Everything You Need To Know About The Black Boxes Coming To Your Next Car

Illustration for article titled Everything You Need To Know About The Black Boxes Coming To Your Next Car

It's looking very likely that a bill in Congress that will make mandatory the use of "black boxes"— more formally, Event Data Recorders (EDR) — will become law soon. These are little computers clad in rugged casings that record data from your car's various sensors and computers to use for accident investigation and, very likely, other uses.


There's lots of privacy concerns around this new bill, and lots of questions as to exactly what that little boxy black snitch is snooping on. Plus, what about the voluntary black boxes some insurance carriers are offering? Let's see what we can clear up.

1. It's pretty likely your car already has an EDR.

GM was the pioneer here, starting to install them in the late '90s, and by 2005 a number of marques (GM, Ford, Isuzu, Mazda, Mitsubishi, Subaru and Suzuki) were putting them on everything. According to the NHTSA, about 91.6% of cars currently have them. Here's a list. Notable exceptions are Audi and Mercedes-Benz, but this new law will change that.

If you're like many of us Jalops, myself included, you may be driving a car that predates OBD-anything, so, unless you have a very technologically adventurous stalker, you likely don't have one. The law does not appear to require retrofitting the devices to, say, your King Midget.

2. It's not a tracking device.

These black boxes are not GPS devices, and do not track where you're going. So your drug-prostitute-deep fried food secret habits are still safe, as long as you don't get in a wreck with your hookers and crack and mouthful of fried cheese.

3. Okay, what do these things record?

Great question, disembodied voice. And a surprisingly tricky answer to find. Most articles just mentioned the bill requires 15 separate data points to be recorded, without listing what they are. While more data can be recorded based on manufacturers' own desires, these are the 15 data points that would be required by the new law— well, this list has 17, so maybe there's a couple others:

  • Change in forward crash speed
  • Maximum change in forward crash speed
  • Time from beginning of crash at which the maximum change in forward crash speed occurs
  • Speed vehicle was traveling
  • Percentage of engine throttle, percentage full (how far the accelerator pedal was pressed)
  • Whether or not brake was applied
  • Ignition cycle (number of power cycles applied to the EDR) at the time of the crash
  • Ignition cycle (number of power cycles applied to the EDR) when the EDR data were downloaded
  • Whether or not driver was using safety belt
  • Whether or not frontal airbag warning lamp was on
  • Driver frontal airbag deployment: time to deploy for a single stage airbag, or time to first stage deployment for a multistage airbag
  • Right front passenger frontal airbag deployment: time to deploy for a single stage airbag, or time to first stage deployment for a multistage airbag
  • Number of crash events
  • Time between first two crash events, if applicable
  • Whether or not EDR completed recording

As you can tell, most of this data is designed to aid in accident investigations, to help determine who was at fault, if any laws were broken, and to determine driver input compared to car performance to aid in investigations like the Toyota unintended acceleration incidents.


4. Who owns this data?

This is actually the best part about this new law, because it clearly states that you, the car's owner, owns the data. I don't think any of us are thrilled about having these things in our cars, but if it's going to happen anyway, a law like this is needed to protect car owners. I'm a firm believer that any and all data your car generates should be the easily-accessible property of the owner. As the IIHS says on their site about this:

EDRs and the data they store belong to vehicle owners. Police, insurers, researchers, automakers and others may gain access to the data with owner consent. Without consent, access may be obtained through a court order. For example, in a Florida criminal case involving a vehicular manslaughter charge, the police obtained a warrant to access the EDR data.

For crashes that don't involve litigation, especially when police or insurers are interested in assessing fault, insurers may be able to access the EDRs in their policyholders' vehicles based on provisions in the insurance contract requiring policyholders to cooperate with the insurer. However, some states prohibit insurance contracts from requiring policyholders to consent to access.


I'd be more concerned about what private insurance companies would do with this data than I am what the police would do with it, so if you're in a state that allows your insurance company to require you to let them access the data, make sure you carefully read your contract.

The fact that the data is your property will also prevent it from being used by advertisers and/or dealerships (whew) and law enforcement agencies will normally need a warrant to get the data. This point about requiring a warrant has already been tested in court, with the appeals court reversing an original manslaughter conviction of a California driver, stating of the police's access to the driver's Yukon's EDR data:

"We conclude that a motorist's subjective and reasonable expectation of privacy with regard to her or his own vehicle encompasses the digital data held in the vehicle's SDM."


That means the cops can't bully your car into testifying against you, its loving owner.

Illustration for article titled Everything You Need To Know About The Black Boxes Coming To Your Next Car

5. How is the data retrieved from the EDR?

The data is retrieved via either a connection to your ODB port in your car, or, if you had a really dramatic wreck that left your car strewn over a quarter mile of highway, the EDR itself may be removed from the mess and the data retrieved directly.


In order to help enforce the idea that the data is the owner's property, there have been proposals (and this patent) for lockable OBD port access panels.

6. So if it's my data, can it be used against me in court?

Oh hell yes. You own it, but warrants can be gotten, data can be downloaded, and, potentially, you could be screwed. Or vindicated. It's just data.


More alarming is the potential for unauthorized access, or even inadvertent access to the data. It's happened before, such as in the case of Nissan Leafs sending GPS and speed data in unencrypted text to websites for voluntary crowdsourcing and tracking of fuel economy data.

7. What should I be most concerned about?

This new law itself isn't too bad, in that if we accept that these recorders were already appearing on cars, it's good to have some legal protection of the data. What's more alarming are third-party tracking systems from companies like Progressive, which promise lower rates, but at the cost of making the consumer far more vulnerable. Plus, these private systems are not necessarily subject to the same laws that protect owners for the federally-mandated black boxes.


I sure as hell wouldn't want my insurance company tracking everything I do— their primary goal is to make money, and I don't trust my data would be used for any goals other than that.

8. So how should I feel about all this, in general?

Wary, but not paranoid. This new bill will give a reasonable level of protection, but never forget that while this will likely help greatly for traffic safety and accident investigation, there is a huge privacy hole being opened, and if we're not constantly vigilant and careful, abuses will happen.


As it stands now, with cable-based retrieval, you can have a reasonable degree of assurance that your data is safe. Some companies, like BMW, are experimenting with wireless transmission of this sort of data, to schedule maintenance and alert dealerships of service needs. If this becomes more common, safeguarding data integrity will become a much more difficult issue.

9. Are there any fun upsides?

Maybe, if these things are hackable. I'm picturing some interesting art possibilities using your car's data to produce interesting visualizations. Plus, wouldn't you like to hack this so your car can Tweet it's throttle position every minute? No? Me neither. But I bet there'll be some fun hacks to be found in these things.


(Sources: IIHS, Google Patent Search, Computerworld, Forbes)


BoxerFanatic, troublesome iconoclast.

This is a good article.

The CRUX of it is this:

Where under the US Constitution is it the Federal government's purview to legislate this, and mandate it, whether it is a good idea or not?

If it is a good idea, then car companies should offer it as a feature, and market it as a positive to the customer. The insurance companies should incentivize it in their premium costs.

Leave it to the free market.

Federal mandate means that the government is claiming a horse in this race, and they don't have the constitutional authority to do so.

And I have yet to see even a compelling rationale as to why they want it, if everything is so much above board.

This combined with OwnStar, under Gub'ment Motors, a company that has had these EDRs a long time now... I am not so sure it is above board. OwnStar can broadcast this data, along with more, and GPS coordinates and even an audio stream of the sound in the cabin to anywhere without notifying anyone in the car that it is happening.

If everything is above board, government has no reason to mandate this.

If everything is not above board, the government mandate is another step to a stronger surveillance state.

The next step after this will be *mandated* telematics or on-board cellular-based ISP systems, tied to the cars control systems on board, marketed as an enhanced safety feature for keeping drivers aware of things... when in fact it will be keeping the government aware of drivers.

Funny how you can't get a laptop, smart phone, tablet, and barely even a desktop computer without a camera and microphone anymore. And they popped up FAST a couple of years ago on nearly every device that can connect to the internet. A boon for intelligence gathering, when not many people were chomping at the bit to do video phone conversations at the drop of a hat...

Not everything is out in the light of day.