The economic and environmental factors that have driven the development of driverless motor vehicle systems have finally placed us right at the very beginning of fully automated cars and trucks on American highways. Recent high-tech developments have made driverless vehicles a practical reality already — in April 2016, a platoon of driverless trucks traveled across Europe. Several months later, a beer truck in Colorado drove more than 100 miles without any direct control by its human operator. The technology for driverless cars and trucks is already firmly established and will become commercially available very soon. How can we be sure that driverless vehicles will be safely designed, manufactured and operated?
The National Highway Traffic Safety Administration (NHTSA) released its Federal Automated Vehicles Policy in September 2016. This document covers the primary safety considerations that driverless cars and trucks will need to address, but it does not offer any specific performance standards that a manufacturer or end user will need to meet in order to operate a driverless vehicle safely. Instead, the new federal policy identifies safety issues of particular concern. The policy further directs designers and manufacturers to show how they have taken the federal guidelines into account, with more specific and enforceable rulemaking expected in the coming months and years.
Driverless cars and trucks, or “highly automated vehicles” (HAVs), depend on a closely integrated system of sensors, communication technology and artificial intelligence in order to first perceive road and traffic conditions, then respond to hazards with greater speed and certainty than human drivers.
Theoretically, at least, HAVs in widespread use will improve highway safety, given the finding that nearly 95 percent of motor vehicle accidents can be traced to an error or choice made by a human driver. By eliminating the driver, HAVs can be expected to significantly reduce the potential for human error in motor vehicle operation. If HAVs on American highways generate their own unmitigated risks, however, the net gain in transportation safety could be compromised or lost altogether. The new Federal Automated Vehicles Policy represents a first step toward identifying the new risks and apportioning responsibility for minimizing them.
Basic Requirements of the Federal Automated Vehicles Policy
In developing its new HAV policy, the NHTSA identified a number of performance areas that manufacturers must address in driverless vehicle development. With respect to each of these areas, the manufacturer must first define the general operating conditions and level of automated operation it expects to meet. Then the manufacturer must describe the performance of the vehicle in detecting and responding to hazards, together with a description of the vehicle’s ability to fall back to a “minimal risk condition” in the event of any vehicle component or digital system failure. The levels of automation range from Level 0 (human driver in complete control) to Level 5 (automated system in complete control under any traffic or weather conditions).
The Federal Automated Vehicles Policy requires a performance assessment for each of the following areas:
Data recording and sharing – This applies to data generated in the testing phases of HAV development, and contemplates the retention and sharing of data with regulators and within the industry. Data should be collected as to both positive outcomes, or successfully avoided hazards, and collisions or breakdowns.
Privacy – Because the operation of an HAV necessarily generates significant volumes of data about individual drivers, manufacturers must assure consumers and end users that personal information will be protected.
System safety – HAVs need to remain reasonably safe even when specific mechanical or software failures undermine overall vehicle safety.
Vehicle cybersecurity – Most HAV systems contemplate the transmission of vehicle operation data and traffic information back and forth between a vehicle and a data center or between vehicles in a convoy. The consequences of hacking or malicious interference with data flows could be catastrophic.
Human-machine interface – This area covers both communication and control transfers between an HAV and its human operator, and communication between the vehicle and other motorists and pedestrians.
Crashworthiness – This consideration applies to both HAVs with human occupants and truly driverless vehicles.
Consumer education and training – Significant end user training is treated as essential for both commercial and consumer HAV use.
Registration and Certification – This area covers disclosure of the HAV’s features and limitations to end users in easily accessible ways, such as labels and warnings within the vehicle, including retrofits to raise HAV operability from one level of automation to another.
Post-crash behavior – This is to assure that any HAV that was involved in a crash is fully restored to safe operability at any given level of automation.
Federal, state and local laws – HAVs must not only demonstrate their capacity to follow all applicable traffic and commercial vehicle laws, they must also show they can occasionally “violate” such laws when traffic conditions demand it, such as when directed to do so by a state patrol officer.
Ethical considerations – Ideally, vehicles are always operated safely, legally and in furtherance of a particular transportation objective. In an emergency, sometimes one of these three has to give. How does the HAV resolve the dilemma in terms of human ethics?
Operational design domain – Not every HAV will be designed to operate in all traffic conditions. Each driverless vehicle must be designed to defined traffic conditions, including speed, weather, congestion, lighting and other factors.
Object and event detection and response – This performance area covers most of the moment-to-moment perceptions and decisions that human drivers experience with respect to traffic, signals, obstacles, signs and sudden hazards. How well does the HAV handle them?
Fallback to minimal risk condition – Under certain circumstances, including mechanical breakdowns or software errors, the HAV will need to safely achieve a minimal risk condition, such as pulling over to stop on a shoulder.
Validation methods – This area covers testing and documentation of results. How can consumers and regulators know that testing processes and results are accurate?
The new Federal Automated Vehicles Policy is only a starting point for introducing American drivers to the new world of driverless cars and trucks. We’ll monitor further refinement of the policy, together with related developments in federal and state legislation. It appears that we will soon find out the effectiveness of automated driving in eliminating the human error factor in traffic safety.
As experience has shown, human error is a major contributing cause of vehicular accidents. More recent experience, however, has also shown that machine-error can contribute to accidents. Even when the capacity for human error is reduced or eliminated, a machine is only as effective as the human who produced it. The software development is an evolving process whereby machines – just like humans – must learn to recognize patterns and hazards in traffic. It continues that machines are necessarily limited by their capability to recognize and react to hazardous conditions. New and novel conditions can compromise the ability of the machine to react appropriately. As technology is tested and refined and more data becomes available, the machines become more responsive and safer.
Ultimately, however, driverless trucks are prone to error due to simple mechanical failure. For example, has your smart phone ever “frozen” or “quit” unexpectedly? Imagine the ramifications of a driverless eighteen-wheeler that freezes and needs to reboot at 70 miles per hour! While driverless technology certainly has a promising place in the safety of future generations, we must remain vigilant in our regulation and control of the technology to minimize the risk of machine-made error.