Safety and Privacy in the Internet of Vehicles: An Expert’s Perspective

Josh Joy is a PhD candidate in Computer Science at UCLA, where he focuses on providing privacy and resiliency for the Internet of Vehicles.  Josh has a computer science background and worked at Toyota Info Technology Center, USA in summer 2017 researching connected vehicles.  I recently interviewed Josh to learn more about connected vehicle technology, the Internet of Vehicles, and the impact of connected vehicle technology on self-driving cars.

What is a connected vehicle?

Traditionally, cars provide rudimentary sensors and data, such as gas level and oil changes.  These sensors alert the driver to eventually take action.  The driver, however, is the ultimate decision maker.

A connected vehicle, in contrast, has sensors inside and outside the vehicle.  These sensors communicate data to the vehicle’s software system, to other vehicles (V2V), and potentially to surrounding infrastructure like roadways and traffic lights (V2X).  The vehicle, in turn, makes decisions based on that data as to how to drive and where to go.  Ultimately, human control is removed and the vehicle cooperates with other vehicles to maintain safety and deliver passengers in a timely manner.

Is a connected vehicle different than a self-driving car?

A connected vehicle may not be self-driving and vice-versa.  A traditional vehicle can be connected.  The implication is that a vehicle that is both connected and self-driving should be safer than a traditional vehicle with neither technology.

The purpose of connected vehicle technology is to enhance a car’s safety mechanisms via communication with pedestrians, infrastructure, and other vehicles.  The U.S. Department of Transportation (U.S. DOT) estimates that connected vehicles can eliminate close to 80 percent of crashes involving non-impaired drivers.[1]

For example, vehicles might be alerted about pedestrians crossing the street, infrastructure communication regarding pavement markings, traffic signs, and temporary traffic control, and vehicle-to-vehicle communication regarding sudden braking or intersection collision avoidance.

How do connected vehicles communicate with each other?

The leading technology for vehicles talking to each other relies on Dedicated Short Range Communications (DSRC), a type of WiFi for vehicles.  In December 2016, U.S. DOT filed a Notice of Proposed Rulemaking to enable DSRC communication technology on all new light-duty vehicles.[2]  There are already ongoing deployment efforts in Japan and Europe to equip vehicles with DSRC.

There are competing technologies, such as Cellular V2X from Qualcomm.  The difference between DSRC and Cellular V2X is that Cellular V2X adds the ability to talk to the cellular network.

That said, DSRC has been rigorously specified, tested, deployed since the early 2000s and is available today.  Cellular V2X is still a recently new development.

Other promising communication mediums include visible light communication and millimeter wave communication.  Both of these are more appropriate for platoon style fleets where vehicles communicate directly with the vehicle in front and behind. Millimeter wave has the potential to support the transfer of the large vehicle sensor data and the gigabit-per-second data rates required.

What are the problems with current V2V technology?

There are two pieces, technical and political.

First, V2V communication requires that senders and recipients have the same radio technology.  Adding a radio to a single vehicle will not add any extra capabilities unless another vehicle also has the same exact radio.  Even if a manufacturer deploys radios to its entire fleet, that would not guarantee the activation of collision avoidance as to vehicles made by a different manufacturer.

Thus, deployments are limited for now.  Manufacturers must show that the currently-deployed systems effect some expected number of accident reduction.  Naturally, the deployment process will be gradual.

This is where the political aspect comes into play.  Everyone must somehow agree to use the same radio technology and commit to installing it in all vehicles on the road.  However, there is a chasm between the carmakers and the cellular stakeholders.  Naturally, the cellular stakeholders prefer vehicles to back haul data over their networks in order to generate further revenue.  Carmakers, on the other hand, prefer to avoid the additional latency and expenses by leveraging their own vehicular cloud.

Government regulation has proposed the deployment of DSRC in all new light-duty vehicles because it is one of the first vehicular communication technologies developed, standardized, and tested.  However, it remains to be seen whether the industry will commit to and massively deploy DSRC radios, pursuant to the proposed regulation.

How will connected vehicle technology impact self-driving cars?

Self-driving cars will not fully evolve until they can communicate with each other.  The exponential increase of data capture and sharing in the age of connected vehicles (“Internet of Vehicles”) will overwhelm the current modes of wireless communication, meaning that data computation must move closer to the vehicles, as opposed to solely in the Internet cloud.

The Internet of Vehicles consists of vehicles communicating with each other as well as performing distributed processing among the vehicles (i.e., block chain processing), creating a “vehicle cloud.”

What is the end goal for connected vehicle technology?

Today’s trend is to place computation physically near the data source, as opposed to back hauling large amounts of data to the Internet cloud for processing.  The result will be real-time analysis enabling “smart” everything, including buildings, energy grids, vehicles, and entire cities.

What do you see is the single biggest issue carmakers face in building connected vehicles for mass market use?

Repeatedly, history has shown that while communication networks provide exponential benefits, they also usher in a multitude of security and privacy threats.  The Internet cloud is still trying to catch up with providing adequate security and privacy protection.  There is a lot we do not understand, and we remain unable to confidently prevent cyber-crime, cyber wars, data breaches, espionage, and state-sponsored attacks even on our most “secure” systems.

Connected vehicles will realistically only be fully deployed once these same security and privacy concerns are addressed.  Manufacturers’ primary focus has been on making self-driving vehicles “work,” while not paying close attention to the security and privacy issues.  Given this rushed state of development, it is inevitable that the same cybersecurity issues that plague the Internet of Things will only become amplified in the Internet of Vehicles. 


[1] U.S. Department of Transportation, U.S. DOT Advances Deployment of Connected Vehicle Technology to Prevent Hundreds of Thousands of Crashes (December 13, 2016),

[2] Federal Motor Vehicle Safety Standards; V2V Communications, 82 Fed. Reg. 3854 (proposed December 13, 2016) (to be codified at 49 C.F.R. pt. 571),

How Should We Tax Self-Driving Cars?

“Jaguar Land Rover Connected and Autonomo” (CC BY 2.0) by jaguarmena.

Cities and states generate big revenue from parking citations and traffic tickets. San Francisco makes over $100 million a year from parking citations alone. Los Angeles makes $165 million. New York City makes $565 million.

When Level 5 autonomous vehicles (AV’s) hit the road, this revenue could shrink dramatically. In a world where fleets of law-abiding AV’s shuttle passengers around, there will be far less human error, and thus, fewer citation opportunities. That means less money to fund state and local programs like police officer training, wildlife protection, emergency medical services, public improvement projects, and court operations.

As lawmakers write new AV laws, they should consider how to replace this lost future revenue. One option is a road use tax.

Massachusetts’ Proposed Road Use Tax

In Massachusetts, Rep. Tricia Farley-Bouvier and Sen. Jason Lewis recently introduced Bill S.1945, which imposes a “road usage charge” for AV’s (you can read the full text of the bill here). Here are a few of the bill’s key provisions:

2.5 cents per-mile base rate. The bill proposes a “base per-mile rate on autonomous vehicles of no less than 2.5 cents per mile.” The rationale for “2.5 cents” is not stated, but this number could change before the bill is finalized. On its face, it appears to be a palatable number for the average consumer that could still generate substantial revenue for the state. The average U.S. driver travels over 13,000 miles a year. Based on a 2.5-cent rate, that would amount to a $325 road usage bill.

Reduced rates for passengers. The bill proposes a rate reduction “for each passenger … per mile.” In other words, the bill encourages carpooling. The more passengers per vehicle, the lower the rate per mile for that vehicle.

Increased rates for “zombie cars.” There is an increased rate “for each mile traveled without a passenger.” So, the bill discourages the traffic inefficiencies caused by AV’s occupying road space without carrying any human passengers, a phenomenon Senator Lewis calls, “zombie cars.”

This seems reasonable, but there is currently no exemption for an empty ridesharing AV on its way to pick up one or more passengers. Different usage rates based only on passengers physically inside an AV may not truly reflect whether the vehicle is performing a valuable service or idly taking up road space.

Reduced rates for off-peak hours. Higher rates will apply from 8:00 am to 8:00 pm in “severe congestion zone[s].” On the other hand, there will be reduced rates during “off-peak travel hours.”

Reduced rates for low-income passengers and low-access areas. The bill proposes reduced rates for AV passengers “whose personal income, as documented by tax returns or other credible evidence, falls below a threshold established by regulation.” There are also reduced rates for AV’s driving “in specified geographic areas where no or few public transit options are available.”

These provisions aim to lessen the burden of the road usage charge on low-income individuals. They fail, however, to set forth guidelines on how lower rates will be assigned. Will there be an application process with a reviewing agency? Or will lower rates automatically apply based on an individual’s tax returns? In addition, what qualifies as “other credible evidence”? These questions should be considered before the bill is finalized.

Data collection. Each AV must capture and store data including “real-time distance traveled and real-time number of passengers.” This data must be stored for up to 18 months in a manner that can be “cross-referenced” by the Massachusetts Department of Transportation (MDOT).

Privacy concerns. AV passengers will naturally be hesitant to self-report information about themselves and their mileage statistics to local authorities. Under the proposed rules, MDOT must be able to “cross-reference” passenger data, i.e., access it independently without the passenger’s consent.

This level of government access to passenger data has been fiercely opposed by privacy advocates in relation to conventional cars. It remains to be seen whether it will be deemed tolerable for the purposes of collecting a road use tax for AV’s.

Alternative to a Road Use Tax Based on Mileage & Passenger Data: Vehicle Categories

Mileage and passenger data may generate precise usage rates, but this system presents difficult privacy issues. It also places a high burden on manufacturers to install systems that accurately capture that data and ensure that it is not hacked, leaked, or corrupted.

Instead, lawmakers should consider a road use tax for AV’s based on vehicle categories. For example —

  • Category 1: Consumer AV less than 4,000 lbs. / Tax: $100
  • Category 2: Consumer AV more than 4,000 lbs. / Tax: $200
  • Category 3: Ridesharing AV / Tax: $300
  • Category 4: Long-haul AV truck / Tax: $400

These numbers are admittedly rough. The point is that a ridesharing AV can be expected to drive more miles than an individually-owned consumer AV. Long-haul AV trucks can be expected to drive even greater distances. A road use tax could be imposed on AV owners based on these broad vehicle categories (and adjusted based on how lawmakers want to incentivize the use of each kind of vehicle).

A category-based approach might overtax and undertax certain users. On the other hand, it reduces the need for independent government access to passenger data. It also sets up a more predictable tax rate for AV owners and a more predictable income stream for cities and states.

Ultimately, whichever tax scheme prevails could significantly impact the way manufacturers design and deploy AV’s.

You can track new state-by-state AV legislation here.

This story is part of The Codex, a collective of independent thought. Subscribe to our newsletter to get a weekly digest of our best stories and be sure to like and follow us on Facebook and Twitter.