When John Adams needed to get from General Washington’s command post at Cambridge, Massachusetts to the seat of our nascent government in Philadelphia in the winter of 1776, it took him about two weeks on horseback, says historian David McCullough. The idea of a horseless carriage that could trim the travel time between those cities to six hours was probably beyond his imagination. Yet our relationship with cars is now so deep and personal that we often engage with our nation’s founding principles when describing it. Freedom and autonomy are so linked to both the American ideal and the automobile that the concepts nearly merge. But soon, this relationship will change: we may lose the freedom to control our cars.
On February 3rd, 2014, the US Secretary of Transportation, Anthony Foxx, gave a press conference where he revealed that the government was planning to draft rules requiring all cars to adopt a vehicle-to-vehicle communication system, or V2V. As the New York Times reported, the rules will “require all new cars to broadcast their location, speed, direction and other data, and to receive similar data from other vehicles, to warn drivers of impending collisions.” The way your car will send and receive these messages is through something called a vehicular ad-hoc network, or VANET. Think of V2V like instant messaging for your car, where a VANET is the communications infrastructure, like the Internet.
For the moment, V2V is related to, but separate from, autonomous vehicles the likes of which Google has been trumpeting for the last few years. The tech giant and most automobile manufacturers already believe driverless cars are inevitable. But before we get there, VANETs will allow messages to be broadcast to and from cars and location-based devices like traffic signals so that human drivers can adapt to unseen driving conditions.
This technology has already undergone a successful pilot test of nearly 3,000 vehicles in Ann Arbor, Michigan. A video on the US DOT’s Research and Innovative Technology Agency website demonstrates the basic types of assistance that V2V would provide, including warnings if someone is in your blind spot, if a vehicle is braking hard several cars ahead of you, or if there is oncoming traffic at a blind turn.
Tom Costello, NBC’s transportation correspondent, tested the technology and described it on NPR’s On Point: “I got flashing LED lights, my seat would rumble…you also get an audible warning.” Over time these communication networks will merge with function controls, many of which already exist (think ABS, adaptive cruise control, lane assist) to create safety overrides that would correct human error.
The Department of Transportation claims that this technology “could potentially address approximately 80 percent of the crash scenarios involving non-impaired drivers.” David Kerley of ABC News suggested that 20,000 lives could be saved per year from these VANETs. And that’s ignoring the reductions in traffic and emissions that become possible when all of our cars eventually become more or less synchronized.
So far, this might sound like a no-brainer. Cutting down 80 percent of vehicular accidents alone is a compelling argument. So what, if anything, might be problematic with V2V? While it’s a complex question, there are three broad areas of concern: security, privacy, and autonomy.
First, security. What are the risks of the network being maliciously hacked? One could imagine, for example, a signal being sent to half the cars on the road to brake violently, causing massive pileups on all major thoroughfares in the nation.
The Center for Automotive Embedded Systems Security published a paper in 2011 describing the feasibility of hacking into individual cars and controlling them remotely. They used a variety of techniques including physical manipulation (by plugging into the car’s diagnostic system as a mechanic would) and remote infiltration (over the cellular network). Shockingly, although many of the methods described are challenging to execute, in every case the team was able to exert total control over the vehicle.
So in theory anyway, your car, unless it lacks the on-board-diagnostics (OBD) systems in existence since the ’70s and mandated since 1996, can be hacked right now. While somewhat terrifying, that knowledge is leavened with the realization that to date, it almost certainly hasn’t been hacked. Of course, creating VANETs might make accessing any individual vehicle and all vehicles across the network far easier.
To make sense of the risks in the context of our current vulnerabilities, I spoke with Virgil Gligor, a professor in Carnegie Mellon’s Electrical and Computer Engineering Department who has done contract work with the NSA and written about security and privacy in vehicular communications.
According to Gligor, it’s always possible to invent a scary scenario for car security, but that in reality “this hacking would have to be extremely sophisticated to cause an accident.” In the near future, cars will communicate through the cellular network with its many providers, making it very difficult to exert total control, Gligor says, adding “I’m actually more worried about air traffic control than this car business.”
The vast disconnect between fear and reality when it comes to terrorism risk is something to address elsewhere, but it bears noting that if 20,000 lives are saved per annum by the technology, VANET hacking would need to kill nearly as many to justify abandoning the system from a strict safety standpoint. Considering the worst terrorist attack in US history killed about 3,000, that risk seems vanishingly small.
The next concern is privacy, and VANETs open a can of worms here. The protocol designed by the DOT and the consortium of car manufacturers will send ten messages per second with information about your location, direction, speed, steering, and braking.
One risk would be the ability of a third party to tap into the network and track a vehicle or commandeer the hands-free microphone, for example, to record any conversation in the car. Both are theoretically possible.
In August of 2014, the National Highway Traffic Safety Administration (NHTSA) released a report on V2V that suggested they will pursue a high standard of privacy. “The system will not collect or store any data on individuals or individual vehicles, nor will it enable the government to do so. There is no data in the safety messages exchanged by vehicles or collected by the V2V security system that could be used by law enforcement or private entities to personally identify a speeding or erratic driver.”
Taken at face value, this seems to allay any privacy concerns. Anonymity and unlinkability—that is, the inability to link data from your car at one location to that at another—make third-party tracking very difficult. However, the report goes on to state that while it would like to follow the ideal of “end-to-end anonymity,” the actual system would have to engage in some data gathering in order to identify malfunctioning devices. It also allows that other agencies, like the Department of Justice and the Department of Homeland Security, may make requests that require changes in data gathering. Finally, it acknowledges that “further development of the technology or organization of the V2V system is likely to result in changes—possibly significant changes—to the interim privacy analysis and findings.” The takeaway is that, while NHTSA understands the concerns of privacy advocates and would like to address them, everything is still up in the air. More studies are to be released this year.
Even assuming the agency puts in place a system concordant with the highest privacy goals, the revelations by Edward Snowden have demonstrated the NSA can and will use every capability at its disposal to gather unfathomable amounts of data about ordinary Americans. Given that, it’s reasonable to be concerned that our vehicle data will be gathered, regardless of official statements to the contrary. If, when, and how it might be used is another question, but the gathering alone is something that people such as myself find inherently objectionable.
To be fair, these risks should be contextualized with the risks that most Americans already take. Not only can GPS devices and toll transponders be used to track your vehicle, but if you carry a cell phone, you are already essentially wearing a 24/7 spying device. Even when you power off your phone, says Gligor, there are control messages sent between it and cell towers and “those control messages could even turn your phone into a microphone…to me that’s a bigger problem than car tracking through GPS.” The only way to hide your position, he says, is to take the battery out.
If you are a strong believer in the right to privacy, then cell phones, GPS devices, and VANETs all pose extreme challenges. A person can, as I have, drive an older car, not own a cell phone, not own a GPS device, and refuse a toll transponder. However, if the rules proposed by NHTSA go into effect, such a person would be mandated to be trackable at all times in their car. This is the problem with the proposed rules (and the progression of technology in general): the decreasing ability to opt out.
This leads into the final, and perhaps most problematic, issue with V2V: the loss of autonomy. Sebastian Thrun is one of the engineers behind Google’s efforts to perfect the self-driving car. In a 2011 TED talk, he describes his motivation: he lost his best friend to a car accident when he was 18. “Now I can’t get my friend Harold back to life, but I can do something for all the people who died,” says Thrun. He describes the Google autonomous vehicle as “the perfect driving mechanism.”
As technology has mitigated many of life’s dangers, this strange notion has percolated into our public conversations—that our world can or should somehow be “perfect” and people should never be harmed and never die except of old age. It sounds ridiculous and naive when put in that way, but behind Thrun’s description is a wish that could be most charitably described as child-like.
Freedom, that paramount American ideal, always contains within it the option to make a mistake, to do something foolish, even to do something morally reprehensible. What defines us as autonomous beings is our ability to use our own judgment to decide when to take risks and when not to, to decide what is right and what is wrong. As a society, we usually rely on a system of punishment and accountability to dissuade people from making harmful or dangerous choices. But if we take away the ability to choose to begin with, we are giving up a fundamental part of our humanity.
When our cars become networked and functions become automatically controlled, it makes the behavior of drivers ultimately subject to a sort of censorship. That may not be the initial intent of these systems, but such control will inevitably be proposed by those who share Thrun’s perspective. Will we be prevented from speeding? Making a U-turn? Taking a shortcut? Will parolees be stopped at state borders not by their consciences but by their semi-autonomous vehicles? Would Thelma and Louise come to an unchosen halt at the edge of the canyon due to their V2V device?
Neither VANETs nor self-driving cars end death or make the world perfect, but they are on a continuum of technologies that ultimately converge towards some kind of sanitized version of life where there is no risk. Unfortunately this version also has little choice, little agency, and perhaps therefore little meaning.
Looked at another way, each task that we hand over to computers and networks is one skill set fewer that we have command of. It is hard not to see that as a diminishment of human capability. If eventually computers can do everything, what will we, the ineffectual and flawed humans, do?
Ultimately, calculating the costs and benefits of V2V is tricky. But it raises the questions that underlie many of our recent technological innovations: What is the value of human life versus privacy, efficiency versus autonomy, security versus freedom? And is life without privacy, autonomy, and freedom worth having?
It is quite possible that VANETs will be implemented successfully and the fears of hacking and surveillance will be overblown. But we should have a choice as to whether or not our cars’ information is broadcast to the world. With toll transponders and GPS devices, we can choose to opt out. But if the rules as proposed by NHTSA go through, our days of opting out may be over. Losing control of our cars is next.
There is still a ways to go before we all climb into a lounge-on-wheels, program a destination into the console, and take a two-hour nap. To John Adams, sore from two weeks of riding, that may very well have sounded like a fantastic idea, but it bears asking whether a nation of full of people who no longer have any real-world skills, privacy, or autonomy would produce any future John Adamses.