Self-Driving Cars, RFID Registration, and Privacy on the Road

If you drive anywhere around Mountain View, chances are high that you’ve spotted one of Google’s self-driving car prototypes navigating the road — and in the larger Bay Area, the cars are a topic of considerable discussion and conversation. Legislators across the country are also considering the implications of cars that drive themselves: Who’s liable in an accident? Should a human driver be positioned to take control at all times? How should they be handled within the legal framework of the rules of the road and keeping everyone safe, including not just other drivers but also pedestrians and cyclists?

In the ongoing discussion over the Google Cars, I’m interested in something else: Privacy.

The Google Cars don’t actually operate by having an incredibly intelligent AI system capable of handling any challenge on the road. They rely on a combination of satellite data, recorded map information, recorded trip information (including detailed photography of the road itself), and some information from sensors about objects around them. That means that a tremendous amount of data must be gathered in order for them to run safely, and a correspondingly large amount of data is also generated in the course of a regular run — the car uses GPS, for example, to stay on track with maps, and Google will likely (though I’m not sure) record data about trips and feed it back into the system for the benefit of other cars using the same route.

Google, as we know, has had significant privacy issues in the past. The company has erred when it comes to protecting user data, forcing users into opt-out privacy policies that in some cases expose people to serious risks — for example, people who’ve had their contacts suddenly made aware of each other, or people who were startled to have their wallet names coming up on YouTube. Google claims that such measures are necessary to make their social networks better, and to create a more open mode of communication and collaboration, but not all users are convinced, not least those of us who have privacy concerns.

Assuming that Google is gathering datas on its cars and their trips for the benefit of all, there’s also a more sinister side to this information collection. Where is all the data going? How will it be used? Who will have access to it? How can consumers be assured that their privacy will be protected? How easy will it be for law enforcement to get a warrant for what should be confidential information? When I drive my car from my home to Mendocino, the only way to know I’ve done so is to physically observe me. When I drive my car from Oakland to Marin, my FasTrak transponder can be used to provide a data point about my journey, but FasTrak is a voluntary programme (unless you need to travel over the Golden Gate Bridge, in which case electronic tolls are strongly encouraged), and I’m consenting to the collection of that data point as part of my agreement — for the convenience of FastTrak, I have to accept that the system records when I crossed a bridge (and I can use this information to verify that charges are correct).

But the data collected by the Google Cars will be much more extensive, and involuntary (except in the sense that a person who drives a self-driving car is choosing to do so…but that may change in the future, if the technology evolves to the point where it becomes standard or even required). How much control will drivers have over their information? It troubles me to think that my car could be tracked, and while I don’t object to the use of my information to benefit other drivers, I have my doubts about the successful anonymisation of that data. Instead, I suspect that the system could easily be used to follow vehicles, and by extension, their owners.

I have the same concerns about proposed RFID registration tag systems in California. On the surface, the idea of charging people registration fees based on how much they use the roads is sound, creating an incentive to drive less by rewarding drivers who aren’t on the road as much. However, RFID tracking again must, by nature, collect data points about a driver’s journey — and unlike the single ping from a FasTrak pass, it’s ping after ping as the road unfolds, to ensure that accurate records are kept. Those records, in turn, have to be concretely linked to a specific vehicle to determine the amount of the registration fee.

If they’re kept in state databases, that makes them readily accessible to law enforcement, who could abuse this information just as easily as they could utilise it in the legitimate investigation of crimes. Given that law enforcement officers already abuse database access (as seen with police officers who look up home addresses, for example, which is one reason I refuse to have my physical address on file with the DMV), I’m not thrilled about the idea of providing more opportunities to do so, even though the underlying concept is well-meaning.

These and other RFID and GPS-related privacy issues are already coming up in a legal setting, and they’re going to keep getting bigger. We are living in an era when our own electronics routinely spy on us, and many of these items are becoming integral things we can’t live without, rather than voluntary choices. The Supreme Court had better get ready to hear some seriously complex electronic privacy cases in the coming years — and if you have some money to spare, consider throwing some at the ACLU or EFF to help them argue those cases.

Did you like this post? Please consider supporting me on Patreon to help me keep this ain’t livin’ alive and well.

Image: Google Self-Driving Car, Roman Boed, Flickr.