Protecting location privacy of drivers

As background to this one. you might want to read the more general article we just wrote for the Huffington Post on why we call for a national dialogue about (and promise for) location privacy. Below are some specific ways we might technically provide location privacy in for cars.

We start with what we consider to be the gold standard:

A privacy-preserving taxing protocol should reveal the minimum possible amount of information needed to achieve the policy goal, in this case the amount of tax owed.

Most current systems (e.g., E-ZPass) operate on the "trust us" model:
the government promises to properly respect the security of the driver, but collects potentially invasive information. But we all know, there just aren’t any “trusted third parties” that can be trusted forever. And we don’t need to rely on them.

For some kinds of applications, simply having a tamper-resistant device in the car that calculates the tolls and reports only the amount owed would suffice. Such a device could be auditable (so that drivers could know that the device is not secretly delivering information about their position) and equipped with a self-destruct feature (to erase location information) so that the driver could hide her information if necessary (perhaps at a cost of paying an excessive "default toll").

But wouldn't it be great if the tolling and traffic software could run on any smartphone? For this kind of setup, there are more sophisticated solutions available. One of the truly amazing aspects of modern cryptography is that it makes it possible to design protocols for mutually untrusting parties to act as if there is a trusted third-party mediating, without actually requiring such a third-party. For instance, electronic cash allows people to pay bills anonymously and untraceably, but in a way that assures merchants that they are actually getting paid (it's hard to forge). Anonymous credential systems allow individuals to prove that they are authorized to access certain data or enter particular areas without revealing their identity. We need to demand that these sorts of protections are required and part of any future road pricing systems.

Cryptographic protocols can be designed to allow the government to collect taxes, detect infractions, and record aggregate traffic statistics without violating the privacy of drivers. For a more comprehensive discussion of such solutions, see here. The big contractors likely to be involved in designing and implementing the road pricing systems (e.g., IBM and Siemens) have on staff some of the finest cryptographers in the world. Requiring such protections would pose no substantial obstacle to the technical adoption of a mileage-based system.

This post was co-authored by Andrew Blumberg.

Photo by Gerlos.

If I were CEO of a Big-Three Car Company

Fast Company, April 2009, published 25 Ways to Jump-Start the Auto Industry. Here is what I sent them, found alongside the other ways.

"Let's assume the bailout solves the immediate cash crisis. Now what? First, I'm going to ask Congress to raise the price of gasoline. I need to be assured that there will be enough demand out there to merit an investment in more fuel-efficient cars. If our gas prices are in line with those of other countries we like to sell cars to (perhaps starting in 2011 when my new cars will be coming off the line), I'll be confident that consumers will embrace these new cars.

Next, I'm going to start experimenting with new product and service models. We recently passed the tipping point of 50% of the world's population living in urban areas. 'One adult, one car' doesn't work in congested and parking-scarce urban environments. Let's expand beyond manufacturing and selling cars to selling transportation as a service.

I'd take 10% of my current R&D budget and put it into a venture fund. I'd finance startups, experimenting in areas where I lack core competency: truly alternative vehicles; services that relate to car maintenance and in-car experience; services that conceive of the car as one node in the larger transportation network; and ideas that leverage my cars and my consumers as a means of collecting data or marketing other in-car services. This is a smart use of my money because I would be investing alongside others instead of financing all the R&D in-house. In the process, I'd gain firsthand insight into a whole realm of business models that might be my future.

Third, I'd definitely stop fiddling with closed, proprietary wireless technology inside my cars and immediately introduce a generic wireless platform into every new car. A standard feature of this platform is the ability for owners to access critical car information remotely. I'd send owners text and email updates telling them about their fuel and battery levels, when it's time to change the oil, and when the car received an unusual bump while parked. This would tie car owners to my company, provide dealers an ongoing revenue stream for maintenance and repair, and give me insight into exactly how consumers use (and abuse) my vehicles. I'd also develop a device that could be easily installed into cars already on the road so I'd have more owners participating.

This wireless platform lets me farm for ideas. As an open system, it would attract the minds, money, and efforts of thousands of innovators to think up desirable applications that a person with a screen in a car might find useful. This platform would be like my PC: Car owners could download any apps they find useful. I'd let the loser applications or those with no revenue model muddle along, and I'd buy up the winners.

By mitigating our investment risk and placing lots of low-cost and low-risk bets, we'd bring the Big Three into the future."

The Anatomy of Sharing

I just wrote a new talk to be given in full form in Seattle in the middle of March, that I previewed in a 6 minute 40 second version (Pecha Kucha) last week here in Boston (wish that had been taped!). It really held people's attention. This structure does a nice job clarifying where sharing has come from, its current technology-enabled potential, and how and where 2.0 is game changing. Here are the cliff notes (anecdotes, jokes, and facial expressions excluded).

Types of sharing:

Simple sharing (personal): My stuff shared with my immediate trusted friends typically unplanned and so by luck. Think food, books, the spare bed, the car.



Simple sharing (corporate): Company’s stuff, shared with usually anybody who is willing to pay for it. Company distributes its resources across a geography (or it might be virtual). Think hotels (formalized bed sharing), public libraries (books), cars (of course). I was struck by the fact that when looked at in this light, Zipcar wasn’t that innovative. On the other hand, I guess I’ll take credit for the fact that no one had previously thought you could easily (and profitably) share cars. Technology was required for that breakthrough.


Upsides: Pay for only what you use. Distributed locations expand access. No responsibility when not yours. Users might come up with interesting innovations if owner is open to it.

Downsides to this kind of sharing: company has to place the assets in the right place (see poor green guy in bottom left whose need is unmet?) and the assets need to be adequately used to merit their existence (lots of red dots with no takers, unfilled hotels and resorts).

Collaborative and Distributed Sharing (personal): Our (those who choose to participate) stuff shared with just about anyone. Think Flickr, Facebook, GoLoco, couchsurfing (and lots and lots of others).


There are some distinctive aspects of 2.0: Messier and less predictable sharing. Requires much less “stuff” than if everyone had to own their own (this applies to corporate sharing as well). Lower threshold to reap benefits since all the assets are “excess capacity.” This reduced ROI demand has some important implications: the sharing can succeed in more ecosystems, a faster uptake (both supply and demand)is possible since threshold to participation has been lowered. Where there are intangible (non-monetary) benefits to be had, these are likely to be captured, valued, and enjoyed, again because of lower investment to participate.

Can we have the “collaborative and distributed sharing (corporate)”? I believe we can, which is what I was arguing for in my blog on Cooperative Capitalism.

A critical piece to the anatomy of sharing is to think about not only the assets (and where there is excess capacity), and the demand for them, but also about the platform itself, that enables this participation. In the olden days, these transactions were difficult and so sharing didn’t happen. In these new technology-facilitated days, beautiful platforms make for very “greasy” platforms – easy and quick participation.