Getting Over the Privacy Hurdle to Mileage-Based Road Fees

Liisa Ecola is a senior project associate at the RAND Corporation, a nonprofit, nonpartisan research institution.

It’s time to explore mileage-based user fees. For nearly a century, Americans have largely paid for roads through gas taxes – taxes which governments can’t or won’t raise. Even if they could, more and more cars no longer run on gas. Transportation experts have talked for decades about changing the basis for transportation funding to miles driven, rather than gallons consumed. But this sensible switch is proceeding slowly for several reasons, including concerns over privacy. Fortunately, there are ways to address this issue.

Worried about devices that track your every move? Here's one. Photo: Coolspotters

Decades ago, the only way to count miles driven was odometer readings. Odometers are still considered a potential source of data to implement mileage-based user fees (MBUF). But using odometers means losing the chance to experiment with charging different fees on different roads at different times of day—that is, congestion pricing, probably one of the best tools to unclog many metro areas’ gridlock. It means, for instance, that the number of miles Virginians drive in DC—and vice versa—remains unknown, with the possibility of jurisdictions losing revenues that could help support their road programs. It also means the hassle of annual odometer inspection.

Beyond odometers, more sophisticated technologies can determine travel time and location along with total mileage, but they inevitably raise privacy concerns. Of all the complexities involved with a potential move to MBUF—administrative, jurisdictional, collection costs—privacy issues tend to raise the most concern among the public.

And it’s not surprising. The United States has a long tradition of wanting government to leave its citizens alone. But unlike many European countries, where privacy is protected by stringent laws at the national level, the United States has no such overarching federal legislation.

With technologies changing so quickly, legal issues around privacy are still evolving, and Americans may not have as much privacy with regard to transportation as they think. Depending on the state, records of electronic toll tags (such as E-ZPass) can be used not just in criminal cases, but in divorces. In January, the Supreme Court ruled [PDF] that secretly installing a GPS device in a car to track a criminal defendant for 28 days was an unlawful search – but did not address the legality of monitoring an on-board unit already in the car.

There is no need for privacy concerns to halt all discussion of new technologies to help address America’s mounting transportation funding crisis. Privacy concerns can be dealt with in several ways. Here are five:

Use the devices people already have. Most of us already carry our own “on-board unit” everywhere we go — a cell phone. Whether we want them to or not, many cell phones already know where we are; a 2010 study estimated that 60 percent of cell phones shipped worldwide were equipped with GPS. An MBUF pilot program underway in Minnesota uses smartphones and Bluetooth devices attached to the diagnostics port on the vehicle to capture data about where and when participants were driving. When drivers are use their personal cell phones for MBUF, they have choices about which wireless carrier they use for service. If one firm isn’t sufficiently careful with their personal data, they are free to switch carriers.

Make participation voluntary. In Minnesota’s pilot, drivers choose each time they get behind the wheel whether they want to turn the smartphone on and make their data available in exchange for lower potential costs, or keep the smartphone off and pay more based on an odometer reading. Planned legislation in Oregon will require electric vehicle owners (who don’t use gas) to pay MBUF, but drivers will choose among several metering options; at least one will not include vehicle location.

Similar concerns were raised with toll tags when they were introduced. Large numbers of drivers have purchased them without any government mandate, because the time savings and discounts make having a tag worthwhile.

Provide anonymous accounts. A Canadian road, 407 ETR, was the world’s first highway to use exclusively electronic toll collection when it opened in 1997. The toll authority, working with the Ontario Information and Privacy Commissioner, made arrangements so drivers with privacy concerns could set up anonymous accounts and pay tolls exclusively with cash. In 2005, out of more than six million accounts, only four were set up anonymously [PDF] — possibly because it requires in-person registration and an initial cash payment. But the option remains available.

Call in the watchdogs. The Minnesota pilot program [PDF] was overseen by a panel of transportation experts with one unexpected member — the ACLU. The state engaged them to help design the panel’s approach to protecting privacy. Other such third-party organizations dedicated to protecting privacy could become involved with MBUF, providing independent reassurance that privacy concerns are taken seriously and investigating allegations of privacy breaches.

Design safeguards into the technology. The technologies to collect mileage information can keep individual travel records strictly private. A so-called “fat client” approach stores more information on the client (in this case, the in-vehicle device) than the server (the agency’s computer). The on-board unit stores, let’s say, a month’s worth of data and determines the amount owed to different jurisdictions based on the amount of travel in each. Then at the end of the month, the onboard unit sends two messages to the billing agency. The first includes the vehicle ID along with the total amount owed, with no location data. The driver is billed based on this total. A second message is sent anonymously—stripped of vehicle ID information—with the number of miles traveled in each jurisdiction. The billing agency aggregates the anonymous messages by jurisdiction so that Virginia and DC each get the funds for miles driven on their roads. Once both messages are sent, the on-board unit deletes the detailed travel records.

Though such approaches work, they are unlikely to win public support, because it is difficult for government to prove they don’t have your data. But a privacy watchdog could monitor these technologies and data to make sure they remain on the up and up.

None of these methods can absolutely secure political and public acceptance. They can mitigate potential risks and motivate those of us working in transportation to remain attentive to privacy concerns. But the realm of privacy is changing. We voluntarily relinquish privacy for convenience, and in many cases laws haven’t kept pace with breathtaking changes in technology. The approaches to driver privacy need to evolve in conjunction with technology and our new expectations.