Ultimate form of smart mobility remains dot on horizon due to privacy risks

This article in five points:

• In many ways, traffic is getting smarter. For example, there is increasing communication between modern cars and certain digital infrastructure on the roadside. The smartest form of smart mobility - that in which vehicles communicate directly with each other on a large scale and automatically adapt to each other - is, by contrast, hardly getting off the ground.
• While the car industry is fully committed to driver assistance systems and self-driving capability, the expensive development of 'cooperative driving' is a step too far for most manufacturers in the absence of a convincing revenue model.
• More importantly, a European Commission proposal to make cooperative driving equipment mandatory in vehicles was rejected by EU countries. Legislation that could have ensured a breakthrough thus did not materialise.
• A primary reason for this is that the proposed underlying technology does not adequately safeguard drivers' privacy. Cooperative driving works on the basis of the untargeted broadcasting of open messages. Messages that contain location data and thus personal data. This needs to be handled much more carefully than the Commission envisaged, according to the European privacy watchdog.
• The fundamental adjustments that this watchdog recommended seven years ago now to make cooperative driving fully a reality are still pending. Out of reluctance on the part of various parties, this dossier is at an impasse. When this will end is unclear. Thus, the crown jewel of traffic that is smart remains only a vision of the future for now.

When 21 of the (then) 28 EU countries passed legislation regarding smart mobility rejected, the European Commission was in a fix. It had spent a long time working on a proposal to make 'cooperative driving' equipment mandatory in vehicles, and it had not counted on so much opposition. Certainly not after the European Parliament had already given the green light. Still, the European Council stumbled over the fact that the Commission's proposal was not technology-neutral and there were serious concerns about motorists' privacy. The Netherlands also found this objectionable and was among the naysayers. What exactly this was about, what consequences it had and where things stand today - five years later - is what this second part of our two-part series on smart traffic is about.

Without vehicle data, no smart traffic applications to improve safety and flow on (motor) roads, we showed in the first part on the subject. This data is converted into traffic information and related services, but has to pass through several parties first, including car manufacturers and road authorities. This method has already proven itself, but traffic will only become really smart once these intermediate stages can be omitted and vehicles start communicating directly with each other on a large scale (Vehicle-to-Vehicle, V2V). They will then keep each other informed of speeds, distances between them and, for example, danger on the road, and automatically convert this information into a desired action: accelerate, brake and/or steer. As a result, mainly on motorways, they are able to drive much closer to each other (platooning) and road capacity can be used more efficiently.

However, it is far from being that far yet. Not least because this requires cars with a high degree of autonomy, and none of the approved models have yet achieved that. Nevertheless, from Cooperative Intelligent Transport Systems (C-ITS) are highly regarded, including as a solution to the widespread congestion problem on motorways (urban traffic is likely to favour autonomous and cooperative driving prove too complex). Trials of this at home and abroad (including with trucks) go back decades. However, it is mainly governments, universities and research institutes that are concerned with it. And some time even Privacy First: in the years 2015-2017, we were participants in a national round table where knowledge was exchanged and various aspects concerning smart mobility were discussed, including privacy and data protection.

In contrast, the market has lagged tremendously behind. Yes, the car industry is fully committed to driver assistance systems and self-driving capability, but developing cooperative driving is a step further and is complex and expensive. In the absence of a convincing business model, there is also little to earn from it for car manufacturers. As long as customers do not ask for it and as long as it does not become a legal requirement, there are few incentives for them to get involved. The number of car companies that have really worked on C-ITS can be counted on one hand.

Toyota was a pioneer a decade ago and is now far along with it, but mainly in home country Japan. In Europe, Renault has shown serious interest, but is Volkswagen the only group that has put cooperative driving into practice - although for now this is limited to exchanging traffic warnings. Some VW models have been able to notify each other of dangerous road situations since 2020. Think traffic jam tailbacks, slippery conditions, ghost drivers and so on. It is then up to drivers (who can disable sending and receiving such messages) to act accordingly. This will make road use a little bit safer for these VW drivers in particular, but of course, as long as all other brands lag behind, there will be no network effect.

Wi-Fi vs 5G

Via their SIM cards and 3G, 4G or 5G, connected cars are encrypted with the (distant) outside world - first and foremost with the car manufacturer. In cooperative driving (if at all), communication with the immediate environment takes place using a separate device and a separate broadcast over unlicensed spectrum: Dedicated Short Range Communication (DSRC). The common technology for this is wifi-P. This does not involve a fixed connection between a modem and a computer, as with wifi at home or in the office, but rather the undedicated broadcasting of a short data stream (the ITS message) to any nearby receiver.

These so-called Cooperative Awareness Messages (CAM) - which provide information on vehicle dimensions, positions and speeds, among other things, and which recipients can basically process well within one second - are basically shouting at the assembly line: 'here I am, here I am, here I am'. Here, privacy is not guaranteed in the sense that these are open messages and there is no way of knowing who all is receiving this data. It involves location data combined with time, and that always has a certain sensitivity. By linking together lots of messages from different locations, you can - especially as a government that has certain roadside digital infrastructure and in the absence of technology that makes this impossible - potentially reconstruct exactly where someone has been.

In addition to CAM messages, there are Decentralised Environmental Notification Messages (DENM); safety information sent only in certain situations. Think roadworks or an accident. In time, so-called Collective Perception Messages & Services (CPM/CPS) to it. This will allow vehicles to transmit images of their surroundings - for example, dogs running loose or children playing by the roadside - to following traffic. For car manufacturers, however, this will mainly be a cost issue as CPM means transferring much larger files. This can be done fastest via 5G, which is why the telecom industry in particular does see potential in this.

Speaking of which: cooperative driving is not only possible with wifi-P, it could just as well or if not even better with 5G. Currently, only the very latest models feature a 5G connection. The car industry - to the extent that it is at all keen on cooperative driving - is divided on the choice between these two technologies. Some manufacturers are putting their money on Wi-Fi (Toyota, Volkswagen and Renault), while others swear by 5G (Ford, Peugeot, BMW and Daimler, among others). 5G depends on network coverage and there is none (in Europe) everywhere. Either way, the telecoms industry is Strong supporter of C-ITS based on 5G and actively lobbies for this potential new source of revenue.

In comparison, wifi-P is not dependent on network coverage from telecom companies because together with the communicating infrastructure on the road side (including smart traffic lights), the vehicles themselves form the meshed network. It is quite possible that if C-ITS is still realised, the two technologies will complement each other for best coverage. Many EU countries want the option for 5G, or for a combination of Wi-Fi and 5G, at least keep open. Partly for this reason, they referred the European Commission's proposal to the bin in 2019. Indeed, that proposal to require C-ITS equipment in every vehicle was based solely on Wi-Fi.

Thick red line

It is worth putting that Commission proposal in context. In 2010, a European directive for intelligent transport systems introduced. It was a first attempt to address a number of issues in this area, including technical standards, between EU countries somewhat evenly. This ITS directive has some additional, mandatory parts: so-called delegated regulations where EU countries themselves have to monitor compliance. The in-vehicle mandatory emergency call system eCall is such a regulation. It proposal to make cooperative driving mandatory as well, was also supposed to become one, but thus stalled in 2019 due to an obstructionist Council (which cannot amend delegated regulations, only accept or reject them). A major sticking point was privacy.

In 2017, a European Commission working group focused on C-ITS and data protection released a comprehensive document out on the technical aspects regarding the processing of personal data in cooperative driving. The Commission then asked the Article 29 Data Protection Working Party (WP29) to review that document and its overall C-ITS plans. WP29 was the forerunner of the European Data Protection Board (EDPB), the umbrella body of all Personal Data Authorities in the EU.

The opinion that resulted was not tame. In it, WP29 basically put a big red line through the privacy safeguards envisaged by the Commission. The watchdog warned that the large-scale deployment of C-ITS as proposed would involve the collection and processing of unprecedented amounts of motorists' location data, which would put pressure on their privacy and could lead to a form of permanent behavioural tracking that would create an uneasy sense of surveillance.

WP29 makes note of another European Commission proposal in this regard - that for an ePrivacy Regulation. Due to endless wrangling on a number of crucial points, that addition to the General Data Protection Regulation (AVG) has still not materialised now, seven years later, but the ePrivacy Regulation - regardless of the communication technology (wifi or 5G) - imposes very strict restrictions on the use of 'broadcast data' such as CAM and DENM messages.

Outdated technology

Its intentions were not bad and, of course, there was some privacy engineering involved. Think of C-ITS devices that regularly change identifiers so that - if you drive from A to B for two hours - for the outside world you don't have the same identifier broadcasts. Yet even encryption experts not affiliated with WP29 felt the implementation was inadequate. Partly due to the conservative attitude of the auto industry, it took too long to get this technology off the ground properly and well.

Compare it to the introduction of the OV-chipkaart. By the time that system was introduced nationwide in the Netherlands, the technology behind it was already 10, 15 years old and was quite easy to hack. It was no longer state of the art. If development takes (too) long, you have to weigh up whether it is not time to jettison the chosen technology and aim your arrows at much newer technology that will be much safer for much longer.

Hence, WP29's opinion ends with a list of 13 necessary actions to make cooperative driving privacy-proof (see pages 13 and 14). For instance, C-ITS in vehicles should first of all be optional and switched off by default. In addition, the system needs much more privacy by design; improvements are needed in the intended application of the Public Key Infrastructure (PKI is a system that provides for the issuance and management of digital certificates that allow you to verify that a sender of a message is a trusted party); and, for example, more needs to be done to ensure that all parties receiving C-ITS data handle it in accordance with the AVG.

Personal data

After all, C-ITS messages involve location and therefore personal data. There is no doubt about that even among the Commission itself. Not everyone agrees (entirely), however. The local privacy regulators of some German Länder argue that although C-ITS data is personal data, it falls outside the AVG because of the limitation to 'domestic (own) use'. Still others find that C-ITS data should not be considered personal data at all and that the dangers to privacy in cooperative driving are greatly exaggerated. However, these two views certainly do not represent the communis opinio in the field.

Some people may additionally feel that, in terms of privacy, there would be little harm if C-ITS were to see the light of day in its proposed form as both car manufacturers and navigation service providers such as Apple and Google know exactly where you drive anyway, including government motorists in different ways long since follow, and other communication technologies in connected cars such as Bluetooth by poor cyber security may also lead to identification. That may all be true, but such a way of reasoning should never serve as legitimisation for implementing a certain measure. Privacy authorities do not go along with this either because then the end is immediately lost.

The WP29's harsh verdict was painful for the European Commission, which wanted to publicise it as little as possible because the required adjustments are very fundamental and would take a long time. Had it nevertheless worked on this in subsequent years, the regulation would probably not have been rejected in 2019 and that could have meant a breakthrough for (privacy-friendly) cooperative driving. By contrast, virtually nothing has happened in this area since then, and privacy concerns are also unchanged. It is unclear when this impasse will end. The Commission seems to want to stick to its guns in order not to lose face, while the (too) meagre earnings model behind cooperative driving, in particular, also causes reluctance among car manufacturers.

Talking Traffic

By the end of 2023, the ITS directive will have a update had (where this time the European Parliament did underline the importance of motorists' privacy - see, for example, recital 16). That review may have been adopted by a variety of parties acclaimed, but has nowhere near the scope of the regulation that fell in 2019. It should mainly boost communication between traffic and digital road infrastructure (Vehicle-to-Infrastructure and Infrastructure-to-Vehicle, V2I and I2V). Unlike the Vehicle-to-Vehicle domain, progress is still being made with regard to these, although it is all moving rather slowly.

Typical in this respect is that new vehicles in the EU are now required to be equipped with a Intelligent Speed Assistant (ISA). Everywhere you drive, that assistant is supposed to know, display and monitor the speed limit (unless you deactivate the feature, which is possible). Vehicles can use various techniques and sources to find out the prevailing speed limit. However, there has not yet been any initiative to come up with good digital sources and, as yet, the reliability of the maximum speed displayed in vehicles regularly leaves much to be desired. As a result, many motorists who have ISA disable the feature (all the more so because the feature very quickly becomes all kinds of irritating warnings caused even if you drive even one kilometre too fast). This shows that big steps still need to be taken in terms of reliable digital road infrastructure.

A form of communication from roadside to vehicle ('talking traffic') that seems to be coming out better is C-ITS via arrow trucks. To better protect road workers at road works from oncoming vehicles with drivers paying insufficient attention, arrow trucks send DENM messages giving extra warning of, for example, a reduced speed limit or a lane closure. Such messages can be received from a distance of over a kilometre. The German and Austrian national road authorities (Autobahn and ASFinAG) are working on this introduce. In the Netherlands, it remains for the time being trials Department of Public Works. Comparable trials have been done in France by Renault and road authority Sanef, but with a view to vehicles having to reduce speed as they approach toll gates.

In providing this kind of safety information, the privacy of road users is not at stake. The privacy issue is more manageable for road authorities than for car manufacturers anyway. The DEMN messages they send out contain little or no personal data. The CAM messages ('here I am') and certainly the road user mobile phone data they receive do, of course, but it should be quite possible for road authorities (mostly municipalities) to deal with them in an AVG-compliant way. Whether that is actually the case is a second thing.

That data ends up at smart traffic lights, for example. (Mobile phones in) cars let these so-called Intelligent Traffic Controllers (IVRIs) know they are coming without the need for costly induction loops in the road. Based on this, the IVRIs can estimate the traffic situation and possibly change colour at a more favourable time. The number of IVRIs in the Netherlands is still small: there are currently slightly more than 1200.

Yet the Personal Data Authority has been making its case since 2021 concerns on the emergence of smart traffic lights because Dutch municipalities do not appear to be sufficiently compliant with the AVG when using them. Personal data and thus motorists' privacy are at stake, according to the AP. In a letter to Infrastructure and Transport Minister Mark Harbers in late March, the watchdog again called for improvement.

All in all, traffic at home and abroad is getting a little smarter, but until some significant stumbling blocks regarding cooperative driving (V2V) are removed, nothing will come of the great leap forward and the ultimate form of smart mobility will remain a dot on the horizon.

A summary of this article has been published at PONT Data & Privacy, see No 'smart traffic' without your vehicle and location data - PONT Data&Privacy (privacy-web.co.uk).