Abstract
We aim to investigate how networked autonomous mobility, such as self-driving taxis or delivery robots, will reshape our understanding of privacy and explore technical tools for privacy-preserving operation on the individual level and group level. We will conduct comprehensive and realistic analysis using public datasets collected by self-driving companies and verify the feasibility to deploy our algorithms with edge computing on delivery robots developed by our lab. We will report our findings to our industrial partners Bosch and Uber and Attorney General and ACLU of Penn.
Description
The last few years have witnessed rapid progress in both technologies of networked autonomous mobility (NAM) and their wide deployment in the real world. NAM devices, such as self-driving taxis and delivery robots/drones, have been tested and deployed worldwide. However, people have also raised concerns about their potential privacy issues. A recent user study [1] shows that more than 50 percent of participants consider “capturing images” and “continuous analysis” to happen very likely in autonomous cars; 85 percent of respondents are uncomfortable with the tracking of their vehicles. These concerns also have great influence on commercial companies. For example, Uber employees have been reported to stalk celebrities using the location data collected by the company [2]. Tesla changed its China data policy based on China’s new data rule [3].
The privacy issues of NAM are different from traditional privacy ones due to its capability in mobility and scalability: a) NAM has sophisticated sensing systems interior and exterior. b) it can move around autonomously and rapidly to get much more detailed information than static surveillance cameras. c) Autotaxi and delivery robots are usually deployed to a region with a massive scale rapid to be profitable. Privacy issues may be found out much later after massive data have been leaked. d) The connected network can share information and communicate with the road infrastructure, thus significantly scaling up their information collection capability. However, very limited research has been done to analyze the privacy of the massive deployment of NAM.
This project aims to analyze potential privacy concerns with different NAM data types and privacy-preserving deployment plans for individuals and groups. We want to answer the following questions: 1) how different types of NAM data may intrude privacy; 2) how to design protection mechanisms for different types of privacy; 3) how applicable of the protection algorithm with edge computing on a real-world robot where computational and communication resources are limited. These questions resonated with legislators of autonomous robots [4] when four senators visited my lab to see an autonomous delivery robot demo.
This project will conduct rigorous theoretical analysis and realistic analysis with real-world data and our own NAM robot. We will develop our algorithms based on the different privacy (DP) framework [4]. We divide the privacy concerns into two types: individual privacy and group. A survey [1] shows that the top privacy concerns on autonomous vehicles include location tracking, individual tracking, and individual identification. We will study potential privacy risks with different DP methods, such as input perturbation, objective function perturbation, output perturbation, and gradient perturbation. In addition, different from other ML applications, autonomous vehicle data not only contains sensitive information about individuals but also include sensitive information about a group of people. For example, aggregated location data with groups of people of different races, political attitudes, disabilities could be targeted. We will introduce sensitive variables and study how privacy protection may vary between different groups and provide novel mechanisms for group privacy protection in the data collection and analysis phases.
Timeline
In order to achieve the goals, the research can be divided into the following tasks:
Task 1: Summarize the literature on privacy issues of networked autonomous mobility
7/1/2022-8/31/2023
Task 2: Analyze the potential privacy issues of networked autonomous mobility devices with different types of sensing data
8/1/2022-11/31/2023
Task 3: Investigate privacy issues of public datasets published by autonomous vehicle companies
10/1/2022-2/30/2023
Task 4: Analyze different types of privacy issues on individual level and group level
11/1/2022-4/30/2023
Task 5: Develop novel protection mechanisms based on differential privacy methods
1/1/2022-5/31/2023
Task 6: Implement the privacy protection algorithms on a real-world delivery autonomous robot
8/1/2022-5/31/2023
Task 7: Disseminate the project results with publications, reports, and talks
1/1/2022-6/30/2023
Strategic Description / RD&T
Deployment Plan
Task 1: Summarize the literature on privacy issues of networked autonomous mobility
In our preliminary study, we found there is no survey paper or report on the privacy of NAM. So our first task is to write a comprehensive review paper by defining the taxonomy, reviewing the key methods people have used in related privacy fields, and summarizing the related resources and tools developed in the recent years. It will be the first review paper of the privacy of connected autonomous vehicles. We believe this paper will greatly benefit the community and increase a big impact on the field.
Task 2: Analyze the potential privacy issues of networked autonomous mobility devices with different types of sensing data
The networked autonomous mobility is a complex system. It includes onboard sensors such as LiDAR, cameras, radar and ultrasonic, GPS, etc. It also collects passenger information via passenger interfaces, such as the destinations, routes preferences, healthcare information, etc. Furthermore, it contains V2X information from roadside infrastructure and HD map. We will analyze the different types of privacy concerns with different types of data. We will not only analyze the first level (driving) usage of the data, but will also analyze how the raw data may infer the second level of information.
Task 3: Investigate privacy issues of public datasets published by autonomous vehicle companies
In this task, we will analyze realistic autonomous vehicle datasets published by autonomous companies. In Particular, we plan to study the data published by Argo AI and Baidu by comparing their data types, data processes methods, and inference capability. We will also analyze when training with a large scale model with millions of parameters on the dataset, how the model itself may leak critical information.
Task 4: Analyze different types of privacy issues on individual lever and group level.
We will study two types of privacy issues: individual privacy and group privacy. For individual privacy, we will analyze privacy leaked in driving tasks such as personnel identification and trips destinations. For group privacy, we will study the privacy issues with a few sensitive parameters such as race, disability etc. We will also analyze the potential conflict between the dividual privacy and group privacy, and provide an optimal solution when there is a trade-off.
Task 5: Develop novel protection mechanism based on differential privacy methods
In this task, we will develop certifiable privacy preserving algorithms for the two types of privacy identified in Task 4. We will adopt the structure of Differential Privacy (DP). We categorize the DP methods based on the basic DP techniques: input perturbation, objective function perturbation, output perturbation as well as gradient perturbation. For each of them, we will develop methods that are suitable for NAM. The mechanism will be applicable to both supervised learning and reinforcement learning, which can be adapted to train differentially private models in relevant autonomous driving applications.
Task 6: Implement the privacy protection algorithms on a real-world delivery autonomous robot
In this task, our team will develop a mobile robot for sidewalk data collection and implement our privacy-preserving algorithm. NAM robot was built in previous projects, equipped with stereo cameras, multi-beam LiDARs, high-accuracy GPS, and cellular communication. In this project, we will develop real-time edge computing algorithms using the privacy-preserving methods and implement them on the robot. We will deploy the robot on CMU campus to test its real-world performance.
Task 7: Disseminate the project results with publications, reports, and talks
We will summarize our findings in a final report and publish papers on top conferences. We will present our research progress to our deployment partner Bosch on a regular basis. We will also reach out to the office of Attorney General of Pennsylvania and American Civil Liberties Union of Pennsylvania to report our findings and get feedback. The team plans to open the methods, tools, and datasets to build a good ecosystem and thus flourish the NAM community. Tools and data will be shared in a designated website built by the PI.
Expected Outcomes/Impacts
1. Define the taxonomy of potential privacy issues for networked autonomous mobility.
2. Analysis of potential privacy risks of existing public datasets collected by autonomous companies.
3. Privacy protection algorithms for data collection for both individual and group privacy.
4. Reports and publications on privacy of networked autonomous mobility.
5. We will reach out to the office of Attorney General of Pennsylvania and American Civil Liberties Union (ACLU) of Pennsylvania to report our findings and get feedback.
Expected Outputs
TRID
Individuals Involved
| Email |
Name |
Affiliation |
Role |
Position |
| aharder@andrew.cmu.edu |
Harder, Annie |
CMU |
Other |
Staff - Business Manager |
| mattjr@umich.edu |
Johnson-Roberson, Matthew |
Carnegie Mellon University |
Co-PI |
Faculty - Tenured |
| dingzhao@cmu.edu |
Zhao, Ding |
Carnegie Mellon University |
PI |
Faculty - Untenured, Tenure Track |
Budget
Amount of UTC Funds Awarded
$100000.00
Total Project Budget (from all funding sources)
$100000.00
Documents
| Type |
Name |
Uploaded |
| Data Management Plan |
UTC_Privacy_Management_Plan.docx.pdf |
Nov. 21, 2021, 5:20 p.m. |
| Progress Report |
406_Progress_Report_2022-09-30 |
Sept. 30, 2022, 7:47 p.m. |
| Progress Report |
406_Progress_Report_2023-03-30 |
April 2, 2023, 2:22 p.m. |
| Final Report |
Final_Report_-_Zhao_406.pdf |
Aug. 8, 2023, 12:23 p.m. |
| Publication |
Your Room is not Private: Gradient Inversion Attack for Deep Q-Learning |
Oct. 18, 2023, 6:43 a.m. |
| Progress Report |
406_Progress_Report_2023-09-30 |
Oct. 18, 2023, 6:47 a.m. |
Match Sources
No match sources!
Partners
| Name |
Type |
| Bosch |
Deployment Partner Deployment Partner |
| Uber ATC |
Deployment Partner Deployment Partner |
| City of Pittsburgh |
None |
| City of Pittsburgh |
None |
