and to what extent data is available to others. He emphasized that the problem of privacy in the ITS setting is difficult because anonymised data can easily be combined with other data to identify cars/drivers; if a car is constatnly connected to a network in exchange for services, data is constantly collected. In an attempt to solve this potential problem of, Freytag's team developed a set of principles to consider when developing policy: purpose (of data) specification, consent (of driver), limited collection, limited use, limited disclosure, limited retention, accuracy, safety, openness, and compliance. They consider these principles to be the bridge between the technical and nontechnical world when addressing these problems. Because many privacy policies are "unverifiable promises," a second part of Freytag's project to make sure that the architecture of the ITSs fits the privacy policy by design. He emphasized that "data should not float around separately from its use," and that data and policy should always be "glued together."
A US and OEM perspective on technical solutions
Tom Schaffnit, president of Vehicle Safety Communications 3 Consortium (VSC3) made his presentation last. The VSC3 is working with a consortium of several auto companies to develop ITS with the main goal of auto accident prevention and they are working cooperatively with United States Department of Transportation on a pilot project to be implemented in 2012. This cooperative safety system is designed with an attempt at balancing Safety, Security, and Privacy. The pilot program uses vehicle communication and GPS as a new sort of safety sensor, sending data to other vehicles. He described this option as low cost, making it a viable across the full market. Schaffnit emphasized the project's "privacy by design" goals: short range communications, privacy of individuals, privacy from peers, and privacy from "big brother."
Short range communications:
- short range transmitters used in cars 5.9 gHz DSRC, works across 300-500 meters
Privacy of individuals:
- vehicle data transmissions don't include information to indicate who is in the car
Privacy from peers:
- sort term linkablity of cars, vs. long term linkablity
- anonymous short lived secruty certificates
- random identification numbers that change
Privacy from big brother:
- system designed with split certificate authority functionality
Q&A
During the Q&A portion of the session, blogger Ed Hasbrouck, asked the panelists what lessons should be taken from air travel programs that he defined as government surveillance systems, to prevent ITS from becoming another way to track citizens' movements. The panelists agreed that the "privacy by design" concept was important in meeting this goal. If the system is designed not to survey, then it would be difficult to use it to that end.
Another audience member asked how it might be possible to opt out completely, can you just buy an old car? Douma fielded the question saying that right now, the data is specifically tied to use so black boxes in cars for instance, only keep record of a crash– but that in the future we need to be concerned about these data being tracked in database systems, and to address the potential abuse, there needs to be legislation, commercial privacy policy must not be trusted to meet this end.
In closing, each panelist gave what he thought should be the next action to achieve ITS privacy:
- Kung: collaboration such as that on the panel, and sharing plans between stakeholders
- Douma: privacy protecting legislation
- Freytag: drivers need to be able to do their own cost benefit analysis, drivers need to be educated
- Schaffnit: Privacy by design; designers need to prevent nefarious use by design.
Join the Discussion (0)
Become a Member or Sign In to Post a Comment