● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●

North Texas Tollway Authority

Data Privacy, Security and Protection: Learning From Today’s Toll HighwaysThomas J. Bamonte (@TomBamonte)Assistant Executive Director, Strategy & Innovation

Presented to Transportation Research Board95th Annual MeetingData Privacy, Security and Protection Policy Joint Subcommittee

January 12, 2016

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 2

Toll highways and data generationPrivacy/security concerns and responsesImplications for automated vehicles Policy issues/research items

Agenda

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 3

Overview of Highway Tolling

Toll facilities in 35 states2,900 miles of tolled

interstates6,000 total road miles5.7 billion annual tripsTolls = approx. 30% of federal

gas tax revenue37 million RFID transponders

in use

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 4

Mechanics of Electronic Tolling

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 5

Pay-by-Plate Customers

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 6

Trip Data Collection

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 7

Registered Owner InformationPersonal information

Home address Home phone Email address License plate Credit card information Vehicle type/color/VIN

Sources Customer accounts DMV data Collection efforts

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 8

Roadway Camera Coverage

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 9

Toll Violation Enforcement: ALPR

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 10

HOT Lane Enforcement

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 11

“Black Box” Event Data Recorders

Capture crash-related data Pre-crash vehicle dynamics

and system status Driver inputs Vehicle crash signature Restraint usage/deployment

status Post-crash data such as the

activation of an automatic collision notification system

Installed in most vehicles

—NTHSA mandate forward

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 12

Emerging Tolling Methods

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 13

Current Protections of Tollway User Privacy

Transponder customer agreements

Customer account and trip data shielded from general disclosure; use allowed – When conducting tolling business In response to court order

(e.g., warrant) When aggregated/anonymized

(e.g., traffic studies)High data protection

standards in place (e.g., PCI compliance)

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 14

State Law Protections

Customer account

information & trip data =

FOIA exception

Mandated privacy policies & data security requirements

Laws governing ownership & use of event

data recorders

General data security &

breach notice requirements

ALPR regulation

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 15

Federal Law Protections

Drivers Privacy Protection Act

Various consumer law protections

Federal legislation introduced to protect locational privacy—including vehicles

Jones & Riley decisions

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 16

Established Principles

Customer account and trip data shielded from general disclosure; use allowed:

When conducting tolling business

In response to court order (e.g., warrant)

When aggregated/made anonymous (e.g., studies)

With high data protection standards (e.g., PCI compliance)

By tolling authority with vehicle owner’s consent

By third parties with vehicle owner’s consent

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 17

Looking Ahead…

Old Days: Muscle Engine

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 18

Sophisticated Computing/Sensor Capabilities

These Days: Muscle Memory

World’s First Al Supercomputer for Self-Driving Cars

NVIDIA DRIVE PX 212 CPU cores | Pascal GPU | 8 TFLOPS | 24 DL TOPS | 16nm FF | 250W | Liquid Cooled

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 19

Sophisticated Computing/Sensor Capabilities

Tomorrow: High Sensory Capabilities

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 20

Vehicle as Highway Data Generator

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 21

OBD-II Telematics/Vehicle Behavior Monitoring

Drivewise by Allstate Vinli

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 22

Driver Fitness Monitoring/Vehicle Customization

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 23

Vehicle-to-Cloud Connections

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●

Vehicles as Mobile Commerce Platforms

Every vehicle becomes a shopping tool

Vehicle adjusts to stored preferences of the occupants

Data sharing between vehicle and merchants Targeted advertising Targeted discounts Convenience reminders—

e.g., time for oil change

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 25

Vehicle-to-Vehicle Connections

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 26

Vehicle Fleets/Vehicle Ownership

• Private vehicle ownership supplanted by vehicle fleets

• Auto travel takes on transit/airline characteristicso Passenger not drivero No vehicle ownershipo Customer data generated and

held by provider

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 27

Automated Vehicle Implications

• Every vehicle akin to a toll highway customer vehicle

• Vehicles are mobile commerce platforms

• Vehicles harvest/share data about occupants and travel patterns

• Vehicle ownership supplanted by multi-modal fleetso Travelers become

passengerso Vehicle gather/share

massive amounts of data

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 28

Automated Vehicle Security/Privacy Challenges

• Vehicle hacking threato Legislative response: SPY Car Act

• Data security breacheso Mobile commerceo V2Vo V2Io Highway agencieso Fleet operatorso App integrators

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 29

Challenges: Unrelenting Gaze and Automated Vehicles

Extensions into law enforcement

“Taking over” vehicle for safety/traffic management

Sponsored ads in visual stream on dashboard

Sale of customer dataV2X data sharingWill surveillance

state/economy prompt a consumer backlash?

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 30

Research/Policy Issues

Who owns/controls data generated by vehicle?Can individual control of vehicles be overridden to

maximize safety/efficiency/crime prevention?Do common carrier rules apply in the case of

driverless cars/fleets?What privacy rules apply in fleet services?Will commercialization of vehicles obviate need for

transportation-specific regulation of privacy/security?Can driver monitoring be mandated for non-robot

drivers?

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ●

Our Mission

North Texas Tollway Authority

Provide a safe and reliable toll road system Increase value and mobility options for customers Operate the Authority in a businesslike manner Protect our bondholders Partner to meet our region’s growing need for transportation infrastructure

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 32

Vehicle-to-Merchant Data Mining/Use

Google Car as platform for

searches

Vehicle displays targeted advertising

from nearby merchants

• iBeacon for automobiles

Consumer data privacy issues

similar to other devices/platforms

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 33

Highway User Information Collected

Customer Account• Home address• Personal

financial information

• (Non)payment information

Vehicle ID –license plate

and VIN

Vehicle Occupant

Data

Travel Pattern Data• Time, place,

direction, vehicle

• Speed derived• Years of data

Vehicle Operation & Event Data

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 34

Lessons

Highway authorities are increasingly high-volume consumer businesses with concrete

Connected vehicle raises multiple privacy concerns not addressed by existing toll authority-customer framework

Managing the technologies that put vehicle travel under an unrelenting gaze pose pressing challenges in near future

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 35

Growing Transponder Account Customers

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 36

Challenges: Unrelenting Gaze

ALPR deployed widely but not regulated

GPS data uploaded from smartphones

24/7 video surveillancePeering inside cars with

infraredM2M data sharingWill surveillance

state/economy prompt a consumer backlash?

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 37

What Lies Ahead: Connected Vehicles

Connected vehicle applications provide connectivity: Among vehicles to enable crash

prevention Between vehicles and the infrastructure

to enable safety, mobility and environmental benefits

Among vehicles, infrastructure, and wireless devices to provide continuous real-time connectivity to all system users

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 38

Vehicle-to-Infrastructure Data Mining

Highway authorities may have interest in harvesting datao Safety: Identify vehicles

behaving erratically

o Payment: Identify vehicles for toll payment

o Enforcement: Identify stolen vehicles or vehicle involved in commission of crime

o Identify: Hazardous situations (e.g., swerving around object) and communicate downstream

o Traffic management: Immediate notice of slowdowns and congested areas

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 39

Overview

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 40

U.S. Toll Highway Network

● M o b i l i t y . S a f e t y . C u s t o m e r s . E c o n o m y . R e s p o n s i b l e S t e w a r d ● 41

Conclusions

Transportation lawyers will have to become privacy law experts

Highway authorities becoming more like utilities w/ associated consumer business issues

Toll highway authorities have head start on managing customer relationships & protecting trip data

Highway travel subject to intensive surveillance

Patchwork of state laws may be reflective of limited public concerns about privacy to date

That may change. . . .