Chuck, having some way to detect tampering would be a good first step. This is difficult, though. The first time that this data was used in a legal proceeding, if there were not more safeguards, it would be challenged as not being secure. Another big concern is the one you point out in the article. If the data were tampered with on a large scale, it would be scientifically useless. One would have to develop a tampering model to estimate the effect. Safeguards would be a much better solution.
Crash reconstruction is not the only reason people would want to change the data contents. There is a huge industry in reconstructing titles, ie repairing totaled vehicles for re-sale and it is not in their interest to leave data showing how the vehicle was initially totalled or whether the air-bag deployed. Also, rental companies are already using data recorders to fine drivers for exceeding the speed limit. Following the "Do someting, even if it is wrong" governmental approach I wonder how this recorded data would be used to save lives as opposed to penalizing those who do not operate per the "approved" model. Once the data is stored, what limits do you suppose will be placed upon it's retrieval?
I first learned about EDR's around 2005. A friend was retrieving data from crashed vehicles as a growing part of his consulting business. His clients were insurance companies. We agreed to disagree who owned the data...it was usually collected without the knowledge of the car owner.
California subsequently passed a law that EDR data belongs to the owner and cannot be retrieved without consent or a search warrant. But my auto policy makes me agree to cooperate and provide anything requested as part of a claim...so they essentially have free access to EDR data.
A good feature of EDR's would be a near-field RF sensor to detect cell phone use in the driver's seat position.
The other side of the coin is the data could prove a driver *not* at fault.
The whole business smells slightly fishy. HOW exactly is this data going to save lives? WHO is truly going to have access? WHEN can the black box be polled? The security of the data is almost secondary.
Another important question is exactly WHO is behind this initiative? Do you get the feeling the insurance industry is not a disinterested party?
Think about it. If you or a loved one were in a motor vehicle accident, is the first action you take to defend the integrity of the vehicle's black box? No, you're focused on the injuries and well-being of the person involved.
The wreckage gets towed away, maybe to an impound lot. By the time you get around to thinking about the black box (if you even know there is one), police and insurance company both have probably recorded its contents.
The data COULD be used to help diagnose a design/manufacturing flaw for recall, but there's already a pretty good process in place.
It's sad, but it seems that everything is up to the highest bidder. The Black Box information will probably be sold to the highest bidder and the lawmakers that should protect us will, instead, pass laws to protect the highest bidder.
You raise a bunch of good points, TJ. One, quite notably, is "who is behind this initiative?" If you consider that 96% of vehicles already have the technology, and the manufacturers did so without the prodding of a mandate, it tells you a lot.
CHUCK, your fine article points out serious common sense security issues that need to be addressed and resolved before the USDOT mandates EDR technology. If they continue to duck these issues consumers will be test dummies and may react with a backlash to this life saving technology. Seems to me like the IEEE did the heavy lifting up to this point. Kudos to them. What few people know is that NHTSA had been asked to act a few times already but they lack the congressional mandate to deal with privacy and consumer protection issues. Instead they express crocodile tears and pass the issue on to the states.
It should be possible to add some hardware to the recorder to disable writing or erasing of the data after some set of inputs is sensed. This could be as simple as shutting off the memory write control lines shortly after the airbags deploy. It would need to be done in hardware because all software is suspect, and most of it can be hacked around. But using a hardware lock that would be obvious if t were defeated would be a workale approach. The next step would be a federal law making the use of the data as a marketing tool into a federal felony. But probably our morally corrupt lawmakers would resist that part. But disabling every function except the READ function, by means other than software, should be a very good first step.
I like this idea and the technology has already existed for quite some time, though generally used for the opposite effect - disabling reads from a programmed device (ROM, microcontroller ROMs) to protect IP. This has also been done in a non-desctructive way where memory read/write can be re-enabled, but only after erasing the contents.
) Take that existing tech, repurposed to write-protecting the memory
) add in on-board logic that monitors the sensor values of interest and locks the memory to read-only after a catastrophic event was detected
) possibly add the ability to re-enable writes (so the hardware could be reused), but only after incrementing a non-resetable, non user-writable counter that indicates writing was enabled after a catastrophic event.
I'm all for software that allows you to erase the info. That information will never help you. It's there to let the government fine you or your insurance company to raise your rates. Whatever they'll feed you about the data being helpful to science and there to save lives is a bunch of BS.
If the data was used to improve the safety aspects of an automobile I would be all for implementation but, we all know that is probably not the intent. I hate to be the one wearing the "tin-foil" hat but, I don't trust the FED and certainly not the insurance industry. As mentioned previously, agencies will find a way to profit from the information; probably at the expense of the individual driver. The data is only as safe as the individual(s) looking at it. Just about everything now days is up for sale. Who is to say charges will not be brought after the fact when the "black boxes" indicate which driver was the cause of an accident—even a single car accident? I would love to know also the fine, if any, for disabling the "black box". This fact would definitely show intent.
Being one of the engineers that worked on the initial development of this technology, it's amusing to read some of the comments from people who have little knowledge of what has already been implemented. The standard for airbag crash sensing systems is 0.99995 with 95% reliability - and you can imagine the amount of testing that is required to achieve that standard. In the early days of electronic crash sensing, when the technology was evolving from electromechanical sensing, engineers needed field data to validate the crash sensing algorithms, and to datamine relevant data for further algorithm development. The technology was developed to record only deployment events and near-deployment events, and to lock the data securely after a deployment event. The data was passively collected from barrier tests, taxi cab, police car, and rental car fleets and was used to validate the system before it ever got approval for use in passenger vehicles. Our families ride in the vehicles with the systems we design.
I guess in your line of engineering, design validation and continuous improvement by collection of field data is to be considered "crap"? Remind me what products you develop so I can avoid them.
That being said, once the technology is developed, the toothpaste is out of the tube, and bean counters and polticians abusing it can only be prevented by informed and active citizens. The government has no business using this data to incriminate individuals a priori, and should only be made available as subject to a warrant as provided in our 4th Amendment protections, until that goes away along the lines that the 9th, 10th, and 2nd Amendments are being assaulted today.
DO NOT blame all engineers for the creation of this concept and package. I may have been the first to suggest something, but my idea was a system to record seatbelt usage, the idea was that if occupants wee not wearing their belts that the insurance company would not need to pay anything. I still think that it would be a very effective incentive towards belt use. It would allow freedom of choice, but of course it would not allow freedom from consequences. But it does not ever seem to have been taken seriously.
The issues brought up here need to be sorted out and fast. The technology (e.g. OnStar) is upon us so that no physical contact with the vehicle is necessary in order to suck out the memory contents of a VDR. We can still buy a car that doesn't have a VDR but that is going away soon. How long will it be before cars will be required to have a cellular based wireless data connection. When that cuts in the vehicle owner will be the LAST person in the data access permission chain.
This has nothing to do with saving lives or public safety. Follow the money, folks. This is all about about making sure the proper party gets blamed and they are sued to the hilt. They only want to make sure the data can't be tampered with so it will stand up in court.
As has already happened (i.e. rental car companies), data will be collected about where and how fast you were going (via GPS) for the purpose of revenue collection. You will simply get a speeding ticket in the mail informing you of the infraction. Again, its just money folks. "Public safety" is just a smoke screen to make the program appear palatable.
In 2012, 2.2 million people pledged $319 million to kick-start more than 18,000 of its projects on Kickstarter.com. Here's a look at some of the most inspired ideas from the ultimate crowdfunding platform.
For industrial control applications, or even a simple assembly line, that machine can go almost 24/7 without a break. But what happens when the task is a little more complex? That’s where the “smart” machine would come in. The smart machine is one that has some simple (or complex in some cases) processing capability to be able to adapt to changing conditions. Such machines are suited for a host of applications, including automotive, aerospace, defense, medical, computers and electronics, telecommunications, consumer goods, and so on. This discussion will examine what’s possible with smart machines, and what tradeoffs need to be made to implement such a solution.