Skip to Content

Cybersecurity & Standards, Government Surveillance, Privacy & Data

Self-Driving into the Future: Putting Automated Driving Policy in Top Gear


This post was authored by CDT summer intern Apratim Vidyarthi. You can find him on Twitter

Batman, Minority Report, Total Recall, and I, Robot: each of these films featured self-driving cars and fueled our collective imagination of the utopia or dystopia that could result. We are starting to see the basic elements of vehicular autonomy jump out of the silver screen and into the real world. However, in the wake of Tesla taking the first step of developing semi-autonomous driving software (titled – perhaps inappropriately – “Beta mode”), uncertainty looms after the involvement of assisted-driving systems in multiple accidents.

The resulting National Highway Traffic Safety Administration (NHSTA) investigation has increased attention to the regulatory framework around such systems, followed by troubling proposals worldwide, from Germany’s proposal to put black boxes in semi-autonomous cars, to the Chinese ban on semi-autonomous cars. Such hasty regulatory actions could set back semi-autonomous driving technology, which has the potential to improve fuel economy, reduce accidents, and reduce congestion. While the conversation has been shaped by recent accidents, important underlying issues must be addressed in order to make autonomous cars less like those in Total Recall – where self-driving cars are so frustrating that humans revert back to normal cars – and more like those in Minority Report or, if we’re dreaming big, Batman – where cars can do everything and we can focus on relaxing or hunting down villains.

Lawmakers, advocacy groups, and private companies need to begin answering these questions and focus on properly implementing autonomy.

There are a number of pressing issues in autonomous vehicle policy. First, the regulation of semi-autonomous cars and what standards manufacturers should be held to. Second, the concept of including black boxes in cars, and dealing with other privacy-related issues arising from the development of self-driving cars. And finally, the conversation around developing infrastructure to facilitate the growth of autonomous cars.

How to Regulate Autonomous Cars and Design Safety Standards

No algorithm, computer, or technology is certain to be perfect in its estimations and calculations, especially complicated software that needs to predict obstacles (given many different variables and inputs). NHSTA, the National Transportation Safety Board (NTSB), and other agencies and manufacturers need to determine an adequate level of tolerance for accidents or errors, and this should be based on how these technologies compare to human drivers. Manufacturers also need to determine what actions autonomous or semi-autonomous cars must take if they are faced with various life-threatening scenarios and need to choose between them. And finally, when autonomy is enabled, where does the liability for accidents and errors lie – and how will this affect existing insurance paradigms?

But the first step is defining what can be classified as autonomous or semi-autonomous: what level of autonomy must be required before a car faces regulations specific to autonomous or semi-autonomous vehicles? On one end of the spectrum are cars which have technologies like preventative braking where vehicle-controlled actions are relatively minor and either depend on close human supervision or make up for a lack of human supervision in fairly conservative ways; on the other end are the end-goals for Tesla’s vision of fully autonomous trucks, or Google and Apple’s visions of cars, where humans are essentially highly perishable cargo. Regulators, manufacturers, and other stakeholders must work together to answer this question, which requires extensive research, conversation, and a deep understanding of algorithms, the law, and the implications of developing new policies or adapting older ones to new technologies.

How to Maintain Privacy while Facilitating Autonomy

Newer cars are increasingly able to connect to the internet and communicate with other cars. Mercedes Benz’s latest cars have features that allow vehicle-to-vehicle (V2V) communication. Tesla has been able to acquire accident data remotely from customers’ cars to analyze accidents (and even to critique inaccurate automotive reviews). These capabilities are not going unnoticed. German authorities have proposed placing black boxes in cars with self-driving features to gather data in the event of accidents. However, such features lead to questions of privacy and the broader question of vehicle and data ownership – who owns the data that these cars produce, and should vehicle owners be able to prevent centralized entities (like Tesla) from analyzing their data?

Furthermore, to create an environment that enables autonomous cars, vehicles and roads will need to communicate with each other; requiring blanketing roadways with communication devices in order to facilitate such actions. But such V2V and vehicle-to-road (V2R) technologies bring the issues of tracking cars based on identifiers (and other signals) vehicles may broadcast to road infrastructure. Tracking other kinds of vehicle identifiers, like license plates, raises serious questions about surveillance and privacy; are drivers comfortable with movements of their vehicles potentially being publicly trackable and searchable over time, or is this the pathway to an Orwellian nightmare? And given that V2V communication systems will be embedded in the electronic systems of cars, these autonomous cars may be easily hackable and insecure. Since cars are a fundamentally different private space – a mobile version of a home, where private conversations and bad singing alike should remain private – ensuring the security of vehicles while guaranteeing that V2R and V2V communications won’t be used for tracking and surveillance will require heavy accountability of government agencies, good information security standards like encryption, network isolation and input sanitization, as well as new privacy-preserving technical innovations such as identifier randomization.

Developing Infrastructure to Facilitate the Growth of the Autonomous Car Industry

Self-driving cars are a plausible reality, but one that will require massive investment in roads, safety equipment, and various regulations like the color of turn signals. While the size of investment is minuscule compared to the infrastructure investments needed by American roads and bridges, it will require moving mountains in a gridlocked US Congress, whose appropriations are responsible for a majority of transportation funding. Alongside this infrastructure development are questions of security and safety. As mentioned, the more wireless communications required – as will be for autonomous cars – the more potential for malicious actors to take advantage of such systems remotely, without detection – as has already been done with modern cars that have advanced electronics systems.

Given America’s scattered cyber defense policy and dearth of technologists in the government, the first step forward for regulators is to determine some basic standards for encryption and security protocols that critical infrastructure must embody before allowing for such infrastructure’s implementation (NHTSA is engaged in this now). Conflicting cybersecurity policies will need to be streamlined and standardized (perhaps through dedicated government agencies, the development of best practices or standard protocols in the event of breaches) before critical infrastructure like roads can be revolutionized – a process that could happen in tandem with the current infrastructure-building the federal government is working on.

Because Congress is often slow to tackle pressing issues, new technologies often fall under the umbrella of old statutes and regulations. But with autonomous or semi-autonomous cars comes a paradigm shift – a different way of thinking and living – that requires a non-trivial infrastructure accommodation and regulations that allow self-driving cars to become a reality. Lawmakers, advocacy groups, and private companies need to begin answering these questions and focus on properly implementing autonomy. Only through a collaborative effort will the new systems be truly safe and be able to deliver the dreams of every comic book and sci-fi fan.