Optimizing Automated Vehicle Safety — How Phantom Auto Can Help

At Phantom Auto, we believe that automated vehicles (“AVs”) will have an enormous positive impact on society, and hope to see these lifesaving vehicles deployed rapidly and at scale. We also know it is imperative that AVs are tested and deployed in an optimally safe manner. Given that safety drivers will ultimately be removed from AVs, we believe that that optimally safe rollout can only be achieved by utilizing teleoperation safety technology.

Phantom Auto’s teleoperation safety technology enables a highly trained remote human operator to safely drive an AV when the vehicle cannot safely drive on its own. For example, for a 5-day period during CES this year, one of our remote operators in Mountain View drove a vehicle 550 miles away all throughout Las Vegas. Many of our drives took place in dark and rainy conditions, with a huge amount of cars and people in the vicinity, and in areas with no lane markings. These are all conditions which — even in isolation — can create issues for AVs, and did in fact halt many of the AV demonstrations at this year’s CES.

Because our teleoperation technology enables a highly trained remote operator to safely drive in scenarios where AVs cannot, we know that our technology can help optimize the safe rollout of these vehicles. Below, we describe a couple specific safety critical scenarios where our teleoperation technology can help. In the coming weeks and months, we will describe more scenarios where our technology can help to ensure that the transition to AVs is as safe as possible for all road users.

Scenario 1: Safely Driving an AV When an AV Temporarily Cannot Safely Drive Itself

In the National Highway Traffic Safety Administration’s (NHTSA) AV guidance entitled “Automated Driving Systems 2.0: A Vision for Safety”, NHTSA states:

Entities are encouraged to have a documented process for transitioning to a minimal risk condition when a problem is encountered or the ADS [automated driving system] cannot operate safely. ADSs operating on the road should be capable of detecting that the ADS has malfunctioned, is operating in a degraded state, or is operating outside of the operational design domain (ODD).

….

In cases of higher automation in which a human driver may not be available, the ADS must be able to fallback into a minimal risk condition without the need for driver intervention.

A minimal risk condition will vary according to the type and extent of a given failure, but may include automatically bringing the vehicle to a safe stop, preferably outside of an active lane of traffic.

Many states have laid out rules similar to the above. In Arizona, where a large amount of AV testing takes place, Governor Ducey’s 2018 Executive Order entitled “Advancing Autonomous Vehicle Testing and Operating; Prioritizing Public Safety”, states:

MINIMAL RISK CONDITION. A low-risk operating mode in which a fully autonomous vehicle operating without a human person achieves a reasonably safe state, such as bringing the vehicle to a complete stop, upon experiencing a failure of the vehicle’s automated driving system that renders the vehicle unable to perform the entire dynamic driving task.

The Executive Order goes on to state that AVs without human safety drivers within the vehicle can only be tested or deployed on public roads if a written statement is submitted to the AZ Department of Transportation, acknowledging:

If a failure of the automated driving system occurs that renders that system unable to perform the entire dynamic driving task relevant to its intended operational design domain, the fully autonomous vehicle will achieve a minimal risk condition.

It is clear that if an AV is confused, has malfunctioned, or is operating in a degraded state, it is prudent to have that AV come to a stop. For example, if an AV (1) is approaching a stoplight and cannot decipher whether it is red or green, or (2) approaching an object and cannot tell if it is something it should stop for (a person, animal, etc) or drive through (a plastic bag, steam emanating from a grate, etc), the safest option is to bring the vehicle to a stop.

How can Phantom Auto’s teleoperation safety technology help in this situation? After the vehicle comes to a stop, a highly trained Phantom Auto remote operator can safely drive the AV through the situation that it could not drive through itself. Then, once in an area where the AV can again safely operate, the remote operator can hand back control to the AV.

Scenario 2: Safely Driving a Non-Operational AV to a Safe Location

In the above scenario — where the AV may be temporarily confused or temporarily malfunctioning — the highly trained remote operator can temporarily take control, and then hand control back to the AV when it is safe to do so. But what happens when an AV cannot safely drive again because it is completely non-operational? And what if there is no human in the vehicle? Or what if there is no steering wheel and gas / brake pedals in the car?

Having an AV stop in an active lane of traffic momentarily or on a shoulder momentarily may be okay. But, if the AV remains unable to safely drive for an extended period of time after it has stopped, then it becomes a disabled vehicle, which creates significant danger. For example, according to a study published in the Journal of Transportation Engineering,[1] data from the state of Tennessee has shown that 78% of freeway traffic-related incidents are attributable to disabled and abandoned vehicles. The study went on to theorize that “the longer the vehicle is left unattended within the right of way, the higher the probability of new incidents and secondary crashes.”

An AV stopping in an active lane of traffic or on the shoulder creates some of the same safety hazards as engine stalls, which have resulted in serious injuries and deaths over the years, and have led to recalls. Curiously, NHTSA and various states are promoting the aforementioned complete stop for AVs as a recommended best safety practice, whereas engine stalls prompted a recall as recently as this year.

Despite the fact that both scenarios can create the same safety hazards, NHTSA’s Enforcement Guidance Bulletin on “Safety-Related Defects and Automated Safety Technologies” states the following:

  • NHTSA has the authority to “respond to a safety problem posed by new technologies in the same manner it has responded to safety problems posed by more established automotive technology and equipment.”
  • In assessing whether a vehicle poses an unreasonable risk to safety, NHTSA considers many factors. “Where a threatened hazard is substantial (e.g.,….stalling), low potential frequency may not carry as much weight in NHTSA’s analysis.”

Furthermore, the safety hazards that are created by disabled vehicles are highlighted in a series of cases litigated in federal court over the years by NHTSA. For example, in U.S. v. General Motors Corp.,[2] the court observed that the failure of a fuel inlet plug, which was believed to cause the car to “stop running”, resulted in “several obvious and undeniable safety hazards.” This included a need for “the driver….to either abandon his vehicle in the midst of oncoming traffic or, if he can, pull over to the side of the road. Both situations are dangerous.”

In U.S. v. Ford Motor Co.,[3] the court reached a similar conclusion, stating:

Even if drivers pull to the side of the road and bring their vehicles to a stop on the shoulder they are still exposed to the risk of being struck from behind by a moving vehicle. Some drivers….have even brought their vehicles to a stop in the middle of lanes intended for moving traffic. Having brought their vehicles to a stop, drivers….have exited their vehicles in order to extricate themselves from the unsafe circumstances into which they have involuntarily been thrust. This too exposes them to the further risk of being struck by a moving vehicle.

So, the obvious question is: can the safety hazards be eliminated from the complete stop scenario that NHTSA is recommending as a best safety practice, and that states like Arizona are requiring when driverless AVs cannot safely operate? The answer: yes, with the help of Phantom Auto’s teleoperation safety technology.

By utilizing Phantom Auto’s teleoperation technology, AVs can eliminate the safety hazards inherent in the complete stop scenario outlined above. For example, if a non-operational AV were to come to a stop in the middle of a road or freeway, a highly trained remote operator could then safely drive the vehicle to a position outside of the flow of traffic. Or, if a non-operational AV were to come to a complete stop on a shoulder, a highly trained remote operator could then safely drive the vehicle to a safer location to stop, such as a parking lot, or even a repair shop.

Conclusion

If an AV is confused, operating in a degraded state, or is completely non-operational, we agree with NHTSA and various states that the vehicle should come to a stop. But very shortly after coming to that stop, for the safety of everyone on the road, that vehicle (1) must be driven to a place where the AV can again safely drive itself, or (2) if non-operational, must be driven to a location where it can safely come to a stop.

Phantom Auto’s teleoperation technology can help to eliminate the problematic scenarios outlined above. If you would like to learn more, please email us at contact@phantomauto.com.


[1] Impact of Abandoned and Disabled Vehicles on Freeway Incident Duration, Journal of Transportation Engineering, Vol. 140, Issue 3 (March 2014).

[2] 417 F. Supp. 933 (D.D.C. 1976).

[3] 453 F. Supp. 1240 (D.D.C 1978).