The starting gun has already fired in the race for the development of the autonomous car. Running full speed down the track are the big technology companies (Google, Uber or Apple) and the automobile companies (Tesla, Mercedes or General Motors). No firm wants to be left behind. Experts have announced that by 2020 the first fully self-driving car will have reached the goal, although those that head out on the road will still need the supervision of a human driver.
Safety has become the main objective and focus of the competition and the fact that these cars will store as much personal information as a mobile phone or credit card has been underappreciated. Amidst this incessant and frantic technological pace, some big questions are being left unanswered. Who has access to all this information? Does the owner know? Will self-driving cars become the new Big Brother?
Collecting a large amount of data is essential for the normal operation of an autonomous car. The information it has at its disposal will be translated into the rigour of the decisions that it makes. The car needs to know where it is, where it is headed and it must be able to recognize and keep track of any object that could be on the road. This need not necessarily be bad. Having data and sharing them with other vehicles or even with future ‘smart roads’ can mean a drastic reduction in accidents by having control over the speed and distance between cars, being able to react automatically to possible incidents and even warning about the deterioration of parts or components.
“Data is the new oil,” pronounced the CEO of Intel Brian Krzanich during a speech at the Los Angeles auto show, AutoMobility. “If you have rich data, your car will be able to deal with complex route situations,” Krzanich said. “If not, the car will stop.” However, when analysed in detail, the amount of information that is collected exceeds any expectative. The more personalized the vehicle is, or the more amenities it offers, the more personal information it must incorporate into its services. Thus, the question revolves around which of those data have an operational purpose and which have a commercial function.
Your car knows how to book restaurants
Let’s give an example. The owner of a driverless car opens the door, is quickly greeted by the vehicle, which says good morning and proposes to go for a coffee on the way to work, already knowing where the café is and what the route is to follow. Then, passing a restaurant, the car asks if the user wants to make a reservation for Thursday night, which it knows the user has free because it knows her schedule. The user agrees as it is one of her favourite restaurants, although she does not remember having told this to the vehicle’s operating system. Finally, she arrives at work with the feeling of the undeniable comforts than an autonomous car involves.
However, when rewinding this journey, various facts can be uncovered: the first is that perhaps the café to which the car was directed in the first place was not the one that best fit the route, but rather the sponsored one, that is, the one whose owner had paid in order to receive more visits and appear on routes ahead of others, just like Google ads now work. As for the restaurant, the vehicle knows the user’s preferences because it searches for and analyses keywords in her emails, messages and conversations.
Much of this information is captured by the multiple cameras, sensors and radars available to this type of vehicle. Only one camera, depending on the quality of the image, generates about 40 MB per second. Thus, Intel points out that a single autonomous car will create more than 4,000 Gigabytes (GB) per hour of driving. Estimates about Google’s driverless car come out similarly: 1 GB every second (3,600 GB an hour). Put in context, these figures are still more relevant: one person produces over a day (counting viewing videos, conversations and any other Internet use) about 650 MB. “Each autonomous car driving on the road will generate as much data as about 3,000 people,” Krzanich says. In short, a goldmine for companies, a bottomless well of data that nobody controls.
Lack of legislation
In 2014, the major automakers voluntarily adopted “Practical Principles on Fair Information”. These included commitments on transparency, consumer choice, minimization of data collection and retention. In addition, these principles called for high protection for identifiable information such as geolocation, driver behaviour or biometric data. The problem with these voluntary principles lies mainly in that: they are voluntary. There is enough ambiguity on this issue for each manufacturer to act according to different standards.
In addition, no state law has incorporated these commitments into an obligation. Only eight states in the United States have passed laws on self-driving vehicles— although many are in the pipeline—and the main concern in all of them is the physical safety of the vehicle (liability in the event of accidents, in most cases). This leaves all matters relating to privacy and cyber security unexamined.
For the moment, only California has drafted, in a very superficial way, a regulation to deal with the privacy of the data. It states that it will be necessary to notify and request the consent of the owners of the cars before the operators of the vehicle can collect their information. The fact that just one single state has perfunctorily addressed the issue demonstrates the lack of protection of the users who remain at the mercy of the companies that manufacture these cars.
In early 2016, several companies—Google, General Motors and Lyft (an Uber-like service company)—responded to questions from US senators at a Congressional hearing. When Senator Ed Markey, a Democrat from Massachusetts, repeatedly asked whether a minimum standard would be included for the protection of private information, none of the technologists present could provide a clear answer. Nor were they willing to pledge that the information obtained by these vehicles would serve a purely functional and non-commercial purpose. “I think it’s pretty early in the game with driverless cars … to have a lot of rules saying, ‘thou shalt not do X, Y, and Z, with the data,’ says David Drummond, a senior vice president and Google’s chief legal counsel.
Some of the solutions that have been put forward to protect this privacy are to anonymize all the data collected by self-employed cars, ask for the user’s confirmation to be able to collect the information and even give users the option to stop sharing it. Some experts, such as Amnon Shashua, co-founder of MobileEye, a company that is also investing in autonomous technology, defend the interest that companies like Google or Uber can have in managing privacy issues well: “That could kill a business, if you don’t handle privacy properly.”