You can almost physically feel the tension between public safety and individual privacy as you read the Driver Safety Performance History regulation. Like a tug of war between well-matched opponents, the language is kept taut, pulled left with words like inquire, review and provide then right by terms like written authorization and rebuttal. The effort to achieve a balance between society's need for safety and security and the long-assumed rights of the individual is evident on every page.
According to the Federal Motor Carrier Safety Administration (FMCSA), finding a means to help enhance public safety while still respecting personal privacy was precisely the regulation's intent. During the rulemaking process, the agency noted that, “The objective is to improve the quantity and quality of investigations made to previous employers, as well as the quantity, quality and timeliness of background driver safety performance information provided to prospective employers. This should foster more informed employment judgments about the safety risks of potential new employees while affording drivers the opportunity to review and comment on the accuracy of the information provided by previous employees.”
In fact, when the “Investigations and Inquiries” FMCSA regulation (391.23) went into effect in October of 2004, it generally caused little stir among carriers or their drivers, perhaps because it simply standardized what were already considered “good business practices” for many fleets accustomed to dealing with fleet safety and personal privacy issues as a matter of routine.
“We made a few procedural changes and small changes to our job application form,” recalls Jim Dunn, executive vp and safety manager for flatbed carrier Davis Transport of Missoula, MT, “but we have always been very responsive to requests from other carriers for performance information about drivers. Now we won't provide information by telephone anymore. Instead, we only respond in writing and only after we have a signed release from the driver authorizing the transfer of his or her information.
“I have not talked with any drivers who seem overly concerned with the new system,” Dunn adds. “In fact, I haven't heard anything good or bad about it. We do a newsletter for our drivers and also send out safety bulletins to make sure they are aware of new regulations or other changes that may impact them personally. That probably helped smooth the transition.
“I believe it is true that, prior to the regulation, there were carriers who would only provide dates of employment when another carrier made inquiries about a driver,” he notes. “They probably didn't want to say bad things about a driver because they worried they'd have to go to court to prove them if a driver was denied employment based on the information they provided. Now, Congress has granted limited liability to the employers providing and using this information as long as it is correct, and there is also a special new process for drivers who want to challenge the information in their records.”
Like Dunn, Randy Cornell, vp. of safety for Missouri-based Contract Freighters, Inc., says that implementing the new procedures was a “non-event” for their company as well. “The new procedure is really not very different from what we did before the regulation,” he says. “We are still using the same recordkeeping system we always have, for example. We're just retaining some information like drug and alcohol testing results longer and adding some additional documentation to the files.”
“I don't believe this has hurt carriers or drivers,” observes Dunn. “The bottom line is that the new procedures help us work together to wash bad drivers out of the trucking industry, and that is a big plus for everyone.”
The Driver Safety Performance History Regulation
There are really two sets of requirements for fleets: one applies to your fleet when you are hiring a driver and the second applies when another carrier asks for information about a driver who is or was employed by your company.
Here is a checklist of the requirement basics. For complete information, go to www.fmcsa.dot.gov/rulesregs/fmcsr/reg/391.23.htm:
When hiring a driver, fleets must:
·Inquire about the applicant's driving record during the preceding three years with each state driver record agency in which the driver applicant held a motor vehicle operator's license or permit.
·Request information from all previous employers who hired the applicant to operate a commercial motor vehicle within the past three years, beginning from the date of his or her application to your company.
·Provide the previous employer(s) with the driver's written authorization to obtain his or her Safety Performance History (often done via a signed release form).
·Provide the applicant driver with his or her previous employer records within five days of receiving a written request from the driver or within five days of having received the Safety Performance History if the driver's request arrives before you get the report.
·Before the hiring decision is made, notify the driver applicant in writing of his or her rights in this process, including the right to review his or her Safety Performance History and submit a rebuttal or request for the correction of any erroneous information. Your company must do this for all driver applicants, even those you do not hire.
·Place the replies to these investigations with states and prior employers in the Driver Investigation History File.
When asked by another carrier for information about a driver who is or was in your employ over the past three years, fleets must:
·Provide the required information in writing within 30 days of receiving the request. This includes:
a) Verifying that the applicant worked for your company and the dates of employment;
b) Any information concerning the driver's alcohol and drug use history over the past three years, specifically any violations of DOT alcohol and drug use regulations;
c) Information indicating whether the applicant failed to complete a substance abuse rehabilitation program if one was prescribed;
d) Information indicating whether the driver illegally used alcohol or other controlled substances after having completed a prescribed rehabilitation program;
e) Information about any accidents (as defined in the regulations) in which the driver may have been involved.
·Respond within 15 days to any request by the driver for a correction of information in the Safety Performance History that he or she considers to erroneous.
·If a driver elects to submit a rebuttal to your report, forward that rebuttal to the prospective employer within five days.
·Add a copy of the driver's rebuttal to his or her Safety Performance History.
Motor carriers must retain drivers' accident information for three years, beginning with accidents that occurred after April 29, 2003. Fleets must also retain all the alcohol and drug testing information, including information gathered from previous employers, along with the drivers' authorizations to obtain that information. Safety Performance History files are to be treated as strictly confidential and used only for hiring decisions, although fleets are permitted to share driver information that does not pertain to drug/alcohol use with insurance providers.
RFID for humans: the spying and prying problem
Trucking, unlike many other industries, has become very accustomed to using technology for gathering and sharing information, tracking vehicles and cargo, monitoring driver performance, paying tolls, controlling access to restricted areas and numerous other daily business operations. So it is no wonder that the technology and privacy controversies that blow through the consumer sector like summer storms so often pass this technology-savvy business by.
Recent concerns over the possible use of RFID (radio frequency identification technology) tags for human identification and tracking, however, may hit closer to home, especially for carriers transporting hazardous or high-value cargo, food or medicine, where the growing pressures to make sure that the authorized driver is hauling the correct cargo with the assigned tractor to the proper destination are greatest.
The basics of the problem are detailed in a 15-page draft report called “The Use of RFID for Human Identification,” prepared by the Department of Homeland Security (DHS) Emerging Applications and Technology Subcommittee for the Full Data Privacy and Integrity Advisory Committee (www.dhs.gov/dhspublic/interweb/assetlibrary/privacy_advcom_rpt_rfid_draft.pdf). While the report acknowledges the considerable benefits of RFID technology for tracking material, it finds that the use of RFID for human identification “offers little benefit when compared to the consequences it brings for privacy and data integrity. Instead, it increases risks to personal privacy and security, with no commensurate benefit for performance or national security. Most difficult and troubling is the situation in which RFID is ostensibly used for tracking objects (medicine containers, for example), but can be in fact used to monitor human behavior….for these reasons, we recommend that RFID be disfavored for identifying and tracking human beings.”
“What? How would someone do that anyway? And why?” a law-abiding citizen might well ask. The report addresses those concerns with a sobering catalog of potential RFID problems and crimes, including problems resulting from the fact that individuals carrying RFID-tagged documents or items would have a difficult time determining what information is actually available on a tag or when they are being scanned and by whom, even when the tag is being used as intended.
Their list of potential unintended (read criminal) uses of RFID technology is even more sobering, including “skimming,” “eavesdropping,” “counterfeiting or cloning” and “replay.” Both skimming and eavesdropping have to do with the security of radio transmissions. Skimming refers to creating an unauthorized connection with an RFID tag in order to gain access to its data, while eavesdropping is the interception of the electronic communication session between an RFID tag and an authorized reader in order to gain access to the data being transmitted.
Counterfeiting or cloning is just what you'd expect: Someone produces an unauthorized copy of a legitimate tag. Replay is also just as it sounds: a valid transmission is repeated, either by the originator or by an unauthorized person who intercepts it and retransmits it.
Besides the long list of potential problems relating to using RFID tags to identify humans, the DHS report also points out an obvious fact that is perhaps not really so obvious at all. While RFID is a rapid way to read data, it cannot reliably identify individuals unless it is tied to some sort of biometric authentication. For fleets and others, this probably raises another list of questions about the value of all kinds of current ID programs in enhancing security. But DHS report writers declare these to be outside the scope of their inquiry.
It is not only government committees that are considering RFID and privacy issues, however. On August 8, 2006, for example, Australian IT (http://australianit.news.com) reported that a privacy researcher in the Netherlands had developed a portable device, dubbed the RFID Guardian, designed to hijack RFID signals. “I spend most of my time making the RFID industry's life miserable,” researcher Melanie Rieback was quoted as saying. “I'm not anti-RFID. It has the potential to make people's lives easier, but it needs to be used responsibly.”
Ms. Rieback's remarks may have been news to her immediate audience, but she was not telling the trucking industry anything it hasn't known for a very long time — that most technologies have their right and proper uses and attendant benefits, as well as their problems, and that it takes smart and responsible humans to make the right decisions about where and how to deploy them.
Surveillance and trust
Dr. Colin Bennett is professor and chair of the Department of Political Science at the University of Victoria in British Columbia, where he teaches a range of courses on U.S. politics, political analysis and information/communications policy. He is also an internationally recognized authority on the subject of privacy, with a long list of books, papers and speeches on the subject to his credit (http://web.uvic.ca/polisci/bennett).
In a brief interview with Fleet Owner, he discussed the balance between driver surveillance and trust:
FO: Has technology made it harder to protect individual privacy?
Bennett: Technology used to be the problem, but now it can also be privacy protective, through things like data encryption, for example. A recent poll shows that 70% of Americans worry about the invasion of their privacy through new technology, higher than the percentage in Australia, Great Britain or New Zealand. However, technology is not the problem per se. It is the way technology is applied. It is a question of who is using the technology, how, and to what ends.
FO: Are there unique privacy issues related to the monitoring of commercial truck drivers?
Bennett: Oh yes indeed. There are all kinds of privacy issues related to the monitoring of drivers today. Technology enables companies to monitor precise driver location, speed, time spent on particular tasks and for rest periods and breaks, alcohol and drug use, etc. It is understandable that companies would want to do this and it offers many societal benefits, but there are trade-offs, including the erosion of trust, and that has its own set of problems.
There is plenty of evidence to suggest that over-surveillance erodes morale, trust and productivity over time. This means that a balance has to be achieved between using surveillance technologies to identify wrong doers and maintaining the mutual trust that is conducive to good morale and productivity.
Recently, Dr. Bennett was the opening speaker at the annual Center for Transportation Studies Research Conference at the University of Minnesota. He argued for national data privacy standards in the U.S., noting that the American approach has been to develop privacy policies for certain sectors or particular industries and then to rely on voluntary compliance and enforcement through the courts, if necessary. More information is available at www.cts.umn.edu.
Eyes on the road
Don't look now, but even the highway itself may be watching you and your drivers in the future, with the most benign motives, of course. Imagine a truck that would automatically send messages to other vehicles in the area about an icy bridge deck, a dangerous curve or an obstacle in the roadway or even notify the local highway department about a pool-sized pothole that urgently needs filling. A new test program launched this summer in Michigan may help to bring this capability closer to reality and help the transportation industry take the next steps to improve safety and reduce highway congestion in the bargain.
The Road Commission for Oakland County, MI (RCOC), the Michigan Department of Transportation (MDOT) and Illinois-based Motorola have teamed up to test a new communications technology aimed at supporting the Federal Highway Administration's Vehicle Infrastructure Integration (VII) initiative. VII is a transportation technology initiative intended to enable vehicles to communicate directly with the road infrastructure as well as with other vehicles.
The Michigan test involves the installation of transmission equipment on RCOC traffic signal poles in the area around RCOC's Traffic Operations Center in Waterford Township, as well as in several test vehicles. According to RCOC, it's the first-ever use of Motorola's “MOTODRIVE” wireless network architecture operating over the 5.9 GHz frequency. “Two or three years ago, the Federal Communications Commission (FCC) allocated the 5.9 GHz radio frequency for connecting vehicles to the highway infrastructure and to each other,” says RCOC spokesperson, Craig Bryson. “It was a visionary move really, but until now the technology has not been available to take full advantage of it.”
MOTODRIVE leverages Motorola's Mesh Enabled Architecture networks and assembles other components and technologies to create a mesh network designed to quickly, securely and reliably send large amounts of data wirelessly from transmitter devices mounted alongside the roadway. The network can even receive and send data from vehicles in the area that are equipped with the necessary onboard technology. The whole process is called Dedicated Short-Range Communications (DSRC) and the hope is that it will help to make highways safer by gathering certain data from various onboard vehicle sensors and sharing it immediately with those who need to know.
“Amazingly enough, lots of the required sensors are already in vehicles today,” says Bryson. “The challenge now is to find a way to capture the data from those sensors, filter out the irrelevant information and share the important data with those who need to know it. For example, suppose that the network picks up signals from braking systems on vehicles in the area showing hard braking at a certain point along the roadway. Drivers approaching that point could get a warning to slow down while MDOT could get a message via the Internet about a hazardous pothole that has to be filled. Or, if the ambient temperature is below freezing and the network ‘sees’ windshield wipers coming on, it could mean freezing rain. We think the safety potential is enormous.”
Privacy, of course, is an issue with VII, notes Bryson. “Vehicle manufacturers have been adamant about keeping the data aggregated and anonymous. This is not about monitoring the speed of individual drivers, for instance, and remotely issuing tickets.”
Motorola is paying the hard costs for the Michigan test, according to Bryson, while RCOC and MDOT are making the required staff and infrastructure resources available. The test is expected to be completed this fall, although Bryson notes that, “we'll run it until we are satisfied we have learned all that we can learn.” www.rcocweb.org and www.motorola.com