The instant growth of artificial intelligence (AI) has led to numerous improvements, such as autonomous vehicles (AVs). The security and privacy of personal data collected and processed by AVs have also become a critical concern with their widespread use. They are equipped with different kinds of advanced sensors to operate smoothly, such as LiDAR, camera, radar, GPS, and ultrasonic. Furthermore, the integration of driver monitoring systems (DMS), which use sophisticated sensors to monitor driver behaviour, is becoming progressively common. These systems apply eye-tracking and blink detection to identify symptoms of drowsiness and head position tracking to determine if a driver is tilting or nodding off. While these technologies play a fundamental role in road safety, they also raise considerable privacy concerns.
What are the risks related to privacy in AVs?
AVs do not merely gather data from drivers, either; they collect data from everything that surrounds them, which also poses a concern for pedestrians, passengers, and vehicles nearby. There are privacy concerns, especially in public and shared AVs, related to data ownership, surveillance, and consent, as many individuals may be recorded and analysed without their explicit consent.
Recent research highlights that deep learning and sensor fusion technologies, which combine data from various sources like cameras, LiDAR, and radar, are being increasingly added to improve the perception abilities of AVs. These developments expand the operation and consistency of the system, but even with the sensor fusion offering technical advancements, these systems are still vulnerable to cybersecurity threats, such as frustum attacks. These vulnerabilities may implicitly affect data reliability and, accordingly, the protection of personal data recorded during the AV’s operation. Therefore, it is crucial to implement efficient cybersecurity measures and robust data protection frameworks in tandem for the reliability and accountability of AVs.
This is why I am studying both legal and technical aspects to address these concerns in AVs, leveraging my multidisciplinary background. It is also important to find out the public's considerations about privacy issues in AVs and propose solutions accordingly. To achieve this human-centric approach, it is planned to conduct interviews with data objects such as pedestrians, drivers, and cyclists. But just gathering people’s opinions is not enough; it is also planned to conduct interviews with AV system developers and find applicable solutions accordingly.
Do we need to be alarmed?
Nevertheless, the current situation is not hopeless. We do not need to be alarmed about AVs, at least, not yet. We are not unprotected. As a sign of these privacy concerns, Regulation (EU) 2019/2144 particularly emphasizes that collected data and processed by these kinds of technologies must be limited to what is exactly required to identify driver tiredness and distraction. It also stresses the need to minimize the scope of data collection in order to protect the users' privacy. Pedestrians are mostly concerned about the external cameras in AVs. But these cameras are not equipped with facial recognition technology, so it is not possible to identify a person who crosses next to an AV. This also means that the external cameras do not process special categories of data that are stated in the General Data Protection Regulation (GDPR) Article 9.
What should we be aware of?
The most important potential risk about privacy issues in AVs, as well as the collected data, is that these intelligent systems can track people’s behaviours and make patterns accordingly. For example, you may not save your house’s address or your child’s age to the system, but the system can detect each night you park your car at the same place and you drop someone off at an elementary school every morning. With this information, the system can detect your house address and you have a child around 7-12 years old, even if the data are stored as anonymised. This information is especially valuable while we mostly use the technology not alone but together with our other devices, thanks to the Internet of Things. For example, we connect our smartphones to AVs, which can match that data and increase the risk of re-identification.
This is why we need to demand regulations that protect our privacy, which do not currently fully protect us when it comes to the rapid development of AI.
Naz Karatas
The writer is a doctoral researcher at the Department of Computing.
Further Reading:
- J. A. Daniel et al., Fully Convolutional Neural Networks for LIDAR–Camera Fusion for Pedestrian Detection in Autonomous Vehicles, Multimedia Tools and Applications. [https://link.springer.com/article/10.1007/s11042-023-14417-x]
- General-Purpose Deep Learning Detection and Segmentation Models for Images from a Lidar-Based Camera Sensor. [https://www.mdpi.com/1424-8220/23/6/2936]
- Security Analysis of Camera-LiDAR Fusion Against Black-Box Attacks on Autonomous Vehicles. [https://www.usenix.org/conference/usenixsecurity22/presentation/hallyburton]
