University of Minnesota Driven to Discover
Universities MUniversities Wordmark
Center for Transportation Studies Heading

Webinar Available

Avoiding the Matrix: How to Build Privacy into Intelligent Transportation Systems

Dorothy Glancy, Professor of Law, Santa Clara Law

October 21, 2010

Privacy concerns posed by advanced transportation systems sometimes spin into nightmare scenarios of individuals trapped in dystopian information grids, an idea epitomized in the film The Matrix. Apprehension about an omnipresent transportation matrix powered by intelligent transportation systems (ITS) constantly generating and using personal information about everyone pose distinctive policy problems. In the October 21 Advanced Transportation Technologies seminar, Professor Dorothy Glancy explored two examples of privacy-smart ITS initiatives: TravInfo (now known as 511 Driving Times) in the San Francisco Bay Area and the much larger USDOT Vehicle Infrastructure Integration (VII) program, now referred to as IntelliDrive. Glancy served as privacy consultant/privacy auditor during the initial development of TravInfo and also led development of the VII program’s privacy policies.

TravInfo, established by the San Francisco Bay Area Metropolitan Transportation Commission, began as a pilot project in 1995. The initial purpose of TravInfo was to calculate real-time traffic flow by reading toll tags at non-toll locations. Since then TravInfo has evolved into the popular 511 Driving Times service, which delivers free, on-demand information via phone or the Web about point-to-point travel times on the Bay Area’s freeway network. The 511 system taps data from three sources: Bay Area FasTrak pre-paid toll transponders, the California Department of Transportation (Caltrans), and solar-powered radar. Continually updated information from the California Highway Patrol (CHP) informs callers and Web users whether there are any incidents along their route.

When the request for proposal for the TravInfo project was issued in 1999, it contained a set of strict privacy rules, as stipulated by the USDOT, requiring system designers to include such privacy-smart functions as de-identification and anonymization of toll-tag numbers, data encryption, and a user opt-out option. The 511 system now also has a rigid data-retention period of 24 hours, after which time toll-tag readings are deleted. Additionally, the FasTrak customer database is separate from the database housing information collected from 511 Driving Times readers, and the two databases do not share information with each other. “It’s a rather remarkable system for having been first developed 10 years ago,” Glancy said. “All along it has been very privacy-proactive.”

In addition to real-time traffic information systems, a closer integration of vehicles and the transportation infrastructure has been envisioned for years, and recent advances in wireless communications are making this vision possible.

IntelliDrive is one research program centered on using wireless connectivity among vehicles (V2V) to enable crash prevention; between vehicles and roadway infrastructure components (V2I) to enable safety, mobility, and environmental benefits; and among vehicles, infrastructure, and wireless hand-held devices (V2D) to provide continuous real-time connectivity to all system users. This USDOT initiative is supported by the IntelliDrive Coalition, formerly known as the Vehicle Infrastructure Integration (VII) Coalition, a partnership of USDOT agencies, automobile manufacturers, state and local governments, and their representative associations.

What is noteworthy regarding privacy, Glancy explained, is the early focus the VII group put on building privacy into the system. “We realized that it would never be accepted politically, much less by drivers, if privacy was not a priority. We received good policy input as to how privacy should be handled from a number of very smart people who really thought ahead about what this system would have to do,” she said. As part of these early efforts, the Coalition invited privacy advocates to meet with technical experts who could explain the technology and listen to what the privacy concerns were. “These advocates were very helpful in working out privacy-related issues, and we learned a valuable lesson from this exercise: it is much better to work [with groups] who may appear oppositional rather than to treat them as adversaries,” Glancy said.

Protections for personal information and application of fair information practices have been considered from the beginning of the VII initiative and continuing with IntelliDrive, According to Glancy, respect for individual choices about, and control over, an individual’s personal information is the foundation of this initiative’s privacy principles and privacy limits, which were established to guide the technical and operational development of the program.

Throughout the ITS world, various other research projects and working groups continue to address the privacy issue. Stakeholders realize that proper privacy protection is mandatory for successful market introduction of such systems, and even U.S. courts are handing down decisions in favor of driver privacy. So while transportation matrices exist, Glancy explained, a centralized, omnipresent transportation matrix does not, nor is one likely to materialize anytime soon.