Advanced Driver Monitoring Systems and the Law: Artificial Intelligence for the Road

Artificial intelligence technologies are expected to usher in a future where fully autonomous vehicles take people to their destinations without direct driver interaction.  During the transition from driver to driverless cars, roads will be filled with highly autonomous vehicles (HAVs) in which drivers behind the wheel are required to take control of vehicle operations at a moment’s notice. This is where AI-based advanced driver monitoring systems (DMS) play a role: ensuring HAV drivers are paying attention.  As big automakers incorporate advanced DMS into more passenger cars, policymakers will seek to ensure that these systems meet acceptable performance and safety standards as well as address issues such as privacy and cybersecurity related to use cases for the technology.  In this post, the technology behind advanced DMS is summarized followed by a brief summary of current governance efforts aimed at the technology.

The term “driver monitoring system,” also sometimes called “driver attention monitor” or “driver vigilance monitoring,” refers to a holistic system for analyzing driver behavior.  The principal goal of advanced DMS (as is the case for “older” DMS) is to return a warning or stimulation to alert and refocus the driver’s attention on the driving task.  In HAVs, advanced DMS is used to prepare the driver to re-take control of the vehicle under specified conditions or circumstances.

In operation, the technology detects behavior patterns indicative of the driver’s level of attention, fatigue, micro-sleep, cognitive load, and other physiological states. But the same technology can also be used for driving/driver experience personalization, such as customizing digital assistant interactions, music selection, route selection, and in-cabin environment settings.

Older DMS was adopted around 2006 with the introduction of electronic stability control, blind spot detection, forward collision warning, and lane departure warning technologies, among others, which indirectly monitor a driver by monitoring a driver’s vehicle performance relative to its environment.  Some of these systems were packaged with names like “drowsy driver monitoring,” “attention assist,” and others.

Advanced DMS technology began appearing in US commercial passenger vehicles starting in 2017.  Advanced DMS is expected to be used in SAE Levels 2 through Level 4 HAVs.  DMS in any form may not be needed for safety purposes once fully autonomous Level 5 is achieved, but the technology will likely continue to be used for personalization purposes even in Level 5 vehicles (which are reportedly not expected to be seen on US roadways until 2025 or later).

Advanced DMS generally tracks a driver’s head and hand positions, as well as the driver’s gaze (i.e., where the driver is looking), but it could also assess feet positions and posture relative to the driver’s seatback.  Cameras and touch sensors provide the necessary interface.  Advanced DMS may also utilize a driver’s voice using far-field speaker array technology and may assess emotion and mood (from facial expressions) and possibly other physiological states using various proximate and remote sensors.  Data from these sensors may be combined with signals from steering angle sensors, lane assist cameras, RADAR, LIDAR, and other sensor signals already available.

Once sensor signal data are collected, machine learning and deep neural networks may process the data.  Computer vision models (deep neural nets), for example, may be used for face/object detection within the vehicle.  Machine learning natural language processing models may be used to assess a driver’s spoken words.  Digital conversational assistant technology may be used to perform speech to text.  Knowledge bases may provide information to allow advanced DMS to take appropriate actions.  In short, much of the same AI tech used in existing human-machine interface (HMI) applications today can be employed inside passenger vehicles as part of advanced DMS.

From a regulatory perspective, in 2016, 20 states had introduced some sort of autonomous vehicle legislation.  In 2017, that number had jumped to 33 states.  No state laws, however, currently mandate the use of advanced DMS.

At the US federal government level, the US National Transportation Safety Board (NTSB), an independent agency that investigates transportation-related accidents, reported that overreliance on the semi-autonomous (Level 2) features of an all-electric vehicle and prolonged driver disengagement from the driving task contributed to a fatal crash in Florida in 2016.  In its report, the NTSB suggested the adoption of more effective monitoring of driver inattention commensurate with the capability level of the automated driving system.  Although the NTSB’s report does not rise to the level of a regulatory mandate for advanced DMS (the National Highway Transportation Safety Administration (NHTSA) sets transportation regulations), and applicable statutory language prohibits the admission into evidence or use of any part of an NTSB report related to an accident in a civil action for damages resulting from a matter mentioned in the report, the Board’s conclusions regarding probable cause and recommendations regarding preventing future accidents likely play a role in decisions by carmakers about deploying advanced DMS.

As for the NHTSA itself, while it has not yet promulgated advanced DMS regulations, it did publish an Automated Driving Systems, Vision 2.0: A Vision for Safety, report in September 2017.  While the document is clear that its intent is to provide only voluntary guidance, it calls for the incorporation of HMI systems for driver engagement monitoring, considerations of ways to communicate driving-related information as part of HMI, and encourages applying voluntary guidance from other “relevant organizations” to HAVs.

At the federal legislative level, H.R. 3388, the Safely Ensuring Lives Future Deployment and Research In Vehicle Evolution Act (SELF DRIVE Act) of 2017, contains provisions that would require the Department of Transportation (DOT) to produce a Safety Priority Plan that identifies elements of autonomous vehicles that may require standards.  More specifically, the bill would require NHTSA to identify elements that may require performance standards including HMI, sensors, and actuators, and consider process and procedure standards for software and cybersecurity as necessary.

In Europe, the European New Car Assessment Programme (Euro NCAP), Europe’s vehicle safety ratings and testing body, published its Roadmap 2025: Pursuit of Vision Zero, in September 2017.  In it, the safety testing organization addressed how its voluntary vehicle safety rating system is to be applied to HAVs in Europe.  In particular, the Euro NCAP identifies DMS as a “primary safety feature” standard beginning in 2020 and stated that the technology would need to be included in any new on-road vehicle if the manufacturer wanted to achieve a 5-star safety rating.  Manufacturers are already incorporating advanced DMS in passenger vehicles in response to the Euro NCAP’s position.

Aside from safety standards, advanced DMS may also be subject to federal and state statutory and common laws in the areas of product liability, contract, and privacy laws.  Privacy laws, in particular, will likely need to be considered by those employing advanced DMS in passenger vehicles due to the collection and use of driver and passenger biometric information by DMS.

In Your Face Artificial Intelligence: Regulating the Collection and Use of Face Data (Part II)

The technologies behind “face data” collection, detection, recognition, and affect (emotion) analysis were previously summarized. Use cases for face data, and reported concerns about the proliferation of face data collection efforts and instances of face data misuse were also briefly discussed.

In this follow-on post, a proposed “face data” definition is explored from a governance perspective, with the purpose of providing more certainty as to when heightened requirements ought to be imposed on those involved in face data collection, storage, and use.  This proposal is motivated in part by the increased risk of identity theft and other instances of misuse from unauthorized disclosure of face data, but also recognizes that overregulation could subject persons and entities to onerous requirements.

Illinois’ decade-old Biometric Information Privacy Act (“BIPA”) (740 ILCS 14/1 (2008)), which has been widely cited by privacy hawks and asserted against social media and other companies in US federal and various state courts (primarily Illinois and California), provides a starting point for a uniform face data definition. The BIPA defines “biometric identifier” to include a scan of a person’s face geometry. The scope and meaning of the definition, however, remains ambiguous despite close scrutiny by several courts. In Monroy v. Shutterfly, Inc., for example, a federal district court found that mere possession of a digital photograph of a person and “extraction” of information from such photograph is excluded from the BIPA:

“It is clear that the data extracted from [a] photograph cannot constitute “biometric information” within the meaning of the statute: photographs are expressly excluded from the [BIPA’s] definition of “biometric identifier,” and the definition of “biometric information” expressly excludes “information derived from items or procedures excluded under the definition of biometric identifiers.”

Slip. op. No. 16-cv-10984 (N.D. Ill. 2017). Despite that finding, the Monroy court concluded that a “scan of face geometry” under the statute’s definition includes a “scan” of a person’s face from a photograph (or a live scan of a person’s face geometry). Although not at issue in Monroy, the court did not address whether that BIPA applies when a scan of any part of a person’s face geometry from an image is insufficient to identify the person in the image. That is, the Monroy holding arguably applies to any data made by a scan, even if that data by itself cannot lead to identifying anyone.

By way of comparison, the European Union’s General Data Protection Regulation (GDPR), which governs “personal data” (i.e., any information relating to an identified or identifiable natural person), will regulate biometric information when it goes into effect in late May 2018. Like the BIPA, the GDPR will place restrictions on “personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data” (GDPR, Article 4) (emphasis added).  Depending on how EU nation courts interpret the GDPR generally, and Article 4 specifically, a process that creates any biometric data that relates to, or could lead to, or that allows one to identify a person, or allows one to confirm an identity of a person, is a potentially covered process under the GDPR.

Thus, to enhance clarity for potentially regulated individuals and companies dealing with US citizens, “face data” could be defined, as set forth below, in a way that considers a minimum quantity or quality of data below which a regulated entity would not be within the scope of the definition (and thus not subject to regulation):

“Face data” means data in the possession or control of a regulated entity obtained from a scan of a person’s face geometry or face attribute, as well as any information and data derived from or based on the geometry or attribute data, if in the aggregate the data in the possession or control of the regulated entity is sufficient for determining an identity of the person or the person’s emotional (physiological) state.

The term “determining an identity of the person or the person’s emotional (physiological) state” relates to any known computational or manual technique for identifying a person or that person’s emotions.

The term “is sufficient” is interpretable; it would need to be defined explicitly (or, as is often the case in legislation, left for the courts to fully interpret). The intent of “sufficient” is to permit the anonymization or deletion of data following the processing of video signals or images of a person’s face to avoid being categorized as possessing regulated face data (to the extent probabilistic models and other techniques could not be used to later de-anonymize or reconstruct the missing data and identify a person or that person’s emotional state). The burden of establishing the quality and quantity of face data that is insufficient for identification purposes should rest with the regulated entity that possesses or controls face data.

Face data could include data from the face of a “live” person captured by a camera (e.g., surveillance) as well as data extracted from existing media (e.g., stored images). It is not necessary, however, for the definition to encompass the mere virtual depiction or display of a person in a live video or existing image or video. Thus, digital pictures of friends or family on a personal smartphone would not be face data, and the owner of the phone should not be a regulated entity subject to face data governance. An app on that smartphone, however, that uses face detection algorithms to process the pictures for facial recognition and sends that data to a remote app server for storage and use (e.g., for extraction of emotion information) would create face data.

By way of other examples, a process involving pixel-level data extracted from an image (a type of “scan”) by a regulated entity  would create face data if that data, combined with any other data possessed or controlled by the entity, could be used in the aggregate to identify the person in the image or that person’s emotional state. Similarly, data and information reflecting changes in facial expressions by pixel-level comparisons of time-slice images from a video (also a type of scan) would be information derived from face data and thus would be regulated face data, assuming the derived data combined with other data owned or possessed could be used to identify the person in the image or the person’s emotional state.

Information about the relative positions of facial points based on facial action units could also be data derived from or based on the original scan and thus would be face data, assuming again that the data, combined with any other data possessed by a regulated entity, could be used to identify a person or that person’s emotional state. Classifications of a person’s emotional state (e.g., joy, surprise) based on extracted image data would also be information derived from or based on a person’s face data and thus would also be face data.

Features extracted using deep learning convolutions of an image of a person’s face could also be face data if the convolution information along with other data in the possession or control of a regulated entity could be used to identify a person or that person’s emotional state.

For banks and other institutions that use face recognition for authentication purposes, sufficient face data would obviously need to be in the banks possession at some point in time to positively identify a customer making a transaction. This could subject the institution to face data governance during that time period. In contrast, a social media platform that permits users to upload images of people but does not scan or otherwise process the images (such as by cross-referencing other existing data) would not create face data and thus would not subject the platform to face data governance, even if it also possessed tagged images of the same individuals in the uploaded images. Thus, the mere possession or control over images, even if the images could potentially contain identifying information, would not constitute face data. But, if a platform were to scan (process) the uploaded images for identification purposes or sell or provide the images uploaded by users to a third party that scans the images to extract face geometry or attributes data for purposes such as targeted advertising, could subject the platform and the third party to face data governance.

The proposed face data definition, which could be modified to include “body data” and “voice data,” is merely one example that US policymakers and stakeholders might consider in the course of assessing the scope of face data governance in the US.  The definition does not exclude the possibility that any number of exceptions, exclusions, and limitations could be implemented to avoid reaching actors and actions that should not be covered, while also maintaining consistency with existing laws and regulations. Also, the proposed definition is not intended to directly encompass specific artificial intelligence technologies used or created by a regulated entity to collect and use face data, including the underlying algorithms, models, networks, settings, hyper-parameters, processors, source code, etc.

In a follow-on post, possible civil penalties for harms caused by face data collection, storage, and use will be briefly considered, along with possible defenses a regulated person or entity may raise in litigation.