On Friday the National Highway Traffic Safety Administration (NHTSA) formally regulations requiring the placement of 鈥渂lack boxes鈥 in cars. More properly known as 鈥淓vent Data Recorders,鈥 or EDRs, these are similar to the devices of the same name placed in aircraft, which record data about the vehicle鈥檚 operating characteristics in the seconds before a crash.
If these devices can be used to reduce accidents and fatalities on our roads, that is a good thing, but they do raise issues of privacy and fairness and there absolutely is no reason that we can鈥檛 have our privacy and fairness, and safety too.
This provides a good overview of the technology. We and other privacy advocates have been following it for nearly a decade. In 2004, the National Transportation Safety Board (NTSB) that black boxes be made mandatory in all cars. In 2006, the NHTSA finalized governing precisely what data be recorded by EDRs鈥攚ithout yet requiring that they be included in all cars. Now the NHTSA has proposed that step.
Before that happens, we need to make sure some basic principles are covered:
- First, people need to know that these things are in their cars. That鈥檚 a basic principle of privacy and fairness. Some automakers have been installing them for years without clear notice to customers. The 2006 NHTSA rules also required that carmakers include a standardized statement in owners manuals giving notice to car purchasers that these devices are installed in the cars they just bought. That鈥檚 a good thing, but hardly adequate; few people buying a new car read all the fine print in a vehicle鈥檚 owner鈥檚 manual before they buy it. It would be better to make sure people know before they buy. Especially when they鈥檙e not in every car.
- More importantly, we need to clearly establish the principle that the data on these black box computers belongs to the person who owns the car. When you buy a car, you also buy the many computers that, increasingly, run that car. The data on your EDR should belong to you鈥攁nd be no more accessible to the police or anyone else without a warrant, or your consent, than the data on the laptop sitting on the seat next to you. That doesn鈥檛 mean the data will never be available to the police鈥攊f they have a judicial order, they鈥檒l be able to obtain it, just as they can obtain the information on your desktop computer or diary if they can show that evidence of a crime is likely to be contained therein. NHTSA in its rulemaking that it obtains permission from vehicle owners before using data for its safety studies.
- Third, the computer code for black boxes should be open source. I鈥檝e previously written several times about how computer code governing critical systems in automobiles should be required to be open source. We don鈥檛 want some poor person to be driving down the road at the speed limit, get hit by some crazy driver, only to be told by the police that their EDR says they were doing 95 because of some software bug. We need to have a very high level of trust in devices before we dispense justice based on them. It鈥檚 very difficult to write bug-free software, so this is a real concern. The software that drives these computers needs to be available to the public for scrutiny because experience has shown that is the best way to ferret out software bugs.
Another question is often raised with regard to black boxes: should vehicle owners have the right to disable or otherwise tinker with their black boxes? Generally, the 鈥渇reedom to tinker鈥 and to control our own technology is an important principle, and the default policy should be 鈥測es.鈥 That said, if Americans want to collectively decide that automobiles are going to have these boxes in them, limited to collecting data in the few seconds before a crash, then I would argue that would be legitimate. Automobiles are already highly regulated pieces of machinery, and rightly so鈥攖he amount of death and carnage on our roadways each year is devastating, and ruins far more American lives each year and each decade than terrorism ever has. Unlike many other technologies, the design and operation of vehicles hurtling through our public spaces has significant social impacts; our safety is much more affected by other people鈥檚 vehicles than it is by more purely personal technologies.
One final point I would make about automobile black boxes: although cars are different, EDRs may still set an important precedent for a range of other technologies in terms of who controls them and in whose interests. Will devices serve the consumer/owner, or some other powerful interest such as the government or big companies? We don鈥檛 want to drift into a world in which our own possessions are riddled with computer chips acting in the interests of others鈥攚atching us, controlling us, and possibly snitching on us.
Although automobiles are to some extent a special technology because of their dangerousness, we can still defend principles of privacy and control while taking advantage of EDR technology to bring much-needed improvements in the safety of our roads.
Update (Dec. 17)
Richard Stallman of the Free Software Foundation has alerted me to the fact that the term "open source" has a broader meaning than I have used above (is a piece by Stallman discussing the finer points of software freedom). "Open source" is generally to mean not only code that is transparent鈥攁vailable to all for inspection鈥攂ut also that can be (for example) freely redistributed and used for derived works. In the case of black boxes I only go so far as arguing that the source code should be transparent.