Reimagining Privacy Solutions for the Age of Self-Driving Cars

| September 26, 2024 

USC ISI researchers collaborate on a study to analyze and enhance design approaches that tackle privacy challenges in robotaxis

Illustration of an autonomous taxi and mobile app

Photo credit: Scharfsinn86/iStock

A decade ago, engineers, designers, lawyers, and regulators collaborated to address digital privacy challenges, resulting in the creation of ‘privacy patterns’—standardized solutions to common privacy issues, similar to software templates. These patterns help developers embed privacy controls into their systems from the start, simplifying privacy engineering and making privacy-by-design easier to integrate into software development.  

But the original set of privacy templates, published on privacypatterns.org, focused on issues for enterprises and websites. Today, the digital landscape has expanded. Privacy concerns permeate diverse domains such as banking, energy, automotive, and aviation. It raises questions about the applicability of existing patterns to new technological frontiers.

A breakout question

This concern caught the attention of a group of scientists at a 2023 Dagstuhl Seminar, a prestigious research event held in Saarland, Germany. “Several of us at that workshop were in a breakout group where we talked about privacy engineering, and within that discussion, the notion of privacy patterns came up,” said David Balenson, a researcher at the USC Viterbi’s Information Sciences Institute (ISI), who attended the seminar. “The question was asked: Would these broader patterns designed for enterprises and websites apply in an automotive scenario?”

Inspired by their discussions at Dagstuhl, Balenson and his colleagues embarked on a collaborative study to investigate the applicability of privacy patterns in emerging technologies. They focused on self-driving taxis, or robo taxis, as a case study within the broader ‘mobility as a service’ (MaaS) ecosystem, which includes transportation services, such as Waymo or Uber, that are accessible via a single platform.

In the study, researchers put existing privacy patterns to the test, examining their effectiveness against potential privacy threats. They found that while some threats could be mitigated, there are still some gaps, and patterns face several hurdles for real-world application. 

To address this, the team contributed new ideas for how patterns could be better adapted and expanded to address unmet concerns. They presented their results at the 2024 International Workshop on Privacy Engineering – IWPE’24, collocated with 9th IEEE European Symposium on Security and Privacy at the University of Vienna in July.

“This research is crucial to shed light on privacy patterns as a major component to enhancing privacy in automotive applications and beyond,” said Ala’a Al-Momani of Ulm University in Germany, the lead author of the study. “The work analyzes these patterns to bring them into better applicability among privacy professionals in a world where the demand for privacy is continuously increasing.” 

Analyzing privacy patterns

The study began by identifying the various types of data available to different parties in a robotaxi scenario, which can be more complex than meets the eye. “The robotaxi has inward cameras, it has outward cameras,” Balenson said. “It might look at streets, it might look at pedestrians, it may actually look at the rider.”

This plethora of data could be used to improve service quality and ensure passenger safety. Yet it also has more invasive purposes, such as targeted marketing and personal identification, raising significant privacy concerns. “Without adequate regulation and controls, it’s sort of like the wild wild west, where anyone and everyone collects whatever data they want in hopes to monetize it,” Balenson said. 

To analyze potential threats from the data collection, the team applied a privacy threat modeling framework called LINDDUN, which stands for linking, identifying, non-repudiation, detecting, data disclosure, unawareness, and non-compliance. They then examined which existing privacy patterns could mitigate these threats and where gaps existed.

New needs for data protection

The study found that service providers and vehicle manufacturers of robotaxis pose great risk to customer privacy, with the ability to collect, process, and potentially misuse vast amounts of personal data. Existing patterns were able to mitigate some but not all of these risks, leading the researchers to propose ideas for new privacy solutions.

“This research identifies the gap in the current privacy patterns landscape and proposes new privacy patterns, complementing the landscape of these patterns to enable the development of privacy-preserving systems,” Al-Momani said. 

However, despite enhanced patterns, researchers noted the challenges in applying patterns to real-world scenarios, including the complex mobility ecosystem. They identified three main issues to application: conflicts between privacy and necessary system functions, gaps in addressing new privacy threats unique to autonomous vehicles, and a lack of clear guidelines for developers.

“Our findings indicate that while patterns may be a suitable approach, further research is necessary to fully ascertain their efficacy and applicability,” said Christoph Bösch of Bosch Research, a global engineering and technology company, who worked on the study. “There is still a significant gap between the conceptual framework of privacy patterns and their practical implementation.” 

ISI reinvigorates the field

To close this gap, Balenson and his colleagues organized a panel discussion following the study presentation, featuring some of the original experts from privacypatterns.org. They discussed the motivations behind the creation of privacy patterns, and what it would take to bring this important topic back into the spotlight.

The consensus of the panel, according to Balenson, was that privacy patterns are a great idea for the transportation sector and beyond. However, to get these ideas off the ground will require a strong collaboration between academia and industry. This teamwork is crucial to ensure that privacy patterns are not only theoretically sound but also practical and implementable in real-world scenarios.

Going forward, Balenson aims to leverage ISI’s resources and expertise to drive new innovation in this field. “ISI is working with the community to learn more about privacy patterns and to move things forward,” he said. “This is a call for the community to step up and join us.”

Published on September 26th, 2024

Last updated on September 26th, 2024

Share this Story