Connected Vehicle Pilot Privacy Frequent Asked Questions

  1. Is the vehicle license plate, VIN number, or other identification of individual vehicle needed?
    1. No.  The Basic Safety Message does not require any type of vehicle identification unique to a drive or specific vehicle.
  2. What are the differences between Privacy and Anonymity?
    1. Privacy is defined as a state of being away from people. 
    2. Anonymity is defined as the Quality or State of being unknown to people.
    3. When we directly observe another vehicle, we are able to observe its location, movement, color, make, and possibility model.  These are information that is potentially identifiable information.  The passenger and driver are not anonymous, but cannot be identified without other information.  Vehicles equipped with connected vehicle technologies are still required to display a valid license plate.
This figure illustrates the differences between Privacy and Anonymity
  1. Can someone be tracked using the Basic Safety Message?
    1. The Basic Safety Message will allow a vehicle be tracked for a limited amount of time.  The message itself does not contain personally identifiable information about the occupant, driver, or vehicle owner.  This is similar to scanning for Bluetooth Mac Address in a public space.  Unless there are another source of information accidentally released by the owner of the cell phone, the Bluetooth scan will not reveal any information about the owner of the device.
    2. The level of privacy protection is equivalent to what someone traveling in public can expect.  The design is meant to deliver a level of privacy equal to what an observer can obtain standing by the road watching vehicles pass by.
  2. Information compiled from independent sources leads to loss of privacy, despite protection of anonymity.  Best to limit needed info element in system.
    1. When traveling in public space there is no reasonable expectation of anonymity.  The Design for Privacy concept in Connected Vehicle is not designed to deliver anonymity.  The risk of combining independent data to expose PII is already an issue with cell phone location and social media.  How big of a problem this will be is something the CV Pilot Sites could offer additional data to assess if and how CV data changes current risk profile.
  3. Does the Probe Data Message require some kind of car identification to make it work?
    1. No. Probe Data Message described in SAE J2735 do not require or depend on any unique vehicle identification.
  4. How are Probe Data information handled?
    1. Probe data are collected when there is a detected change in roadway conditions
    2. Probe data are collected beginning from a start event
    3. The length of each segment is limited to a duration of 120 seconds or a distance of 1000 meters, whichever comes first.
    4. Each probe data segment is separated by a random time and space to increase the probability of connecting the segments
      1. Each probe data segment can be separated by 50 to 250 meters
      2. Each probe data segment can be separated by 3 to 13 seconds
      3. Whichever condition is first met will be used by the vehicle to separate probe data segments.
  5. Are there sample data available?
    1. Yes.  Sample Basic Safety Message data collected from the Safety Pilot in Ann Arbor
    2. Safety Pilot data was collected to evaluate safety, mobility, and environmental benefits only.
    3. SCMS certificates were not available when the Safety Pilot was operating and this is reflected in the available data.
  6. Are data being minimized?
    1. The Basic Safety Message content and data rate is based on the best information from early test and simulation to achieve three goals
      1. Significant reduction in collision
      2. Significant improvement in mobility
      3. Measureable reduction in emission
    2. Based on what we currently know, the Basic Safety Message contains the minimum amount of information needed to deliver these goals.