CEI Comments to NHTSA on Vehicle to Vehicle Communications
On behalf of the Competitive Enterprise Institute (“CEI”), I respectfully submit these comments in response to the National Highway Traffic Safety Administration’s (“NHTSA”) Notice of Proposed Rulemaking regarding Federal Motor Vehicle Safety Standards; V2V Communications (“NPRM”).[1] CEI is a nonprofit, nonpartisan public interest organization that focuses on regulatory policy from a pro-market perspective.[2] CEI previously submitted comments in response to NHTSA’s 2014 Advance Notice of Proposed Rulemaking regarding Federal Motor Vehicle Safety Standards; Vehicle-to-Vehicle (V2V) Communications.[3]
Our comments develop the following points:
- NHTSA fails to adequately consider technology alternatives to Dedicated Short Range Communications (“DSRC”);
- Secure Credential Management System (“SCMS”) issues remain unresolved;
- Requiring owner consent for each V2V software update undermines the potential safety benefits of the mandate; and
- NHTSA fails to adequately consider interactions with vehicle automation technologies.
I. NHTSA Fails to Adequately Consider Technology Alternatives to a DSRC Road Side Equipment Network
To NHTSA’s credit, it does accept the possibility that alternative V2V technologies in the future will outperform DSRC and that alternative compliance with non-DSRC V2V technologies will be permitted provided the alternatives are interoperable with DSRC.[4] However, NHTSA’s currently contemplated V2V-DSRC approach remains flawed.
NHTSA’s “two-radio” DSRC-exclusive approach would rely extensively on roadside equipment (“RSE”) to provide connectivity to the SCMS.[5] NHTSA estimates nearly 20,000 RSEs would need to be deployed throughout the National Highway System to provide secure nationwide V2V connectivity.[6] NHTSA then compares estimated future costs of a two-radio DSRC-exclusive approach with a hybrid “one-radio” approach that would harness existing communications technologies such as cellular and Wi-Fi.
Yet in considering these costs, NHTSA fails to distinguish between public and private costs. Under the two-radio approach, federal and state funding would need to be provided to deploy a nationwide RSE infrastructure network. In contrast, the one-radio approach would harness existing private infrastructure networks and require private providers and users to bear the costs of V2V.
At a time where state and local transportation infrastructure facilities face large maintenance backlogs, approaching reconstruction needs, and uncertain funding, NHTSA’s failure to adequately consider fiscal burdens in its analysis of alternatives is troubling. Further, questions remain as to NHTSA’s authority to even regulate the public RSE network.[7]
Finally, the timeframe NHTSA estimates a V2V rollout under the mandate is surprisingly similar to many industry estimates of the rollout of 5G cellular technology.[8] With 5G cellular, many of the concerns of latency and capacity with existing 4G cellular networks is mitigated.[9] The deployment of 5G would rely on private infrastructure upgrades of existing cellular networks rather than assume public funds will be made available for the creation of a new RSE network.
For these reasons, NHTSA should better consider superior, less costly alternatives to a DSRC-centric V2V mandate.
II. SCMS Issues Remain Unresolved
As NHTSA notes in the NPRM, it “has included no regulatory text for SCMS-based message authentication and instead has a bracked [sic] placeholder for where it would be if this were to be part of a final rule.”[10] The agency then goes on to say, “NHTSA strongly believes in the need for cybersecurity, which is essential to the public acceptance of increasingly computerized vehicle systems, to the safety technology they govern, and to the realization of the safety-enhancement potential they offer.”[11]
Despite the years of work by NHTSA and industry groups attempting to address cybersecurity and privacy concerns by way of SCMS-style basic safety message authentication, it still has not determined what such a system would look like or even who would operate and maintain it.[12] Further, the discussion of the issues involved is so broad and vague that NHTSA even entertains the possibility of not requiring message authentication at all.[13]
If cybersecurity protections are “essential,” as NHTSA alternatively claims, to the operation and public acceptance of the technologies at issue, it should not proceed with a rulemaking until it answers these critically important questions—and proposes regulatory text subject to notice-and-comment.
It is highly unusual for an agency to fail to include proposed regulatory language in its NPRM, as the Administrative Procedure Act as interpreted by the courts requires that a final rule follow a “logical outgrowth” from the proposed rule.[14] As a commentator noted with regard to another recent proposed rule that omitted regulatory text, “‘Outgrowth’ implies something to grow out of. The public cannot be asked to ‘divine’ the agency’s ‘unspoken thoughts.’ And words matter. Specific word choices, and even the placement of a comma, can make a significant difference in how a regulation is interpreted and applied by the [agency] itself and federal courts.”[15]
The issue of whether or not mere vague discussion of the issues involved is sufficient to satisfy the “logical outgrowth” test has not yet been decided by the courts. At the very least, NHTSA should issue a supplemental notice of proposed rulemaking as soon as it develops the proposed SCMS regulatory text, as the inclusion of such language would constitute a substantive change to the NPRM and the public deserves the opportunity to comment.
III. Requiring Owner Consent for Each V2V Software Update Undermines the Potential Safety Benefits of the Mandate
NHTSA concedes it lacks the legal authority to require consumers to update V2V device software and security certificates.[16] Further, it notes that “V2V will not work if they are out of certificates or in need of some other kind of update.”[17] NHTSA proposes that manufacturers provide telltale lamps or messages to alert consumers that the V2V system has malfunctioned or is disabled.[18]
Yet, the agency does not contemplate consumer responses to these telltales or messages. For instance, the Car Care Council recently estimated that “[n]early one out of 10 vehicles had the check engine light on.”[19] As consumers have become accustomed to excessive automated warnings displayed in their vehicles, many appear to have discounted the warnings altogether.
It can be reasonably anticipated that consumers will respond to a V2V failure telltale or message in a fashion similar to their present response to “check engine” telltales. This should be particularly concerning to NHTSA as informed consumers will know that the safety benefits of V2V, and thus the costs of nonfunctioning V2V devices, are projected to be trivial in the initial deployment years. Perceived privacy and cybersecurity risks on the part of consumers would amplify this effect.
If consumers do behave in this manner, NHTSA’s projected benefits of V2V should be significantly reduced. The agency spills a significant amount of ink discussing misbehavior rates, but very little on what could be termed “apathy rates.” NHTSA should address this major omission before proceeding with a final rule.
IV. NHTSA Fails to Adequately Consider Interactions with Vehicle Automation Technologies
CEI appreciates NHTSA addressing our earlier comments in response to the 2014 advance notice of proposed rulemaking.[20] However, NHTSA’s consideration of the interplay between vehicle automation systems and the proposed V2V mandate remains lacking.
First, NHTSA does not resolve cybersecurity concerns stemming from the interaction between vehicle automation systems and forced V2V connectivity.[21] As is noted above, it is inappropriate for NHTSA to proceed with a rulemaking until SCMS issues are resolved. This is especially important with respect to potential interactions between forced V2V and vehicle automation systems, where the risk of catastrophic incidents that result from misbehavior is significantly greater relative to forced V2V without vehicle automation systems.
Second, automated vehicle developers continue to express little interest in forced V2V.[22] Even the strongest automaker supporters of the V2V mandate are currently developing automated vehicle prototypes without V2V connectivity.[23] Many in this emerging industry are outright hostile to NHTSA’s proposed rule and have expressed the same concerns regarding the obsolescence of DSRC and the cybersecurity and innovation risks posed by a V2V mandate as many did in 2014.[24]
Finally, forced V2V will at best serve as a distraction for automated vehicle developers. NHTSA’s proposed rule repeatedly hedges its discussion of V2V technology and its benefits with words such as “potential” and “promising.” As Princeton University’s Alain Kornhauser has noted:
One must always be well aware of the caveats! Here the caveats are “potential” and “fully deployed”: Potential implies that vehicles don’t already have Automated Collision Avoidance (ACA) systems that work (aka ‘Safe-driving Cars’). If they do, the potential incremental reduction of crashes that this proposed rule would have is a small fraction of what is claimed above. Moreover, an infinitesimally small portion of what is already a small fraction can’t be achieved until there is substantial deployment. V2V only avoids crashes between vehicles that both have the mandated technology. That means that the chances that V2V can play a part is the product of the probability that vehicle A has it and the probability that vehicle B has the technology. It isn’t until 70% of the vehicles on the road have the technology that there is even a ‘Coin flip’s’ chance that V2V could play any part in avoiding a crash (0.7 x 0.7 = 0.49!) That level of penetration isn’t going to happen for at least 25 years given that there is no “retrofit” requirement.
At 33% deployed (which might be achieved in 10-15 years), V2V is only 10% effective at potentially avoiding crashes that haven’t already been avoided by ACA…. Essentially no value is achieved until we’ve been really successful at deployment/adoption and what’s been adopted/deployed actually works.[25]
Given these uncomfortable realities, it is unsurprising that NHTSA would frame its discussion of V2V benefits with a significant degree of uncertainty. It also suggests that NHTSA’s approach in this proceeding is fundamentally misguided.
Conclusion
CEI appreciates the opportunity to comment on the NPRM. For the reasons above, we urge NHTSA to withdraw its proposed V2V rule.
[1]. Federal Motor Vehicle Safety Standards; V2V Communications, Notice of Proposed Rulemaking, Docket No. NHTSA–2016–0126, 82 Fed. Reg. 3854 (Jan. 12, 2017) [hereinafter NPRM].
[2]. See About CEI, https://cei.org/about-cei (last visited Apr. 2, 2017).
[3]. Comments of the Competitive Enterprise Institute in the Matter of Federal Motor Vehicle Safety Standards; Vehicle-to-Vehicle (V2V) Communications, Advance Notice of Proposed Rulemaking, Docket No. NHTSA–2014–0022, 79 Fed. Reg. 49270 (Aug. 20, 2014), available at https://www.regulations.gov/document?D=NHTSA-2014-0022-0662.
[4]. NPRM, supra note 1, at 3896–3897, 4018.
[5]. Id. at 3969.
[6]. Id. at 3975.
[7]. See 49 U.S.C. § 105(c)(1), which limits NHTSA’s authority over certain aspects of highway safety, including over the traffic control devices to which some RSEs would connect.
[8]. See, e.g., IHS Economics and HIS Technology, The 5G economy: How 5G technology will contribute to the global economy (Jan. 2017), available at https://www.qualcomm.com/invention/5g/economy. A study commissioned by Qualcomm projects widespread 5G deployment will begin in 2020, the same year NHTSA’s proposed V2V mandate would begin its phase-in with model year 2021 light-duty vehicles.
[9]. Id. See also Roger Lanctot, The Fastest Route to V2V, Strategy Analytics Blogs (Nov. 7, 2016), https://www.strategyanalytics.com/strategy-analytics/blogs/infotainment-telematics/2016/11/07/the-fastest-route-to-v2v.
[10]. NPRM, supra note 1, at 3911.
[11]. Id. at 3915.
[12]. See, e.g., Comments of Secure/Set in the Matter of Federal Motor Vehicle Safety Standards; V2V Communications, Notice of Proposed Rulemaking, Docket No. NHTSA–2016–0126, 82 Fed. Reg. 3854 (Jan. 12, 2017), at 12, available at https://www.regulations.gov/document?D=NHTSA-2016-0126-0117.
[13]. NPRM, supra note 1, at 3917.
[14]. See, e.g., Fertilizer Inst. v. EPA, 935 F.2d 1303, 1311 (D.C. Cir. 1991). See also Phillip M. Kannan, The Logical Outgrowth Doctrine in Rulemaking, 48 Admin. L. Rev. 213 (1996).
[15]. Tammy D. McCutchen, Working on Overtime: The U.S. Department of Labor’s Proposal to Revise the Overtime Exemption Regulations, 16 Engage 3 at 70 (Oct. 2015) (citations omitted).
[16]. NPRM, supra note 1, at 3958.
[17]. Id.
[18]. Id. at 4016.
[19]. Car Care Council, “Car Care Events Reveal Need for Increased Maintenance,” Car Care Council website (Mar. 21, 2012), http://www.carcare.org/car-care-events-reveal-need-for-increased-maintenance/.
[20]. NPRM, supra note 1, at 3866. See also Comments of the Competitive Enterprise Institute in the Matter of Federal Motor Vehicle Safety Standards; Vehicle-to-Vehicle (V2V) Communications, supra note 3.
[21]. See, e.g., Comments of Robert Bosch LLC in the Matter of Federal Motor Vehicle Safety Standards; Vehicle-to-Vehicle (V2V) Communications, Advance Notice of Proposed Rulemaking, Docket No. NHTSA–2014–0022, 79 Fed. Reg. 49270 (Aug. 20, 2014), available at https://www.regulations.gov/document?D=NHTSA-2014-0022-0775.
[22]. See, e.g., Waymo, “Technology,” Waymo website (last accessed Mar. 28, 2017), https://waymo.com/tech/.
[23]. For instance, General Motors’ Chevrolet Bolt EV automated vehicle prototype does not rely on V2V connectivity.
[24]. Michaela Ross, Regulatory Chill May Pivot Connected Vehicle Tech’s Course, Bloomberg BNA (Feb. 8, 2017), https://www.bna.com/regulatory-chill-may-n57982083525/.
[25]. Alain Kornhauser, “Waymo-121416,” Northeast Connected and Automated Road Transportation Safety Consortium website (Dec. 15, 2016), http://www.necarts.org/1347-2/.