A Proposal for Event Data Recorders in Vehicles Equipped with Advanced Driver Assistance, Connected, and Automated Driving Technologies.

Robert Lange - rlange@exponent.com

Exponent, Inc.

__________________________________________________________________________________

Crash causation studies that stretch back to the 1960s have consistently reported human (primarily driver) errors as the cause of the overwhelming proportion of roadway collisions. Application of advanced driver assistance systems (alert and active collision avoidance technologies) may affect drivers’ pre-collision actions and their resultant success in crash avoidance or mitigation. Vehicle-to-vehicle communication technologies will better inform drivers as to necessary control actions, or in some automatically control the longitudinal and lateral dynamics of the vehicle so as to avoid or mitigate collision outcomes. Automated vehicle systems offer a promise of the elimination of most driver observational, judgement, and controls actuation errors, thus resulting in collision avoidance or mitigation. These systems now emerging as new safety technologies, or currently in advanced research stages will provide significant public health benefits but they are not expected to be one hundred percent effective in collision avoidance.

Vehicle safety technologies have contributed to the reduction of crash-related injuries and deaths (IIHS, 2012). Adoption of safety features has been deliberate and steady. Typically available in a few new car models at technology introduction, with some trim levels providing the new technology as standard equipment. (Reference: “Installation Patterns for Emerging Injury Mitigation Technologies, 1998 Through 2010, ESV 11-0088”).

The sensor inputs, controls algorithms, driver alerts and/or vehicle systems actuations that may be commanded by Advanced Driver Assist Systems (ADAS) or by various levels or automated driving systems are engineered parameters and will be well understood at introduction of the systems into the stream of commerce. However, it is essential that safety researchers, engineers, and regulators are able to develop complete understandings of those collisions that occur and why those collisions occured. Conventional accident reconstruction techniques are insufficient to the task of understanding: pre-crash conditions, changes in conditions prior to impact, and post-impact events. Therefore, research demands for data related to pre-crash conditions, collision dynamics, and post-crash data will prove critical to understanding crash causation and enable further refinement of safety systems. This paper proposes criteria for selection of pre-crash, collision, and post-crash data that can be of use in understanding crash causation in advanced crash avoidance platforms and in engineering refinements in subsequent generation technologies including automated driving systems.

Crash Causation

Motor vehicle safety researchers began to study crash causation early in the development of motor vehicle safety science. By the mid-1970s, NHTSA had contracted for, and was publishing data and analyses regarding crash causation to enable consideration and development of countermeasures to prevent or mitigate roadway crashes. (Reference: “Tri-level Study of the Causes of Traffic Accidents: Final Report.) Initial studies and continuing studies of crash causation (Reference: “National Motor Vehicle Crash Causation Survey, DOT HS 811 059”, July 2008.) show that human errors of various types caused more than 90% of crashes on U.S. roadways. This fact and technology developments in computing capacity and sensor capabilities have emboldened safety researchers and engineers to propose safety countermeasures that remove responsibility and authority from a human driver for: monitoring and processing instantaneous roadway circumstantial conditions; instituting appropriate control responses to those circumstantial conditions; scanning for looming collision threats and adjusting control settings and actions to avoid collisions or mitigate collision severity should avoidance be impossible in the time from recognition to collision, automated vehicles..

EDRs

Event Data Recorders (EDRs) have been applied in light-duty passenger vehicles for over 40 years (DOT HS 810 935, 2008). Registration of some collision dynamic parameters in the airbag control module to control and record air bag deployment conditions was a feature implemented in the earliest air bag systems deployed by the General Motors Corporation (GM) in a 1000 vehicle test fleet in 1973 and in certain production model vehicles in 1974 (DOT HS 810 935, 2008). GM has used the term sensing and diagnostic module (SDM) to identify many of its early air bag control modules. With model year 1994, GM made SDM data publically accessible in some Chevrolet, Cadillac, and Buick models so as to increase accessibility to safety researchers.

Early generation EDRs documented limited vehicle parameters: air bag deployment timing, supplemental inflatable restraint (SIR) warning lamp status (on/off), vehicle longitudinal acceleration, driver seat belt status (buckled/unbuckled) for the specific crash involved vehicle, and certain circumstantial conditions of the vehicle sensors necessary to the triggering event. Crash pulse recording duration in the early generation EDRs is commonly 100-150 ms, however some record for as little as 70 ms or as much as 300 ms (Niehoff, 2005). Change in vehicle velocity (delta-v) was reported based upon integration of accelerometer output.

Beginning in 1997, GM engineered a new EDR system and after a test fleet trial during calendar year 1998, introduced a new generation of SDMs by adding recording and storage of basic pre-crash information for some of the 1999 model year new car fleet. This new element was named the “Event Data Recorder” (EDR), data was intended for use by safety researchers to better understand pre-crash vehicle performance, driver actions, and resultant collision dynamics. GM engineered a pre-crash recording duration of 5 seconds limited by the amount of data that could be embedded in the RAM recirculating buffer of a then existing SDM unit. It was an opportunistic usage of available capacity.

Early EDRs of the GM type that record pre-crash data generally capture: vehicle speed, engine RPM, percent throttle, and service brake switch circuit status. More recent EDRs may also record accelerator pedal position, transmission gear range status, ABS activity, stability control activity, traction control activity, yaw rate, steering wheel angle, individual wheel speed, cruise control status, and other parameters. Often, multiple events can be recorded, typically two or three, and the event order and time between events is reported.

NHTSA began working with automobile manufactures in the 1990s to promulgate an EDR rule as a safety technology useful to safety researchers and common in content across automotive manufacturers and Tier 1 suppliers that applied EDR technology. On June 14, 2004, NHTSA issued a Notice of Proposed Rulemaking (49 CFR Part 563 Docket No. NHTSA-2004-18029), recommending that EDRs record a specific set of vehicle-centric parameters. On August 28, 2006, NHTSA issued a final rule for EDRs in vehicles manufactured after September 1, 2012 [49 CFR 563 Docket No. NHTSA-2006-25666]. The regulation commonized the required: content for EDRs when vehicles were so equipped and that the data be publicly accessible with commercially available tools. .

EDR application into light duty vehicles that enabled access to recorded data increased subsequent to NHTSA’s rulemaking. In model year 2005, approximately 64% of light duty passenger vehicles were equipped with an EDR (NHTSA, Event Data Recorders, Final Rule, 49 CFR 563 Docket No. NHTSA-2006-25666), By model year 2013, the proportion of new light duty passenger vehicles equipped with an EDR was 96% (NHTSA Press Release 46-10).

ADAS and Automated Driving Systems

Automated vehicles are being developed with a range of capabilities and capacities, the SAE has established a vocabulary for use in this scientific domain; SAE International “Surface Vehicle Recommended Practice J3016, SEP2016, Taxonomy and Definitions for Terms Related to Driving Automation Systems for On-Road Motor Vehicles” revised 2016-09.

SAE J3016 differentiates automated driving levels from driver assist features; levels 1 and 2 involve driver assist technologies. Levels 4 and 5 provide an automated driving system capable of functioning without human supervisory control, in some or all operating domains. Level 3 provides automated functions under human monitoring where a driver is required to be ready to receive control from the automated driving system should it encounter circumstantial conditions it cannot navigate.

NHTSA published “Federal Automated Vehicles Policy, Accelerating the Next Revolution in Roadway Safety” in September of 2016. NHTSA sees AV systems as a potential safety benefit of significant proportion (Reference: “Federal Automated Vehicles Policy”, page 5.)

The technology used in automated vehicles and advanced driver assistance systems will sense and record data that is useful in later determining: position, velocity, and heading of roadway users involved in a crash, including vehicles, pedestrians, cyclists, and objects. These data will be useful to manufacturers, regulators, and investigators in in determining crash causation and learning how these systems work and interact with humans and the driving environment.

Automated driving systems operation and driver warning systems include a network of sensors, actuators, and computer processing to interpret and provide notice to human drivers or in the case of automated driving systems, actually control the vehicle performance throughout some or the entire dynamic driving domain. A potential obstacle to effective operation of automated driving and crash avoidance features is loss of data from one or more sensors. Other issues: false signals from other vehicles, signal interference from localized signal saturation, malicious sensor spoofing, or sensor malfunction could potentially challenge the system’s capacity to collect and process data to issue the appropriate notice or control commands. Sensor fusion, hardware and software redundancy, and V2X capability may offer potential solutions to such challenges. Sensor loss and other signal challenges impose burdens upon automated systems and will likely also complicate post-crash data analysis in the event of a collision consequent to the loss of system integrity regardless of cause or source.

We know that human distraction and/or impairment degrade drivers’ abilities to safely navigate, observe, cognitively process, and actuate control actions appropriate to the surrounding circumstances. Difficult driving situations present challenges to both human drivers and automated vehicles, as do complex driving environments involving other roadway users and multiple simultaneous potential looming collision threats. AVs are potentially advantaged in an ability to utilize parallel sensor data so as to manage difficult driving scenarios; for instance, infrared cameras can detect pedestrians in dark areas, and LiDAR can offer a 360-degree view around the vehicle. Hardware, processors, and software necessary for function of automated vehicle systems and advanced driver warning systems may include but are not limited to:

• Light Detection and Ranging (LiDAR) systems (Texas Instruments, 2011, Ibeo, 2017). LiDAR systems operate in all lighting conditions; but may experience degraded performance or false signals due to scattering in rain, fog, or snow, as well as reflective objects.

• Radio Detection and Ranging (RADAR) systems emit radio waves that reflect off objects and return to a sensor that determines the distance and velocity of these objects.

• Sonic Ranging (SONAR) emits sound waves that reflect off objects and return to a sensor that can determine range and velocity of these objects.

• Stereoscopic video for object detection provides data regarding location and shape. Generally it will not function in low or no light conditions or certain bright light conditions.

• Global Positioning System (GPS) is satellite-based geolocation.

• Inertial Measurement Units (IMUs) are used to determine acceleration and attitude of the vehicle. They are commonly used in Anti-lock Braking Systems, active suspension, and airbag deployment modules.

• Infrared (IR) cameras detect the thermal signature of objects and deliver an image array to the processor. Since IR does not need visible light to detect objects, it is used for night vision and pedestrian detection systems.

• Wheel Speed sensors measure the rotational speed of a wheel or axle. ABS and Electronic Stability Control (ESS) systems use wheel speed sensors to determine if one or more wheels have lost traction.

• V2X Transceivers exchange data with other vehicles, other roadway users (pedestrians, pedi-cyclysts, motorcyclists), and infrastructure elements.

EDR Functions for Automated Vehicles

After a crash, data from the EDR of multiple vehicles may be compared with other observations by the investigators to recreate circumstances that led to the accident. In order to quantitatively compare data from multiple sensors systems and from different vehicles, an absolute clock basis is necessary. GPS spoofing and other malevolent interference with an AV system are concerns for potential causation and ultimate understanding of a crash; EDrs in these vehicles will have to identify and register GPS spooffing or other malevolent interference.

A reliable automated vehicle must be able to gracefully accommodate loss of data, false signals, or reduced fidelity from one or more sensors; sensor fusion can potentially provide solution sets for partial disable conditions. Mechanical damage or optical interference to the sensors are possible causes of sensor loss, as are intentional actions such as sensor spoofing or some unintentional actions such as vehicular crosstalk.

There are multiple considerations for an appropriate time period for event data recording for ADAS-equipped and automated vehicles. As a potential bounding exercise consider a high speed loss of control scenario in which an AV is traveling at 85 mph, slides on an unanticipated low friction patch of roadway, departs the road, and impacts a tree at 20 mph. Assuming a dynamic friction coefficient of 0.2, the sliding distance and time are approximately 1140 ft and 15 seconds:

(Equation 1)

(Equation 2)

Where vi is the initial velocity, vf is the final velocity, a is the acceleration, d is the distance, and t is the time. This exercise suggests arequirement as much as 15 seconds for AV system EDR function. Efforts to specify pre-crash recording timing should also consider the frequency of the crash mode considered, the injury potential, and the implementation costs.

To evaluate vehicle performance after a collision, three categories of data elements must be considered: sensor data, classification data, and decisional data. It is especially important to record critical elements of all three data elements to understand the motion and behavior of the vehicle with respect to the surrounding environment prior to the crash.

Exteroceptive sensors including LiDAR, RADAR, IR, and visual imaging, can generate significant amounts of data, both raw and post-processing. It is appropriate and desirable to record both types of input data and the data that was issued as responsive control commands. The EDRs will also have to register malevolent interference, sensor saturation, and any failure in system health, system readiness, and electrical continuity. Transmissions of V2X data and reception of paired data packets exchanged immediately prior to collision will have to be registered within the EDR system.

EDRs for automated vehicles have a need to register information regarding how the vehicle classified and interpreted the pre-crash environment. Classification data will include highly-processed data elements that describe how the vehicle perceived and recognized the world (including how the vehicle was positioned with respect to the map) and processed data that the vehicle utilized in the control decision process.

Decisional data elements include information regarding vehicle processors and control actuation commands issued in advance of the crash. An automated vehicle has to plan a path and impart appropriate driving inputs to follow that path using a combination of actuators (similar to what human drivers do). Therefore, decisional data elements will include the planned trajectory as well as accelerator, braking, and steering commands effected to generate the desired path. Collecting such actuator data for automated vehicles is necessary to understand if the vehicle’s performance and motion was consistent with its intended path, providing a more complete characterization of the automated vehicle situational awareness in pre-crash conditions, processing output, control commands, and final outcome.

CONCLUSIONS

Driver assist technologies alert drivers to looming collision threat and (generally) require driver initiated control actions necessary to avoid or mitigate that looming collision threat. Proper awareness and reaction to the alert is dependent upon driver recognition, cognitive processing for reaction, and appropriate control actuation. Responsibility and authority rests with the human driver. Driver recognition is to some degree dependent upon timely delivery of notice to looming collision threats; system failures or malfunctions, edge case performance anomalies; malevolent interference; or sensor overload may delay notice. The prevailing operating conditions that precede a collision (including system readiness, data and data processing), whether an appropriate notice had been issued or not, will need to be registered in an EDR and available to enable safety researchers to attribute causation and engineering of corrective actions where necessary.

Automated vehicles at levels 3, 4 and 5 to some degree or fully assume observational responsibility and control authority from the human driver and exercise those responsibilities and authorities through the AV system. System failures or malfunctions; edge case performance anomalies; malevolent interference; or sensor overload may prevent proper AV system function. In all collision occurrences, the prevailing operating conditions that precede a collision (including system readiness, data and data processing), whether an appropriate control action had been issued or not, will need to be registered in an EDR and available to enable safety researchers to attribute causation and engineering of corrective actions where necessary.

Categories: Volume 8-1

The information on this website is for general information purposes only. Nothing on this site should be taken as legal advice for any individual case or situation.

This information on this website is not intended to create, and receipt or viewing of this information does not constitute, an attorney-client relationship.

© 2017 MDTC. All Rights Reserved.