Legislating Automated Vehicle Safety
In 1965, the cost of a gallon of gas was 31 cents, the Chevrolet Impala was the best selling car in the U.S., Plymouth introduced “the roaring 65s” line, and 50,000 people — more than ever before — died on American roads.
It was with this backdrop that the U.S. Congress approached the National Traffic and Motor Vehicle Safety Act of 1966, the first law to create federal safety standards for motor vehicles. The safety and regulatory regime set in motion by this 1966 act has been constructed on the foundational concept that humans operate vehicles. With the advent of automated vehicles, the U.S. system for regulating automobile safety demands a comprehensive update.
Automated vehicles (AVs) present an interesting proposition when it comes to motor vehicle safety. On the one hand, they represent a potential panacea for accidents, and with them traffic fatalities and injuries. Text messages do not distract automated vehicles; AVs do not drive under the influence nor do they speed or take turns too quickly unless they are programed to. As NHTSA found in its now-famous report, 94% of crashes over the 2005–07 period were the result of critical errors attributed to drivers. Presumably, automated vehicles will eliminate most of these incidents.
On the other hand, AVs are relatively untested on our nation’s roads — they are exempted from compliance with current safety regulations and their manufacturers are only asked to voluntarily submit safety reports. To date, AVs are mostly operated with a human driver behind the wheel, poised to take over control should something go wrong. But automated driving technology is changing and regulations are too.
The Senate AV bill includes a provision that prohibits states from issuing licenses for operating AVs that discriminate based on disability, which probably means that AVs could not be required to have a steering wheel or driver controls (should S. 1885 be passed into law). Further, California announced last week that it will allow AVs without human-operated controls to cruise its roads starting in mid-2018. In the next few years, AVs will function much like trains do: short of pushing the all-stop button, a passenger will have no control over the vehicle.
In this second part of three, we explore the way Congress’s proposed automated vehicle legislation, H.R. 3388 and S. 1885, approaches regulating safe operation of automated vehicles.
Here’s the link to the first part if you missed it, which focused on the weight limit that excludes trucking, the federal government’s preemption of state authority, and the expansion in the number of AV exemptions to 100,000.
Part II of III:
- Background on Motor Vehicle Standards: 50 Years in the Making
- Updating FMVSS: Race to Catch-up with AVs
- Interim Safety Reporting: Do What You Like?
- Cybersecurity: A First Step in the Right Direction
Background on Motor Vehicle Standards: 50 Years in the Making
The first Federal Safety Standards went into effect in 1968 following the passage of the National Traffic and Motor Vehicle Safety Act of 1966. Those first regulations required that U.S. passenger cars have front and rear seat belts, padded instrument panels, door locks and hinges, and front disc brakes, among other safety improvements. Additional regulations followed mandating components that we now take for granted, like roof crush resistant construction in 1971, front air bags in 1984, and electronic stability control in 2007.
All of these safety standards, and many more, are compiled in the Federal Motor Vehicle Safety Standards (FMVSS) and codified in the U.S. Code Title 49, Chapter 301. These function as a sort of checklist of design, construction, and performance requirements that any automobile operating on U.S. roads must meet.
The safety standards are part of a broader road safety system that was formed in the late 1960s and 70s. In 1966, the federal Department of Transportation (USDOT) was created with safety as one of its primary mandates; the National Transportation Safety Board quickly followed in 1967 to investigate civil transportation; and, the National Highway Transportation Safety Administration (NHTSA) was established in 1970 with the mandate to set and enforce the FMVSS and investigate traffic accidents.
This motor vehicle safety regime, however, was designed for the automobile of the 1960s. Sure, regulations have changed over time and new requirements have been added to improve safety, but the fundamental concept of driving a car hasn’t really changed over the last 50 years. With automated vehicles, it is has become apparent that the regulations of today are ill fitted to the autonomous vehicle. Even a cursory review of the FMVSS reveals why exemptions are needed to operate AVs. Let’s take, for example, the first standard in the U.S. Code: Standard №101. This standard’s aim is to:
“ensure the accessibility, visibility and recognition of motor vehicle controls, telltales and indicators, and to facilitate the proper selection of controls under daylight and nighttime conditions, in order to reduce the safety hazards caused by the diversion of the driver’s attention from the driving task, and by mistakes in selecting controls.”
Without even getting into the meat of this standard — which specifies requirements for the location, illumination, and functionality of the knobs and controls in an automobile — it is clear that changes need to be made to key definitions if the automated vehicle of 2018 is to past muster.
Take, for example, the word “control,” which is defined as:
“the hand-operated part of a device that enables the driver to change the state or functioning of the vehicle or a vehicle subsystem.”
Or the word, “driver,” defined as:
“the occupant of a motor vehicle seated immediately behind the steering control system. “
In an automated vehicle, how would “driver” be defined? Does a control knob still need to be “hand-operated”? What information must be displayed in the cabin? Would a passenger need to know that the right turn signal is on? Further, would the turn signal in an AV still require an audible chime and an indicator that flashes visibly in the dark?
These questions are only a few that immediately come to mind when reviewing just the first section of the first standard of the motor vehicle safety code. It’s clear that the FMVSS must be updated to accommodate AVs and that this is going be a challenging and time consuming undertaking for the Department of Transportation. Both the Senate and House bills stipulate how the FMVSS should be updated and how the government might oversee safe operation of AVs in the interim.
Updating FMVSS: Race to Catch-up with AVs
As you might recall from Part I, the House and Senate bills both establish that the federal government — and not states or localities — is the sole authority when it comes to regulating the design, construction, and performance of automated vehicles. The challenge presented by this “preemption” of authority is that the existing FMVSS, as they currently stand, would prohibit AVs from operating on the roads. Indeed, this is precisely the reason why AVs must be exempted from the current motor vehicle code.
There is some irony in the willingness of Congress to assert the federal government’s exclusive authority to regulate AVs while simultaneously establishing that the feds currently do not have the regulatory means to do so. To address this issue, the proposed legislation from both the Senate and House provide instructions to the Department of Transportation (USDOT) to expedite updating the FMVSS so it can be utilized to regulate AVs as soon as possible.
The Senate legislation is fairly prescriptive. It charges the Director of the Volpe Center, a USDOT research facility in Cambridge, MA, with reviewing the FMVSS within six months and identifying areas that need to be updated to include AVs. Then it gives the Secretary of Transportation three months to start rulemaking proceedings that incorporate the Volpe recommendations. Finally, it stipulates that the Secretary must issue a final rule within one year of the submission of the Volpe report. All told, the Senate bill sets up a timeline where we would have revised regulations in place by 18 months after the legislation is signed.
S. 1885’s specific reference to Volpe is a bit at odds with tradition, which would state that it is NHTSA’s responsibility to update the motor vehicle code (recall that NHTSA was created with this precise mandate). One reason that the Senate may have opted to task Volpe with this undertaking is that Volpe already conducted a 148-page scan of the FMVSS back in March 2016 in advance of the Obama Administration’s initial Automated Vehicle Policy of 2016. One of the main findings of the review was that the existing regulations were easily adaptable to AVs provided that AV designs included a steering wheel and driver controls (a feature that looks like it will be phased out over the coming years). While the findings may no longer be applicable to the imminent fleets of AVs, the Volpe scan does provide a methodology for conducting a much-needed comprehensive review of the FMVSS and it may make sense to leverage their expertise here.
The House legislation approaches the challenge of formally regulating AVs by articulating a process to create a rulemaking and safety priority plan (“the Plan”). The Plan can be thought of broadly as a living document that would continually be updated to keep pace with AV development and deployment. Initially, the Plan would focus on updating the FMVSS and identifying new standards needed for AVs. In addition, the Plan would include overall priorities (both for AVs and in general) for NHTSA for the next five years, with updates every two years. The Secretary is charged in H.R. 3388 with developing, and sharing with Congress and the public, the first version of the Plan within one year after the legislation is signed.
While the House rulemaking and safety priority plan approach requires that USDOT need only create a plan to update the FMVSS within that first year, H.R. 3388 does require the Secretary to initiate rulemaking proceedings within 18 months and begin reviewing the FMVSS within the first six months. It does not, however, require that USDOT update the FMVSS by a certain period of time.
Somewhat confusingly, the House bill also requires that USDOT issue a final rule within two years requiring submission of safety assessment certifications. The certification process is up to the Secretary to define, but it could have been an effective alternative to updating the FMVSS except that the House bill specifically states that: “the Secretary may not condition deployment or testing of highly automated vehicles on review of safety assessment certifications.” So, USDOT cannot use its own AV safety certification process — that it would be required by law to create if the House measure passes— to ensure safe opreation of AVs? Ultimately, both bills set forth a pathway to updating to the FMVSS, but the House bill is less explicit and introduces new requirements that may be more of a distraction than anything.
Presumably, once the FMVSS has been updated, there will be clear design and manufacturing guidelines for companies producing AVs in the U.S. Even under the longer House timeline, manufacturers may only have one year to update their designs and manufacturing processes to accommodate the new regulations before the exemptions stipulated in the bills expire (at the three year mark). This timeline may be a challenge for manufacturers who may need to redesign elements of their vehicles and reconfigure manufacturing lines with only a year advance notice. It is entirely possible that Congress will be forced to take action again in two years to extend the exemptions further to allow manufacturers time to align their production with the revised FMVSS.
Interim Safety Reporting: Do What You Like?
Recognizing that it will take a few years to update the FMVSS to accommodate AVs, and given that over that same period the number of AVs on the roads may climb to 100,000, Congress has a decision to make regarding how AVs operating today will be monitored for safety in the absence of formal regulations: develop interim reporting or do nothing?
This is not a new challenge. Under the Obama Administration, a limited number of 2,500 automated vehicles were allowed to operate on the roads starting in 2016. As part of the September 2016 Federal Automated Vehicles Policy, the administration introduced the concept of “safety assessment letters.” The policy strongly urged manufacturers to submit a report to NHTSA (in the form of a letter) about how the federal guidance was being followed. It included 15 categories of information from data recording and sharing to crashworthiness to ethical considerations. While submission was not required, it was very strongly encouraged, even by Secretary Foxx in his public remarks. In addition, there was an attempt to create a norm of accountability — respondents from the manufacturers were asked to include their name and title in the letter to enable USDOT to follow-up.
When the Trump Administration revised the AV guidance a year later with the Automated Driving Systems 2.0 document, it replaced the “safety assessment letters” process with a “voluntary safety self-assessment.” The 15 areas of the Obama policy was reduced down to 12 — notably the “ethical considerations” section was dismissed — and language was introduced to clarify that: “entities are not required to submit a Voluntary Safety Self-Assessment, nor is there any mechanism to compel entities to do so.” A marked change in tone from the Obama-era reporting request for sure, but the Trump administration’s approach is not a dramatic departure from what was an already voluntary reporting scheme. Incidentally, Alphabet spin-off, Waymo, recently voluntarily released a safety report based on the Automated Vehicle Systems 2.0 guidance (perhaps more on this in an additional piece).
In essence, both the September 2016 and 2017 federal AV guidelines kicked the can down the road when it comes to safety regulation. The House and Senate legislation differ in their approaches to interim safety reporting, with the House bill perpetuating the voluntary status quo and the Senate bill articulating the components of an interim safety-reporting requirement.
As mentioned above, H.R. 3388 gives the Secretary two years to make a final decision on which entities are required to submit safety certifications and what constitutes relevant safety tests. Until the Secretary issues that final rule, the House bill defaults to the safety certification letters approach as stipulated by the Obama policy or ”any successor guidance issued on highly automated vehicles requiring a safety assessment letter.” It does not endeavor to specify any additional reporting requirements . As a result, under the House bill, it looks like manufacturers will be off the hook when it comes to safety reporting for the next two years unless they want to go above and beyond to volunteer information.
The Senate bill is a bit more prescriptive when it comes to safety reporting preceding the FMVSS revision. It requires that each manufacturer submit annual safety reports to the Secretary that include 11 categories that follow the Trump-era federal policy guidance. In effect, the Senate bill makes mandatory the previously voluntary reporting requirement. It does, however, have a clause that allows manufactures to opt out of reporting if they are just testing vehicles — this will need to be defined, but it’s probably safe to conclude that an AV carrying paying customers has moved beyond the testing phase. If this interpretation of the Senate language is correct, then the Senate bill actually goes above and beyond the Trump and Obama-era guidance when it comes to safety reporting. Rather than kick the can down the road, the Senate would actually require manufactures to report on the safety of its automated vehicles.
Cybersecurity: A First Step in the Right Direction
As more vehicle critical functions are controlled by electronic means, cybersecurity has become an increasingly important issue for the automobile industry. Further, with the advent of 3G and 4G connections, it has now become possible to hack into a vehicle from afar. As demonstrated publicly with the 2015 Jeep Cherokee white hat hack, there have already been instances where existing cars have been hacked to turn off the brakes or the control temperature. With automated vehicles, the threat becomes perhaps even more pronounced, as all controls need to be electronic to follow the directions of a computer brain, especially when there’s no steering wheel or brake pedal.
Both bills make an effort to require manufacturers to develop a cybersecurity plan to assure Congress that they are considering cybersecurity in the design and operation of AVs. The House is more explicit than the Senate bill, stating that AV manufacturers must develop a written cybersecurity plan within 180 days after enactment or they cannot sell or “introduce into commerce” any AVs. Presumably, this requirement does not pertain to testing or piloting vehicles.
The Senate legislation, on the other hand, places the onus on the Secretary to inspect the cybersecurity plans to ensure that they comply with the requirements stipulated in S. 1885 (see below). By not explicitly tying the cybersecurity plan to use cases, the Senate bill creates a broader mandate that would include pilot and test vehicles unless they are exempted by the Secretary. In addition, the Senate bill gives manufacturers a much longer timeline of 18 months to come into compliance on cybersecurity.
H.R. 3388 and S. 1885 specify what should be included in their respective cybersecurity plans, both including: 1) detection and mitigation of attacks on control systems; 2) a process to train employees on policies; 3) a process for limiting access to critical control systems; and, 4) identification of a point of contact at each manufacturer. (It is worth noting that the recent cyber hack of Equifax suggests that having a single point of contact can be a liability and that perhaps a more systematic approach to cybersecurity is needed in large organizations). In addition, the Senate bill specifies that manufacturers must also include: their approach to rapid recovery after an attack; a process for adopting lessons learned from across the industry; and, information on how the manufacturer will collaborate with standards-setting bodies.
All told, there isn’t much daylight between the Senate and House’s approach to AV cybersecurity and it shouldn’t be challenging for a consensus to be reached if the legislation makes it to conference. That said, the efficacy of cybersecurity plans on protecting AVs from cyber attack remains to be seen. Further, the specifications articulated in both bills are relatively generalized compared to the other sections of the bills, which are built on existing frameworks. The inclusion of cybersecurity in both pieces of legislation is welcome given the potential vulnerabilities, but the details of how cybersecurity will be implemented are left to future considerations.
Look for the final part of this three-part series next week, which will tackle privacy, consumer education, and all the random bits that are added to the House bill that don’t have much to do with automated vehicles!
This story is published in The Startup, Medium’s publication followed by over +256,410 people.
Subscribe to get the top stories here.
