™

™

™

.com

™

.com

The intelligent choice for ITS

● EXPANDED DIGITAL EDITION with 8 additional articles available at thinkinghighways.com

thinkinghighways.com

Volume 10 Number 2 July 2015

RIDING THE WAVE

GOING FOR BROKE

EVERYTHING IS ILLUMINATED

The art and science of transportation engineering, according to Bob McQueen

Mike McGurrin explains the benefits of open traffic data

How big data and advanced analytics are creating new options for everyone

thinkinghighways.com

NORTH AMERICA EDITION

INTELLIGENT TRANSPORTATION SYSTEMS AND ADVANCED TRAFFIC MANAGEMENT

TECHNOLOGYAssessing the risk: how to avoid a toll payment security breach, p34

INNOVATIONWhat does the rise of Android Auto mean for the major car manufacturers in the US? p40

FINANCE & FUNDINGWhat can the automakers learn from the financial sector, asks Sedar LeBarre, p26

SMART CITIESTip Franklin: The dangers of over-focusing on technology and data, p30

PERCEPTIONS OF PRIVACYDavid Pickeral wonders if we have developed an unrealistic approach to data sharing

thinkinghighways.com4

COVER FEATURE Privacy

Vol 10 No 2 North America

The past two centuries have seen a positive evolution in personal privacy doctrine worldwide for the benefit of all citizens – but when it comes to transportation, expectation may at times surpass reality, says David E Pickeral

Perceptions of privacy

Vehicles has, to say the least, neither uncomplicated the question nor discouraged both advocates and detractors of increased privacy.

Obviously it is an important topic, one that is fundamental to civilized society anywhere in the world and the legitimate expectation of each and every one of its both human and even perhaps nonhuman inhabitants. But is it as daunting and prohibitive as many have suggested? And, just as com-pelling, is it really a “new” issue? I would suggest that in either case the answer is: “Almost certainly not!”

REASONABLE EXPECTATIONSThe Bill of Rights in the US Constitution, specifically the Fourth Amendment that was enacted 226 years ago and very much influenced by the Age of Enlightenment, that was all the rage in the chic circles of Western Civilization at the time, is generally regarded as one of the key global precedents in setting boundaries for personal freedoms and privacy. This

Privacy. It is often a sensitive, even taboo, subject for both the public and private sector to address—which is exactly why I am taking advantage of the fact that I

am on a short respite this summer, not currently constrained by either a corporate or government employer in terms of dealing with this subject head-on as an individual, with all the rights of free speech my government and society afford (more on this later!).

There is and has always been a lot of talk about Privacy ITS. As many of us well recall, from the early days at the ITS America/IVHS Legal Issues Committee meetings at TRB and in the ITS Caucus and Federal Advisory Act Committee (FACA) activity on the Hill, the topic of discussion has per-meated almost any discussion of a new technology, scheme or system deployment—and it is almost certainly the topic that most frequently pulls outsiders into examination of what lamentably is often a very narrow and unrepresenta-tive view of our industry. The recent emphasis on Connected

thinkinghighways.com 5

Privacy

North America Vol 10 No 2

doctrine was reinforced, adapted and extrapolated by courts, legislators and regulators at all levels of government over the years to include both physical and electronic surveillance.1

Throughout the succeeding centuries — and particularly in the mid to late 20th Century as the potential for mass repression aided by technology was acknowledged by world leaders — this doctrine was expanded around the globe through multinational treaty enactments such as Article 8 of the European Convention of Human Rights (1950)2 and constitutional amendments such as the Canadian Charter of Rights and Freedoms (1982)3. Indeed with the advent of computerized records in the latter half of the 20th Century, the concept of personally identifiable information (PII) as gathered, stored and transmitted using electronic means was formally addressed and identified as worth of at least enhanced scrutiny if not enhanced protection.4

There should be absolutely no question to any rational person that all of these were positive and necessary steps. Ensuring that both mass and individual abuses of personal freedoms undertaken the past are not repeated. Assuring that ever-global, ever-connected human society continues to evolve in a way that respects and protects the personal pri-vacy, dignity and integrity. These are fun-damentals every person that lives or will live on Earth has a right to and which as human beings we have come to expect.

It should be stressed, however, that the provisions described above and oth-ers deal with a relatively discrete range of areas, principally the gathering of evidence in a criminal prosecution, the integrity of one’s own body including medical or genetic information, financial matters — essentially highly personal information that has the potential to cause significant and specific harm to an individual with no corresponding benefit to society in having it disclosed.

So, at the risk of being accused of reductio ad absurdum,

the law rather unambiguously protects one’s right to sit in one’s own home, hotel room, or other dwelling (including parked or otherwise stationary vehicles) unmolested, with one’s documents and possessions (recognized as being legiti-mately both real and virtual) in this in the absence of any criminal conduct.

However, most people want to be out and about both in terms of traveling and engaging in commercial activity related to the goods they produce or purchase — and around this distinction herein lies the most critical area of discussion related to privacy and transportation

CLEAR AND PRESENTFrom the start of the Industrial Revolution in the late 18th Century (ie, around the time the Fourth Amendment was enacted), there has been almost an immediate acknowledge-ment that the transportation of both people and goods does not require or incorporate such highly personal information. Indeed the benefit has always been perceived in this context

as shifting from the individual to the mutual safety of his or her fellow travelers, or the public as affected

by such systems whether alongside the canal, near the railroad tracks, beside the motor-

way or under the flight path. Transporta-tion is after all a highly regulated industry, perhaps second only to healthcare in that capacity, and with the same very good rea-son — SAFETY.

Supportive of that way of thinking, com-mon carriers—airlines, ferries, railroads, bus

lines—have long been held strictly liable for the safety of the passengers and goods entrusted

to them with the objective being, again, else safety. In recognition of that obligation, carriers have commensurably been afforded a certain degree of control over and access to information about the people and/or goods they are carry-ing. Both passenger and freight manifests are compiled with little question and generally in response to both private con-

“The concept of personally identifiable information as ‘gathered, stored and transmitted using electronic means’ was formally addressed and identified as worth of at least enhanced scrutiny if not enhanced protection”

NOTE1 Constitution of the United States of America, Amendment IV, 1789; further discussion at http://www.uscourts.gov/

about-federal-courts/educational-resources/about-educational-outreach/activity-resources/what-does-02 http://conventions.coe.int/treaty/en/Treaties/Html/005.htm3 http://laws-lois.justice.gc.ca/eng/Const/page-15.html#h-394 https://epic.org/privacy/laws/privacy_act.html

thinkinghighways.com6

COVER FEATURE Privacy

Vol 10 No 2 North America

tractual and government regulatory requirements. Switching from carriers to infrastructure operators for per-

sonal travel, the expectations flowing both directions remain largely the same. Few people question the necessity of requir-ing, as has been the case virtually all over the world for a century, the need for vehicles to have number plates or other physical identifiers. Modern Connected Vehicle legislation that would add transponders is merely taking, I would sug-gest, the number plate concept and moving it into the virtual realm in parity with all other forms of electronic identification.

The same applies to probe data: V2V, V2I, V2X — the throughput, accessibility and volume of the data flow con-tinues to increase to be sure, with both industry and government poised to make far bet-ter use of it through the Connected Vehicle mandate and rulemaking proceeding (National Highway Traffic Safety Administration)5 and ongoing research (ITS Joint Program Office).6 Once again the critical ideal of Safety is paramount here, as it is with such initiatives as Next Generation 9-1-1 (NG 9-1-1)7, the European eCall8 and grass roots driven public-private collaboration across national boundaries such as Vision Zero.9 However, the idea that such things as driving behav-iors, vehicle speed and direction, surrounding weather conditions, are all already out there in the public domain.

In all scenarios the objective and benefits are gal-vanized irrespective of age, income, education or political orientations in a way that few issues are or ever will be — the reduction of deaths, now around 30,000 each year on US roadways,10 nearly 2,000 in Canada11 and well over a million worldwide.12

RIGHTS, ENTITLEMENTS AND PRIVILEGESIn order to understand how various nuances regarding pri-vacy and transportation come into play, it is important to dif-

ferentiate between the various levels of expectation that may be applicable for any given situation.

Rights are the most fundamental and, to use the words of the American Declaration of Independence, implicate the most “inalienable” allowances human beings should expect — and commensurably must be afforded the strictest pro-tection of the law. These are what significant constitutional and other legal provisions cited at the beginning of this dis-cussion were designed to ensure. As suggested they have relatively little applicable to the communal society of trans-portation systems and their operations day-to-day.

Rather they tend to apply and very specific situations, such as the protection of specific PII or those

rare instances where traveler information is required as part where those rare

instances where traveler information may be required as part of a crimi-

nal investigation or proceeding. Above all, the most fundamental right of any user of a transpor-tation system is indeed safety, which is why those some operate or maintain should systems are held to such strict standards of liability.

It is far more likely that rather than a Right, the traveler

is held to possess a certain Enti-tlement and even then usually for

quite a specific purpose. The payment of an airfare or the pur-

chase of a transit pass or toll tag is generally interpreted to allow the user to access a specific

transportation service for a specific time or distance. In many countries and societies transportation is viewed as a very broadly applied entitlement with some segments of the population including the elderly, economically disad-vantaged, students or those with disabilities allowed to use various transportation assets free or at a reduced rate because society has agreed that it is in the best interest to provide such benefits.

Finally, and as I think applies to most of the traveling population and indeed most aspects of the entire transport

NOTE5 http://www.safercar.gov/v2v/index.html6 http://www.its.dot.gov/connected_vehicle/connected_vehicle_research.htm7 http://www.ng911institute.org/8 http://ec.europa.eu/digital-agenda/en/ecall-time-saved-lives-saved#Article9 http://visionzeronetwork.org/10 http://www-fars.nhtsa.dot.gov/Main/index.aspx11 https://www.tc.gc.ca/eng/motorvehiclesafety/resources-researchstats-menu-847.htm 12 http://www.who.int/gho/road_safety/mortality/en/

thinkinghighways.com8

COVER FEATURE Privacy

Vol 10 No 2 North America

“The use of data by transit agencies involves not so much the tracking of any individual person as it does the aggregation of travel patterns of all users of the system or system of systems — in other words demographics”

ecosystem, there is the notion that transportation is a Privilege. Indeed this concept is so old, that it effectively dates all the way back to the idea that mobility pretty much meant that of one’s own two feet, or that of an animal (or fellow human) that was being ridden or was pulling.

Over the past couple of centuries we seen have the mean-ing of personal transportation shift to the ability to move virtually anywhere in the world in the space of a day or two and perhaps even more remarkably for millions of peo-ple to traverse throughout regions easily and inexpensively on a daily basis. Almost as quickly as these developments occurred, society responded by imposing a certain level of disclosure to fit the new mobility options, including the manifests mentioned before and other methods of tracking all of this public domain activity.

Much as number plates for vehicles have been accepted practice across North America, Europe and most the rest of the world for more than a century for anyone wishing to drive on a public road, a drivers’ license is viewed and acknowledged by the public as a privilege almost without question. In exchange for that privilege transportation pro-viders have a reciprocal expectation that they will be able to collect or at least temporarily access certain types of infor-mation from users, to ensure the effectiveness, appropriate

levels of service, and again safety of their operations. Thus, as between transportation providers and transportation users there has always been a balancing of rights, privileges, and entitlements, one between the other. The development of new technology has automated and optimized that balance, but the paradigm itself and the responsibilities that go with it has not really changed all that much since the days of wooden pike tolling plazas and when traveling in coach meant four wheels underneath and six horses out front.

GIVE-TO-GETIf anything, the advent of new technology since the start of the Internet Age has seen an even greater willingness of travelers to barter some measure of the small privacies to which they are entitled to achieve some sort of benefit, or even to volunteer useful information to improve the quality of service or improve safety for all.

Most users of mobile devices, for instance, seem to appre-ciate the ability to receive benefits such as an electronic cou-pon, instant secure payment, or important updates and other content for products or services they actually like and use regularly — and are consistently shown to divulge even more information to ensure that such outreach is ever-more highly tailored to their specific preferences, from a favorite skim

There are many ways in which our personal data could be shared

thinkinghighways.com 9

Privacy

North America Vol 10 No 2

milk no whip half-caf latte sitting on the bar to the preferred transit route home from work.

In such scenarios the symbiotic relationship between the user-originator of the data and those who make use of it is clear and immediate. I would respectfully suggest that the flow of benefits from Smart & Connected transportation is much larger and steadily and positively expanding. As nice as a dis-counted cup of coffee or bus fare is, the potential to mitigate or remove the possibility that you the rider, or a loved one, will die in a vehicular collision is, after all, far greater.

DEMOGRAPHICSIt is important for members of the traveling public to appre-ciate that for the most part – and I’ll talk about the exceptions later on–transportation service and infrastructure providers such as transit properties or highway agencies couldn’t care less about individuals’ personal data.

The plain fact is, such information is not useful to them inasmuch is their priority is to provide widespread service availability to the entire population and not customized 1:1 service to individual drivers or passengers. Accordingly they would have no reason to incur the expense of gathering or storing or securing and handling (as PII of course) indi-

vidual driver and/or rider data themselves. Thus, the use of data by such entities involves not so much the tracking of any individual person as it does the aggregation of travel patterns of all users of the system or system of systems — in other words demographics. Thus, such data can be either collected anonymously such as through Bluetooth reader technol-ogy, or anonymized, such as can be done with mobile device information from carriers.

In the most basic terms it’s exceedingly vital in terms of both service put provision and cost reduction to know exactly how many people use a certain highway exit, subway stop, or transit bus route, and what journeys they are tak-ing through this and other combinations of assets–but there is no corresponding need or justification to know exactly who any of these people are by name, bank account, home address or otherwise.

Of course, there are other elements of the transportation system where certain more identifiable information can and in some cases must be used. Mobile network operators (MNO), including those that will increasingly operate connected vehi-cle systems, need to know who their users are in order to pro-vide network access and ensure the flow of the right data both to and from subscribers. Transit and tolling charge points need

Detect. Measure. Analyze.™

irdinc.com | info@irdinc.com INTERNATIONAL ROAD DYNAMICS INC.

Commercial Vehicle Enforcement

Toll Systems

Data Services

Fleet Management

Bridge Monitoring & Safety

Security & Access Control

thinkinghighways.com10

COVER FEATURE Privacy

Vol 10 No 2 North America

to identify for a very brief instant that the correct account user is passing through that part of the system.

Here the “give to get” again becomes apparent. In these cases, it is important to remember that the users have already provided specific consent, in effect granting either an entitle-ment or privilege to use their data. In signing their agree-ments, wireless customers have done so almost universally as long as there have been cell phones, which is now approach-ing half a century. The users of stored value, and now open payment transit and tolling systems, have likewise granted the operator and/or some third-party payments processing entity such as a credit card the entitlement to access their data for the reciprocal entitlement the convenience of instant electronic payment offers. As a result, the issue of privacy as to the transportation providers themselves once again becomes largely moot.

PRIVACY IN PRACTICETo illustrate how all this works I will offer a hypothetical soon to be taking place all over the world – perhaps even tomorrow:

Kwame is driving by himself down the turnpike in his state (or province) and the RUC system, maintained under contract

by a third party vendor under a PPP, automatically records his vehicle’s identity from its installed transponder (as indeed is required by recent connected vehicle regulations enacted nationally in his country). As he is driving he passes a traf-fic counter that recently replaced the old loop detector based system – his Bluetooth signal anonymously registers the pas-sage of the vehicle past a certain point, and again later past a different point to judge speed and traffic flow, identifying the vehicle as the same one passing a number of different points, but obtaining no information about the identity of the vehicle or its driver and passengers (or in this case the lack thereof).

As he pulls off at a service plaza he is offered an electronic coupon for his favorite coffee company based on the prefer-ence he selected as a member of that coffee’s loyalty club and while in the service plaza purchases that beverage using the electronic wallet feature of the coffee company’s app which he downloaded and installed onto his mobile device.

As he exits the turnpike the turnpike’s back office system matches his vehicle’s identity obtained from his vehicle’s onboard transponder to charge his credit card the appropri-ate amount per the electronic payments agreement he set up with the tolling company in the adjacent state where he lives;

Specific consent is given to use personal data where payments are required, but data is often shared in anonymized form

thinkinghighways.com 11

Privacy

North America Vol 10 No 2

that state has reciprocal interoperability with the turnpike on which he is now traveling among many others (and as he is aware through his home state’s tolling agreement which he accepted in setting up his account). The anonymized data from the tolling system and the anonymously con-nected Bluetooth data are provided to the turnpike authority along with that of every other user so that they can analyze and optimize the systems and services along the roadway. Beyond the user-specific services offered to Kwame and many others who choose to accept them, the coffee vendor also uses anonymized information in aggregation with all of the customers at that service plaza to ensure that the prod-ucts and services provided are even more tailored to what all customers stopping there will want in the future thus antici-pating the personal preferences of those who do not wish to self-identify for promotions. When Kwame gets to his desti-

nation city, he uses the transponder to pay for parking in the space that his vehicle’s navigation system guides him to. The parking system, which is also connected to his home state’s RUC account through another reciprocal agreement to sup-port transportation account services, further consolidates what had been many different stovepiped processes.

Kwame then meets his friend Yukiko and they go out to meet their university mate Pat for dinner. Like a growing number of urban residents Yukiko does not own a car. How-ever, in front of her apartment is a line of share-cars that she is able to access and pay for with her mobile device using an account she established with the share-car vendor that can be used with a network of other vendors around the country and internationally. After driving to dinner she deposits the share-car near the restaurant so a different user can have it. The restaurant even provided a rebate on her share-car rental

“The advent of new technology since the start of the Internet Age has seen an even greater willingness of travelers to barter some measure of the small privacies to which they are entitled to achieve some sort of benefit”

thinkinghighways.com12

COVER FEATURE Privacy

Vol 10 No 2 North America

fee when she booked a table for herself, Kwame and Pat using the mobile app.

After dinner, Pat, who had ridden over on a city bike when it was still daylight, walks home while Yukiko and Kwame decide that they have had too much wine to safely drive. Both of them therefore take transit back to Yukiko’s apart-ment–she using her regular open payments AFC application that she maintains as a resident of that city, and he is able to use his transportation access account from the adjacent state that has reciprocal privileges with Yukiko’s city transit opera-tor. The bikeshare system, share-car vendor and the transit property compile and are able to anonymously use the usage data from the evening to improve their service and ensure that both modes in the transit service are able to meet the needs of citizens and users.

A few weeks later, Yukiko receives an electronic invoice from the share-car company. While she and Kwame were driving to dinner downtown, they passed a congestion charge cordon; the ANPR system there captured the vehi-cle’s license plate and sent the charge to the share-car owner along with the exact date and time of passage. The share-car company paid the congestion charge to the city along with any others due for its fleet. The share-car company’s software correctly identified Yukiko as the person in possession of the car at that date and time, charged her account, and sent her an invoice documenting payment under the terms of the rental whereby she had agreed to ‘auto pay’ any tolls or fines incurred during her rental.

At no time was any PII regarding Yukiko – who not own-ing a car herself did not maintain a city congestion charge tag or account – exchanged between the share-car company and the city government.

In the above hypothetical, the only entities that have access to financial information are modes of choice and/or payments processing entities, all of which did so with the specific consent of Pat, Kwame and Yukiko. These entities correspondingly have no information regarding where their journeys took them beyond the discrete points of sale (POS) for RUC, parking, transit entities, and c-charging just as they would if they had swiped or dipped their charge cards in these places. Conversely the turnpike, city congestion charge authority and transit property each obtained precise demographic data, as they did from every other customer, anonymized and in all respects transactionally separated from any of the financial information or other PII which was simply not relevant or needed by them.

REACHING FOR PERFECTIONMy discussion here has of course only scratched the surface of a complex and constantly evolving field of law and/or policy (the differences between these two incidentally being yet another vastly complex subject for perhaps another time and even a different forum). However, as I have asserted in previous issues of Thinking Highways regarding other areas of ITS, the fundamental concepts are inherently simple and come down to basic government, industry and soci-etal choices about the give-to-get of data and information. The main point I wish to make is that Smart & Connected Transportation technology offers unprecedented benefits with correspondingly little if any additional sacrifice of that body of private information which fundamentally entitled to the highest levels of protection. This result can and will be achieved using data that individual passengers either never had the right/entitlement to hold private in the first place, or data that they voluntary have provided in exchange for a certain privilege. The potential for the protection of life and property for everyone affected by the transportation system is simply too great. It creates revenue streams for industry, achieving important policy goals for governments and ben-efits for society right down to the needs and wants of each individual citizen. I have heard this described among other things as a “Nirvana.” Perhaps this perfect state of being, this optimal balance is too much to expect amidst the fast chang-ing, political undercurrents, and competing interests of ITS, but a “Trifecta” may be a more apt aspiration: a quick win with an immediate payoff.

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| David E Pickeral, Esq is an executive, senior analyst and

industry advisor in Smart & Connected transportation systems based in the sustainable community of Reston, Virginia, USA. He has more than 27 years of leadership experience in both public and private sector roles around the world. David’s current focus is helping investors, implementers and practitioners realize the potential to integrate current and next generation ICT technology and ensuring the adoption of enhanced business practices and analytics to optimize existing and future transportation assets across all modes. He is also a licensed attorney, and member of both the Virginia and District of Columbia Bars.

david.pickeral@alumni.virginia.edu

www.linkedin.com/in/pickeral

“The bikeshare system, share-car vendor and the transit property compile and anonymously use the usage data from the evening to improve their service and ensure that both modes in the transit service are able to meet the needs of citizens and users”