The Black Box in your Car

Michael E. Kirkpatrick ·

If you’re driving a car that was made post 2014, the U.S. Department of Transportation’s National Highway Transportation Safety Administration (NHTSA) has mandated that your vehicle have an event data recorder (EDR) installed. I didn’t realize such things existed until I read this morning’s Monday Note from Jean-Louis Gassée entited “Complicated, Hackable Computer Systems On Wheels”. Think of an EDR like a airplane’s “Black Box” but for your car. According to the NHTSA, an EDR collects “specific safety-related data”, collected “in the second before and during a motor vehicle crash”. From the NHTSA’s press release announcing the proposed new standard:

Examples of some of the information recorded include:

  • vehicle speed;
  • whether the brake was activated in the moments before a crash;
  • crash forces at the moment of impact;
  • information about the state of the engine throttle;
  • air bag deployment timing and air bag readiness prior to the crash; and
  • whether the vehicle occupant’s seat belt was buckled.

EDRs do not collect any personal identifying information or record conversations and do not run continuously.

“EDRs provide critical safety information that might not otherwise be available to NHTSA to evaluate what happened during a crash – and what future steps could be taken to save lives and prevent injuries,” said NHTSA Administrator David Strickland. “A broader EDR requirement would ensure the agency has the safety-related information it needs to determine what factors may contribute to crashes across all vehicle manufacturers.”

It’s not clear who has access to the EDR data after you’ve been in an accident. At a minimum the NHTSA and the car manufacturer can get that data. Who provides that data to those parties is unknown. It could be local law enforcement who respond to the scene of a motor vehicle accident or it could be a third party (car repair shop, tow truck, etc.).

I certainly don’t mind safety improvements that come from regulators and manufacturers better understanding the cause of accidents. If there are systemic issues that can be observed in this data set, that is advantageous to manufacturers and regulators alike.

My question is more along the lines of where do we, the public, draw the line about information we share with the government (NHTSA in this example) and third parties like major car companies? Isn’t my car crash my own private information? Perhaps I should be allowed to opt-in to that information sharing. My big question is this: Why is information about my car, and its configuration prior to and during a crash, automatically captured and available to others after I’ve been in an accident?