Public Policy Analysis & Opinion—New federal rules will govern event data recorders 10/06


Table of Contents

Public Policy Analysis & Opinion

New federal rules will govern event data recorders

Insurers and consumer groups applaud the use of EDRs, but privacy groups cringe

By Kevin P. Hennosy

There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to.
1984, Chapter One, George Orwell

On August 21, 2006, the National Highway Traffic Safety Administration (NHTSA) adopted a rule that requires automakers to tell consumers whether a vehicle is equipped with an Event Data Recorder (EDR). The new federal regulation will apply to all passenger vehicles and light trucks with a gross vehicle weight of 8,500 pounds or less. NHTSA will separately evaluate EDR use in larger vehicles.

The NHTSA action comes on the heels of a handful of state legislatures passing legislation over the past three years to require the disclosure of the presence of this kind of device. When California enacted an EDR disclosure law in 2004, it was only a matter of time before the Feds acted to establish national uniformity.

The existence of EDRs is generally welcomed by insurers that can passively use the devices to defend claims, or actively employ them in conjunction with products that stress good driving habits.

Nevertheless, even for someone who is regularly accused of driving like an old man, the idea of being “tracked” by a “device” is not a comforting thought. But then again I never bought into Big Brother’s observation that Freedom is Slavery.

Where is George Orwell when we need him? My fear is that he has been shuffled off to the Ministry of Love—or Miniluv in Newspeak—that large building complex with no windows surrounded by barbed wire and guards armed with truncheons.

At the very least, if data is being recorded that might be connected to the risk of financial loss, it is only a matter of time before the National Association of Insurance Commissioners (NAIC) figures out a way to lay claim to it—and make money off of it.

The EDR is a device that captures data in the event of a collision—or at least that is what the good folks at NHTSA tell us. Auto manufacturers and other interests that keep track of such things used to call EDRs “black boxes,” but apparently the new name has a less menacing connotation. (What edition of the Newspeak dictionary are you using, Mr. Smith?)

According to NHTSA, EDRs “capture crash data in the few seconds before, during and after a crash. EDRs do not capture any data unless there is a collision that is severe enough to cause the airbag to deploy.”

Actually, auto industry sources offer a slightly different explanation of how the EDRs work. According to those sources, EDRs constantly monitor certain mechanical performance data. This information is collected and held in onboard memory banks. The memory is erased and reloaded every five seconds unless an event triggers release of the vehicle’s airbags. At the point the airbags are deployed, the EDR generally retains the previous five seconds of data. Other nonstandard devices can track and record many more elements and hours of data.

Auto manufacturers began loading EDRs on cars in 1999. NHTSA estimates that 64% of passenger vehicles made during the 2005 model year were equipped with EDR devices. This new rule does not require automakers to install EDRs if they are not already doing so.

In addition, the NHTSA rule will provide automakers more than an adequate amount of time to practice their disclosure statements. The federal rule does not require consumer disclosure until the 2011 model year.

The NHTSA officials hope that the information gathered by the increasing use of the EDR devices will improve highway safety. For example, the rule requires EDRs to be more durable to protect data during a crash. The rule also requires automakers to collect the same type of crash data if they choose not to install an EDR.

The agency noted that having access to uniform crash information from EDRs, regardless of the vehicle’s manufacturer, will help investigators recreate crash scenes to determine the causes. The rule will support the development of new safety regulations based on accurate crash information that NHTSA collects from vehicle owners who agree to share information from their EDRs with the agency.

The safety agency said it also expects that the new rule will enhance the value of automatic crash notification systems, including the Enhanced 911 emergency response system currently under development, by making it easier for vehicles equipped with automatic crash notification features to provide accurate and immediate information to emergency personnel.

The promise of increased highway safety has bonded two traditional political enemies into a classic situation of strange bedfellows. Insurance industry advocates generally support the use of EDRs, as does Public Citizen—the Ralph Nader group that has a long history of battering insurance interests.

Civil defense attorneys have used EDR data to document violations in policy provisions. In addition, companies such as Progressive have launched policy options that offer discounts for drivers who submit black box data of one kind or another.

Public Citizen took up the banner for the use of EDRs. In fact, spokes-persons for Public Citizen chided NHTSA for not requiring the use of EDRs in all vehicles, in particular heavy trucks. The consumer group has sued the Bush Administration in an effort to force manufacturers to install black boxes in all heavy trucks. The black box data would be discoverable in any litigation arising from a truck accident.

In a recent Time magazine interview (August 8, 2006), Public Citizen President Joan Claybrook brushed aside civil liberties concerns on the grounds that there is no ongoing data retention.

Groups like the Electronic Privacy Information Center (EPIC) do not accept this argument. In comments filed with the NHTSA, EPIC charged that the days when EDRs collected only pinpoint data are over:

ACN (Automatic Collision Notification) -enabled EDRs have already been used as a law enforcement surveillance tool and such use will increase as more vehicles become so equipped. In 2003, the FBI procured a wiretap order requiring an ACN provider to remotely configure the system to go into “listen mode,” allowing audio surveillance of those in the vehicle.[10] Because this strategy interfered with the emergency features of the system, the Court of Appeals for the Ninth held that the order was not proper.[11] However, the Court held that generally an ACN provider is a “telecommunications carrier,” and therefore required by statute to assist law enforcement with carrying out such orders.[12] The extent to which ACN-enabled EDR systems can accommodate such surveillance without interfering with the emergency features is unknown, although engineering the systems to accommodate the dual-use would be straightforward.

The trend towards these advanced EDR features—location data, video data, real time collection and law enforcement access—will undoubtedly continue.

Spokespersons for the American Civil Liberties Union (ACLU) have been quoted calling EDR devices “a surveillance monster.” In a document titled “Bigger Monster, Weaker Chains, The Growth of the American Surveillance Society,” an ACLU commentator observed:

All cars built today contain computers, and some of those computers are being programmed in ways that are not necessarily in the interest of owners. An increasing number of cars contain devices akin to the “black boxes” on aircraft that record details about a vehicle’s operation and movement. Those devices can “tattle” on car owners to the police or insurance investigators. Already, one car rental agency tried to charge a customer for speeding after a GPS device in the car reported the transgression back to the company. And cars are just one example of how products and possessions can be programmed to spy and inform on their owners.

In addition to direct surveillance capabilities associated with EDR devices, the EPIC warns that secondary markets in data threaten consumer privacy:

EDRs are primarily repre-sented and marketed as a technology to improve the safety of vehicles and roadways. But all of the stakeholders realize the significant secondary uses, some of which may eventually overshadow the original goals. For example, NHTSA lists the following groups as “customers” of EDR data: insurance companies, vehicle manufac-turers, government, law enforcement, plaintiffs, defense attorneys, judges, juries, courts, prosecutors, human factors research, state insurance commissioners, parents groups, fleets and drivers, medical injury guideline data usage, vehicle owner, and transporta-tion researchers and academics.

The reference to “state insurance commissioners” is particularly ominous to anyone familiar with the NAIC. The Kansas City-based and Delaware-chartered private corporation has a well-documented history of exploiting its ability to store and sell data. It is one thing to see EDR data used to make highways safer, insurance pricing more accurate or to document civil liability, but it is quite another to use it to provide NAIC revenues for overblown executive compensation.

I hope federal and state officials keep a close eye on this kind of third-party use of the data. I suppose that kind of thinking will knock me off of NAIC Executive Vice President Cathy Weatherford’s holiday card list again; but I am used to having the NAIC leadership equate me with Orwell’s “Emmanuel Goldstein, the Enemy of the People.” I never got along with the “Ignorance is Strength” crowd at the NAIC, so pass the “Victory Gin” before some NAIC Staff come to take me to Room 101. *

The author
Kevin P. Hennosy is an insurance writer who specializes in the history and politics of insurance regulation. He began his insurance career in the regulatory compliance office of Nationwide Insurance Cos. and then served as public affairs manager for the National Association of Insurance Commissioners (NAIC). Since leaving the NAIC staff, he has written extensively on insurance regulation and testified before the NAIC as a consumer advocate. He is currently writing a history of insurance and its regulation in the United States and is an adjunct professor of political science at Avila University. Hennosy publishes a quarterly briefing paper on the activities of the NAIC, which is available at www.spreadtherisk.org.

If data is being recorded that might be connected to the risk of financial loss, it is only a matter of time before the NAIC figures out a way to lay claim to it—and make money off of it.