Last week, Covington dispatched a team of connected and automated vehicles (“CAV”) practitioners to participate in the Mcity Congress, in Ann Arbor, Michigan. Lawyers from our Technology and IP Transactions, Public Policy, Product Safety and Liability, and Insurance practice groups presented a series of observations and insights around mitigating liability in the CAV industry, and we saw first-hand what’s happening at the cutting edge of CAV technology.
Mcity at the University of Michigan is a public-private partnership designed to lead the transition to CAVs. In addition to leveraging Michigan’s leading technology and behavioral science research capabilities, Mcity is home to a one-of-a-kind CAV test facility, which industry, government, and academia use “to improve transportation safety, sustainability, and accessibility for the benefit of society.” Covington is proud to be an affiliate member of Mcity, partnering with industry stakeholders, public entities, and academics to examine the constellation of issues surrounding CAVs.
We appreciated the opportunity to share our expertise in an industry so central to many of our clients at the intersection of technology, transportation, mobility, and entertainment. We presented views on how to mitigate legal liability in an extremely dynamic market, and considered potential transactional, product liability, insurance and state and federal regulatory models to best address emerging liability risks. We also had the opportunity to meet innovators and leaders in transportation technology and planning, including Silicon Valley entrepreneurs, Detroit manufacturers, urban planners, and academic researchers. We attempt to distill key takeaways here:
1. Industry Is Not Waiting for Regulation — or Clarity on Liability
Since the U.S. House of Representatives passed “highly automated vehicles” legislation, the SELF-DRIVE Act, more than one year ago, there has been little legislative progress in the Senate or otherwise. Similarly, while the federal Executive Branch has continued to advance guidance, see Preparing for the Future of Transportation: Automated Vehicles 3.0 (“AV 3.0”) and proposed rulemaking, see 83 Fed. Reg. 50,872 (Pilot Program for Collaborative Research on Motor Vehicles With High or Full Driving Automation), its guidance continues to take a “light” regulatory form, which focuses on removing regulatory barriers to private sector innovation and a potential new pilot program for testing CAV on the roads, rather than erecting new mandatory rules. NHTSA has made clear, however, in its ANPRM, that it is preparing for highway CAV and will exercise its broad federal safety regulatory authority, including over software providers of products and services used in CAVs. Id at 50,875.
States have stepped into the relative void left by Congress and the Administration. California, for example, has developed regulatory pathways for permitting driverless vehicle testing, without passengers (California Department of Motor Vehicles), and with passengers (California Public Utilities Commission). Other states, such as Arizona and Nevada, have pursued a more hands-off approach, allowing CAV companies to pursue research, development, and testing with few regulatory requirements. And others still, such as Pennsylvania, have taken a middle-of-the-road approach, providing a framework for voluntary compliance with regulatory guidelines.
While regulatory guidance emerges as a patchwork of various state-level regulations, innovators have launched products and are driving millions of miles — actual and simulated — in self-driving cars. Given the dearth of official guidance, some leaders in the CAV space have expressed an interest in and are indeed developing a set of industry-led standards for interoperability and safety. Mobileye’s “Responsible Sensitive Safety” initiative, or “RSS,” is one such example. Intel, which announced its acquisition of Mobileye in March of 2017, calls RSS a “vetted nonproprietary industry safety model,” which would allow for vehicle interaction designed with consumer safety in mind. This is the type of approach that might help to eventually inform more formal modes of regulatory design and policy making.
Similarly, while the standards for liability in a CAV world remain uncertain, leaders in industry are hardly waiting for courts to issue decisions providing more guidance. This may be an opportunity for innovators in CAV technology, law, and public policy to consider developing their own legislative models for CAV liability and insurance standards. For example, in light of public benefits from CAVs such as enhanced accessibility for the elderly and disabled, as well as the overall reduction of traffic accidents from human error, the CAV industry could work with Congress to develop an accident compensation scheme analogous to the federal Vaccine Injury Compensation Act or the anti-terrorism SAFETY Act; Covington has been deeply involved in crafting such programs as alternatives to tort law compensation mechanisms. Absent such a liability-mitigating federal program, many states can be expected to extend mandatory no-fault insurance laws to CAVs as a first-instance accident compensation scheme; but product liability under the current legal framework, with its attendant high transaction costs, will likely remain a risk exposure for the CAV industry at least for the near term. Accordingly, not only current auto insurance policies, but also insurance products for cyber and product liability risks, will need to adapt to provide appropriate loss protection and risk distribution for the CAV industry and individual vehicle owners. At the same time, CAV companies are routinely negotiating liability- and risk-shifting terms in their partnership deals, which are prevalent in the CAV industry. CAV companies also are considering how models for service terms that apply to riders can be adapted for the new issues that arise with CAVs.
2. Cybersecurity Risks Are More Serious than You Think
Cybersecurity and data protection have consistently emerged as challenges with any new technology. But with the prospect of connected and automated vehicles carrying passengers at scale, this cybersecurity challenge presents potentially devastating implications for our digital infrastructure and our physical safety. Mcity reinforced the importance of designing vehicles with cybersecurity risk in mind. It has been well-known for some time that vehicles are vulnerable to traditional short- and long-range wireless attacks, such as “buffer overflow,” which can manipulate CAVs’ use of cellular or bluetooth communications technology to force vehicles to download viruses or other code through the Internet. See, e.g., Checkoway, Comprehensive Experimental Analyses of Automotive Attack Surfaces (2011). We explored these threats at Mcity, but we also discussed some emerging research in the field of non-Internet vehicle vulnerabilities. For example, CAVs’ increasing reliance on computer vision (whether a combination of radar and camera, or LIDAR) may increase their exposure to “analog” threats, such as beams of acoustic or radio waves designed to disrupt CAVs’ ability to see and understand the road.
Governments are aware of these vulnerabilities. In August, 2017, for example, the UK’s Department for Transport (DfT) issued Key Principles of Cyber Security for Connected and Automated Vehicles. Similarly, NHTSA’s AV 3.0 asserts that “[i]t is the responsibility of ADS [automated driving systems] developers, vehicle manufacturers, parts suppliers, and all stakeholders who support transportation to follow best practices, and industry standards, for managing cyber risks in the design, integration, testing, and deployment of ADS.” The Federal Trade Commission and the Federal Communications Commission have similarly acknowledged and studied the risks associated with dedicated short-range communications (DSRC), and other vehicle-to-vehicle, vehicle-to-road, and vehicle-to-infrastructure (collectively, “V2X”) technologies that could provide additional unique channels for potential cyber attacks. Clearly, the level of coordination required between local, state, and federal authorities is significant, and will present continuing safety — and corresponding liability — challenges for private sector actors.
3. Autonomy Will Come in Fits and Starts — But for the Skeptics, It’s Already Here
Perhaps the most meaningful takeaway was the most obvious one: the self-driving future we’ve all been waiting for is already here. As we participated in the Mcity Congress, a Level 4 automation Mcity shuttle could be seen through a large window in the conference center driving itself on its scheduled rounds through the campus.
No doubt much more is to come. Many members of Mcity and other presenters, notwithstanding their achievements, nonetheless framed their discussion within the context of the early stages of an industry. For example, mapping and sensing technology companies championed their work to map the world around them at a resolution of one centimeter — and then they challenged themselves to re-map the same roads, and cities, and regions at a granularity of one millimeter. Similarly, vehicle vision technology, is continually being refined, upgraded, integrated, and reinvented. Over-the-air updates are one manifestation of the inflection point in which the industry finds itself: whereas improvements in braking or vehicle range would have ordinarily required a mechanical intervention, or at least a visit to a service center to receive an electric control unit upgrade, users can now download these fixes directly, and wirelessly, from the Internet.
The bottom line is that CAVs already have taken to the roads, albeit largely under human supervision. And, in the spirit of Mcity, they’ve taken to the roads in intentionally challenging scenarios. As Mcity’s Director, Dr. Huei Peng suggested, the industry should not be focused on the “boring” miles; only “interesting” miles, Dr. Huei explained, involving complex traffic, weather, geographical, or otherwise challenging situations will push operating boundaries, and allow CAVs and CAV developers to learn new skills and gain new abilities.
Given all of the investment, enthusiasm, and technology development pouring into this space, we are confident that the law and regulation will continue to evolve at an accelerated clip. CAV companies will want to work with each other to develop technology and innovate on business models; they’ll want to engage collaboratively with regulators and lawmakers to establish the right industry policies; and, ultimately, they’ll dedicate themselves to understanding their customers and delivering the best technology products in the market. As we work with our CAV clients, we will continue to monitor those changes in the law, help clients to craft their commercial transactions, and navigate emerging legislative, regulatory, liability and insurance issues. To that end, we will have more to come right here. In the meantime, please see our previous updates focused on connected and automated vehicles for additional insights into the future of mobility.
 See NHTSA, Automated Driving Systems 2.0: A Vision for Safety (Sep. 2017) (“In this document, NHTSA offers a nonregulatory approach to automated vehicle technology safety.”) Note NHTSA’s clarification that “AV 3.0 builds upon — but does not replace — voluntary guidance provided in Automated Driving Systems 2.0.” AV 3.0 at viii.