Chuck, having some way to detect tampering would be a good first step. This is difficult, though. The first time that this data was used in a legal proceeding, if there were not more safeguards, it would be challenged as not being secure. Another big concern is the one you point out in the article. If the data were tampered with on a large scale, it would be scientifically useless. One would have to develop a tampering model to estimate the effect. Safeguards would be a much better solution.
CHUCK, your fine article points out serious common sense security issues that need to be addressed and resolved before the USDOT mandates EDR technology. If they continue to duck these issues consumers will be test dummies and may react with a backlash to this life saving technology. Seems to me like the IEEE did the heavy lifting up to this point. Kudos to them. What few people know is that NHTSA had been asked to act a few times already but they lack the congressional mandate to deal with privacy and consumer protection issues. Instead they express crocodile tears and pass the issue on to the states.
Crash reconstruction is not the only reason people would want to change the data contents. There is a huge industry in reconstructing titles, ie repairing totaled vehicles for re-sale and it is not in their interest to leave data showing how the vehicle was initially totalled or whether the air-bag deployed. Also, rental companies are already using data recorders to fine drivers for exceeding the speed limit. Following the "Do someting, even if it is wrong" governmental approach I wonder how this recorded data would be used to save lives as opposed to penalizing those who do not operate per the "approved" model. Once the data is stored, what limits do you suppose will be placed upon it's retrieval?
The whole business smells slightly fishy. HOW exactly is this data going to save lives? WHO is truly going to have access? WHEN can the black box be polled? The security of the data is almost secondary.
Another important question is exactly WHO is behind this initiative? Do you get the feeling the insurance industry is not a disinterested party?
Think about it. If you or a loved one were in a motor vehicle accident, is the first action you take to defend the integrity of the vehicle's black box? No, you're focused on the injuries and well-being of the person involved.
The wreckage gets towed away, maybe to an impound lot. By the time you get around to thinking about the black box (if you even know there is one), police and insurance company both have probably recorded its contents.
The data COULD be used to help diagnose a design/manufacturing flaw for recall, but there's already a pretty good process in place.
It's sad, but it seems that everything is up to the highest bidder. The Black Box information will probably be sold to the highest bidder and the lawmakers that should protect us will, instead, pass laws to protect the highest bidder.
It should be possible to add some hardware to the recorder to disable writing or erasing of the data after some set of inputs is sensed. This could be as simple as shutting off the memory write control lines shortly after the airbags deploy. It would need to be done in hardware because all software is suspect, and most of it can be hacked around. But using a hardware lock that would be obvious if t were defeated would be a workale approach. The next step would be a federal law making the use of the data as a marketing tool into a federal felony. But probably our morally corrupt lawmakers would resist that part. But disabling every function except the READ function, by means other than software, should be a very good first step.
If the data was used to improve the safety aspects of an automobile I would be all for implementation but, we all know that is probably not the intent. I hate to be the one wearing the "tin-foil" hat but, I don't trust the FED and certainly not the insurance industry. As mentioned previously, agencies will find a way to profit from the information; probably at the expense of the individual driver. The data is only as safe as the individual(s) looking at it. Just about everything now days is up for sale. Who is to say charges will not be brought after the fact when the "black boxes" indicate which driver was the cause of an accident—even a single car accident? I would love to know also the fine, if any, for disabling the "black box". This fact would definitely show intent.
I first learned about EDR's around 2005. A friend was retrieving data from crashed vehicles as a growing part of his consulting business. His clients were insurance companies. We agreed to disagree who owned the data...it was usually collected without the knowledge of the car owner.
California subsequently passed a law that EDR data belongs to the owner and cannot be retrieved without consent or a search warrant. But my auto policy makes me agree to cooperate and provide anything requested as part of a claim...so they essentially have free access to EDR data.
A good feature of EDR's would be a near-field RF sensor to detect cell phone use in the driver's seat position.
The other side of the coin is the data could prove a driver *not* at fault.
Charlie Miller, whose hacking exploits on a Jeep Cherokee sparked a recall of 1.4 million Fiat Chrysler vehicles, will explain how he did it and why society needs to be aware of vehicle vulnerabilities at the upcoming ARM TechCon 2016 in Santa Clara, CA.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies.
You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived.
So if you can't attend live, attend at your convenience.