The way we regulate self-driving cars is broken—here’s how to fix it

Last month, an Uber self-driving car struck and killed pedestrian Elaine Herzberg in Tempe, Arizona. The tragedy highlights the need for a fundamental rethink of the way the federal government regulates car safety.

The key issue is this: the current system is built around an assumption that cars will be purchased and owned by customers. But the pioneers of the driverless world—including Waymo, Cruise, and Uber—are not planning to sell cars to the public. Instead, they’re planning to build driverless taxi services that customers will buy one ride at a time.

This has big implications for the way regulators approach their jobs. Federal car regulations focus on ensuring that a car is safe at the moment it rolls off the assembly line. But as last month’s crash makes clear, the safety of a driverless taxi service depends on a lot more than just the physical features of the cars themselves.

For example, dash cam footage from last month’s Uber crash showed the safety driver looking down at her lap for five agonizing seconds before the fatal crash. Should Uber have done more to train and supervise its safety drivers? Should Uber have continued to put two people in each car, rather than switching to a single driver? Not only are there no federal rules on these questions, at the time of the crash the public was completely in the dark about how Uber and its competitors were dealing with the issue.

That was partly because the current administration has a philosophical commitment to minimal regulation. But it’s also because the current legal framework—developed under both Democratic and Republican administrations—isn’t designed to address this kind of issue.

Right now, Congress is considering legislation to exempt tens of thousands of self-driving cars from conventional car safety regulations. It’s a reasonable idea. Those regulations really are a poor fit for fully autonomous vehicles, and the technology is changing so fast that any regulations written today are likely to be obsolete in a few years.

But in exchange for this regulatory relief, Congress should insist on a lot more scrutiny for the testing and deployment of self-driving cars. Driverless car advocates worry, correctly, that premature regulation could hamper the development of this potentially life-saving technology. But officials could do a lot more to promote transparency and provide oversight without hampering progress.

Credit: Waymo

Why conventional regulations don’t work for driverless cars

Federal car safety regulation has traditionally been based on a thick book of rules called the Federal Motor Vehicle Safety Standards (FMVSS). These regulations, developed over decades, establish detailed performance requirements for every safety-related part of a car: brakes, tires, headlights, mirrors, airbags, and a lot more.

Before a car can be introduced into the market, the manufacturer must certify that the vehicle meets all of the requirements in the current version of the FMVSS. A carmaker must certify that the brakes can stop the car within a certain number of feet, that airbags can deploy safely with passengers of various heights, that the tires can run for many hours without overheating, and so forth.

Federal regulations don’t say much about how companies develop and test cars before bringing them to market. In the era of conventional cars, they didn’t need to. Development and testing was generally conducted on private test tracks where they posed no danger to the public. Then car companies would provide the government with documentation that the car met the standards in the FMVSS before putting them on the market.

But that approach doesn’t work for driverless cars. Companies can do some testing of driverless cars on a closed course, but it’s impossible to reproduce a full range of real-world situations in a private facility. So at some point, carmakers need to put self-driving cars on public roads for testing purposes—before a manufacturer is able to clearly demonstrate that they’re safe. In effect, this makes the public involuntary participants in a dangerous research project.

So far, the approach favored by most driverless car advocates has been for federal officials to simply throw up their hands at this problem. Legislation passed by the House last September, and companion legislation currently stalled in the Senate, would carve out broad exemptions from the FMVSS for driverless cars (the legislation would require manufacturers to submit a “safety report” explaining key safety features of fully self-driving vehicles).

Again, there’s some logic to this. It’s true that some FMVSS requirements don’t make sense for fully driverless cars, and it will take years to update the rules.

But updating the FMVSS is neither necessary nor sufficient for effective regulation of driverless cars. It’s perfectly possible to make an FMVSS-compliant driverless car by starting with a conventional car (which already meets all FMVSS requirements) and adding self-driving gear to it. In fact, Waymo is planning to do exactly that for its Phoenix taxi service with a fleet of Chrysler Pacifica minivans.

At the same time, there are many important aspects of running a driverless taxi service that aren’t addressed at all by the FMVSS:

• Protecting driverless cars from cyberattacks not only depends on the architecture of cars themselves, it also depends on the operational security of the systems used to update the car’s onboard software.
• Driverless car safety will depend on the accuracy and timeliness of updates to cars’ onboard maps.
• Companies need a rigorous process for testing safety-critical components on cars in the field and replacing them when they fail.
• Companies need a system for thoroughly investigating crashes and other anomalies and updating the car’s software to make sure problems don’t get repeated.
• During the testing phase, safety depends on the training and supervision of safety drivers.
• Once the commercial service is launched, safety may depend on the competence of staffers overseeing cars from a remote operations center.
• Driverless car companies need plans for dealing with emergency situations and interacting with first responders.

Most of these issues aren’t covered by the FMVSS—and they probably shouldn’t be either. The FMVSS is supposed to focus on objective metrics—like stopping distance—that can be measured in a lab or on a test track. But no numerical measurement can capture how rigorous a company’s cybersecurity policies are or how thoroughly a company performs post-crash investigations.

Moreover, the technology is so new that it would be a mistake to write detailed regulations on any of these topics now.

But what regulators could do is focus on transparency and oversight. If the public is going to share the road with potentially dangerous driverless cars, we should at least have timely and detailed information about how those vehicles are performing and what steps companies are taking to protect public safety.

Credit: Uber

Crash reports could provide an early warning system

At least one state has taken an important step in this direction: California requires companies testing driverless cars to report every time their vehicle gets into a crash. This requirement has produced a steady stream of data about how companies in California are performing.

But most states lack rules like this—in part because competition to attract self-driving car companies has led to a race to the bottom in state safety rules. That includes Arizona and Pennsylvania, two states where Uber has done extensive testing.

In these states, we don’t hear about driverless car crashes unless someone involved tells the media about it. This means that we tend to hear about the most spectacular crashes—like a 2017 incident in Tempe where an Uber vehicle rolled over. But the public has no way of knowing how many other crashes might have occurred that didn’t attract the attention of the media.

For example, last month an Uber car slammed into the side of another vehicle in Pittsburgh, Pennsylvania. The driver of the other car talked to a Pittsburgh television station, which did a segment on the evening news. We noticed that story and did our own reporting on the incident.

It wasn’t the biggest story by any means. No one was seriously injured, and it looks like Uber may not have been legally at fault. But if the other driver, Jessica McLemore, hadn’t told local television stations about it, it’s likely the public wouldn’t have heard about it at all.

Were there other minor crashes in the months before Herzberg’s death—crashes that could have hinted at problems with Uber’s self-driving technology? No one outside of Uber headquarters knows, and that’s a problem. A nationwide reporting system like the one in California would make sure the public knows every time a crash like this occurs. And while California’s system is better than nothing, there’s a lot of room for improvement.

Self-driving car companies gather data about every minute a self-driving car is on the road—data they later load into simulators to test future iterations of the driverless car software. An improved reporting system could require companies to release a lot more data—including video and sensor data—from the seconds before every crash. Independent experts could then examine the data and decide for themselves whether a self-driving vehicle’s behavior contributed to a crash.

We saw how significant this kind of disclosure can be in the Herzberg case. Before the release of the video, we heard from Tempe police chief Sylvia Moir that Uber was “likely” not at fault because Herzberg “came from the shadows right into the roadway.” Once the video was released, however, it became clear that this description was misleading. Even if cameras hadn’t picked Herzberg up, the car’s lidar and radar sensors clearly should have. The debate over Herzberg’s death became far more productive once the public had a chance to see the evidence first-hand.

It would be helpful to see this kind of footage for other recent incidents as well. For example, in December a Cruise car in San Francisco side-swiped a motorcycle after an aborted lane change. Cruise says that the motorcyclist was at fault for zipping into Cruise’s lane before the lane change was even complete. The motorcyclist disagrees and has sued Cruise over the incident.

So who’s right? It would be helpful if the public could see the video footage from the crash so we can judge for ourselves.

A Cruise vehicle was recently ticketed by a police officer who believed that the car had gotten too close to a pedestrian on a San Francisco street. Cruise says the cop is wrong and that the car gave the pedestrian plenty of room—and it has the data to prove it. If that’s true, why not release it? And if companies won’t release this kind of information voluntarily, why not require them to do so?

NTSB investigators inspect the self-driving Uber car that killed pedestrian Elaine Herzberg in March.

Credit: NTSB

A dedicated team should investigate self-driving car crashes

Responsibility for highway safety in the United States is divided between two different agencies. The National Highway Traffic Safety Administration is responsible for writing regulations governing car safety. The National Transportation Safety Board, on the other hand, is an independent agency dedicated to investigating major highway crashes—as well as crashes of airplanes, trains, and other modes of transportation.

After each investigation, the NTSB publishes a report describing what happened and providing recommendations—to carmakers, road designers, and policymakers—about how to prevent future tragedies.

Currently, the NTSB only investigates the most significant car crashes, including last month’s Uber crash in Tempe. But the NTSB doesn’t have time to investigate the vast majority of car crashes—even fatal ones—that happen on American roads each year.

As far as we know, the NTSB hasn’t investigated any non-fatal crashes involving self-driving cars. That’s not surprising given the NTSB’s limited resources, but that could be a big missed opportunity.

The typical car crash doesn’t merit an in-depth investigation because we already know a lot about how and why conventional cars crash. But we currently know very little about how driverless cars perform in the real world. So even if a driverless car doesn’t kill someone, a detailed independent analysis could be very useful.

Crash reports could help policymakers and the general public judge whether a company is doing a reasonable job protecting public safety. Reports could also be useful to self-driving car companies themselves—alerting them to difficult situations their competitors have encountered and allowing them to adjust their software without having to suffer a crash themselves.

Moreover, the wealth of data collected by driverless cars could allow the investigation process to be quite efficient. Rather than having to travel to the site of every crash, an investigator could start by requesting sensor data preceding the crash. Ideally, investigators would have the infrastructure to drop that data into a simulator so they can run through the crash from the office and examine the scene from every angle.

In many cases, the investigator would conclude that the driverless car clearly did nothing wrong—perhaps it was rear-ended by another vehicle. In that case, the investigator could move on to the next case. But if the data indicated the car’s behavior may have contributed to the crash, then she could investigate further.

In addition to investigating car crashes, investigators could also accept tips about erratic self-driving car behavior on public roads. Investigators could ask the company for sensor data from the time of the incident and check to see if the car was doing something dangerous.

Over time, these investigators would become some of the leading external experts on the behavior of the companies whose cars they were investigating. They could serve as an early warning system if a particular company’s cars are behaving more erratically than others.

Credit: Waymo

Driverless taxis make post-sale testing impossible

Anyone can buy a conventional car and perform safety tests on it. Academic researchers, government regulators, and other independent experts can take a car apart, measure its emissions, probe it for computer security flaws, and subject it to crash tests. This means that if a car has problems that aren’t caught (or are even covered up) by the manufacturer, they’re likely to be exposed by someone else.

But this kind of independent analysis won’t be an option when Waymo introduces its driverless car service later this year. Waymo’s cars won’t be for sale at any price, and the company likely won’t let customers so much as open the hood. This means that the public will be mostly dependent on Waymo itself to provide information about how its cars work.

That’s particularly troubling because companies are under a lot of pressure to get their product to market quickly. In that kind of competitive environment, there will always be a temptation to cut corners.

An obvious way to mitigate this problem is to require companies to make detailed disclosures explaining how safety-critical aspects of their cars work—ideally with enough technical depth that independent experts could evaluate them.

For example, one key principle for designing driverless cars is redundancy. In a report filed last October, Waymo reported that its cars had redundancies in all of its safety-critical systems, including the main computer, braking and steering systems, power supply, and so forth. But the report devoted only a half-page to describing the system—safety advocate Henry Jasny described the document as “essentially a sales brochure.”

General Motors filed its own safety report in January, and it had a similarly paltry amount of detail about how the car’s safety features actually worked.

NHTSA could ask Waymo, Cruise, Uber, and other companies with significant testing programs to provide much more detailed documentation about this aspect of the car’s design. NHTSA could then evaluate these filings and produce a public report about the relative strengths and weaknesses of each company’s approach.

This kind of report wouldn’t have to be legally binding to have a significant effect. For starters, the requirement to disclose these details would force executives to focus on whether they have, in fact, made adequate provisions for safety. It would create an opening for safety proponents inside the company to press their case.