November 23, 2017

On distracted driving and required phone searches

A recent Arstechnica article discussed several U.S. states that are considering adding a “roadside textalyzer” that operates analogously to roadside Breathalyzer tests. In the same way that alcohol and drugs can impair a driver’s ability to navigate the road, so can paying attention to your phone rather than the world beyond. Many states “require” drivers to consent to Breathalyzer tests, where that “requirement” boils down to serious penalties if the driver declines. Vendors like Cellebrite are pushing for analogous requirements, for which they just happen to sell products.

Cellebrite Touch

How exactly might a technology like this work? We don’t have any specifics, but we can look at Cellebrite’s other products and training services to get a sense of it. For example, Cellebrite offers “content transfer services”, and they have a three-day training course that goes into detail on how to analyze a SQLite database and how to work around passcodes and passwords.

This sort of forensic investigative technology is entirely appropriate when a judge has issued a warrant, meaning that there’s probable cause and a particular description of the place to be searched. Translating the language of the Fourth Amendment to a smartphone, each app should hopefully constitute its own “place” for which there needs to be probable cause. But what about a roadside traffic stop, or the aftermath of an automobile accident? Does the investigating officer have probable cause and a particular app to search? Our legislators are dancing around this issue by assuming Cellebrite and their competitors can create a magic wand that somehow indicates “yes, texting happened here in the past N minutes” or “no texting happened here”. That magic wand would then generate the probable cause for a more invasive search, in the same way that a drunk driver’s slurred speech or breath smelling of alcohol can create probable cause for further investigation.

In the real world, we would expect an unacceptably high error rate with any sort of “textalyzer” magic wand. Consider, for example, a magic wand that doesn’t look into the phone at all, but instead measures the recency of SMS and MMS texts using information from the cellular carriers. A cellular carrier can certainly confirm that there was an inbound text, but it has no idea if it was read visually on the smartphone screen, if the car pronounced it out loud through the stereo system, or if it was quietly stored in the phone, unread by the driver. Similar, a cellular carrier can’t know whether a response text came from a hands-free voice recognition feature or via the smartphone keyboard. Furthermore, a carrier-based magic wand would be completely unable to measure texting apps that use Internet-backed services (e.g., Facebook Messenger, Apple iMessage, Google Hangout, Twitter, Whatsapp, YikYak). Those communicates are, or should be, encrypted, making it difficult to distinguish background app traffic, going on all the time, from the foreground actions of a user.

Building a better magic wand would require extracting the various apps’ databases, and that in turn would require an increasingly invasive tool. These databases aren’t necessarily readable through external USB protocols like MTP or PTP (media transfer protocol, picture transfer protocol). Apps can keep their databases in private storage, and may well encrypt them. If you want a foolproof magic wand, then you’re going to need mandated backdoors, as we’ve discussed in the FBI vs. Apple case, with all the attendant downsides that go along with such technologies.

Food for thought: one way that Cellebrite’s tooling might be able to work around these issues is to use root-level exploits, wherein they would sideload their own app, become root, then extract the data they want. This means that phones with up-to-date security patches might well defeat Cellebrite’s magic wand. What happens at a traffic stop if the magic wand responds, “sorry, I’m not able to see inside this phone”? What happens when somebody engineers a smartphone app that specifically knows how to lie to Cellebrite’s magic wand or destroy the evidence that it looks for?

Technological alternatives

Given that distracted driving is a serious concern, we need to propose a serious alternative to these sorts of “magic wand” technologies, given their inherent inaccuracy, unacceptable invasiveness, and at-best questionable constitutionality. The best solution is the one that’s already happening: Apple CarPlay and Android Auto. You plug your phone into your car, and your phone gets to hijack the car’s stereo system and touchscreen. This gives you an an experience that’s engineered for safe use in the car: simplified interfaces with large buttons and extensive voice recognition support. Android Auto, for example, provides specific APIs for third-party developers that want to implement music or messaging apps, wherein those apps can’t do much more than tweak the colors and icons. Only built-in apps from Google are allowed to do more; everything else from third-party developers is forbidden. Furthermore, your phone’s screen is “locked out” when it’s connected to the car. The driver get a limited but safe experience.

How safe? These systems from Apple and Google are specifically engineered to meet Federal requirements with regard to minimum font size, maximum distraction time, and so forth. Below is a photo of a Google engineer styling some “occlusion glasses”, wherein they test whether desired functions can be accomplished with only a quick glance. More on Android Auto’s compliance with regulatory requirements can be found in a Google I/O video from 2014, starting around 17 minutes in. Suffice to say that Google and Apple are investing serious resources to solve the problem.

Google engineer with occlusion glasses

What about older cars? Some degree of retrofitting is available via third-party head units, but those tend to be expensive, higher-end models. Regardless, market forces and the general turnover of older cars will eventually take care of the problem, with virtually every car manufacturer already shipping these features today. Furthermore, car manufacturers and others could certainly engineer more affordable console upgrades to their older cars, and a modest amount of regulation could help nudge them along. How about a tax credit to replace an old car stereo with a new one that supports Android Auto and Apple CarPlay? Save lives and get a better car stereo at the same time? Score!

Rather than trying to ban texting in cars and use invasive “textalyzer” magic wands to enforce it, let’s instead take engineering steps to solve the essential problem of safely interacting with a smartphone while driving. With better engineering of the automotive smartphone experience, drivers will be happier, privacy will be preserved, and all it will cost is making more engineers rock those stylish glasses.

Comments

  1. The above analysis seems sound, and I agree society would benefit by adapting technology so that users can perform the tasks they want to do in a manner safer than is possible today.

    On the other hand, the real problem here isn’t technological at all. Rather, it’s the abominable social contract we’ve made as and with drivers in the first place, in which it is possible to harm or kill someone and call it an “accident”.

    Barring some demonstrated external effect that wrested control of the car from the driver — mechanical failure of the car that was outside the driver’s control (i.e. not simply running out of fuel, or failure in a system that the driver themselves caused through neglect, poor maintenance, etc.), a faulty traffic signal, another driver’s error, etc. — driver’s should be expected to maintain control of their vehicle in such a manner that they can ensure the safety of others.

    I’m so sick and tired of seeing excuses like “the sun was in my eyes” (really? then you need to pull over, or at the very least slow to a crawl, to ensure you can stop the vehicle within the distance you’re able to see), or “I didn’t notice the light was red” (even though that is the entire point of having a driver in the car…to see the things that matter), or “I sneezed” (an excuse that shouldn’t work even once, but which seems to be used regularly), or whatever.

    If we were to hold drivers accountable for their own actions, requiring them always, at every moment they are in control of a vehicle, to ensure that vehicle is piloted safely, we wouldn’t need all these other one-off laws to try to deal with the *specific* ways drivers fail to fulfill their ethical obligation. It wouldn’t matter whether they drove into the shoulder or ran the light or whatever because they were texting, sneezing, changing the radio station, checking their watch, or eating a bowl of cereal. The fact that they caused a collision with no external influence to explain the collision would be sufficient evidence enough, and we wouldn’t need to even bother to check their cell phone.

    It really shouldn’t matter what *specifically* they were doing other than driving that led to them harming or killing someone. That they were *not* doing what they were supposed to be doing — that is, maintaining positive, safe control of the vehicle at all times — and the evidence of that being simply that the collision happened (because drivers who do what they’re supposed to don’t have unexplained collisions), ought to be sufficient, negating any need for searching a phone.

    • Harry Johnston says:

      Well, that depends on whether you want to actually make things safer, or just take revenge on people for not being infallible.

  2. Some Guy says:

    What happens if a driver is asked to surrender their phone and the driver responds by saying “I don’t have a cell phone” (or ” I don’t have it with me”)?

    Since it’s often assumed that everybody has one, would claiming that one doesn’t result in a cursory search to “make sure?”

    If no phone is visible in plain sight there would not be probable cause to search for a phone (unless it rings during the stop), so such a search would be illegal but if all a driver has to do to avoid a government intrusion of their phone is claim to not have one with them then a law mandating the use of a “textalyzer” will either be largely-unenforceable or result in a lot of illegal searches.

    • >>What happens if a driver is asked to surrender their phone and the driver responds by saying “I don’t have a cell phone”

      The pigs will beat him up and murder him if he resists.