Dagstuhl Seminar 23242
Privacy Protection of Automated and Self-Driving Vehicles
( Jun 11 – Jun 16, 2023 )
Permalink
Organizers
- Frank Kargl (Universität Ulm, DE)
- Ioannis Krontiris (Huawei Technologies - München, DE)
- Jason Millar (University of Ottawa, CA)
- André Weimerskirch (Lear Corporation - Ann Arbor, US)
Contact
- Michael Gerke (for scientific matters)
- Christina Schwarz (for administrative matters)
Schedule
Cooperative, connected and automated mobility (CCAM) has the potential to drastically reduce accidents, travel time, and the environmental impact of road travel. To achieve these goals, automated vehicles (AV) will require a range of sensors and communication devices that receive and read extensive data from the vehicle's environment, as well as machine learning algorithms that process this data. This immediately raises the concern of privacy for AVs. A first Dagstuhl Seminar was held virtually January 23-28, 2022 [1], and identified four main challenges: (1) How to encourage stakeholders to follow proper ethics and responsible behaviour, (2) how regulation needs to evolve for CCAM systems, (3) the commercial limitations to develop and implement proper privacy protection, and (4) availability of privacy-enhancing technologies for CCAM systems. The Dagstuhl Seminar at hand was then held in person June 11-16, 2023, with the goal to approach those main challenges.
This seminar was organized in a number of expert presentations, and then the group split into four working groups. The expert presentations covered many relevant aspects around regulation and governance, cloud-based support infrastructure, and technology. The four working groups roughly map to the main challenges:
- Scenarios, Risks, Impacts, and Collected Data in CCAM: This group identified six common CCAM scenarios during development and product life-cycle, and analyzed the privacy implications for each scenario. Some of these scenarios are unique to CCAM privacy and set it apart from other areas. The results can now be used as foundation for further general in-depth privacy research.
- Privacy Tensions for Connected Automated Vehicles: It is believed that privacy comes at a cost, whether it is a financial cost, reduced usability, or reduced safety. It is essential to understand how to find the acceptable trade-off between privacy and the considered criteria. However, today we have no proper methodology in place to determine proper trade-off points, and therefore this group worked on developing such a methodology. Additionally, this group will identify the technology readiness level of privacy enhancing technologies (PET) to support the trade-off points. The working group plans to describe details in an upcoming scientific publication.
- Automotive Privacy Engineering: Privacy engineering provides the underlying tools, frameworks, and technologies to develop privacy protecting CCAM. This working group focused on identifying existing tools, frameworks, and PETs that could support our use-case, potential modifications that are needed to support CCAM, and gaps. The group emphasized the need to match the privacy engineering to users' privacy and usability expectations. The group identified and discussed six questions that addressed the major aspects, and derived various action items for the automotive privacy research community.
- Interplay between Privacy and Trust: One of the most important milestones in order to achieve the shared vision on the deployment of Cooperative Intelligent Transport Systems (C-ITS) towards cooperative, connected and automated mobility (CCAM), is to allow participating entities to assess dynamically the trustworthiness of the shared information, in order to be able to rely on it and coordinate their actions [2]. In addressing this complex issue, it's paramount to strike a balance between enhancing trust and ensuring the privacy and security of users' personal information and data. The group explored the interplay between privacy and trust, by elaborating on different trust properties based on performance, on ethical aspects, and on user acceptance.
We conclude that more solution-oriented research and development is required to establish privacy modeling tools and privacy engineering specifically for CCAM, and we hope that the results and papers coming from this seminar will support the journey to privacy protecting CCAM. Shortly after the seminar, the Mozilla Foundation’s Privacy Not Included [3, 4] reviewed 25 major car brands for consumer privacy and gave all of them failing marks for consumer privacy, and we hope that this seminar’s solutions also improve the privacy of next generation passenger vehicles.
- Frank Kargl, Ioannis Krontiris, Nataša Trkulja, André Weimerskirch, and Ian Williams, Privacy Protection of Automated and Self-Driving Vehicles (Dagstuhl Seminar 22042), Dagstuhl Reports, Vol. 12, Issue 1, pp. 83–100, https://doi.org/10.4230/DagRep.12.1. 83.
- EU Project “CONNECT: Continuous and Efficient Cooperative Trust Management for Resilient CCAM”, [ONLINE] https://horizon-connect.eu/
- Mozilla Foundation, “Privacy Nightmare on Wheels”: Every Car Brand Reviewed By Mozilla – Including Ford, Volkswagen and Toyota – Flunks Privacy Test, [ONLINE] https://foundation.mozilla.org/en/blog/privacy-nightmare-on-wheels-every-carbrand- reviewed-by-mozilla-including-ford-volkswagen-and-toyota-flunks-privacy-test/
- Mozilla Foundation, Privacy Not Included, [ONLINE] https://foundation.mozilla.org/ en/privacynotincluded/categories/cars/
Automated and autonomous vehicles (AVs) may be the greatest disruptive innovation to travel that we have experienced in a century. Their development coincides with the appearance of connected vehicles. To achieve their goals, connected and automated vehicles require extensive data and machine learning algorithms processing data from local sensors and received from other cars and road-side infrastructure for their decision-making. Specifically, we are seeing the emergence of vehicles that feature an impressive array of sensors and on-board decision-making units capable of coping with an unprecedented amount of data.
While privacy for connected vehicles has been considered for many years, AV technology is still in its infancy and the privacy and data protection aspects for AV are not well addressed. The capabilities of AVs pose new challenges to privacy protection, given the large sensor arrays of AVs that collect data in public spaces. The massive introduction of sensors and AI technology into automated and autonomous vehicles opens substantial new privacy and data protection problems, both from the technology research perspective as well as the ethical, legal and policy perspective, which still need to be phrased clearly, elaborated on and resolved. We discussed a variety of challenges in a first – and just virtual – seminar in early 2022 (Dagstuhl Seminar 22042) and will now take the next step.
The objective of this Dagstuhl Seminar is to produce a research roadmap to address the major road-blocks that the experts see in making progress on the way to deployment of privacy protection in Automated and Self-Driving Vehicles. We will mainly build upon the output of Dagstuhl Seminar 22042, where the following main challenges were identified:
- The first challenge is that of ethics and responsible behavior of companies and other actors that collect and process personal data in such systems. This goes beyond mere regulatory compliance but was seen as a promising path to complement this minimal baseline. Further discussions are required to identify ways to encourage such practices.
- The second challenge is how such regulation needs to evolve for future cooperative, connected, and automated mobility (CCAM) systems in order to establish a stable baseline. A challenge here will be to identify to what extent sector-specific regulation will be needed to address specifics of CCAM and if regulation of future systems is reasonable and possible.
- A third challenge is that of a commercial viewpoint. Industry has to meet many important and sometimes maybe even conflicting goals like privacy and safety. Understanding and narrowing these trade-offs while acknowledging that industry has many such constraints that limit its flexibility requires further investigation.
- Last but not least, we see the strong progress in the privacy-enhancing technology (PET) as a promising path towards resolving many of the above-mentioned problems, but still important technical challenges remain. One such technical challenge is how to converge privacy protection with safety, based on the strict requirements of computational efficiency and time constraints. Furthermore, several entities that belong to different trust domains must interact with each other to exchange privacy sensitive data in order to enable safety-critical collaborative services, which opens up the question of building the required level of trust into received data and the functions that rely on this data.
- Ala'a Al-Momani (NIO - München, DE)
- David Balenson (USC - Marina del Rey, US)
- Francesca Bassi (IRT SystemX - Palaiseau, FR)
- Christoph Bösch (Robert Bosch GmbH - Renningen, DE)
- Benedikt Brecht (Volkswagen AG - Berlin, DE)
- Michael Buchholz (Universität Ulm, DE)
- Stefan Gehrer (Robert Bosch LLC - Pittsburgh, US)
- Anje Gering (Volkswagen AG - Wolfsburg, DE)
- Thanassis Giannetsos (UBITECH Ltd. - Athens, GR)
- Kevin Gomez (TH Ingolstadt, DE)
- Kyusuk Han (Technology Innovation Institute - Abu Dhabi, AE)
- Adam Henschke (University of Twente, NL)
- Mario Hoffmann (München, DE)
- Frank Kargl (Universität Ulm, DE) [dblp]
- Ioannis Krontiris (Huawei Technologies - München, DE) [dblp]
- Brigitte Lonc (Nanterre, FR)
- Zoltán Mann (University of Amsterdam, NL)
- Jason Millar (University of Ottawa, CA)
- Christos Papadopoulos (University of Memphis, US)
- Sebastian Pape (Continental Automotive Technologies - Frankfurt, DE) [dblp]
- Jonathan Petit (Qualcomm, US) [dblp]
- Sarah Thornton (Nuro - Mountain View, US)
- Natasa Trkulja (Universität Ulm, DE)
- Bryant Walker Smith (University of South Carolina, US)
- Takahito Yoshizawa (KU Leuven, BE)
Related Seminars
- Dagstuhl Seminar 22042: Privacy Protection of Automated and Self-Driving Vehicles (2022-01-23 - 2022-01-28) (Details)
Classification
- Artificial Intelligence
- Computers and Society
- Cryptography and Security
Keywords
- Automotive Security and Privacy
- Privacy and Data Protection