Embed Size (px)
Citation preview
Next generation interconnected Tachograph:
how to address privacy and data protection issues ?
Vincent MAHIEU
JRC
ITS & Privacy workshop on June 12th 2012
Click t
o buy NOW!
PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
Recording Equipment History
1960 - 1970Mechanical Tachograph
Electronic TachographAnalogue Tachograph
Reg. 3821/85
Digital TachographDefined in Reg 2135/98 &
Reg. (EC) 1360/2002 – Annex 1BMandatory since 1 May 2006
Evolution of Recording Equipment of driving times and rest periods for drivers involved inthe professional transportation of goods or passengers.
Click t
o buy NOW!
PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
DriversDriver Card
ControlCard
CompanyCardWorkshop
Card
SecurityManagement
Card Issuing
(Security) PersonalisationCard / VU / Sensor
ManufacturersCard / VU / Sensor
Type approval
FittersWorkshops
Transport companies
ControlBodiesData protectionTACHOnet
Digital Tachograph ActorsClic
k to buy N
OW!PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
INTEROPERABILITY LAB
ERCA - Root Certification Authority TECHNICAL SUPPORT AND EXPERTISE
DT Website
JRC ResponsibilitiesClic
k to buy N
OW!PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
: paired
Hall Effect Motion SensorPulses are sent to the DT, thenconverted to vehicle motiondata after calibration( x pulses = y driven meters)
Ticket Printouts
Real time recording. The driver cardmust always be inserted in the VUduring activity.
DT Functional DiagramClic
k to buy N
OW!PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
• An ideal recording equipment should be• Reliable and Available• Accurate• Safe• Easy to use both for drivers and enforcers• Cost-effective• Maintainable• Respect data protection and privacy• and provides trustworthy information that can be use in court as
evidence of infringement• This calls for special requirement on
• Data Integrity• Data Authenticity• Data Non-repudiation• Business continuity
Concepts of Security and Type-Approval processes
Key CharacteristicsClic
k to buy N
OW!PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
• Driver card: personal and contains all the driver records• Control card: gives access to VU memory• Company card: allow VU memory back-up and archiving• Workshop card: Joker ! Activation, calibration, protected by PIN, contains all logs
Tachograph cards contain activity data, cryptographic keys (1024 bit RSA) andcertificates. Keys and certificates are used for mutual authentication to the Vehicle Unitand generating digital signature on the downloaded data.
Tachograph Cards
The 4 Tachograph smartcards are controllingdata access and protect the security and theprivacy of the personal data.
Click t
o buy NOW!
PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
On-going revision of theRegulation3821/85 governing
the Digital Tachograph
Click t
o buy NOW!
PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
Absence of some information for effective controlAugment the recording equipment with a GNSS/GPS receiver to record the
positions (i.e. geographical coordinates) representing the start and endof the daily work period
• Automatic recording: saving driver’s time, more reliable than manual input• Use of free GNSS signals: position data and accurate time• Cost effective: no exploitation cost, limited cost of the GNSS receiver, limited costfor adapting the software of controllers• Clock synchronization of all recording equipments• GNSS signals can be used as independent source of motion tocorroborate motion sensor signal
Effectiveness of controlGNSS
Click t
o buy NOW!
PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
Insufficient efficiency of roadside checks for compliant driversRemote communication to target vehicles suspicious of very serious infringements
• Transmitted data: mostly events and faults (e.g. “vehicle motion conflict” event)
• The roadside check itself remains unchanged
• Pre-selected technology: CEN 5.8 GHz DSRC used in electronic tolling, largelyavailable
DSRCShort Range Communication
• Costs: DSCR emitter in therecording equipment + roadsideDSCR beamer mobile, on tripodor on an (existing) gantry
• Personal data protection isensured
Click t
o buy NOW!
PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
Technical limitations of the recording equipment InterfacesThe current interface specifications are incomplete or obsolete and limits thedevelopment of ITS solutions/applications by third parties.
Open and standardized access to tachograph data
• Data buffered and refreshed: speed, total distance (odometer), currentposition, date and time. For specific applications: driver identification anddriver activity, driver card insertions
• Applications: FMS, EETS, driver activity interpretations, smart-parkings
The proposal is• technically feasible at low costs, expected by several users• an opportunity to develop ITS applications in an open environment• an added value to the tachograph therefore less seen as only a ‘controlequipment’
ITS InterfaceClic
k to buy N
OW!PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
3 objectives:
• Efficiency and effectiveness by reducing the number of document issuances (applications, delays)• Reduction of costs (to be quantified, as an initial effort is necessary to merge the production and delivery of thedocuments)• Increase in the security, as it is expected that a merged document having higher and multiple values will be lesssubject to illicit exchanges, intentional loss or damage
Various Scenarios:
Driver Card-Driver LicenseMERGING
Click t
o buy NOW!
PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
• Multi apps smartcards have natural architectures and software implementationsguaranteeing full separation of the applications and impossibility of dataexchanges (it is possible, but needs to be specifically implemented)
• It remains that the risks, according to the final scenarios adopted, need to beassessed and quantified
• In the future, in an extended ITS environment, the driving license may becomethe identifier token to provide an e-Identity to the various systems, and acombined document may facilitate the implementation in professional vehicles.
Driver Card-Driver LicenseMERGING
Click t
o buy NOW!
PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
The new technical features that are planned for the next generationaugmented tachograph call for specific provisions, still to be defined, assessed,reviewed and tested, in order to end with a fully compliant recording equipmentregarding Privacy, Personal Data Protection and Security
Privacy and DataProtection issues
GNSS
Limited Use of Location DataStart/End
Access Security
Data Access Right
Records triggering definition
Additional records managedby ITS interface
DSRCCommunication Security
Data Batch Dictionary
Driver Consent / Awareness
Erasure of transmitted files
ITS Interface
Driver Consent / Awareness
Company Consent
Policy for Third Party Use
Liability Issue
Merged CardsTechnically feasible
PIA necessary
Click t
o buy NOW!
PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
• Augmented Tachograph is challenging at Privacy Level
• Provisions to be developed and assessed
• Some solutions are identified, but still need to beconfronted with the reality of the end users
• The augmented tachograph will bring more intelligencein the transport and may become a key element of thefuture on-board platforms, offering a unique solutionfor the future ITS application requiring security andauthentication protocols
CONCLUSIONSClic
k to buy N
OW!PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
www.jrc.ec.europa.eu
Contact:[email protected]
Serving societyStimulating innovationSupporting legislation
Joint Research Centre (JRC)
This is the ENDClic
k to buy N
OW!PDF-XChange
www.docu-track.com Clic
k to buy N
OW!PDF-XChange
www.docu-track.com
