Jeff Roberson/AP Photo
The push for ISA systems demonstrates how rapidly federal regulators and the public at large have accepted vehicles that increasingly rely on software.
On November 14, the National Transportation Safety Board (NTSB) announced that it was calling on the National Highway Traffic Safety Administration (NHTSA) to mandate anti-speeding technology, otherwise known as intelligent speed assistance (ISA) systems, in newer vehicles. The systems use GPS location data, speed limits, and onboard cameras to force cars to drive below the posted speed in particular areas.
This follows a trend of NTSB favoring technological interventions, such as their 2022 recommendation to equip all cars with breathalyzer devices, which block the ignition until the driver passes a blood alcohol test.
The NTSB is an investigatory agency that looks into significant accidents in aviation and on the highway. But the Board is charged with making safety recommendations, though it does not have regulatory authority of its own. The NTSB’s recommendation to NHTSA, which does have the ability to implement an ISA system, has an understandable appeal. As vehicles have become larger in size and greater in weight to accommodate consumer tastes, the laws of physics have turned them into far deadlier machines.
But the push for ISA systems demonstrates how rapidly federal regulators and the public at large have accepted vehicles that increasingly rely on software, even as such features are not subject to the same rigorous testing standards as accident and crash safety functions. In addition, mandating ISA would give up control of vehicles to software that may not be as reliable as advertised.
NTSB’s recommendation follows an investigation that has been under way since last year. In North Las Vegas, on January 29, 2022, a 2018 maroon Dodge Challenger jetted through the intersection of North Commerce Street and Cheyenne Avenue at 103 miles per hour, more than double the posted speed limit. Blowing through a red light, the Dodge driver—impaired by a cocktail of alcohol, cocaine, and PCP—and his passenger collided into the right side of a Toyota Sienna minivan, which had seven passengers aboard. Several vehicles on the same street as the Sienna subsequently crashed into one another. In the end, the seven passengers aboard the minivan and the driver and passenger inside the Challenger all died.
In March 2022, NTSB launched an investigation into the deadly crash. While there are around 43,000 car accident fatalities each year, a spokesperson for the NTSB told the Prospect that they annually investigate approximately 15 to 20 highway accidents.
When asked about the criteria for evaluating an NTSB automotive investigation, the spokesperson responded: “NTSB looks to investigate crashes that highlight an issue that has nationwide implications for safety. We also look to investigate crashes that may highlight a safety concern with a new or emerging technology … We also regularly conduct safety research reports on important issues regarding highway safety, such as the prevalence of drug-impaired driving, pedestrian safety, and bicycling safety.”
While underscoring ISA systems as a priority, NTSB Chair Jennifer Homendy referred to the North Las Vegas crash in a statement: “This crash is the latest in a long line of tragedies we’ve investigated where speeding and impairment led to catastrophe, but it doesn’t have to be this way … What we lack is the collective will to act on NTSB safety recommendations.”
In part because they are so rare, NTSB investigations do carry expectations that the inquiry will translate into action. Aside from the drugs in the driver’s system and high speeds, NTSB also concluded that the accident was exacerbated by “Nevada’s failure to deter the driver’s speeding recidivism due to systemic deficiencies, despite numerous speeding citations.”
In part because they are so rare, NTSB investigations do carry expectations that the inquiry will translate into action.
The Insurance Institute for Highway Safety, a nonprofit research hub for the auto insurance industry, echoed the NTSB’s recommendation. “Regulation would get ISA into as many vehicles as possible as quickly as possible, making the greatest impact and saving the most lives,” the IIHS said in a statement.
But NTSB’s reliance on technological solutions for reducing driver speeds has raised concerns.
Heidi Simon, director of the transportation advocacy program Thriving Communities, a project of the nonprofit Smart Growth America, told the Prospect that technological tweaks alone cannot make streets safer. In the case of North Las Vegas, driver impairment was a clear factor. Simon also suggested that the accident happened at a dangerous intersection with multiple lanes. (The east/west street in North Las Vegas was six lanes.)
Meanwhile, the Alliance for Automotive Innovation, a trade association for the industry, told Fast Company: “While vehicle technology can play a role, we’ve advocated for a continued emphasis on transportation policies that focus on driver education and awareness, strong laws and law enforcement, and infrastructure investment.”
It’s unsurprising that the auto industry is reluctant to adopt expensive technology. And nobody in their right mind is going to take a pro-speeding or pro–car accident stance. But those usual factors in resisting regulation make it difficult to illustrate the potential for cybersecurity risks that would follow from cars being able to be remotely controlled.
Paul Roberts, founder of Securepairs.org, an organization of information technology and cybersecurity professionals who support the right to repair, told the Prospect that even five years ago, it would have been unheard of to imagine NHTSA with the capabilities of ordering cars to prevent speeding through software.
He continued: “On the other hand, NHTSA is allowing Tesla and Cruise to basically put vehicles on public highways that allow hands-free driving, without any formal vetting process around the integrity of those features, without any assessment of the cybersecurity risks associated with them.” Even if it were fully mandated by NHTSA, Roberts expressed doubt that the automakers and various entities up the software chain should be empowered with such data.
While the capabilities of ISA sound like a magic-bullet solution for combating road fatalities, Roberts warned that if the automakers are capable of interfering with a vehicle’s most basic functions, malicious actors are empowered with the same capacities too. “You’re opening a Pandora’s box here,” he said.
He explained that even if access to such critical data was restricted to the automaker, it still presupposes immense trust in the industry’s cybersecurity protocols. Roberts pointed to a study, “Web Hackers vs. the Auto Industry,” written by fellow cybersecurity expert Sam Curry, exposing vulnerabilities in more than 15 million vehicles. Roberts said he cited Curry’s research at a House Judiciary Committee hearing earlier this year.
ISA systems in themselves are not inherently bad, Roberts explained. But by not subjecting the software inside vehicles to similarly strict standards that cars face for crash safety features, he said, consumers are less safe from cybersecurity threats in the long run.
When I asked the NTSB if they had considered the cybersecurity risks of ISA systems, they responded, “We are not concerned about this issue at this time.”
