Richard Raysman and Peter Brown (ljh)
According to the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA), 96 percent of model year 2013 passenger cars are equipped with “event data recorders” (EDRs). EDRs, sometimes colloquially known as “black boxes,” collect specific safety-related data, including: the speed of the vehicle, whether the occupant’s seat belt was buckled, and the timing of any deployment of an air bag. The foremost purpose of EDRs is that the devices serve as a means of protecting manufacturers from law suits alleging that a deficiency in the automobile caused an accident. This EDR information is collected in a continuous loop; recording what happens before, during, and after an accident. As to be expected, this information is collected, and can be extracted by a myriad of third parties, irrespective of whether an accident has actually occurred.
EDRs have been in the news lately, as the NHTSA has introduced a proposed rule to make the inclusion of an EDR mandatory in all new vehicles to be manufactured after late-2014. In response to the proposed rule, Congress, in a rare bipartisan fashion, has taken action to ensure that privacy protections with respect to the ownership, accessibility and methods of use of the EDR data are vigilantly maintained. As discussed below, the proposed Driver Privacy Act (DPA) would make clear that any EDR information is considered proprietary information belonging to the owner of the vehicle, and that any EDR information can be collected only in limited situations.
Despite this pending legislation ostensibly designed to protect the privacy of the vehicle owner, questions abound from privacy advocates, think tanks, and courts about the efficacy and sufficiency of legislation such as the Driver Privacy Act. One group that advocates for robust consumer privacy protections—the Electronic Privacy Information Center (EPIC)—argued to the NHTSA that the decision to “mandate massive data collection” via the EDRs without amending current regulations ante to further protect individual privacy would be “contrary to reasoned decision making.”
After all, the rapid progress of technology may in and of itself warrant these types of fears. With one billion “connected machine-to-machine devices” estimated to be in highway transportation systems by 2020, of which greater than half will be devices such as EDRs that are embedded into the vehicle itself, a greater urgency is now associated with installing protocols that protect the privacy and security of the data disseminated by an EDR.
This article will explain the relevant developments in the intersection between privacy laws and utilization of EDRs, including: the recent NHTSA proposed rule requiring automakers to install EDRs in their cars starting on Sept. 1, 2014, and the rationale behind it; the Driver Privacy Act, a purported response to this proposed rule; and how courts that have confronted privacy questions surrounding EDRs, including those with Constitutional implications.
Proposed EDR Rule
Although nearly all new vehicles manufactured in the United States or for the U.S. market contained EDRs by 2012, the NHTSA proposed a new rule in December 2012 that would require all U.S. vehicles to contain an EDR starting Sept. 1, 2014. The rationale behind the rule is that EDR data helps all interested parties to understand how drivers respond in a crash, and whether key safety systems have operated properly in these scenarios. Ray Lahood, then the Secretary of Transportation, claimed that the proposed rule would give “critical insight and information we need to save more lives.”
Though privacy advocates like EPIC objected, or at least proffered suggested amendments, the NHTSA is likely to implement this rule in the near future. Though agency officials are on record stating that the NHTSA is still in the process of working towards a final rule, Congress, on both sides of the aisle, have taken note of the imminence of the implementation of the rule, and have begun to take action.
Even law enforcement officials admit that the original purpose of the EDRs was to heighten motor vehicle safety and “keep people less injured and alive.” However, as time passed, data gleaned from EDRs began to be utilized for other purposes largely unrelated to the safety of the passengers within an automobile. For example, EDR data was employed in a variety of court proceedings. EDR data has become an essential piece of evidence in certain cases, namely those related to wrongful death or negligence actions involving a variety of high powered vehicles, including trains. There now even exists a coterie of expert witnesses whose particular talent involves the interpretation and validation of EDR data.
The use of EDR data in unexpected ways has prompted concerns and questions. The other reason for heightened concern about the use and deployment of EDR data relates to the milieu in which the general public situates at present. Breaches of personal data, from credit card numbers to social security numbers, occur on almost a weekly basis. These breaches, or related issues, occur at a variety of different types of businesses, from big box retailers to banks to a company that offers identity theft prevention services. Couple these widely reported data breaches with an increasing public awareness of and backlash against and mass data collections, and the impetus arises for Congress to attempt to address the privacy implications of the use of EDR data.
The Driver Privacy Act (DPA) was approved by the Senate Commerce, Science, and Transportation Committee by a voice vote on April 9th of this year. The legislation, prompted by the NHTSA rules discussed above, was introduced by a bipartisan pair of Senators, and has since acquired more than 20 other co-sponsors. In essence, the DPA prohibits third-party retrieval of EDR data unless, among others: a court has provided authorization, the vehicle owner or lessee has provided consent, or the information is retrieved pursuant to an NHTSA recall and all personally identifiable information is not disclosed. The DPA also makes clear that EDR information is the property of the owner of the vehicle. Given that the PDA has support from Republicans and Democrats, and the Alliance of Automobile Manufacturers has endorsed the bill, one person close to the situation has characterized its passage as “reasonably good.”
Unsurprisingly, objections to the DPA materialized with alacrity. Critics cite to its limited scope and vagueness. For example, the DPA does not limit the total amount or types of data that is collectible by an EDR. As a result, EDRs could collect data about drivers in categories irrelevant to driver safety or legal compliance. Additionally, the DPA does not impose data security requirements nor afford owners or lessees the right to know what information has been collected or maintained by the data controller.
Others have objected to the DPA, and writ large, on the grounds that EDRs as currently constructed do not contain consumer protection ensuring the security of EDR data from third-party hackers. As vehicles continue to utilize complex and connected software that is stored either in the cloud or a centralized database, hackers could potentially “start with the path of least resistance” and break into these systems.
Case Law Discussion and Analysis
Though EDRs will almost certainly become a mandatory component of most vehicles later this year, manufactures have voluntarily installed the devices in their cars for nearly decades. It behooves them to do for a variety of reasons. First, it helps manufacturers avoid lawsuits based on manufacturing defects, design defects, or malfunctions of critical automobile components, all of which could lead to fatal accidents and thereafter, litigation. With the quantitative data produced by an EDR, admissible as evidence in most courts and generally considered scientifically reliable, manufacturers can avoid “he said, she said” disputes over what actually transpired antecedent to an accident. See People v. Ferguson, 194 Cal. App. 4th 1070 (Cal Ct. App. 4th 2011) (expert evidence that a vehicle was accelerating at the time of impact in a fatal crash was admissible). Put another way, EDR data can deduce if the accident is caused by human error, or by a problem with the vehicle. Second, automobile insurers have a comparable interest in the installation of EDRs, and thus the business relationship between insurers and manufacturers is enhanced by agreement about the necessity of EDRs. Finally, implementing EDRs can help manufacturers to ensure compliance with applicable federal and state regulations on driver safety and privacy.
As a result of the myriad incentives necessitating installation of EDRs, courts have confronted the implications of their use in a variety of contexts. In a recent opinion from the Supreme Court of Pennsylvania, Com. v. Gary, – A.3d – 2014 WL 1686766 (Pa. 2014), the majority opinion held that the search-and-seizure provision of the Pennsylvania Constitution was coextensive with the Fourth Amendment to the U.S. Constitution. Accordingly, in rejection of previous state jurisprudence, the court held that the pertinent Supreme Court precedents governed the interpretation and construction of the state search-and-seizure provision. The relevant Supreme Court precedents held that a warrantless search of a vehicle by law enforcement required only: (1) probable cause to search; and (2) exigent circumstances that necessitated such a search. See Maryland v. Dyson, 527 U.S. 465 (1999). Moreover, the Supreme Court has held that the inherent mobility of the vehicle is a sufficient exigent circumstance to justify the warrantless search of a vehicle. See Pennsylvania v. Labron, 518 U.S. 938 (1996) (per curiam). Previously, state courts in Pennsylvania had interpreted its search-and-seizure provision to require the existence of an exigent circumstance in addition to the inherent mobility of the vehicle in order for the warrantless search to be permissible. Gary essentially overruled these precedents insofar as in Pennsylvania in 2014 the only exigent circumstance required to justify a warrantless search is the inherent mobility of a vehicle.
Gary generated a vigorous dissent to this rule, a dissent at least partially premised on the existence of devices such as EDRs that collect copious amounts of data, some of which contain personally identifiable information. See Com. v. Gary, – A.3d –, 2014 WL 1686766, at *46 (Pa. 2014) (Todd, J., dissenting). As this dissent noted, EDRs are capable of capturing a “multitude of facts regarding the vehicle’s operation,” including the direction of travel, and GPS coordinates. As such, EDRs are situated within a group of products, such as Bluetooth, that are stored in vehicles and serve as repositories of “elaborate and personal” data. Accordingly, Judge Debra McCloskey Todd observed that “the need for legal protection for the privacy of the growing volumes of personal data collected by automobiles will only become greater with the passage of time.”
In another case involving EDR data, the defendant claimed that the inspection of the EDR within her vehicle after a fatal accident violated her Fourth Amendment rights affording freedom from unreasonable searches and seizures. See People v. Diaz, 213 Cal. App. 4th 743 (Cal. Ct. App. 2013). After the accident, the police had impounded defendant’s vehicle and utilized the EDR data to determine whether the defendant was speeding up or using the brakes at the time of collision. The EDR data showed that the defendant was accelerating at the time of collision. She was convicted of involuntary manslaughter and thereafter appealed.
On appeal, the principal proffered claim was that the warrantless search of the vehicle and subsequent seizure of the EDR was illegal. The court rejected this argument for a number of reasons. First, it noted that there is a lesser expectation of privacy while driving a car, and as such, officers are provided significant latitude to search a vehicle absent a warrant. Although the vehicle is ostensibly protected by the Fourth Amendment, the individual’s reasonable expectation of privacy yields to places within the vehicle for which there exists probable cause to search. See also State v. Abbey, 28 So.3d 208 (Fla. Dist. Ct. App. 2010) (excessive speed at time of accident constitutes probable cause to issue a warrant to download EDR data).
The appellate court in Diaz agreed with the trial court and found that there was probable cause to search for the EDR and download its data because “speed and braking are always relevant in determining the causes of the collision.” Additionally, the court rejected defendant’s notion of a reasonable expectation of privacy in the data downloaded from the EDR. Specifically, the defendant had no expectation of privacy in the speed on a public highway because it can be readily observed through devices such as radar guns, nor did the defendant possess an expectation in the use of the brakes since brake lights announce that use to the public. As such, the EDR data “merely captured information defendant knowingly exposed to the public,” and thus the search of the EDR data did not impinge on a reasonable expectation of privacy.
Though the case law remains scant at present, it appears that courts do not believe that a search, with a warrant or without, violates the Fourth Amendment. Although the dissenting opinion in Gary warns of the potential consequences that could emanate from wanton warrantless searches of EDR data, the cases that have confronted particularized facts that illustrate the usefulness of this data in determining the cause of accidents have uniformly concurred that the search of EDR data does not violate the Fourth Amendment. This is likely in part attributable to a lower standard of probable cause in scenarios dealing with EDR data. The nexus between determining the cause of an accident, and thus the culpability, and the data that can almost always provide insight into each of these components of a prosecution’s case is apparent. Doctrinally, seizing and downloading EDR data is helped by Supreme Court decisions that hold that the sole exigent circumstance required to sustain a warrantless search is the inherent mobility of a vehicle. Since this test applies to a sizable portion of vehicles post-crash, and the seizure of an item within the vehicle can be conducted even after the vehicle is immobilized and transported to a different location, the warrantless seizure and download of EDR data is subject solely to the less-than-stringent probable cause test discussed above.
Whether or not the DPA passes, it is likely that privacy and security concerns that arise from widespread use of EDR data will continue. Even if the DPA is signed into law, it does not restrict vehicle manufacturers from the types or amount of data that can be collected by EDRs. Thus far, courts have been functionally uniform in approving the use of EDRs as a means of assigning civil or criminal liability to drivers involved in accidents. Notably, this approbation persists despite complaints that the seizure of the devices constitutes a violation of the Fourth Amendment.
Richard Raysman is a partner at Holland & Knight and Peter Brown is the principal at Peter Brown & Associates. They are co-authors of “Computer Law: Drafting and Negotiating Forms and Agreements” (Law Journal Press),