Self-Driving Cars Must Meet 15 Benchmarks in U.S. Guidance(bloomberg.com) |
Self-Driving Cars Must Meet 15 Benchmarks in U.S. Guidance(bloomberg.com) |
NHTSA, which, after all, studies crashes, is being very realistic.
Here's the "we're looking at you, Tesla" moment:
"Guidance for Lower Levels of Automated Vehicle Systems"
"Furthermore, manufacturers and other entities should place significant emphasis on assessing the risk of driver complacency and misuse of Level 2 systems, and develop effective countermeasures to assist drivers in properly using the system as the manufacturer expects. Complacency has been defined as, “... [when an operator] over- relies on and excessively trusts the automation, and subsequently fails to exercise his or her vigilance and/or supervisory duties” (Parasuraman, 1997). SAE Level 2 systems differ from HAV systems in that the driver is expected to remain continuously involved in the driving task, primarily to monitor appropriate operation of the system and to take over immediate control when necessary, with or without warning from the system. However, like HAV systems, SAE Level 2 systems perform sustained longitudinal and lateral control simultaneously within their intended design domain. Manufacturers and other entities should assume that the technical distinction between the levels of automation (e.g., between Level 2 and Level 3) may not be clear to all users or to the general public. And, systems’ expectations of drivers and those drivers’ actual understanding of the critical importance of their “supervisory” role may be materially different."
There's more clarity here on levels of automation. For NHTSA Level 1 (typically auto-brake only) and 2 (auto-brake and lane keeping) vehicles, the driver is responsible, and the vehicle manufacturer is responsible for keeping the driver actively involved. For NHTSA Level 3 (Google's current state), 4 (auto driving under almost all conditions) and 5 (no manual controls at all), the vehicle manufacturer is responsible and the driver is not required to pay constant attention. NHTSA is making a big distinction between 1-2 and 3-5.
This is a major policy decision. Automatic driving will not be reached incrementally. Either the vehicle enforces hands-on-wheel and paying attention, or the automation has to be good enough that the driver doesn't have to pay attention at all. There's a bright line now between manual and automatic. NHTSA gets it.
So the reason it was a big deal is because it was a huge fatality. Tesla drivers are generally a pretty safe bunch. Statistically, if autopilot hadn't been engaged, that death would not have occurred. Autopilot makes Tesla drivers less safe, not more safe.
Also, the government is doing self driving industry a huge favor. These fatalities could screw over the whole industry if they get out of hand. Musk is giving self driving a bad name.
It's the offence that an engineer feels about something being marketed as something it's not.
Tesla is fooling the public. The opinion of the general public who don't drive Tesla's cars is that automated driving is already here and Tesla is leading the way.
[0] You can say they tell you to keep your hands on the wheel and all that, but they themselves manufactured/fanned a ton of hype to the contrary. It's like arguing that you should have paid more attention to the EULA.
he's definitely anti "disguising level 2 as autonomy" though.
A likely future is one where automation is only enabled for consumers as an option on a minority of roads (starting with the Interstate Highway System) that have been heavily mapped and managed, and we work from there, developing the algorithms at high sample size, then slowly extending out into the state highways and arterials. The roads and maintenance actions will likely also, as the tech progresses, have some modifications made to increase reliability.
These cars are going to need a large quantity of sensors; The Uber self-driving car has "something like 20 cameras, a 360 degree radar, and a bunch [7] of laser [rangefinders]", and this is a decent start; a Tesla and even a Google car is simply not equipped for enough edge cases to let a consumer near without making them hands-on-wheel liable to take over.
People can work around any system for this, but stuff like this makes it have to do it consciously. Seems pretty reasonable on Tesla's part.
I think there may be a fundamental flaw with lane keeping. It removes the driver from doing anything but still requires constant vigilance. That might be asking too much. My ADD is too strong to wach the road without having to do any part of the driving. I suspect a lot of people are the same way.
If most drivers are just keeping their hand on the wheel while day dreaming, Telsa should be forced to just disable the feature until the tech is ready for Level 3. Or use the Level 2 tech as a backup only.
I.e. a loud beeping noise that annoyed pedestrians and other drivers until you took the wheel. Kind of like how accidentally triggering your car alarm in the parking lot will lead to a very hasty correction on your part.
An eye-tracking system might work.
You get positive points for avoiding situations that are noticed (but not within the audible warning threshold) or correctly reacting to input (warned but not yet in automated 'fail safe').
Now if only they could automatically make cars exiting a rolling slowdown on the freeway actually get back up to the indicated speed of travel in an expedient manor.
Not true.. There are other ways of doing this incrementally. For example, slow speeds, closed roads (no pedestrians or other cars), only in good weather, ideal conditions, etc.
We can't have an autonomous car that expects a driver to take over in a dangerous situation if that driver hasn't had to maintain control the entire time. For instance, there are youtube videos of drivers moving to the passenger seat in a Tesla with autopilot on.
Yes, and they're all undesirable, unworkable, or useless, as your own post points out.
Nobody is above level 2.
Google's self driving system only basically works with the route preplanned and premapped ahead of time, specifically for that car. Even small changes in the environment are potentially devastating. And even mundane weather changes it isn't prepared to handle.
It should be well understood that if the only people who can safely handle the vehicle are professional test drivers on a preplanned route, the car isn't ready to say its at the level it claims it is.
• Data Recording and Sharing
• Privacy
• System Safety
• Vehicle Cybersecurity
• Human Machine Interface
• Crashworthiness
• Consumer Education and Training
• Registration and Certi cation
• Post-Crash Behavior
• Federal, State and Local Laws
• Ethical Considerations
• Operational Design Domain (operating in rain, etc)
• Object and Event Detection and Response
• Fall Back (Minimal Risk Condition)
• Validation Methods
The report recommends that "Manufacturers and other entities should develop tests and verification methods...". Does anyone know whether verification here means software verification, or does it mean something else in this context?
Edit: Just noticed that I got to the PDF via elicash's comment and not via the linked article. Here's a link to the PDF: https://www.transportation.gov/sites/dot.gov/files/docs/AV%2...
In this context, they mean verification and validation in the systems engineering sense. Software would be included in that it is a part of the whole system.
On one hand, at the low level, sensor, motor control, etc you likely have traditional hard real time/MISRA C code, but on the higher layers you probably things like DNN, image recognition, which are much less deterministic.
So I am not sure how do you reconcile these two worlds, and prove it is safe and always work in timely manner.
It seems the only sound approach would be to validate the whole system on a real road.
edit: as to SAE Level 2, it has this (and more) to say:
> Furthermore, manufacturers and other entities should place significant emphasis on assessing the risk of driver complacency and misuse of Level 2 systems, and develop effective countermeasures to assist drivers in properly using the system as the manufacturer expects. Complacency has been defined as, “... [when an operator] over-relies on and excessively trusts the automation, and subsequently fails to exercise his or her vigilance and/or supervisory duties” (Parasuraman, 1997).
also,
> Manufacturers and other entities should assume that the technical distinction between the levels of automation (e.g., between Level 2 and Level 3) may not be clear to all users or to the general public.
Two examples are:
1) If the vehicle is talking to the cars in front of it, it can know they are braking before it senses that visually. Also, the vehicles can speed up in a gridlock scenario more in unison, like a train.
2) On the interstate, markers in the pavement can be specifically designed for computer sensors rather than human eyeballs. Also, cars can draft together to save fuel.
I'm also hoping that one of the options is to upgrade an old car to a self driving car with an open source kit that you can buy and install it via a certified mechanic.
I think that would be an interesting future I'd like to be part of.
This is a big deal.
I'm not sure I would put much weight behind what he has to say.
It looks like consumers and automakers are both wanting driverless cars so putting any enevitable regulations quickly benefit both parties.
The reason I ask is there are plenty of other countries in the world where cars just aren't that important, let's take Netherlands for example. If you have automatic cars, society here is not just going to be that excited AFAIK. Public transport here is great and most people cycle everywhere, because it's fun, easy and good exercise. Not to mention a lot of people are employed as drivers.
Same for many Asian countries where population density is high, people just don't have the money/room for cars. Scooters are the way to go because of traffic congestion.
Besides, don't people enjoy driving? I don't own a car but when I get behind the wheel, it's a lot of fun. Will people really be able to handle the car doing the speed limit?
I understand technologically it's pretty interesting, but we've had commercial airliners that fly themselves (mostly) for a long time, same for ships and drones and we don't marvel over those things all the time, though I agree they are great innovations.
So apart from the tech what is the actual excitement about?
- Concern for those who will lose their jobs.
- Concern for others safety.
- Privacy concerns.
- Excitement about the safety benefits.
- Economic opportunity.
- Fundraising hype.
- All of the above?
As a Silicon Valley outsider sometimes I read HN and it feels like some context is missing. Sure it's going to change industries, but is this really good progress, necessary progress, or just the next thing we're told we need? I mean can a self-driving car really replace a delivery person yet, a person who can do things like leave packages with a neighbor and build relationships, trust etc?
Sorry if this is a little off-topic, but I'm genuinely curious because it's hard to understand, to me as an outsider, it really looks like some kind of ride-sharing turf war hype battle more than anything else?
I dare to say it, but it's the same for machine learning, a lot of it is fascinating, interesting, exiting tech, but how many product recommendations does one need? How good do my friend recommendations have to be? How smart does Siri need to be? Will a patient really feel better without being treated by a human? Are we really going to trust these things handling nuclear warheads?
Maybe I live a strange life and have unusual views, but I just don't really see the need most of these things when so many problems could be solved using other means. Using this stuff to help people is great, but how much of this effort is actually being put towards that end?
If I'm a little naive, apologies. I'm not having a go but these are just honest questions I often find myself asking when reading HN lately. Agreed this might not be the place to ask but I'm prepared to wear the down votes :)
When the manufacturers "can't explain" how the accident happened (after an audit was performed), they should be fined the maximum $10 million amount.
Why? Because for one assuming it's just a glitch and "they don't know" about it, then they should pay for incompetence. And two, if the car was hacked by a nation state, then their security sucks, and they should again pay the maximum amount so they have the maximum incentive to ensure digital security of self-driving cars.
Where third-party self-driving systems are involved (MobilEye, etc), the liability/fine should be split 50-50 between the car maker and the system vendor.
Give car makers these "incentives" and the other regulations are more or less pointless (other than establishing common V2V and V2I standards and whatnot). Then you'll see just how hard they scramble to make their systems safe.
EDIT: And here we go. Remote hack of Tesla Model S.
https://blog.kaspersky.com/tesla-remote-hack/13027/
We're only at the very beginning of self-driving cars. What happens when there are 100 million self-driving cars on the road? Will their security be as terrible as it is on our PCs?
People should get scared a lot faster about this stuff, before all car makers start writing their software and then refuse to write it from scratch again and just tack on to the poorly written systems new security features in the future as a response to such hacking.
has this ever happened before?
[1] And I don't mean wrong as in "NSA spying" because you disagree with the policy. I mean like, "regulations mandated everyone use Beta tapes and laser disk even though they quickly became obsolete."
This is of course once almost all cars are self-driving so it'll be interesting to see what happens in the midterm.
The data collection "black box" side of it is in a different section.
By the way, in which area do the following requests fall:
- Yielding to an emergency vehicle with sirens on.
- Moving backwards to a safe and large enough spot when the route is too narrow to fit self-driving car and oncoming huge lorry (and there is no line marking the limit between road and ravine).
- Upon instructions from authority, recognize that the highway is closed due to an accident and, no matter what the driving code says, you actually have to make a U-turn on the highway and follow the crowd. Alternatively, just take that route (yes, the one with the large no-entry sign at the beginning) or that narrow path in the wood (yes, it exists, even if Google Maps isn't aware of it). At the bare minimum, park yourself off the road and let the others move on.
- Verify whether a queue is forming behind you. Listen to the honkers, they may be right. When you are an obstacle to the most part of traffic, moving to the side and letting others pass from time to time is sincerely appreciated.
Was that hyperbole? I would say the majority of regulations (at least in OECD countries) are sensible, and many that are not are intended to be, are outdated, or are politicized.
> I would say the majority of regulations (at least in
> OECD countries) are sensible
American friends have found it incredible -- for example -- that something like NICE[0] can exist and people don't assume it's trying to kill them all; cf "death panels".
I also wonder in what other developed countries Jade Helm 15 would have been controversial[1]...
[0] https://en.wikipedia.org/wiki/National_Institute_for_Health_... -- especially their guidance on how much a year of life is "worth"; see the "Cost Effectiveness section
[1] https://en.wikipedia.org/wiki/Jade_Helm_15_conspiracy_theori...
Gun control is a great example that seems to confuse a lot of non-Americans. To your average San Franciscan, who has never used a gun and has no particular reason to use one, restrictions on e.g. magazine size probably seem quite reasonable. But go to an agrarian Texan rancher, and the situation is entirely different. Good luck thinning out a stampeding herd of wild hogs with a ten round fixed magazine. Similar situation with pot; the average SF resident is probably fairly familiar with it, whereas the rancher probably isn't. In either case, ignorance breeds irrational fear, which is a bad (but unfortunately likely) foundation for laws.
So yes, many regulations are not sensible, and it's harder to get away with in the US because the US isn't a monoculture. Even those regulations that are sensible (by whatever metric you like) are likely to anger some non-negligible group.
But regulations that are computer-focused? Less so.
Hopefully, car companies will deal with reduced demand by going upscale with more fancy cars for a smaller market.
Of course, someone needs to build all of those auto-taxis. They are going to be do very very well for themselves.
Why do you say that? I have no opinion either way, just curious
Really, it should be international.
Hackers will easily figure out a way to spoof the communication, and could play with traffic.
There are mitigations for most issues, but it's a complex topic.
Just imagine some scenarios:
-) Spoof an emergency break advisory that causes tailing cars to also do an emergency break. (could be mitigated by first observing that cars in front are actually slowing down before breaking)
-) Spoof a command from a smart traffic light at an intersection to stop immediately for police / other emergency traffic. (need to check if traffic light is actually red)
-) Spoof speed restrictions issued by a smart highway traffic jam prevention system.
-) A system for police to force a car to stop immediately and pull over, eliminating car chases. Just spoof this signal and stop anyone you want. (mitigate by checking if there is a police car trailing you, and ignore otherwise).
And so on...
A way around would be to maintain a national database with public keys for each registered vehicle, and make cars only accept those keys. But that would be hard to maintain and still hackers could just get a hold of some PK.
In the end, the driving system will always have to correlate such car 2 car communication with observations it makes itself.
And an autonomous system can react almost immediately anyway. So coordination doesen't give you all that much.
-- There are some useful ideas though, like:
-) Traffic lights can announce an ideal speed for a route, taking into account traffic and traffic light timings, so you can optimize throughput and minimize fuel consumption
It's far far easier and quicker to throw a brick off a highway bridge but that surprisingly happens very infrequently.
We were working on diagnostic and emissions checking standards but there was the expectation that we would be able to make use of secure network links to cars at some point in the future.
The question at the time was which would come first. Would a requirement to do emissions testing under real-world conditions push the introduction of radio networks that could also be used for cars to talk to each other or would the road-train type applications be the initial use case.
Now imagine the scenario for most of the US, a public-transport-hostile country for the most part, where millions upon millions of people burn their precious lives waiting in traffic and sucking in traffic fumes. In my mind, this is one of the most appalling wastes of human potential that has ever existed. Sure, some try to make lemonade out of lemons by educating/informing themselves as they see fit but by and large, it is a huge waste. Not to mention the many thousands of people who die every year in car accidents during the daily commute.
So from my point of view, the self driving car is a thrilling concept: the ability to disengage from a useless, pointless, and hopeless daily grind and engage in something that I want to do, whether it be work, reading, watching a movie, etc. is cool. The closest I have come to this dream in my transit-unfriendly Texas city is the one job where I had an opportunity to take the train/bus into downtown: while this made my daily commute very long, I loved it because it freed me up from the drudge of driving.
Some might ask that perhaps I just hate driving. That is not true. I love taking road trips or autocrossing when I can. But to equate the daily commute with enjoyment is a bridge too far, in my opinion. Banish it, I say, banish it.
How will there still be no traffic jams, or the car will be like an office? In that case why not just work from home and come to work for meetings here and there? Might flexible / less work hours help?
I mean people will still be driving around in vehicle which often makes people motion sick if not paying attention to surroundings , cars requires a lot of energy, take up space etc.
I used to travel to work via train, it was 1.5 hours one way, it was highly productive time for me, but for some reason trains don't seem to make people as motion sick?
I guess one other thing to note is that in Australia, where I'm from originally, some see people think of others using public transport or biking as kind of peasants or feel it's inferior, that might be part of it too ? They're also the kind of people who often like to drive fast and own expensive cars as a status thing, so I'm still note sure it's going to take?
Also we all know the security on cars is weak, who needs a bomb in a terrorist attack when you can just hack something and order 50,000 cars to crash (that might sound silly, but it hackers find ways). Do you trust auto manufacturers enough to secure it? Yeah we can mail firmware updates on USB sticks, what could go wrong.
Sorry I am pretty sure I am one of those hostile drivers. They should market it as like a designated driver for the drunk. It would sell faster then.
A sibling comment pointed out the loss of life issue. I recall (correctly, I hope) Sebastian Thrun mentioning that a traffic accident was part of his initial motivation. Reducing loss of life due to human folly is a strong motivator, but there are certainly ample opportunities for that beyond just this one.
Self-driving cars have widespread potential effects across society, from shipping to taxis to car ownership to the human angle in hours saved and lives saved. This is big. Think of all the lives lost and hours wasted in traffic in the US every year. (No functional public transit in most of the country, etc.)
It's an area where the challenges are largely technical--once the technology is safer than human drivers, we assume the regulatory issues will go away quickly. (And we probably underestimate the technical issues in getting there.)
The huge potential combined with massive and primarily technical challenges makes this probably the biggest thing since the Internet where a bunch of engineers feel like we can change society in a profound way with a bit of software.
It's partly because the tech is actually so new that we can project our expectations onto it rather than focusing on what is actually here today (which is impressive but far from the goal). Weigh this potential against the reality of what most of us actually work on today, and you may see the appeal.
Of course, reality will take time to catch up to the dream, but it's the dream that generates the excitement.
Cars play a large role in America. I don't know all the history about how it came to be this way, but I can make some guesses...
* America is very big, and a lot of the settlements are spread out by a ways. Cars make those communities less insular because they provide a way to get from one town to another, where biking would take a very long time and significant effort.
* I forget when (was it the Great Depression?), but there was a big government initiative to build interstate highways connecting places together by roads. Again, these were distant places, but by being able to travel by car, they now feel quite a bit closer. Most everyone on HN was born after this gigantic network of roads was already in place, and car culture was firmly cemented in the US.
* Due to the distances involved, getting a drivers license around the age of 16 or 17 is a huge amount of freedom bestowed on children just as they really desire such freedom. I spent a lot of time in a car as a teenager not just because of where we were going, but also since it was a mostly-private space for me and my friends.
* For the above reasons and many many more, America in general has a culture that is very centered on cars, so given that a lot of HN is both American and interested in technology, it makes sense there'd be a lot of autonomous car talk here.
I wish I had grown up somewhere less car-centric. I moved to NYC specifically so that I wouldn't have to rely on cars, and I quite like the public transportation here. When I've gone back to the rural New Hampshire town I grew up in, public transportation doesn't exist and getting anywhere except my immediate neighbor's houses takes a long time via bike, and I remember why I grew up with cars.
Edit to add: America is also heavily invested in cars and the culture that follows. The train system throughout the country has been in a terrible state for a looooooong time, and there's not much hope of it ever getting better due to the fact that we're so invested in cars. Some cities and towns have better public transportation support, but most don't. Some cities and towns have better support for bicycles and pedestrians, but most don't. There are occasional pushes to change things, but there's always heavy resistance due to just how deep into cars we are, and just how many people and local governments would truly need to get on the same page to make meaningful change.
A similar thing happened in Sydney, Australia, the city had one of the largest tram systems in the world, the director of the motor trade authority was elected into government and made sure that all the tracks were literally tared over, they are still under the roads. The excuse used was that the network was over congested / too popular, and cars would solve the problem, guess what? Sydney is in the middle of putting the tram network back in to solve the car problem :) Melbourne, Australia was spared because it built it's network in the 40's and 50's and it was difficult to persuade the working class that putting in such a newly built system was a good idea. People literally move to Melbourne because of the convenience they provide.
If you're interested Bikes vs Cars (http://www.bikes-vs-cars.com/) is an awesome documentary, it shows that LA even had things called "Bike Highways" at one stage. You will see how people were so negatively influenced by big business lobbying, and from memory outlines why New York was somewhat spared from the fate.
Sounds like you're being told the same stories again either way.
Is it an accident if the driver takes control of the automated system and drives straight into a wall? Is it an accident if a non-automated truck truck with a huge branch sticking out the back obscures the automated car’s cameras, leading to a crash?
Maybe you're a cowboy coder like me who bristles at detailed project specs and prefers some sort of goal or vision to work for. I totally get that. But when it comes to accountability, nothing beats a checklist.
Bad law can be either broad and vague to the point of endless litigation and uselessness (what you're proposing), or hopelessly detailed and self-contradictory (the kind of law you're likely reacting against). This article is celebrating a good, readable middle ground. That's exactly what we want out of law.
If the system is operating autonomously, then the fault lies with the system. Failing to leave sufficient following distance is a common cause of accident and almost always results in fault being found with that driver. This would not change if the driver was a computer system.
However - side note - objects that project from the rear of a vehicle must be flagged using a red cloth. So if the truck were operating with an unflagged load then they could be the party at fault!
If the occupant takes the vehicle out of autonomous mode, then fault would lie with the occupant, unless it was to avoid some kind of impending accident in which cause the situation would have to be examined in detail.
Chances are they'd opt-out of the opportunity altogether and wait for someone else to take the heat.
If it becomes acceptable for security and safety to be secondary to "getting the cars on the road ASAP and capturing as much of the market as possible" we -- as in the consumers -- will pay the price.
I understand that some of the innovations and progress will only come when we get the cars on the road at scale, but we should still build a giant -- exactly how the comment or suggested -- to loom over the shoulders of these car companies.
Most mechanical equipment is not reviewed on a case-by-case basis by a regulatory industry; however aircraft incidents are. Aircraft products - meaning any product that is used on an aircraft, right down to the bolts attaching the overhead bins - are expected to be serviceable in "expected conditions of flight". If they are not, the manufacturer is subject to compensatory and even punitive damages [1].
Manufacturers can even be liable for their design decisions, unless the design decisions are specifically constrained by regulations. Obtaining product certification is a strong indicator that a product is compliant, but it may nevertheless expose the manufacturer to liability [2]. These are obviously difficult standards to meet, but they are appropriate when life-critical systems are in question.
[1] http://www.dailyreportingsuite.com/products-liability/news/_...
[2] http://www.mondaq.com/unitedstates/x/429650/Aviation/FAA+Wei...
> In response to the third and final question, the FAA explains that because an aircraft type certificate embodies the FAA's determination that an aircraft, engine, or propeller design complies with federal standards, it can play an important role in determining whether a manufacturer breached a duty owed to the plaintiff. The type certificate does not create a per se bar to suit, but ordinary conflict preemption principles apply to the particular design-defect claim. According to the FAA, the type certificate will preempt a state tort suit only where compliance with both the certificate and the claims made in the tort suit "is a physical impossibility" or where the claims "stand as an obstacle to the accomplishment of the full purposes and objectives of Congress."7
> Where the FAA has expressly approved the specific design aspect that a plaintiff challenges, that claim would be preempted. On the other hand, where the FAA has left a particular design choice to a manufacturer's discretion, and no other conflict exists, the type certificate does not preempt a design-defect claim. In other words, where the FAA has not made an affirmative determination with respect to the challenged design, and has left that design aspect to the manufacturer's discretion, the claim would proceed by reference to the federal standards of care found in the Act and its implementing regulations.
...
> The difficulty in applying the FAA's views on preemption to product claims lies in the fact that aircraft design specifications rarely require a specific design, but are instead couched in terms of performance or safety outcomes. For example, the certification standards for a stall warning system in a Part 23 aircraft requires "a clear and distinctive stall warning, with the flaps and landing gear in any normal position, in straight and turning flight" by a system "that will give clearly distinguishable indications under expected conditions of flight."9 A type certificate issued for a Part 23 aircraft would presumptively mean the FAA determined that the aircraft complied with these standards at the time the design was certified. However, would the type certificate preclude all product liability claims based on a defective stall warning system? What if the certification was actually wrong and the system did not comply with the standard when the FAA already said that it did? Can this type of claim actually be litigated or is it preempted?
> Additionally, what if the claimed defect was that the stall warning system did not provide a warning when operated outside certification limits such as weight, speed, or center of gravity? Are these conditions outside the "expected conditions of flight" and therefore no federal standard exists? The FAA's Letter Brief to the Third Circuit in Sikkelee does not provide clear answers in the context of product liability litigation. Courts will continue to struggle with deciding these difficult issues in the future.
Is this how you mean the owner's liability to work out? Because then I agree with you. If you want to punish Joe. Take away his savings, possibly his home. I don't see a point in that honestly.
Volvo is one manufacturer who have stated clearly that they will assume liability for the operation of their autonomous cars:
https://www.media.volvocars.com/global/en-gb/media/pressrele...
"As far as you're concerned" doesn't mean a whole lot.
Well-written regulation (and I would argue that the majority of regulations in the US are well-written) serves the public interest. Two immediate examples that come to mindt are the Glass-Steagall act, which separated commercial banking from speculative trading until it was repealed by GLB in the 80s (opening the door for the financial crisis) and the FDA. I would prefer to live in a country where glass stegall was still in place and the FDA was even stronger than it is today.
I pity the mechanics for that one. You just know the car manufacturers are not going to want some unwashed shade tree mechanic, or even a legitimate independent garage, to have access to do that.
Do self-driving cars have a button labeled "fuck your rules and DRIVE"?
This is yet another "Tesla hit slow/stopped vehicle on left of expressway" accident. There are now three of those known, two with video, one fatal. Watch the video. The vehicle is tracking the lane very accurately. Either the driver is very attentive or the lane following system has control. Then, with no slowdown whatsoever, the vehicle plows into a stopped or slow-moving street sweeper.
Here's one of the other crashes in that situation.[1] This was slower, so it wasn't lethal. There's another one where a Tesla on autopilot sideswiped a vehicle stopped at the left side of an expressway.
Resorts are irrelevant, smart cities are an oxymoron and would come way past the time wheen level 5 would be worked out.
Downtown cores are pretty much the worst possible place for level 2 systems at this time.
Incidentally, in aviation and aerospace, everybody reads crash reports. Pilots study them in training. Engineers read them at work. Flying magazine publishes monthly summaries in their "Aftermath" column. The safety culture is very different from software. In commercial aviation, just about all the single points of failure have already been dealt with. It's a design criterion of aviation that there must be a way to recover from single failures. When you're one single failure away from real trouble, it's time to land. When you read a crash report today, there are two or three things that went wrong, not just one. That's what a safety culture looks like. Self-driving cars may have to get there.
[1] http://www.ntsb.gov/investigations/AccidentReports/Pages/HWY...
Once the car comes out of autonomous mode we can assign them some liability, depending on the situation.
At the same time, I'm hard put to think of products/services used by consumers--outside of medicine perhaps--where it's the norm that sometimes "shit happens" because statistics and it's not considered reasonable to sue the manufacturer (though we often still do).
Interesting times. Especially given that the facts (and the degree of automation) won't typically be nearly as clear cut especially over the next few decades.
> A life-critical system or safety-critical system is a system whose failure or malfunction may result in one (or more) of the following outcomes:
> death or serious injury to people,
> loss or severe damage to equipment/property
> environmental harm
There was an accident with a Volvo where someone was showing off the pedestrian safety system, and hit a pedestrian. It turned out they hadn't purchased the pedestrian safety system.[1] Something is needed to prevent problems like that.
Then there's mode switching trouble. Classic problem with aircraft control systems. Tesla disengages the "autopilot" if the driver touches the brake. The trouble is that this also disables automatic braking, as the driver is assumed to now be in control. So tapping the brake without applying it fully in a hazardous situation causes a crash.
All these driver behavior problems with shared control authority are hard. Maybe harder than going for level 3 and letting the automation do it.
"Autopilots do not replace a human operator, but assist them in controlling the vehicle, allowing them to focus on broader aspects of operation, such as monitoring the trajectory, weather and systems."
https://en.m.wikipedia.org/wiki/Autopilot
I've used an autopilot on a yacht and didn't expect it to dock or avoid ships. A plane autopilot doesn't freak out when the pilot takes their hands off the controls. So there seems to be room to allow the name but tighten how it's used.
That is all that most auto pilots in planes do, however. I don't get where "autopilot" somehow came to mean full autonomy in cars but not in planes (and other vehicles like boats) where the term was used previously.
Ridiculous.
Autolanding is not autopilot. In fact, autolanding is not even certified if multiple autopilots are not available to provide redundancy.
I think lately far to many people already have the answer before there is any discussion
I think democracy only functions when people are open minded and willing to put themselves in others shoes.
"These maps contain the exact three-dimensional location of streetlights, stop signs, crosswalks, lane markings, and every other crucial aspect of a roadway."
"But the maps necessary for the Google car are an order of magnitude more complicated. In fact, when I first wrote about the car for MIT Technology Review, Google admitted to me that the process it currently uses to make the maps are too inefficient to work in the country as a whole."
"To create them, a dedicated vehicle outfitted with a bank of sensors first makes repeated passes scanning the roadway to be mapped. The data is then downloaded, with every square foot of the landscape pored over by both humans and computers to make sure that all-important real-world objects have been captured. This complete map gets loaded into the car's memory before a journey"
"The company frequently says that its car has driven more than 700,000 miles safely, but those are the same few thousand mapped miles, driven over and over again."
"Chris Urmson, director of the Google car team, told me that if the car came across a traffic signal not on its map, it could potentially run a red light, simply because it wouldn't know to look for the signal."
Google's entire business advantage is based on cloud. I welcome anyone to prove that this has changed.
Nobody here is making that claim.
If Google operated a taxi service within Austin, we would say the car operates at level 3. SAE levels say nothing about where the car is operating:
"At SAE Level 3, an automated system can both actually conduct some parts of the driving task and monitor the driving environment in some instances, but the human driver must be ready to take back control when the automated system requests"
Unfortunately anti-public transit special interest groups have discredited public transit initiatives all over, and fighting this has been incredibly difficult.
On your last point people definitely do see owning expensive cars as a status item and for this reason I think it's valid to question to what degree and speed will autonomous car sharing networks replace individually owned cars.
On one side, you have a solution that requires a whole bunch of groups to align. On the other, you have an individual decision (buying a car). That's why I am excited. If it looked like it was on the horizon, I'd be just as excited for great public transit.
I also agree that telecommuting or flexible hours would work well. But again, for most office workers in the country and world, there is significant inflexibility: they must arrive at their appointed time, leave at their appointed time, and take breaks at appointed times. My statement was intended to be broad and to apply to all workers instead of just for the high-tech industry.
So I see self-driving cars as a backdoor solution to the above problems: replace regular cars with self-driving cars, maybe with car-sharing, and now a country that has so much invested in the car suddenly is able to significantly reduce the latter's influence on society without realizing it. Well, one can but hope anyways.
In my opinion a good public transport system does. I've spent time in Tokyo, the rail network is second to none, it's congested sure, but it works.
The problem is that people still need to get in and out of the cars for example, which means there is still wait time. Breakdowns will happen. All humans drivers will have to be banned etc.
It sounds to me like the auto-industry is still pushing a selfish agenda and the valley is buying it, because it's an opportunity to take more money.
For me, I'm happy because I'll still ride my bike and it will be a much safer place for me to exist because self-driving cars won't try and kill me, hopefully :)
There will still be black people in cars
First, as etendue says, it is not easy. The problem of mixing “Boolean” verification with probabilistic, less-deterministic verification is especially hard. I discussed this a bit in [1], if you care to take a look.
Also, I think most current AVs are not driven by DNNs at the top level (comma.ai [2] is one exception). See [3] for some discussion of that, and of verifying machine-learning-based systems.
Finally, one possible way to check that AV manufacturers “do the right thing” in correctly verifying the combination of DNNs, Misra C, digital HW, sensors and so on is perhaps to create a big, extensible catalog of AV-related scenarios, which ideally should be shared between the manufacturers and the certifying bodies – see [4]. I think there is some hint of that in the DOT pdf – still working my way through it.
[1] https://blog.foretellix.com/2016/07/22/checking-probabilisti...
[2] http://www.bloomberg.com/features/2015-george-hotz-self-driv...
[3] https://blog.foretellix.com/2016/09/14/using-machine-learnin...
[4] https://blog.foretellix.com/2016/07/05/the-tesla-crash-tsuna...
There's a surprising amount of work in the literature that serves as a guide for using neural networks in safety-critical contexts, e.g., http://dl.acm.org/citation.cfm?id=2156661 and http://dl.acm.org/citation.cfm?id=582141.
Verify components, validate the entire system is the typical approach.
Think of it as a failure cascade - if Tensorflow breaks, the car can safely stop. If the low level stuff breaks, the car may not be able to stop (or go).
On a related note, there is a truly hilarious story from a guy over on Reddit who served in the Marines, they were stationed in North Carolina and never been in snow; and who came to this exercise and of course got their asses truly handed to themselves in a snowball fight by a bunch of Norwegian schoolkids. Highly recommended reading; first comment after the OP here:
https://m.reddit.com/r/ProRevenge/comments/1w0sav/6th_grade_...
https://reddit.com/r/ProRevenge/comments/1w0sav/6th_grade_gi...
The EU is often criticized (e.g., Brexit) as being something that promulgates useless regulations (e.g., curvature of a banana).
> The EU is often criticized (e.g., Brexit) as being
> something that promulgates useless regulations
Yes but those almost always turn out to be made up by the Daily Mail.
[1] https://en.wikipedia.org/wiki/Commission_Regulation_(EC)_No....
You know, the type of thing where standard gradings and classification of produce and manufactured goods would be fairly important? (and you know, in no way different to any other modern nation or industrial group).
>>...Britain had achieved cost-effective treatment for everyone, at the cost of some people missing very expensive treatments that might help them. I was rather congratulating myself on this answer, because NICE is beloved of health wonks everywhere; Obamacare’s Independent Payment Advisory Board (IPAB) is an attempt to sort of replicate it. Pointing out something the British health system can do that the American system can’t, and doing so in dryly factual tones, seemed like a good way to endear myself to the British audience.
>>The other guest, a British health official, interrupted to basically accuse me of lying; the British health system, he said, did no such thing.
>>Now I reiterate: I had not called NICE a death panel, or said that it was bad; I had simply described what NICE does, which is keep the NHS from blowing its budget on very expensive treatments that deliver relatively little value per pound spent. You can read NICE describing what NICE does on its website; the description is not significantly different from the one I gave. Being told that this was flat out wrong was surreal. Things got even more surreal when I began again to explain what NICE does, thinking that perhaps I had been unclear, and the host interrupted me and said something like “As you know, that’s false.”
https://www.bloomberg.com/view/articles/2016-08-23/health-ca...
"A man with a watch knows what time it is. A man with two watches is never sure."
Yes, they do. Then the problem is when the 2 autopilots of the 2 planes take the same evasive manœuvre...
The aviation world actually solved this problem a long time ago. Everyone turns to their right. FAR 91.113:
> (e) Approaching head-on. When aircraft are approaching each other head-on, or nearly so, each pilot of each aircraft shall alter course to the right
(among other collision-avoidance regs in that section)
You have things like companies in Aviation Week (a big aerospace industry mag/site) running full page ads for sensors and other aerospace items proudly claiming its ITAR free (means not made/designed in US). A company I worked for bought a high power (2.5kW) laser from Germany. It failed and cannot be sent back to Germany for repair due to ITAR (tooling needed to fix it cannot be easily moved and probably would fall under ITAR). High end CNC machine tools will brick themselves if they are moved without the manufacturer specifically blessing the move due to ITAR regulations (earthquakes can trigger the "I've been moved without permission" response).
There is a countless list of other harms it has caused, but I have no direct experience with. ITAR is fairly easy to get around for the "bad guys" because they can just not buy US goods.
Clearly more work needs to be done to rigorously investigate and evolve the space, but recent Federal regulations have essentially put small innovators out of business.
In sum: a harm-reducing item is being regulated into the ground.
What HIPAA regulations are you talking about? Other than HITECH guidance (which can sort-of be seen as a "HIPAA regulation"), HIPAA regulations don't generally specify technologies at all, and I can't think of any that I would describe as outdated or troublesome due to the rise of shared virtual servers and "the cloud", whether they predate it or not.
Stem cell research.
The embryonic stem-cell research ban didn't have anything to do with the underlying science and technology--it was based on a moral objection to the practice of destroying embryos for research. If the government had, for example, mandated the use of some testing methodology that soon became obsolete, that might be more on point.
Now that I'm thinking about it, it's strange that vehicles are regulated at the state not federal level. They're a big component in interstate commerce, and therefore ought to be within the jurisdiction of Congress to regulate, even under a relatively strict reading of the Constitution.
For example vehicle window tinting laws vary wildly from state to state (and arguably they're more liberal in states that get hotter, and more restrictive in states with gang issues) so you can own a vehicle that is legally tinted in your home state, but gets ticketed when it crosses a state border.
Daylight running lights are another example, some states require them, while others do not. So you can buy a brand new vehicle which could get ticketed since it lacks DRLs.
Similarly, most people don't care about tint. Those that do but are agonized about being able to travel to other states can simply figure out the maximum allowed in the region they plan on traveling in. I guess that reaches the level of irritating, but what are the massive consequences for Joe Driver if he can't darken his windows?
Looks like they're strictest in Alaska, California, D.C., Delaware, Iowa, New York, Pennsylvania, and Rhode Island.
http://tinting-laws.com/wp-content/uploads/2013/09/tint-perc...
single choice monopolies impede progress, whether governmental or corporate. It's better to have states naturally group together than to force it with some top down measure.
So, for example, NY requires yearly safety inspections and you'll get a ticket if your inspection lapsed. But you don't have to get a safety inspection to drive in NY if your car is registered in a state that doesn't require safety inspections.
I could be mostly off base on this one.
Though some laws are so local sometimes it's impossible for an out of towner to know the local laws like going right on red is, as far as I know, illegal in NYC but legal... Everywhere else? How does someone from Texas supposed to know that?
You've pretty much picked an outlier. And I might be inclined to argue that someone from Texas trying to drive in Manhattan for the first time has other problems :-)
There are a few other things like whether you can pass on the right on an interstate and the aforementioned when headlights need to be on (though I often see this last point signed). But these are usually getting into corner cases and don't really affect how the average person has to approach driving.
Places with divergent laws make some effort to inform visitors of the divergence--you'll sometimes see electronic noticeboards saying that using your cell phone is illegal here, and sometimes permanent ones too (e.g, on entry into Virginia on interstates, you are immediately informed that radar detectors are illegal).
IMHO, emergency braking must be mandatory for every new car with top speed greater than 60 km/h.
"Several states on the Eastern seaboard, the Southeast, and Gulf Coast (except Texas) have enforced vehicular laws since the early 1990s that require headlights to be switched on when windshield wipers are in use. This prompted the phasing in of DRLs in the affected states (from Maine to Florida including Louisiana, Mississippi, and Alabama)."
So it appears that DRL aren't required, but frequently standard equipment in states that require headlamps on if windshield wipers are on... Wikipedia does not list any states requiring use of headlamps all the time, though.
This is a feature, not a bug. It also is neither HITECH nor HIPAA; it is instead AWS's requirement in order to sign your BAA.
> we can't use ELBs in the standard (easy) way
Also neither HITECH nor HIPAA. ELBs are used in a PHI-related scenario identically to any other scenario. Unless you are referring to using it as an SSL terminator, in which case I would say "the standard (easy) way is always wrong".
There is no, AFAICT, no regulation under HIPAA or related law that requires this. Certain service providers may have determined that they cannot provide guarantees of privacy/security without this technical restriction.
I don't think this meets OP's definition of "wrong".
1) determine what physical hardware in aws the target is running code on
2) somehow get the aws virtual machine manager to let the attacker run their malicious code on the same hardware
3) somehow pierce the protections of the virtual machine to read memory being used by the target application
4) figure out how the data is stored in memory in order to make sense of anything that was read
In AWS case, this is an AWS rule about when they will sign a HIPAA BAA, even though there is no HIPAA regulation that specifically prohibits the arrangement at issue. AWS clearly thinks it is worth worrying about.
When you run your own public cloud, you can determine what risks are worth accepting potential liability for.
HIPPA is a very easy compliance standard to meet. If it seems difficult to meet those requirements with your standard tool configurations, you should think about what that means with respect to the integrity of your data.
I'm not commenting on Amazon's rationality (I haven't actually evaluated the security concerns that would determine that.)
> My point is that the legal environment has been designed in an un-optimal way from a technical perspective.
And you haven't pointed to anything in the legal environment that is suboptimal from a technical perspective. You haven't even pointed to anything in the legal environment at all.
Amazon (as a BAA) has certain administrative responsibilities for putting administrative and technical safeguards in place to prevent breaches, and certain obligations and liabilities in the case of breaches. HIPAA and related laws and regulations do not specify the specific administrative or technical safeguards, though they do specify areas that must be addressed.
Amazon has decided that the particular technical arrangement you prefer is too high of a risk, but you haven't pointed out anything that indicates that this is the result of an outdated regulation that results in poor technical choices rather than technology-neutral regulation and a reasonable evaluation of the security concerns of the particular technical arrangement you would prefer.
http://www.npr.org/2015/05/26/409671996/canada-cuts-down-on-...
This is a social science result, not a meme.
It'd be easy enough to show that a future testing regimes increase the market share of domestic self-driving car manufacturers and push the market price up; less easy to show that it wasn't also in the public interest to have that testing regime in place.
Definition: Regulatory capture is a form of government failure that occurs when a regulatory agency, created to act in the public interest, instead advances the commercial or political concerns of special interest groups that dominate the industry or sector it is charged with regulating.
This isn't a political statement as it cuts across both parties, which renders it all the more insidious.
I have worked with engineers that write technical regulations. They are generally focused on doing a good job at the task at hand. To think some mid level person that is hired into a normal job and never meets a politician in their career cares about campaign contributions is asinine.
What do you think the people at NASA and NAVSEA and NIST do all day?
The real byline is in your proposed commitment to trying too improve government process: you don't have any. You think it's hopeless. You're apathetic. Which is what everyone, pushing any agenda, wants from you.
----
GOV: We know this law is overreaching, but we promise we'll only use it the "right" way.
... 2 years goes by ...
GOV: If you don't <plead guilty | accept this plea bargain>, we'll tack on a charge of breaking <this law that is overreaching>, even though you didn't violate what it's supposed to be about, and add 20 years to your sentence.
----
It's seen over and over. The US citizen's distrust of government getting more power than it absolutely needs isn't paranoid, it's based on the actions of the government.
libertarians != anarchists
I say this as someone who has failed to even get a non-form letter answer from any of my elected officials state level or higher. I'm convinced that money is the only way to affect policy.
Google around with terms like forensics and "Volatility" or "Volatility toolkit" and you should find some presentations and other references.
You know what I don't need a case, please find me a jurisdiction in which cold boot attacks have passed forensic certification, e.g. a link to the process like for example from a body equivalent to the ASTM https://www.astm.org/Standards/forensic-science-standards.ht... would suffice.
--
GROUP: The regulation is anti-business, anti-freedom and massively outdated. We should sweep it all away and deregulate this sector as much as possible. The market will take care of the bad companies.
...2 years goes by...
GROUP: Do you know how important it is that this industry survives? Please give us some money to fix it. And some of the behaviour of some companies in our industry is unethical and dangerous and really should be stopped. Why didn't you step in earlier?
a) Previous government experience is highly valuable in private sector employees
b) Government pay is less than this value
b) affects regulatory capture in two ways: it allows civil servants the opportunity to get massive raises by going private (and incentivises them to be nice to future employers) and cripples the recruitment of highly talented individuals who are less dependent on industry advice. I don't think attacking a) is feasible in a modern regulatory state, but b) is readily doable if a government is willing to significantly deviate from standard salary scales for high-value industries. For example, SEC salaries would have to be much, much higher than Department of the Interior salaries. AFAIK, Singapore already does this and has very high talent retention rates. Even within the US government, it isn't entirely unprecedented, since an E-3 Navy special forces operator probably makes 8x the salary of an E-3 Army public relations specialist.
>Materialist capture, also called financial capture, in which the captured regulator's motive is based on its material self-interest. This can result from bribery, revolving doors, political donations, or the regulator's desire to maintain its government funding. These forms of capture often amount to political corruption. Non-materialist capture, also called cognitive capture or cultural capture, in which the regulator begins to think like the regulated industry. This can result from interest-group lobbying by the industry. Another distinction can be made between capture retained by big firms and by small firms.[11] While Stigler mainly referred, in his work,[12] to large firms capturing regulators by bartering their vast resources (materialist capture) - small firms are more prone to retain non-materialist capture via a special underdog rhetoric.[11]
I lived near a small historic town with many buildings standing since the 1850s. Tourism is a HUGE industry that brings in dollars to local businesses. It's in the town's interest to preserve that income, so they mandate color and style codes for new buildings as well as restoring older buildings. This is complemented with many folksy festivals and re-enactments as part of drawing in tourist dollars.
When people balk at these codes, and they do all the time, there are several other larger and modern cities nearby where they aren't restricted in any design sense.
If an industry or contractor balks at these ideas (and they do every now and again) there are several other larger modern cities a few miles away with access to the Interstate and train yards. These don't share the "historic preservation" codes of this little town.
If the town allowed a free-for-all on design it would wreck it's main source of income and likely cause decay over the years as tourism dropped off.
Why don't "tourism people" just pay people constructing buildings to use the colour "tourism people" want? That should be fair to both parties.
> Why don't "tourism people" just pay people constructing buildings to use the colour "tourism people" want?
That implies they could ignore that rule at any time. Reimbursement programs are an increase in paperwork, which many would simply ignore for convenience. This would give the town the "Tragedy of the Commons" problem, erasing it's historic sense (and primary revenue source), and it would become another run-down town like many others in the region.
Is that fair to those who invested heavily in keeping their businesses and homes in that area? Their answer is a resounding "No"
If somebody balks, just like this, there are other more modern and relaxed cities within a few miles that can accomodate their building ideas. These cities even have more access to freeways and trains, so economically it makes sense to put their businesses inside those cities.
Instead, the primary draw towards this town IS it's historical authenticity, and thus the people living there keep it maintained through it's building codes. There is no other reason why a business or homeowner would live in that area, so it makes sense to keep with it's character. If that's too onerous, then perhaps your motivations for building should be reexamined.
