The DSRC/V2V/Connected Car Emperor has no clothes

Topic: 

Plans are underway to ask for a legal mandate to install radio communications devices in all new cars, starting around 2020. These radios would do "vehicle to vehicle" (v2v) and vehicle to infrastructure communication using a wifi-derived protocol called DSRC.

These plans began long ago, when all of us wondered, "wouldn't it be cool if computers in cars could talk to other cars?" It seemed like it should be cool but in fact, after decades of trying, very few useful applications have actually shown up. However, that has not stopped fans of the idea. They had almost given up when robocars came along. As the hype built over robocars they realized that they might have an application there, and this application could make their solution finally find its problem. Since then, there have been many declarations that V2V communication is important or even essential for robocars. That what this is all really about is the "connected car." Whole conferences and industry groups push heavily on the connected car concept.

Of course robocars will be connected, but barely. They will want updates to maps and on road conditions and events -- the same things you see if you run programs like Waze. When parked, they will also want updates to their software and more detailed map data. But no sane designer plans to have them depend on real time connectivity. It might provide useful information, but it often won't, and you need to depend on things you built and tested that work 100% of the time. Everything else is just a little gravy.

I have written many comments on the issues with v2v and related technologies. Recently, the DSRC fans got a proposal in place for the government to mandate all new cars come with DSRC radios which will, among other things, constantly broadcast their position and what they are doing. The government will mandate a decade old radio technology that is already obsolete, and which probably will never work, and certainly won't work as well as other technologies which are arriving without government help in mobile phones and data networks.

There was a comment period. I wrote up a commentary, and have expanded it into an essay on:

Why the V2V "emperor" has no clothes.

Connected Autonomous Vehicles -- Pick 2.

Comments

I should preface this comment with the statement that I'm agnostic on V2V systems. As you suggest, the value is incremental and there is some risk.

That said, I'm surprised that you have such a negative take on V2V. For one thing, in our discussions of lidar you've suggested that the extra cost it adds to a robocar (thousands of dollars, in this case) is negligible if it results in any improvement in safety at all. So to object to the cost of something that probably turns out to add $20 in cost to a car seems kind of inconsistent. Having a radio beacon on a vehicle that broadcasts the vehicle's state continuously doesn't seem like such a bad idea. Similar beacons on fixed road features, construction sites, accident sites, or even special situation vehicles (cyclists?, blind pedestrians?) could improve safety in a meaningful number of situations. There are things that no lidar, radar, or camera can see which are relevant, like a car stalled on the inside edge of a high speed blind curve, or an emergency vehicle speeding through an intersection congested with large trucks. There's very real potential to improve safety even for otherwise very capable robcars.

The security risk is there, of course, but it's not a particularly big obstacle at the transmit end since the beacon can be pretty simple and doesn't need access to any vehicle control systems. At the receive end it's just one more sensor which like any other could be spoofed and which like any other needs to be intelligently managed relative to the reliability of the data it provides and the overall situation. The implication that just having a radio receiver on a car necessarily leads to increased likelihood of being hacked is very weak. All new cars will soon have radio receivers for software updates anyway and that vector is much more risky than a much simpler radio beacon receiver.

As for grievers and the like - the world already abounds with simple opportunities for those so inclined. It's easy to throw a handful of cheap and disposable tire-puncturing objects onto a road, drop a brick from an overpass, or sabotage a traffic sign. Adding radio beacons to cars isn't going to meaningfully increase the opportunities for miscreants assuming the implementers of vehicle receivers aren't naive.

And privacy? If someone wants to monitor all the traffic going through an intersection a license plate camera will already do that just fine. Within a few years public cameras monitored by image recognition systems are going to eliminate technical barriers to privacy violation pretty thoroughly. The solution to that is going to have to come in the form of a social consensus on privacy rights and obligations. Technical conventions will have little effect there except in the very short term.

The issue with V2V is not just that it provides only modest benefit. It's the flawed design that stops it from doing even that. It depends on somebody else doing their part, which only happens with a law, and the law usually fails at such things. So it's not $20 extra (eventually), it's $20 for every single car on the road. Or at least tens of millions before it provides some value. LIDAR gives a value to the car that uses it today. The designer of that car can judge if the cost and benefit match, and make the decision. If a better LIDAR or other sensor comes out, they can switch. If LIDAR stops being worth it, they can stop using it.

To do V2V right everybody has to do it, and in the same way, which means under a government enforced standard. This is really, really hard to do, and impossible to keep current with the times in a fast changing technological world. And then, to boot, it adds security risk. And you didn't build or test it, and you want to trust your life to what some other car vendor made?

The beacon does not present a security risk to the transmitter but it does create a privacy risk. But once you receive, it's another story. Inherent in v2v is receiving messages from random parties along the road, lots of them. You're a server now, you aren't just a client -- it's a whole new risk category. The messages must be processed by the driving systems of the car, the most critical ones. In theory we need not care if the infotainment system is put at risk (though that has been the path in to many cars in recent attacks) but the driving system is the most important to secure.

As for software updates over the radio -- I am not so sure about that. These are cars, after all. They don't need to get their software updates long range. They can travel to where they will get updated, perhaps by a physical plug or short-range radio link.

Griefers are not the only thing to worry about, but they add to the list.

Yes, they have licence plate readers. But this makes it much easier, and makes it easy to do it invisibly.

$20 strikes me as a really cheap piece of safety equipment. Backup cameras cost many times that amount, and the safety potential of backup cameras is quite a bit less than that of vehicle transponders. So it would cost $200MM/year to outfit U.S. cars with transponder systems. Economic losses due to traffic collisions, according to the NHTSA, are on the order of $1T per year. So if transponders reduce collision rates by 0.02% in a steady state condition then it's an economic win. I'd be shocked if transponders could not provide a useful warning more often than one time in 5000.

I'm not familiar with the details of V2V proposals. But your analysis doesn't seem to fit the vehicle transponder model. There's incremental value to be had in having the transponder even if only a fraction of vehicles have it. If my car breaks down on a foggy mountain road and it has a transponder to broadcast it's dilemma to approaching vehicles then that reduces the number of cars that might crash into me while I'm waiting for a tow. It doesn't require universal adoption by other vehicles to start having a benefit. And I don't understand your claim that it would require a mandatory standard to work. Web protocols are really complicated and they don't require legally mandatory standards to work. There's no law that says my web browser has to implement http in a particular way, and yet web browsers seem to work pretty well. Vehicle manufacturers have an incentive to do a decent implementation because otherwise it's not a salable safety feature, and failure to implement it reasonably would open manufacturers to liability. A relatively few vehicle manufacturers account for a large fraction of all vehicles on the road so even a few of them rolling transponders out into their new vehicles would rapidly create a large base of usable signals. Compatibility testing would not be difficult if the protocol were kept simple.

Of course, sloppy implementation of transponder signal receivers can create risk. But a sloppy implementation of a camera or a radar, which also feed actionable messages into the driving system, can also create risk. Just as you might receive messages from many transponders your lidar receives many potential signals from street signs, dogs, and potholes. All of those have to be interpreted as potentially flawed and managed accordingly. Sometimes transponders will broadcast the wrong location because they have a bad GPS signal, or they will broadcast the wrong code because they are malfunctioning or misconfigured. Received signals have to be interpreted with the understanding that noisy and even malicious input is a possibility. The receiver doesn't need to be a control channel, it can just be a sensor.

Aircraft have transponders and receivers and have had them for many years. And aircraft seem to be popular targets for sabotage, at least if our national security tribes are to be believed. I would think that if the transponder model had ineradicable security flaws that we'd have seen them exploited by now.

Again, it's not $20 for value, it's $20 for everybody. And no value until you get a lot of people using it. So you pay $20 ($100 at retail level) for nothing on day one, and it slowly starts to gain small amounts of value. You have sold your 2020 car long before you ever got any value from it, but the guy who bought it from you in 2026 got a small value, and the 2030 buyer a bit more.

If you got to everybody with a radio, it would help. But at huge cost, and 20 years from now. If, in 1995, a law had required every car to buy a 1995 cell phone, then today every car on the road would have one. A 1995 cell phone, that is. Which nobody would want. (Actually, at least the 2017 phones can do all their goodies and still talk to the 1995 phones if there are still analog towers -- which there aren't -- so this would work better.)

For your car stalled there is already a solution. Transmit to public traffic databases that you are stalled, and everybody will know in 1-2 seconds. A crash with a stalled car only has a tiny probability of happening the moment you stall. This requires nothing -- it already exists. Millions of people run programs like Waze which warn me of stalled cars ahead on the road today. All that's missing is your car automatically telling databases like waze about it.

The issue about being sloppy is this. I control, test and certify the sensors in my own car. I have no control over other people's. My sensors detect what is really there. A street sign may be flawed (though generally cars prefer not to read signs but to have a map of them) but the sensor will detect what it is, and you can fix it.

Nice comments, James! I have a colleague here at UT Austin (Chris Claudel) who can build such transmitters/receivers at $50 each for docking/securing inside conventional vehicles (e.g., on the dashboard). I believe most of our existing fleet will add these devices quickly, to reduce crash likelihood & thus save on insurance, and to signal to red lights (e.g., late at night, when others aren't around) that they are coming & would love a green light (making many signals more efficient). A simple app on our phones (communicating with the docked device) will alert us to problematic trajectories (e.g., of red-light runners to our side & pedestrians in the darkness), will report recent wildlife crossing in the area (e.g., a deer pack siting), and will communicate with roadside units warning of slippery curves ahead (from a recent CV's report). In this way, we "educate"/enlighten most of the existing fleet rather quickly, improving safety & site-specific information. What do you think Brad?

The problem is that even if it's cheap to add to your car (and $50 is not cheap in the auto world) it doesn't help you unless the other cars also do it. Never has a network technology been created that did not provide value to the first customers. You will never see all cars doing this so you need to detect them, and those deer, without it.

However, many of the applications you specify have no need for low latency and are better done via mobile data networks. What's left is just knowing about cars you can't see. Which is nice, but is it enough to justify this plan?

Add new comment