Cars are increasingly equipped with functions that take decisions away from drivers and assign them to electronic devices. The 'Sartre' research project currently under way in Europe for the first time exceeds a limit: In the context of the project, drivers are no longer responsible for what the car is doing; they can lean back and relax. This raises a number of questions. Cultural ones, legal ones. And, first of all, questions about the security of the technology used.
The research project has various goals: By electronically connecting several cars to a "train" of vehicles moving along at a uniform speed without abrupt and risky maneuvers, it could help to reduce the number of accidents and fatalities. At the same time, it would help to reduce fuel consumption and thus attenuate the negative impact of individual mobility to the environment. Last but not least it would free the drivers from the onerous but not very productive task of controlling the vehicle during commuting; instead he (or she) could do something more interesting.
So we see purely good intentions and goals? Yes, but there are some interesting questions that need to be answered before such a concept can hit the motorways.
For instance, who will be liable in the case of a rear-end collision. In the context of the idea propagated in the Sartre project such accidents will only be possible as a consequence of a technical failure but not for human error this is what the idea is about.
But technology always can fail; there is no such thing as zero failure certainly not in systems as complex as a cluster of vehicles of which each single one in itself forms a complex network of embedded computers.
What however is even more scaring is the view that such a formation is prone to malicious manipulation from third parties. One only needs to read a recent report on cybercrime to see that we are not exactly living in an ideal world. While in cyberspace the authors of viruses and other malicious software are mostly interested in other people's money and to some extend in the cheap thrill of doing some material damage, the potential for damage in electronically controlled road traffic is much higher: In the worst case, lives are at stake.
Certainly, the industry will establish security measures that keep malicious interferers out. However, I am not sure the automotive design chain is prepared for the security challenges associated with such a project. In the past, the industry has handled security issues on a case-by-case basis, and the players acted without any cooperation or even coordination. No comprehensive concepts are in place to handle systemic security risks.
Before the general public can be confronted with such a system, this needs to change. A good hint where to look at is commercial data processing where the 'Common Criteria for Information Technology Security Evaluation' have been established as a generally accepted concept.
Related articles and links:
Research project aims at autonomous passenger cars
Safety, security set to drive embedded apps
Embedded security challenges in automotive designs, Part 1