The House of Representatives’ legislation on self-driving cars aimed very low on protecting rider privacy, but new legislation introduced in the Senate manages to go even lower.
Sen. John Thune and Sen. Gary Peters introduced legislation on Thursday to advance testing and deployment of autonomous vehicles. According to the two legislators’ press releases, the Senate Commerce Committee will consider their bill on Wednesday. The new legislation comes so close to completely ignoring the privacy dangers inherent in self-driving cars that it would be fair to say it ignores it.
The two senators have long been interested in moving forward this new industry, but the House of Representatives moved faster, passing the SELF-DRIVE Act in early September. We previously reported on how the House legislation addressed many of the points in a framework released by the two senators this summer.
Thune and Peters’ legislation, the AV START Act (S. 1885), covers much the same ground as the SELF-DRIVE Act. In fact, the section on its relationship to existing state and local laws copies the first bill’s language. The main goal for Thune-Peters appears to be to accelerate the pace at which carmakers could put self-driving cars on the road, reaching 50,000 for each in the first year (currently, they can only get an exemption for 2,500). The theory here is that we need cars to actually be in use before designers can really know how well they work.
The SELF-DRIVE Act was weak on privacy. It just required a privacy plan, which primarily focused on giving consumers notice about the kind of data that would be collected and how it would be shared. It also nudges the Federal Trade Commission to give the matter some thought.
A policy is a bridge too far for the senators from South Dakota and Michigan, however. The legislation never addresses rider privacy in any definitive way. It requires the Secretary of Transportation to convene a “Highly Automated Vehicles Technical Committee.” The committee is charged with studying 7 topics. One of them is “event data recording and data access and sharing.”
That’s the only direct way the bill points to privacy, and it’s just something that committee members should think about.
Arguably the bill also indirectly addresses privacy in its cybersecurity section. It requires that manufacturers have a cybersecurity plan. It also specifically encourages the Secretary of Transportation to work with them to develop a disclosure policy so that security researchers could quietly inform them if vulnerabilities. Smart companies often pay independent researchers for finding these weaknesses, called “bug bounties.” Bad companies seek prosecutions against researchers who find gaps in security. One of the most common gaps researchers find is ways in which gadgets leak private data.
The Senate legislation does make sure to protect carmakers’ privacy however. It requires an annual report from makers of autonomous cars, and it requires the report to be made publicly available; however, it allows the carmakers to keep trade secrets discussed in the report out of public view. We’ll look for original equipment manufacturers to take a pretty broad view of what counts as privileged information. It also permits the committee to close its meetings to the public if trade secrets will be discussed.
Now is the only realistic opportunity the public has to put strong privacy protections in place on this industry. Some of the most powerful companies in the world are investing in self-driving cars, but the work isn’t profitable yet. As hard as it would be to win protections today, it will be all but impossible once this technology starts producing returns.