Home/red-rock-eater/privacy issues in intelligent transportation systems

privacy issues in intelligent transportation systemswriting

historyprivacylibrariestelecommunicationsinternet-culturetechnology-policycommerceforwarded-contentpolitical-organizing
9 min read · Edit on Pyrite

Source

Automatically imported from: http://commons.somewhere.com:80/rre/1995/privacy.issues.in.intell.html

Content

This web service brought to you by Somewhere.Com, LLC.

privacy issues in intelligent transportation systems

``` ---

---

Intelligent Transportation Systems in the United States

Serious Privacy Issues -- Opportunity for Public Comment March 1995

Please pass this file to anybody who might be interested.

---

---

Intelligent Transportation Systems (ITS) is a very large program organized by industry and government to apply computer and communications technologies to transportation. If ITS lives up to its proponents' hopes then it will eventually affect virtually everybody. ITS systems are already implemented in many American states and other countries, particularly for automated toll collection, and numerous others can be expected soon. Architectures, standards, and regulatory frameworks for US national ITS systems are being formulated through a long, complex private-public partnership process that is already well under way. Although ITS promises to bring many benefits, if implemented incorrectly it can also pose a grave threat to personal privacy by making extensive information on individuals' travels available to governments, marketing organizations, and others.

The second half of this file contains the most recent draft of the "privacy principles" for ITS, now being circulated for comments by the industry group ITS America. If you do have any comments then I encourage you to submit them to ITS America; 400 Virginia Avenue SW, Suite 800; Washington DC 20024-2730.

I also strongly encourage you to obtain a copy of the November 1994 report on the DOT/ITS America national architecture plan from Mr. George Beronio; Federal Highway Administration; HTV-10 Room 3400; US Department of Transportation; 400 7th St SW; Washington DC 20590. For more information, see http://weber.ucsd.edu/~pagre/its-issues.html

I am circulating the draft ITS privacy principles on my own initiative and not as a representative of ITS America, the University of California, or any other organization. The comments that follow reflect my own views.

Here are some issues to consider:

* What will prevent states from giving local police broad powers to use ITS information for law enforcement purposes? Do the democratic processes in state legislatures provide enough protection, or should the architecture for ITS systems resist abuse through anonymity and other measures? What does "ambushed" mean, and what if anything does "reasonable expectation" mean in practice?* Is an opt-out system sufficient to prevent abuse of ITS information by marketers? Do opt-out systems work well enough in other areas, such as secondary uses of personal mailing addresses and associated demographic information? What specific guidelines might be required to ensure that the opt-out is "user friendly" enough? Would an opt-in system be preferable? Such a system would set the default differently, so that your personal ITS information would not be available to marketing organizations without your express consent.* Should ITS systems collect individually identifiable information at all? That is, should the architecture be designed so that databases end up containing personal travel information that is indexed in some form that can be merged with personal information from other sources? Or should the system be entirely anonymous?* To what lengths should ITS implementers be required to go in order to provide drivers with the option of using ITS anonymously? How easy should it be to pay with cash -- or with digital cash?* Should ITS privacy guidelines have the force of law? Which ones? What would these laws be like, what level of government would be responsible for them, and how would they be enforced? If the guidelines do not have the force of law, what guarantee is there that ITS implementers will follow them in a substantive way?* Who should be liable when ITS information is employed to violate an individual's privacy? ITS developers? States? Both? What statutory framework is required to ensure that violated individuals can pursue and receive adequate legal remedies?* How is the adequacy of ITS privacy safeguards to be determined? Who will make this determination? Will there be an ongoing evaluation? By whom?* Is it practical to specify privacy guidelines without detailed reference to the ITS system architecture? How could the guidelines specify relevant aspects of the architecture more precisely without sacrificing adaptability to a wide range of settings? Are restrictions on the architecture required to ensure privacy, or does it suffice to formulate guidelines like these independently of the development of the architecture?* Should ITS development be permitted to proceed before privacy requirements are adequately defined, widely discussed, and broadly approved? Have these requirements been adequately articulated thus far in the process? Are the guidelines clear enough? Are any passages vague or ambiguous? Does the Freedom of Information Act really require a balance between privacy and right to know? Or does privacy take priority?* Does the requirement for "visibility" (also known as "transparency") need to be defined more precisely? What guidelines might be needed to ensure that information about ITS data flows are available to the general public in a useful form?* Is it alright to permit non-ITS organizations to make unlimited use of ITS information that does not identify individuals? Can we envision any types of non-individualized information whose use the public has an interest in regulating?* In the paragraph on secondary uses, is the expression "information absent personal identifiers" restrictive enough? What about information without personal identifiers but with identifiers for particular automobiles? What about information with identifiers for particular "smart cards" or bank account numbers? Might there be other types of information that permit individual identities to be readily reconstructed through merger with other sources?* The word "appropriate" appears four times. Does this notion need to be spelled out more specifically? Can this be done without introducing excessive inflexibility? How?* Who should have an opportunity to comment on these guidelines? Should the comments be publicly available? How?* Is it reasonable that these guidelines are being developed by a private organization rather than by the government? What initiatives, if any, should the government be taking to ensure privacy protection in this area?

Although many of my views can be inferred from the way I have framed my questions, you are obviously free to draw your own conclusions about these matters and any others I might not have mentioned. I encourage you to communicate your views and to help make the issues known to the broad public that they affect. Public awareness is now virtually nil, and this is clearly unacceptable for an issue with the potential for such profound and pervasive consequences.

-- Phil Agre pagre@ucsd.edu http://communication.ucsd.edu/pagre/agre.html

---

---

ITS America

Draft Final Intelligent Transportation Systems Fair Information and Privacy Principles

These fair information and privacy principles were prepared in recognition of the importance of protecting individual privacy in implementing Intelligent Transportation Systems. They have been adopted by ITS America in "draft final" form. The Privacy Task Group of the Legal Issues Committee will present these principles for review and comment to organizations and groups interested in privacy and ITS outside of ITS America during 1995. They will then be submitted for final adoption to the ITS America Legal Issues Committee, Coordinating Council, and Board of Directors.

The principles represent values and are designed to be flexible and durable to accommodate a broad scope of technological, social, and cultural change. ITS America may, however, need to revisit them periodically to assure their applicability and effectiveness.

These principles are advisory, intended to educate and guide transportation professionals, policy makers, and the public as they develop fair information and privacy guidelines for specific intelligent transportation projects. Initiators of ITS projects are urged to publish the fair information privacy principles that they intend to follow. Parties to ITS projects are urged to include enforcible [sic] provisions for safeguarding privacy in their contracts and agreements.

* INDIVIDUAL CENTERED. Intelligent Transportation Systems (ITS)

must recognize and respect the individual's interests in privacy and information use.

ITS systems create value for both individuals and society as a whole. Central to the ITS vision is the creation of ITS systems that will fulfill our national goals. The primary focus of information use is to improve travelers' safety and security, reduce travel times, enhance individuals' ability to deal with highway disruptions and improve air quality. Traveler information is collected from many sources, some from the infrastructure and some from vehicles, while other information may come from the transactions -- like electronic toll collection -- that involve interaction between the infrastructure and vehicle. That information may have value in both ITS and non-ITS applications. The individual's expectation of privacy must be respected. This requires disclosure and the opportunity for individuals to express choice.

* VISIBLE. Intelligent transportation information systems will be built

in a manner "visible" to individuals.

ITS may create data on individuals. Individuals should have a means of discovering how the data flows operate. "Visible" means to disclose to the public the type of data collected, how it is collected, what its uses are, and how it will be distributed. The concept of visibility is one of central concern to the public, and consequently this principle requires assigning responsibility for disclosure.

* COMPLY. Intelligent Transportation Systems will comply with state and

federal laws governing privacy and information use.

* SECURE. Intelligent Transportation Systems will be secure.

ITS data bases may contain information on where travelers go, the routes they use, and when they travel, and therefore must be secure. All ITS information systems will make use of data security technology and audit procedures appropriate to the sensitivity of the information.

* LAW ENFORCEMENT. Intelligent Transportation Systems will have an

appropriate role in enhancing travelers' safety and security interests, but absent consent, government authority, or appropriate legal process, information identifying individuals will not be disclosed to law enforcement.

ITS has the potential to make it possible for traffic management agencies to know where individuals travel, what routes they take, and travel duration. Therefore, ITS can increase the efficiency of traffic law enforcement by providing aggregate information necessary to target resources. States may legislate conditions under which ITS information will be made available. Absent government authority, however, ITS systems should not be used as a surveillance means for enforcing traffic laws. Although individuals are concerned about public safety, persons who voluntarily participate in ITS programs or purchase ITS products have a reasonable expectation that they will not be "ambushed" by information they are providing.

* RELEVANT. Intelligent Transportation Systems will only collect

personal information that is relevant for ITS purposes.

ITS, respectful of the individual's interest in privacy, will only collect information that contain [sic] individual identifiers which are [sic] needed for the ITS service functions. Furthermore, ITS information systems will include protocols that call for the purging of individual identifier information that is no longer needed to meet ITS needs.

* SECONDARY USE. Intelligent Transportation Systems information coupled

with appropriate individual privacy protection may be used for non-ITS applications.

American consumers want information used to create economic choice and value, but also want their interest in privacy preserved. ITS information is predictive of the types of goods and services that interest consumers, for example the right location for stores, hospitals, and other facilities. However, that same information might also be used to disadvantage and harm a consumer. Therefore, the following practices should be followed.

* ITS information absent personal identifiers may be used for ITS and

other purposes.

* Other unrelated uses of ITS information with personal identifiers may

be permissible if individuals receive effective disclosure and have a user friendly means of opting out.

* Data collectors will only provide personal information to private

organizations that agree to abide by these privacy principles.

* FOIA. Federal and State Freedom of Information Act (FOIA) obligations

require disclosure of information from government maintained databases. Database arrangements should balance the individual's interest in privacy and the public's right to know.

In determining whether to disclose ITS information, governments should, where possible, balance the individual's right to privacy against the preservation of the basic purpose of the Freedom of Information laws to open agency action to the light of public scrutiny. ITS travelers should be presumed to have reasonable expectations of privacy for personal identifying information. Pursuant to the individual's interest in privacy, the public/private frameworks of organizations collecting data should be structured to resolve problems of access created by FOIA.

---

--- ```

This web service brought to you by Somewhere.Com, LLC.