Privacy

If there are any ideas that the internet believes to be the truth in this modern day in age, I think that the following would at least make the list: the government is likely watching you through the camera in your laptop, and Facebook’s algorithm may know you better than anyone else. While the internet normalizes being surveilled – and George Orwell can be heard continuously rolling over in his grave – the collection, analysis, and sale of information and user data is something to, at the very least, keep in mind.

Target can predict when a shopper is due to give birth based on subtle changes in shopping habits (going from scented to unscented soap, for example); your phone tracks where you are and how often you go to the point that it recognizes your patterns and routines, suggesting certain destinations you visit regularly; and health insurance companies believe they can infer that you will be too expensive to cover simply from looking at your magazine subscriptions, whether you have any relatives living nearby, and how much time you spend watching television. It is both fascinating and startling in equal measure.

When we narrow our focus to transportation and mobility, there is still an entire world of information that is being collected, sold, and turned into, for example, new marketing strategies for companies purchasing that data from brokers. Other times, the actor using that data-turned-actionable intelligence is a government entity. Either way, it’s good know and understand some of what is being collected and how it may be used, even if it’s only the tip of the iceberg. Car insurance companies track and collect data on how often drivers slam on brakes or suddenly accelerate and offer rewards for not doing those things. People have been subjected to police suspicion or even been arrested based on incorrect geolocation data collected from their cell phones.

Despite the potentially grim picture I may have painted, user data isn’t always wielded for evil or surveillance. Recently, popular navigation app Waze added a feature that allows its users to report unplowed roads plaguing drivers during the winter months. The feature was developed through collaboration with the Virginia Department of Transportation (VDOT). Users in areas with inclement winter weather are now notified when they are coming upon a roadway that is reportedly in need of a snowplow. In addition to providing users with information and warnings, Waze also partners with transportation agencies across the U.S. and provides these agencies or local governments with this winter transportation information through the Waze for Cities Data program. The point is to make responsible parties aware of the areas that are still in need of a snowplow and assist them in prioritizing and deploying resources.

This sort of data collection is innocent enough and helpful in a person’s everyday life. According to Waze, the data is anonymized and contains no personally identifiable information (PII) when it becomes accessible to government agencies. However, as cars and cities become smarter the risk of an individual user’s data being used for more concerning purposes is likely to increase. This danger is in addition to the privacy risks that come from carrying around and depending upon personal devices such as cell phones.

“[Cars are] data-collecting machines that patrol the streets through various levels of autonomy. That means that our mobility infrastructure is no longer static either, that infrastructure is now a data source and a data interpreter.”

Trevor English, InterestingEngineering.com

Uber went through a phase of tracking users even while not using the app; a number of smart city technologies are capable of capturing and combining  PII and household level data about individuals; and the City of Los Angeles wants to collect real-time data on your individual e-scooter and bikeshare trips – California’s legislature doesn’t exactly agree. As these capabilities are advancing, so is the law, but that doesn’t necessarily mean that the race is a close one. So, while our cars and scooters and rideshare apps may not yet be the modern iteration of Big Brother, there’s always tomorrow.

October 2019 Mobility Grab Bag

Every month brings new developments in mobility, so let’s take a minute to breakdown a few recent developments that touch on issues we’ve previously discussed in the blog:

New AV Deployments

This month saw a test deployment of Level 4 vehicles in London, which even allowed members of the public to be passengers (with a safety driver). Meanwhile, in Arizona, Waymo announced it will be deploying vehicles without safety drivers, though it appears only members of their early-access test group will be riding in them for now. We’ve written a lot about Waymo, from some early problems with pedestrians and other drivers, to the regulations placed on them by Arizona’s government, to their potential ability to navigate human controlled intersections.

Georgia Supreme Court Requires a Warrant for Vehicle Data

This Monday, the Georgia Supreme Court, in the case of Mobley v. State, ruled that recovering data from a vehicle without a warrant “implicates the Fourth Amendment, regardless of any reasonable expectations of privacy.” The court found that an investigator entering the vehicle to download data from the vehicle’s airbag control unit constituted “physical intrusion of a personal motor vehicle,” an action which “generally is a search for purposes of the Fourth Amendment under the traditional common law trespass standard.” Given the amount of data that is collected currently by vehicles and the ever-increasing amount of data that CAVs can and will collect, rulings like this are very important in dictating how and when law enforcement can obtain vehicle data. We’ve previously written about CAVs and the 4th Amendment, as well as other privacy implications of CAVs, both in regards to government access to data and the use of CAV data by private parties.  

Personal Cargo Bots Could Bring Even More Traffic to Your Sidewalk

In May, as part of a series on drones, I wrote about a number of test programs deploying small delivery bots for last-mile deliveries via the sidewalk. A recent Washington Post article highlights another potential contender for sidewalk space – personal cargo bots. Called “gita” the bot can travel at up to 6 mph as it uses it’s onboard cameras to track and follow its’ owner, via the owner’s gait. The bot’s developers see it as helping enhance mobility, as it would allow people to go shopping on foot without being concerned about carrying their goods home. For city-dwellers that may improve grocery trips, if they can shell out the $3,000+ price tag!

Even More Aerial Drones to Bring Goods to Your Door

Last month, as part two the drone series, I looked at aerial delivery drones. In that piece I mentioned that Google-owned Wing would be making drone deliveries in Virginia, and Wing recently announced a partnership with Walgreens that will be part of that test. Yesterday Wired pointed out that UPS has made a similar deal with CVS – though it remains to be seen if the drones will have to deliver the infamously long CVS receipts as well. As Wired pointed out, drugstores, since they carry goods that could lead to an emergency when a home runs out of them (like medication and diapers), speedy air delivery could fill a useful niche. So next time you’re home with a cold, you may be able to order decongestant to be flown to your bedside, or at least to the yard outside your bedroom window.

P.S. – While not related to any past writings, this article  is pretty interesting – Purdue scientists took inspiration from the small hairs on the legs of spiders to invent a new sensor that can ignore minor forces acting on a vehicle while detecting major forces, making it easier for CAVs and drones to focus computing power on important things in their environment without getting distracted.

This is the much-delayed second part in a series of posts I started earlier this year. In that first post I discussed how companies are experimenting with small delivery robots that crawl along sidewalks to deliver goods right to your door. However, the sidewalk is not the only place where delivery drones may soon be found, as many companies are interested in using aerial drones to bring their products right to consumers.

In April, Wing, a division of Google parent company Alphabet, was given approval to start delivering goods via drone in Canberra, Australia. At launch, the drones were delivering food, medicine, and other products from 12 local businesses. This formal launch came after a trial period that ran for 18 months and 3,000 deliveries. Also in April, Wing received an FAA certification typically used for small airlines, as they begin to plan U.S. based tests, again with the intent to partner with local businesses. Not to be left behind, in June Amazon revealed it’s own delivery drone, which is indented to bring good directly from their warehouses to nearby customers within 30 minutes. Also in June, Uber announced a plan to partner with McDonalds to test delivery drones in San Diego. In Ohio, a partnership between the Air Force and the state government will allow drones to test outside of line-of-sight (a range that most civilian drones are currently limited to by the FAA). One company that intends to take part in the Ohio testing is VyrtX, which is looking to use drones to deliver human organs for transplant. 

But just what would wider use of such delivery drones mean for society? What would it mean to live in a world with robots buzzing around above our heads? In the Australian tests there were complaints about noise, with some residents claiming the sound of the machines caused them significant distress. In January of this year an unidentified drone shut down London’s Heathrow Airport, showing what can happen when drones wander into places they’re not welcome. In February of this year NASA announced two tests of “urban drone traffic management,” one in Texas, and the other in Nevada. Such a system would no doubt be necessary before widespread deployment of any of the systems so far proposed – to prevent incidents like the one in London.   

There is also a major privacy concern with drones collecting data as they fly above homes and businesses. This concern extends beyond just what privately owned drones may find, but also what law enforcement could collect. In Florida v. Riley, a 1988 case, the Supreme Court found that there is not reasonable expectation of privacy from aircraft (in that case, a police helicopter) flying in navigable airspace above a person’s home, when the air craft is flying within FAA regulations. So drones would provide a useful tool for investigations, and one that is limited only by FAA rules.

There are a lot of unanswered questions about delivery drones – and given the highly-regulated nature of all forms of air travel, the federal government, via the FAA, currently has a lot of power over just what can go on in U.S. airspace. What remains to be seen is if this regulatory structure will stifle drone development or instead insure that any market for delivery drones is developed deliberately, rather than ad hoc, with an emphasis on safety.

P.S. – A brief follow-up to my last article – Ford recently partnered with Agility Robotics on a new form of last mile delivery bot, a bipedal unit designed to carry up to 40 pounds. Could it become the C-3PO to the R2-D2-like bots already in testing?

All the way back in December, I wrote about how various companies, including Amazon (in partnership with Toyota), Postmates, Domino’s and Kroger were all working on using CAVs and drones to deliver goods to consumers. Since then there have been a number of news stories on similar projects across the globe, which deserve some attention, as you’ll see in this, the first of three posts:

On the Ground

In my December post I talked about Postmates’ testing of delivery robots that could bring products directly to your door. This winter similar ‘bots were deployed on the campuses of the University of the Pacific (sponsored by PepsiCo), and George Mason University (via start-up Starship Technologies and food-services giant Sodexo). College campuses, which tend to feature greater walkability and an always snack-craving populace, seem to be the perfect testing ground for such systems. And the robots seem to have made a difference in the eating habits, at least at George Mason – with an additional 1,500 breakfast orders being delivered via robot. This may be due to the fact the robots were integrated into the campus meal plan, meaning students weren’t just able to order snacks, but could order full meals and pay for them via their meal plan.  

While these delivery services may be seen as saviors to hung-over college students in need of a bacon, egg, and cheese sandwich, the expansion of such programs does raise issues. Just as ridesharing has changed the way cities have to manage curb space, delivery ‘bots raise questions of sidewalk management. Just how much of public space should we cede to commercial use? How will the ‘bots be programmed to “share the road” with pedestrians. Of course, that may not be as big of an issue in more sprawling American cites that don’t have the same density of foot traffic. They’ll also have to content with being messed with by humans, as was the case in this video, where a ‘bot’s cameras were intentionally covered in snow (there is a happy ending, as seen in the footage – after a good Samaritan cleaned off  the camera the ‘bot continues on its way, after saying “thank you!” to its’ human helper). In an attempt to get ahead of these issues San Francisco banned sidewalk delivery ‘bots in 2017, and has only slowly opened up room for testing. Will other cities follow suit? Or will they open the floodgates? Currently, the California DMV is considering new rules on delivery ‘bots and car-sized autonomous delivery vehicles, so look for a follow-up blog once those are out.

Given my continued interest in data collection and privacy, (an interest echoed in more recent blog posts by Kevin – available here, here, and here) I’d be remiss to not flag those issues here. (those issues also come up in the context of aerial deliveries, discussed in our next post). Not only would sidewalk based delivery ‘bots collect data on the items you order and when, they could potentially collect data about your home or its surrounding environment (think back to when Google was caught collecting wi-fi data with its’ Street View cars).

In our next post – aerial delivery drones!

A couple weeks ago, I wrote a post outlining the fledgling legal efforts to address the increasingly urgent privacy concerns related to automated vehicles. While Europe’s General Data Privacy Regulation and California’s Consumer Privacy Act set a few standards to limit data sharing, the US as a whole has yet to seriously step into the field of data privacy. In the absence of national regulation in the United States, this post will look at an industry created standard. The auto industry standard is important not only for its present-day impact on how auto companies use our personal information, but also for the role it is likely to play in influencing any eventual Congressional legislation on the subject.

In 2014, two major industry trade associations – the Alliance of Automobile Manufacturers and the Association of Global Automakers collaborated to create a set of guiding principles for collection and management of consumer data. These twenty automakers, including the “Big Three” in the US and virtually every major auto company around the globe, created a list of seven privacy protection principles to abide by in the coming years.

In the list, two of the principles are somewhat well fleshed out: transparency and choice. On transparency, the automakers have pledged to provide “clear, meaningful information” about things like the types of information collected, why that information is collected, and who it is shared with. For certain types of information, primarily the collection of geolocation, biometric, or driver behavior information, the principles go one step further, requiring “clear, meaningful, and prominent notices.”  When it comes to choice, the industry says that simply choosing to use a vehicle constitutes consent for most types of data collection. Affirmative consent is sometimes required when geolocation, biometric or driver behavior data is shared, but that requirement contains several important exceptions that allow the automaker to share such data with their corporate partners.

The remaining five: respect for context; data minimization, de-identification and retention; data security; integrity and access, and; accountability may serve as important benchmarks going forward. For now, each of these five points contains no more than a handful of sentences pledging things like “reasonable measures.”

These industry-developed privacy protection principles are, for the most part, still pretty vague. The document describing all seven of them in-depth runs a mere 12 pages. In order for the standards to be truly meaningful, much more needs to be known about what constitutes reasonable measures, and in what sorts of situations geolocation, biometric, or driver behavior data can be shared. Furthermore, consumers should know whether the automaker’s corporate partners are bound by the same limits on data sharing to which the manufacturers have held themselves.

Without more detail, it is unclear whether these principles afford consumers any more protections than they would have otherwise had. They are important nonetheless for two reasons. They show that the industry at least recognizes some potential problems with unclear data-sharing rules, and they will likely play a key role in the development of any future legislation or federal regulation on the topic.

For the past several months, this blog has primarily focused on new legal questions that will be raised by connected and automated vehicles. This new transportation technology will undoubtedly raise novel concerns around tort liability, traffic stops, and city design. Along with raising novel problems, CAVs will also add new urgency to longstanding legal challenges. In some ways, this is best encapsulated in the field of privacy and data management.

In recent decades, the need to understand where our data goes has increased exponentially. The smartphones that most of us carry around every day are already capable of tracking our location, and recording a lot of our personal information. In addition to this computer/data generation machine in our pockets, the CAV will be a supercomputer on wheels, predicted to generate 4,000 gigabytes of data per day. Human driven vehicles with some automated features, such as Tesla’s with the company’s “Autopilot” functionality, already collect vast amounts of user data. Tesla’s website notes that the company may access a user’s browsing history, navigation history, and radio listening history, for example.

In response to this growing concern, California recently passed a sweeping new digital privacy law, set to take effect in 2020. Nicknamed “GDPR-Lite” after the European Union’s General Data Protection Regulation, California’s law “grants consumers the right to know what information companies are collecting about them, why they are collecting that data and with whom they are sharing it.” It also requires companies to delete data about a customer upon request, and mandates that companies provide the same quality and cost of service to users who opt out of data collection as those who opt in.

In comparison to the GDPR, California’s law is relatively limited in scope. The California Consumer Privacy Act (CCPA) is tailored to apply only to businesses that are relatively large or that are primarily engaged in the business of collecting and selling personal data. Furthermore, CCPA contains few limitations on what a business can do internally with data it collects. Instead, it focuses on the sale of that data to third parties.

In many ways, it remains too early to evaluate the effectiveness of California’s approach. This is in part because the law does not take effect until the beginning of next year. The bill also enables the California Attorney General to issue guidance and regulations fleshing out the requirements of the bill. These as-yet-unknown regulations will play a major role in how CCPA operates in practice.

Regardless of its uncertainties and potential shortcomings though, CCPA is likely to play a significant role in the future of American data privacy law and policy. It is the first significant privacy legislation in the US to respond to the recent tech boom, and it comes out of a state that is the world’s fifth largest economy. CCPA’s implementation will undoubtedly provide important lessons for both other states and the federal government as they consider the future of data privacy.

Americans have traditionally had an understandable skepticism towards government collection of our data and monitoring of our private communications. The uproar caused by the Snowden leaks in 2013 was followed by increased public attention to data privacy. In a 2014-15 survey, 57% of respondents said that government monitoring of the communications of US citizens was unacceptable. Over 90% of respondents found it important to be able to personally control what data about them was shared, and with whom. The public has expressed similar concerns about data-sharing among private companies. Nearly 2/3 of Americans say that current laws do not go far enough to protect their privacy, and would support increased regulation of advertisers.

Limitations on government collection of private data are built into the Fourth Amendment, as applied to collection of digital data in Carpenter. But there is no analogous limitation on the ability of corporations to share our data far and wide, as anyone who has seen a targeted Facebook ad pop up minutes after searching for an item on Amazon knows. Indeed, First Amendment cases such as Sorrell v. IMS Health, in bolstering protections for commercial speech, may significantly restrict the ability of Congress to regulate private companies selling our data amongst themselves. While many targeted ads can make data sharing seem harmless (I see you just bought a watch. Perhaps I can interest you in these 73 similar watches?), at times it may be more nefarious. 

Public unease with data sharing may be especially warranted in the case of mobility data. The majority of Americans move about the world in cars. While many of those trips are innocuous, some may be trips to an unpopular church, to the home of a secret paramour, or to the scene of a crime. Even the innocuous trips may be simply embarrassing (maybe you ate at a fast food restaurant a few more times than you should have, or fibbed to your spouse once or twice about working late when you were actually getting an after-work drink with friends). These are the type of excursions that, if your car were continuously collecting data on its whereabouts, could easily be sold to a private actor that would be willing to use it against you.

The concern that a private company could abuse access to your personal data just as easily as the government has led legal scholar Jeffrey Rosen to propose a new Constitutional amendment. Such affronts to dignity, as Rosen describes this all-consuming data collection and sale, are problematic enough that we need an amendment to bar unreasonable searches and seizures by either the government or a private corporation. Mercatus Center Senior Research Fellow Adam Theirer has argued that Rosen’s proposal is ill-advised, but still supports making it easier for consumers to restrict access to their private data.

Under current doctrine, the path to heightened protections from abuse of our personal data by private companies is unclear. In Carpenter, the Court took account of the changing nature of technology to limit the government’s ability to collect our information from corporations under the Fourth Amendment. Going forward, the Court should bear in mind the public’s desire for privacy, and the increasing prominence of data collection companies such as Google, Amazon, and soon, CAV operators. As in Carpenter, they should adjudicate with changing technology in mind, and seek to enable Congress’ ability to legislate limits on the ability of private companies to sell our personal data.

Two recent news stories build interestingly on my recent blog post about CAVs and privacy. The first, from Forbes, detailing law enforcement use of “reverse location” orders, where by investigators can obtain from Google information on all Google users in a given location at a given time. This would allow, for example, police to obtain data on every Google account user within a mile of a gas station when it was robbed. Similar orders have been used to obtain data from Facebook and Snapchat.

Look forward a few years and it’s not hard to imagine similar orders being sent to the operators of CAVs, to obtain the data of untold numbers of users at the time of a crime. The problem here is that such orders can cast far too wide a net and allow law enforcement access to the data of people completely uninvolved with the case being investigated. In one of the cases highlighted by Forbes, the area from which investigators requested data included not only the store that was robbed, but also nearby homes. The same situation could occur with CAVs, pulling in data from passengers completely unrelated to a crime scene who happen to have been driving nearby.

The other story comes from The Verge, which covers data mining done by GM in Los Angeles and Chicago in 2017.  From the article:

GM captured minuted details such as station selection, volume level, and ZIP codes of vehicle owners, and then used the car’s built-in Wi-Fi signal to upload the data to its servers. The goal was to determine the relationship between what drivers listen to and what they buy and then turn around and sell the data to advertisers and radio operators. And it got really specific: GM tracked a driver listening to country music who stopped at a Tim Horton’s restaurant. (No data on that donut order, though.)

That’s an awful lot of information on a person’s daily habits. While many people have become accustomed (or perhaps numb) to the collection of their data online, one wonders how many have given thought to the data collected by their vehicle. The article also points out scale of the data collected by connected cars and what it could be worth on the market:

According to research firm McKinsey, connected cars create up to 600GB of data per day — the equivalent of more than 100 hours of HD video every 60 minutes — and self-driving cars are expected to generate more than 150 times that amount. The value of this data is expected to reach more than $1.5 trillion by the year 2030, McKinsey says.

Obviously, creators and operators of CAVs are going to want to tap into the market for data. But given the push for privacy legislation I highlighted in my last post, they may soon have to contend with limits on just what they can collect.

~ P.S. I can’t resist adding a brief note on some research from my undergraduate alma mater, the University of Illinois. It seems some researchers there are taking inspiration from the eyes of mantis shrimp to improve the capability of CAV cameras.

 

For many people, syncing their phone to their car is a convenience – allowing them to make hands-free calls or connect to media on their phone through the car’s infotainment system. But doing so can leave a lot of data on the car’s hardware, even after a user believes they have deleted such data. That was the case in a recent ATF investigation into narcotics and firearms trafficking, where federal law enforcement agents were issued a warrant to search a car’s computer for passwords, voice profiles, contacts, call logs, and GPS locations, all of which they believed had been left on the car’s on-board memory. While it’s uncertain just what was recovered, an executed search warrant found by Forbes claims the information extraction was successful.

While this case doesn’t necessarily raise the same issues of government access to data found in the Supreme Court’s recent Carpenter decision, it does illustrate the growing amount of personal data available to outside actors via the computer systems within our vehicles. And while the 4th Amendment can (usually) shield individuals from overreach by government, personal data represents a potential target for malicious actors, as shown by the recent data breach at Facebook which exposed the data of 30 million users. As cars become yet another part of the greater “internet of things,” (IoT) automakers have to confront issues of data protection and privacy. Security researchers have already began to prod vehicle systems for weaknesses – one group was able to breach the computer of a Mazda in 10 seconds.

There has of late been a great deal of talk, and some action, in Washington, Brussels, and Sacramento, towards mandating greater privacy and security standards. Earlier this month, the Senate Commerce Committee held a hearing on Data Privacy in the wake of the European Union’s General Data Protection Regulation, which took effect in May, and California’s Consumer Privacy Act, which was passed in June. Last month, California also passed a bill that sets cybersecurity standards for IoT devices – and there are similar bills that have been introduced in the House and Senate. While it remains to be seen if either of those bills gain traction, it is clear that there is an interest in more significant privacy legislation at the state and federal level, an interest that has to be considered by automakers and other CAV developers as CAVs move closer and closer to wide-scale deployment.

Cite as: Daniel A. Crane, The Future of Law and Mobility, 2018 J. L. & Mob. 1.

Introduction

With the launch of the new Journal of Law and Mobility, the University of Michigan is recognizing the transformative impact of new transportation and mobility technologies, from cars, to trucks, to pedestrians, to drones. The coming transition towards intelligent, automated, and connected mobility systems will transform not only the way people and goods move about, but also the way human safety, privacy, and security are protected, cities are organized, machines and people are connected, and the public and private spheres are defined.

Law will be at the center of these transformations, as it always is. There has already been a good deal of thinking about the ways that law must adapt to make connected and automated mobility feasible in areas like tort liability, insurance, federal preemption, and data privacy. 1 1. See, e.g., Daniel A. Crane, Kyle D. Logue & Bryce Pilz, A Survey of Legal Issues Arising from the Deployment of Autonomous and Connected Vehicles, 23 Mich. Tel. & Tech. L. Rev. 191 (2017). × But it is also not too early to begin pondering the many implications for law and regulation arising from the technology’s spillover effects as it begins to permeate society. For better or worse, connected and automated mobility will disrupt legal practices and concepts in a variety of ways additional to the obvious “regulation of the car.” Policing practices and Fourth Amendment law, now so heavily centered on routine automobile stops, will of necessity require reconsideration. Notions of ownership of physical property (i.e., an automobile) and data (i.e., accident records) will be challenged by the automated sharing economy. And the economic and regulatory structure of the transportation network will have to be reconsidered as mobility transitions from a largely individualistic model of drivers in their own cars pursuing their own ends within the confines of general rules of the road to a model in which shared and interconnected vehicles make collective decisions to optimize the system’s performance. In these and many other ways, the coming mobility revolution will challenge existing legal concepts and practices with implications far beyond the “cool new gadget of driverless cars.”

Despite the great importance of the coming mobility revolution, the case for a field of study in “law and mobility” is not obvious. In this inaugural essay for the Journal of Law and Mobility, I shall endeavor briefly to make that case.

I. Driverless Cars and the Law of the Horse

A technological phenomenon can be tremendously important to society without necessarily meriting its own field of legal study because of what Judge Frank Easterbrook has described as “the law of the horse” problem. 2 2. Frank H.Easterbrook,Cyberspace and the Law of the Horse, 1996 U. Chi. Legal F. 207, 207-16. × Writing against the burgeoning field of “Internet law” in the early 1990s, Easterbrook argued against organizing legal analysis around particular technologies:

The best way to learn the law applicable to specialized endeavors is to study general rules. Lots of cases deal with sales of horses; others deal with people kicked by horses; still more deal with the licensing and racing of horses, or with the care veterinarians give to horses, or with prizes at horse shows. Any effort to collect these strands into a course on “The Law of the Horse” is doomed to be shallow and to miss unifying principles. 3 3. Id. ×

Prominent advocates of “Internet law” as a field rebutted Easterbrook’s concern, arguing that focusing on cyberlaw as a field could be productive to understanding aspects of this important human endeavor in ways that merely studying general principles might miss. 4 4. Lawrence Lessig, The Law of the Horse: What Cyberlaw Might Teach, 113 Harv. L. Rev. 501 (1999). × Despite Easterbrook’s protestation, a distinct field of cyberlaw has grown up in recent decades.

“The law of the horse” debate seems particularly apt to the question of law and mobility since the automobile is the lineal successor of the horse as society’s key transportation technology. Without attempting to offer a general solution to the “law of the horse” question, it is worth drawing a distinction between two different kinds of disruptive technologies—those in which the technological change produces social changes indirectly and without significant possibilities for legal intervention, and those in which law is central to the formation of the technology itself.

An example of the first species of technological change is air conditioning. The rise of air conditioning in the mid-twentieth century had tremendous effects on society, including dramatic increases in business productivity, changes in living patterns as people shifted indoors, and the extension of retail store hours and hence the growing commercialization of American culture. 5 5. Stan Cox, Losing Our Cool: Uncomfortable Truths About Our Air-Conditioned World (and Finding New Ways to Get Through the Summer) (2012). × The South’s share of U.S. population was in steady decline until the 1960s when, in lockstep with the growth of air conditioning and people’s willingness to settle in hot places, the trend abruptly reversed and the South’s share grew dramatically. 6 6. Paul Krugman, Air Conditioning and the Rise of the South, New York Times March 28, 2015. × The political consequences were enormous—from Richard Nixon through George W. Bush, every elected President hailed from warm climates.

One could say, without exaggeration, that the Willis Carrier’s frigid contraption exerted a greater effect on American business, culture, and politics than almost any other invention in the twentieth century. And, yet, it would seem silly to launch a field of study in “law and air conditioning.” Air conditioning’s social, economic, and political effects were largely indirect—the result of human decisions in response to the new circumstances created by the new technology rather than an immediate consequence of the technology itself. Even if regulators had foreseen the dramatic demographic effects of air conditioning’s spread, there is little they could have done (short of killing or limiting the technology) to mediate the process of change by regulating the technology.

Contrast the Internet. Like air conditioning, the Internet has had tremendous implications for culture, business, and politics, but unlike air conditioning, many of these effects were artifacts of design decisions regarding the legal architecture of cyberspace. From questions of taxation of online commercial transactions, 7 7. See, e.g., John E. Sununu, The Taxation of Internet Commerce, 39 Harv. J. Leg. 325 (2002). × to circumvention of digital rights management technologies, 8 8. See, e.g., David Nimmer, A Rif on Fair Use in the Digital Millenium Copyright Act, 148 U. Pa. L. Rev. 673 (2000). × to personal jurisdiction over geographically remote online interlocutors, 9 9. Note, No Bad Puns: A Different Approach to the Problem of Personal Jurisdiction and the Internet, 116 Harv. L. Rev. 1821 (2003). × and in countless other ways, a complex of legal and regulatory decisions created the modern Internet. From the beginning, law was hovering over the face of cyberspace. Al Gore may not have created the Internet, but lawyers had as much to do with it as did engineers.

The Internet’s legal architecture was not established at a single point in time, by a single set of actors, or with a single set of ideological commitments or policy considerations. Copyright structures were born of the contestation among one set of stakeholders, which was distinct from the sets of stakeholders contesting over tax policy, net neutrality, or revenge porn. And yet, the decisions made in separate regulatory spheres often interact in underappreciated ways to lend the Internet its social and economic character. Tax policy made Amazon dominant in retail, copyright policy made Google dominant in search, and data protection law (or its absence) made Facebook dominant in social media—with the result that all three have become antitrust problems.

Whether or not law students should be encouraged to study “Internet law” in a discrete course, it seems evident with the benefit of thirty years of hindsight that the role of law in mediating cyberspace cannot be adequately comprehended without a systemic inquiry. Mobility, I would argue, will be much the same. While the individual components of the coming shift toward connectivity and automation—i.e., insurance, tort liability, indemnification, intellectual property, federal preemption, municipal traffic law, etc.—will have analogues in known circumstances and hence will benefit from consideration as general questions of insurance, torts, and so forth, the interaction of the many moving parts will produce a novel, complex ecosystem. Given the potential of that ecosystem to transform human life in many significant ways, it is well worth investing some effort in studying “law and mobility” as a comprehensive field.

II. An Illustration from Three Connected Topics

It would be foolish to attempt a description of mobility’s future legal architecture at this early stage in the mobility revolution. However, in an effort to provide some further motivation for the field of “law and mobility,” let me offer an illustration from three areas in which legal practices and doctrines may be affected in complex ways by the shift toward connected and automated vehicles. Although these three topics entail consideration of separate fields of law, the technological and legal decisions made with respect to them could well have system-wide implications, which shows the value of keeping the entire system in perspective as discrete problems are addressed.

A. Policing and Public Security

For better or for worse, the advent of automated vehicles will redefine the way that policing and law enforcement are conducted. Routine traffic stops are fraught, but potentially strategically significant, moments for police-citizen interactions. Half of all citizen-police interactions, 10 10. Samuel Walker, Science and Politics in Police Research: Reflections on their Tangled Relationship, 593 Annals Am. Acad. Pol. & Soc. Sci. 137, 142 (2004); ATTHEW R. DUROSE ET. AL., U.S. DEP’T OF JUSTICE, OFFICE OF JUSTICE PROGRAMS, BUREAU OF JUSTICE STATISTICS, CONTACTS BETWEEN POLICE AND THE PUBLIC, 2005, 1 (2007). × more than forty percent of all drug arrests, 11 11. David A. Sklansky,Traffic Stops, Minority Motorists, and the Future of the Fourth Amendment, 1997SUP. CT. REV. 271, 299. × and over 30% of police shootings 12 12. Adams v. Williams, 407 U.S. 143, 148 n.3 (1972). × occur in the context of traffic stops. Much of the social tension over racial profiling and enforcement inequality has arisen in the context of police practices with respect to minority motorists. 13 13. Ronnie A. Dunn, Racial Profiling: A Persistent Civil Rights Challenge Even in the Twenty-First Century, 66 Case W. Res. L. Rev. 957, 979 (2016) (reporting statistics on disproportionate effects on racial minorities of routine traffic stops). × The traffic stop is central to modern policing, including both its successes and pathologies.

Will there continue to be routine police stops in a world of automated vehicles? Surely traffic stops will not disappear altogether, since driverless cars may still have broken taillights or lapsed registrations. 14 14. See John Frank Weaver, Robot, Do You Know Why I Stopped You?. × But with the advent of cars programmed to follow the rules of the road, the number of occasions for the police to stop cars will decline significantly. As a general matter, the police need probable cause to stop a vehicle on a roadway. 15 15. Whren v. U.S., 517 U.S. 806 (1996). × A world of predominantly automated vehicles will mean many fewer traffic violations and hence many fewer police stops and many fewer police-citizen interactions and arrests for evidence of crime discovered during those stops.

On the positive side, that could mean a significant reduction in some of the abuses and racial tensions around policing. But it could also deprive the police of a crime detection dragnet, with the consequence either that the crime rate will increase due to the lower detection rate or that the police will deploy new crime detection strategies that could create new problems of their own.

Addressing these potentially sweeping changes to the practices of policing brought about by automated vehicle technologies requires considering both the structure of the relevant technology and the law itself. On the technological side, connected and automated vehicles could be designed for easy monitoring and controlling by the police. That could entail a decline in privacy for vehicle occupants, but also potentially reduce the need for physical stops by the police (cars that can be remotely monitored can be remotely ticketed) and hence some of the police-citizen roadside friction that has dominated recent troubles.

On the legal side, the advent of connected and automated vehicles will require rethinking the structure of Fourth Amendment law as required to automobiles. At present, individual rights as against searches and seizures often rely on distinctions between drivers and passengers, or owners and occupants. For example, a passenger in a car may challenge the legality of the police stop of a car, 16 16. Brendlin v. California, 551 U.S. 249 (2007). × but have diminished expectations of privacy in the search of the vehicle’s interior if they are not the vehicle’s owners or bailees. 17 17. U.S. v. Jones, 565 U.S. 400 (2012). × In a mobility fleet without drivers and (as discussed momentarily) perhaps without many individual owners, these conceptions of the relationship of people to cars will require reconsideration.

B. Ownership, Sharing, and the Public/Private Divide

In American culture, the individually owned automobile has historically been far more than a transportation device—it has been an icon of freedom, mobility, and personal identity. As Ted McAllister has written concerning the growth of automobile culture in the early twentieth century:

The automobile squared perfectly with a distinctive American ideal of freedom—freedom of mobility. Always a restless nation, with complex migratory patterns throughout the 17th, 18th, and 19thcenturies, the car came just as a certain kind of mobility had reached an end with the closing of the frontier. But the restlessness had not ended, and the car allowed control of space like no other form of transportation. 18 18. Ted v. McAllister, Cars, Individualism, and the Paradox of Freedom in a Mass Society. ×

Individual car ownership has long been central to conceptions of property and economic status. The average American adult currently spends about ten percent of his or her income on an automobile, 19 19. Máté Petrány, This Is How Much Americans Spend on their Cars. × making it by far his or her most expensive item of personal property. The social costs of individual automobile ownership are far higher. 20 20. Edward Humes, The Absurd Primacy of the Automobile in American Life; Robert Moor, What Happens to the American Myth When You Take the Driver Out of It?. ×

The automobile’s run as an icon of social status through ownership may be ending. Futurists expect that the availability of on-demand automated vehicle service will complete the transition from mobility as personal property to mobility as a service, as more and more households stop buying cars and rely instead on ride sharing services. 21 21. Smart Cities and the Vehicle Ownership Shift. × Ride sharing companies like Uber and Lyft have long been on this case, and now automobile manufacturers are scrambling to market their vehicles as shared services. 22 22. Ryan Felton, GM Aims to Get Ahead of Everyone with Autonomous Ride-Sharing Service in Multiple Cities by 2019. × With the decline of individual ownership, what will happen to conceptions of property in the physical space of the automobile, in the contractual right to use a particular car or fleet of automobiles, and in the data generated about occupants and vehicles?

The coming transition from individual ownership to shared service will also raise important questions about the line between the public and private domains. At present, the “public sphere” is defined by mass transit whereas the individually owned automobile constitutes the “private sphere.” The public sphere operates according to ancient common carrier rules of universal access and non-discrimination, whereas a car is not quite “a man’s castle on wheels” for constitutional purposes, 23 23. See Illinois v. Lidster, 540 U.S. 419, 424 (2004) (“The Fourth Amendment does not treat a motorist’scaras hiscastle.”). × but still a non-public space dominated by individual rights as against the state rather than public obligations. 24 24. E.g., Byrne v. Rutledge, 623 F.3d 46 (2d Cir. 2010) (holding the motor vehicle license plates were nonpublic fora and that state’s ban on vanity plates referencing religious topic violated First Amendment). × As more and more vehicles are held and used in shared fleets rather than individual hands, the traditional line between publicly minded “mass transit” and individually minded vehicle ownership will come under pressure, with significant consequences for both efficiency and equality.

C. Platform Mobility, Competition, and Regulation

The coming transition toward ride sharing fleets rather than individual vehicle ownership described in the previous section will have additional important implications for the economic structure of mobility—which of course will raise important regulatory questions as well. At present, the private transportation system is highly atomistic. In the United States alone, there are 264 million individually owned motor vehicles in operation. 25 25. U.S. Dep’t of Energy, Transportation Energy Data Book, Chapter 8, Household Vehicles and Characteristics, Table 8.1, Population and Vehicle Profile, https://cta.ornl.gov/data/chapter8.shtml (last visited May 29, 2018). × For the reasons previously identified, expect many of these vehicles to shift toward corporate-owned fleets in coming years. The question then will be how many such fleets will operate—whether we will see robust fleet-to-fleet competition or instead the convergence toward a few dominant providers as we are seeing in other important areas of the “platform economy.”

There is every reason to believe that, before too long, mobility will tend in the direction of other monopoly or oligopoly platforms because it will share their economic structure. The key economic facts behind the rise of dominant platforms like Amazon, Twitter, Google, Facebook, Microsoft, and Apple are the presence of scale economies and network effects—system attributes that make the system more desirable for others users as new users join. 26 26. See generally DavidS.Evans& Richard Schmalensee, A Guide to the Antitrust Economics of Networks, Antitrust, Spring 1996, at 36; Michael L. Katz & Carl Shapiro, Systems Competition andNetworkEffects, 8 J. Econ. Persp. 93 (1994). × In the case of the mobility revolution, a number of features are suggestive of future scale economies and network effects. The more cars in a fleet, the more likely it is that one will be available when summoned by a user. The more cars connected to other cars in a fleet, the higher the quality of the information (on such topics as road and weather conditions and vehicle performance) available within the fleet and the steeper the machine learning curve.

As is true with other platforms, the mere presence of scale economic and network effects does not have to lead inexorably to market concentration or monopoly. Law and regulation may intervene to mitigate these effects, for example by requiring information sharing or interconnection among rival platforms. But such mandatory information sharing or interconnection obligations are not always advisable, as they can diminish a platform’s incentives to invest in its own infrastructure or otherwise impair incentives to compete.

Circling back to the “law of the horse” point raised at the outset, these issues are not, of course, unique to law and mobility. But this brief examination of these three topics—policing, ownership, and competition—shows the value of considering law and mobility as a distinct topic. Technological, legal, and regulatory decisions we make with respect to one particular set of problems will have implications for distinct problems perhaps not under consideration at that moment. For example, law and technology will operate conjunctively to define the bounds of privacy expectations in connected and automated vehicles, with implications for search and seizure law, property and data privacy norms, and sharing obligations to promote competition. Pulling a “privacy lever” in one context—say to safeguard against excessive police searches—could have spillover effects in another context, for example by bolstering a dominant mobility platform’s arguments against mandatory data sharing. Although the interactions between the different technological decisions and related legal norms are surely impossible to predict or manage with exactitude, consideration of law and mobility as a system will permit a holistic view of this complex, evolving ecosystem.

Conclusion

Law and regulation will be at the center of the coming mobility revolution. Many of the patterns we will observe at the intersection of law and the new technologies will be familiar—at least if we spend the time to study past technological revolutions—and general principles will be sufficient to answer many of the rising questions. At the same time, there is a benefit to considering the field of law and mobility comprehensively with an eye to understanding the often subtle interactions between discrete technological and legal decisions. The Journal of Law and Mobility aims to play an important role in this fast-moving space.


Frederick Paul Furth, Sr. Professor of Law, University of Michigan. I am grateful for helpful comments from Ellen Partridge and Bryant Walker Smith. All errors are my own.