On Friday the National Highway Traffic Safety Administration (NHTSA) formally proposed regulations requiring the placement of “black boxes” in cars. More properly known as “Event Data Recorders,” or EDRs, these are similar to the devices of the same name placed in aircraft, which record data about the vehicle’s operating characteristics in the seconds before a crash.

If these devices can be used to reduce accidents and fatalities on our roads, that is a good thing, but they do raise issues of privacy and fairness and there absolutely is no reason that we can’t have our privacy and fairness, and safety too.

This AP article provides a good overview of the technology. We and other privacy advocates have been following it for nearly a decade. In 2004, the National Transportation Safety Board (NTSB) first recommended that black boxes be made mandatory in all cars. In 2006, the NHTSA finalized regulations governing precisely what data be recorded by EDRs—without yet requiring that they be included in all cars. Now the NHTSA has proposed that step.

Before that happens, we need to make sure some basic principles are covered:

First, people need to know that these things are in their cars. That’s a basic principle of privacy and fairness. Some automakers have been installing them for years without clear notice to customers. The 2006 NHTSA rules also required that carmakers include a standardized statement in owners manuals giving notice to car purchasers that these devices are installed in the cars they just bought. That’s a good thing, but hardly adequate; few people buying a new car read all the fine print in a vehicle’s owner’s manual before they buy it. It would be better to make sure people know before they buy. Especially when they’re not in every car.

More importantly, we need to clearly establish the principle that the data on these black box computers belongs to the person who owns the car. When you buy a car, you also buy the many computers that, increasingly, run that car. The data on your EDR should belong to you—and be no more accessible to the police or anyone else without a warrant, or your consent, than the data on the laptop sitting on the seat next to you. That doesn’t mean the data will never be available to the police—if they have a judicial order, they’ll be able to obtain it, just as they can obtain the information on your desktop computer or diary if they can show that evidence of a crime is likely to be contained therein. NHTSA says in its rulemaking that it obtains permission from vehicle owners before using data for its safety studies.

Third, the computer code for black boxes should be open source. I’ve previously written several times about how computer code governing critical systems in automobiles should be required to be open source. We don’t want some poor person to be driving down the road at the speed limit, get hit by some crazy driver, only to be told by the police that their EDR says they were doing 95 because of some software bug. We need to have a very high level of trust in devices before we dispense justice based on them. It’s very difficult to write bug-free software, so this is a real concern. The software that drives these computers needs to be available to the public for scrutiny because experience has shown that is the best way to ferret out software bugs.

Another question is often raised with regard to black boxes: should vehicle owners have the right to disable or otherwise tinker with their black boxes? Generally, the “freedom to tinker” and to control our own technology is an important principle, and the default policy should be “yes.” That said, if Americans want to collectively decide that automobiles are going to have these boxes in them, limited to collecting data in the few seconds before a crash, then I would argue that would be legitimate. Automobiles are already highly regulated pieces of machinery, and rightly so—the amount of death and carnage on our roadways each year is devastating, and ruins far more American lives each year and each decade than terrorism ever has. Unlike many other technologies, the design and operation of vehicles hurtling through our public spaces has significant social impacts; our safety is much more affected by other people’s vehicles than it is by more purely personal technologies.

One final point I would make about automobile black boxes: although cars are different, EDRs may still set an important precedent for a range of other technologies in terms of who controls them and in whose interests. Will devices serve the consumer/owner, or some other powerful interest such as the government or big companies? We don’t want to drift into a world in which our own possessions are riddled with computer chips acting in the interests of others—watching us, controlling us, and possibly snitching on us.

Although automobiles are to some extent a special technology because of their dangerousness, we can still defend principles of privacy and control while taking advantage of EDR technology to bring much-needed improvements in the safety of our roads.

Update (Dec. 17)

Richard Stallman of the Free Software Foundation has alerted me to the fact that the term "open source" has a broader meaning than I have used above (here is a piece by Stallman discussing the finer points of software freedom). "Open source" is generally taken to mean not only code that is transparent—available to all for inspection—but also that can be (for example) freely redistributed and used for derived works. In the case of black boxes I only go so far as arguing that the source code should be transparent.