Energy, Security

Car-2-Car System Risks

Leave a comment

I stepped out of my home the other day and saw a man laying on the ground, his new scooter a few feet away on the ground leaking oil. A small crowd had gathered around him as he described his injuries and what had happened. “A woman in a car just swerved from the far right over to the left and hit me” he said as he nursed his left shoulder and minded a scrape to his ankle. The armored jacket and helmet had clearly helped avoid further injury. He should have been wearing boots.

It seemed highly plausible that someone trying to make a last-minute left turn had decided it would make sense to abruptly cross three lanes without signaling and did not see a scooter coming. She might not have even looked at all and thought she could react in time if something appeared. After she hit the man, she apparently told a pedestrian she was going to park and then come back. Of course she never returned.

I immediately thought a vehicle sensor system could have saved this man and his scooter from injury, and perhaps even given him the identification information of the driver who swerved.

On the flip side, what if the car had some kind of positioning radar that showed another moving object within close proximity and therefore gave a warning siren when the driver tried to steer towards it? This is the same basic system as people now have in their rear bumper for backing up in tight spaces, but would be based on more sophisticated in-flight sensors.

The downside to a system like this, I simply couldn’t avoid, would be all the regular privacy concerns. In particular, should the system capture VIN and/or plate information? That would be useful in a hit-and-run scenario. Both of these could hardly be called secret information, but the ability to collect them remotely and compile them raises the risk to our privacy to a whole new level. Credit card security uses this line of reasoning; a person swiping a single card at a time is not a primary concern for data security standards, but a system that reads cards and stores the information is high risk.

I left the scene after helping move the scooter to a safe spot (it had toppled in the middle of a lane) and ensuring that the injured man was in good hands (rescue squad just pulling up).

Now I come to find out that something very similar to what I was thinking is already underway around the world:

The near-collision warning is a demonstration of technology that is expected to be rolled out to all shapes and sizes of cars in the coming years.

It is being developed by the European Car-2-Car consortium and is backed by General Motors, Audi, BMW, Fiat, Honda, Renault and a range of in-car hardware manufacturers and several universities.

The security implications of the system are absolutely stunning:

GPS tracks the position of the car while sensor data from the car – such as speed, direction, road conditions and if the windscreen wipers are on and if the brakes have been stamped on – is monitored by the on-board computer.

A wireless system similar to existing wi-fi technology – based on the 802.11p protocol – transmits and receives data to and from nearby cars, creating an ad-hoc network.

Data hops from car to car and the on-board computers can build a picture of road and traffic conditions based on information from multiple vehicles across a great distance.

Cars travelling in opposite directions can share information about where they have been and so informing each other about where they are going.

Wouldn’t you like to share all that information with a car nearby, especially someone you are trying to get away from? What about spoofed data or non-repudiation? How will this system handle people running secondary boxes to fool nearby drivers?

They say the system will rely on multiple signals, as though from multiple vehicles, but what is to stop someone from running five boxes themselves to get motorists to slow down (e.g. a cranky neighbor who wants cars in to slow while passing by)?

I suspect there will have to be a certificate system at the core of this and that begs the question of who will become the authority to all these devices? The government? Does that make them also the master repository of the information? Driving is said to be a privilege, not a right, so will someone make the case that it is ok to trace and trap the whereabouts of every vehicle at all times? Will code violations and fines be issued based on this system?

Professor Horst Wieker, from the department of telecommunications at the University of Applied Sciences, Saarbruck, said the aim was to create “foresighted driving”.

He said: “This technology allows us to build a short-range and long-range picture of road traffic conditions.

Further research brought me to a similar approach in 2004 at the University of Rutgers.

The intent sounds fine, except for the fact that there is no mention of the security implications of collecting this kind of information. Drivers tend to use and dispose of information immediately. No one at the scene of the accident could remember more than a few letters of the license plate from the car involved. Technology could certainly help, but at what level of new risk? Are people adequately assessing the security trade-offs of data generated by a peer-to-peer system? It does not appear so. I suspect the automobile manufacturers working on this do not have a strong consumer information privacy group or advocate in house. Time to propose another lower-risk way to assess traffic conditions?

Singapore seems to have a different approach that is already working, but they also apparently based their system upon reducing the environmental and economic impact of gridlock and accidents.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.