Login

Project

#406 Towards Privacy-Preserving Networked Autonomous Mobility: Analysis, Tools Development, and Real-World Evaluation


Principal Investigator
Ding Zhao
Status
Completed
Start Date
July 1, 2022
End Date
June 30, 2023
Project Type
Research Advanced
Grant Program
FAST Act - Mobility National (2016 - 2022)
Grant Cycle
2022 Mobility21 UTC
Visibility
Public

Abstract

We aim to investigate how networked autonomous mobility, such as self-driving taxis or delivery robots, will reshape our understanding of privacy and explore technical tools for privacy-preserving operation on the individual level and group level. We will conduct comprehensive and realistic analysis using public datasets collected by self-driving companies and verify the feasibility to deploy our algorithms with edge computing on delivery robots developed by our lab. We will report our findings to our industrial partners Bosch and Uber and Attorney General and ACLU of Penn.    
Description
The last few years have witnessed rapid progress in both technologies of networked autonomous mobility (NAM) and their wide deployment in the real world. NAM devices, such as self-driving taxis and delivery robots/drones, have been tested and deployed worldwide. However, people have also raised concerns about their potential privacy issues. A recent user study [1] shows that more than 50 percent of participants consider “capturing images” and “continuous analysis” to happen very likely in autonomous cars; 85 percent of respondents are uncomfortable with the tracking of their vehicles. These concerns also have great influence on commercial companies. For example, Uber employees have been reported to stalk celebrities using the location data collected by the company [2]. Tesla changed its China data policy based on China’s new data rule [3].

The privacy issues of NAM are different from traditional privacy ones due to its capability in mobility and scalability: a) NAM has sophisticated sensing systems interior and exterior. b) it can move around autonomously and rapidly to get much more detailed information than static surveillance cameras. c) Autotaxi and delivery robots are usually deployed to a region with a massive scale rapid to be profitable. Privacy issues may be found out much later after massive data have been leaked. d) The connected network can share information and communicate with the road infrastructure, thus significantly scaling up their information collection capability. However, very limited research has been done to analyze the privacy of the massive deployment of NAM.

This project aims to analyze potential privacy concerns with different NAM data types and privacy-preserving deployment plans for individuals and groups. We want to answer the following questions: 1) how different types of NAM data may intrude privacy; 2) how to design protection mechanisms for different types of privacy; 3) how applicable of the protection algorithm with edge computing on a real-world robot where computational and communication resources are limited. These questions resonated with legislators of autonomous robots [4] when four senators visited my lab to see an autonomous delivery robot demo.

This project will conduct rigorous theoretical analysis and realistic analysis with real-world data and our own NAM robot. We will develop our algorithms based on the different privacy (DP) framework [4]. We divide the privacy concerns into two types: individual privacy and group. A survey [1] shows that the top privacy concerns on autonomous vehicles include location tracking, individual tracking, and individual identification. We will study potential privacy risks with different DP methods, such as input perturbation, objective function perturbation, output perturbation, and gradient perturbation.  In addition, different from other ML applications, autonomous vehicle data not only contains sensitive information about individuals but also include sensitive information about a group of people. For example, aggregated location data with groups of people of different races, political attitudes, disabilities could be targeted. We will introduce sensitive variables and study how privacy protection may vary between different groups and provide novel mechanisms for group privacy protection in the data collection and analysis phases.
Timeline
In order to achieve the goals, the research can be divided into the following tasks: 

Task 1: Summarize the literature on privacy issues of networked autonomous mobility 
7/1/2022-8/31/2023

Task 2: Analyze the potential privacy issues of networked autonomous mobility devices with different types of sensing data
8/1/2022-11/31/2023

Task 3: Investigate privacy issues of public datasets published by autonomous vehicle companies
10/1/2022-2/30/2023

Task 4: Analyze different types of privacy issues on individual level and group level
11/1/2022-4/30/2023

Task 5: Develop novel protection mechanisms based on differential privacy methods
1/1/2022-5/31/2023

Task 6: Implement the privacy protection algorithms on a real-world delivery autonomous robot 
8/1/2022-5/31/2023

Task 7: Disseminate the project results with publications, reports, and talks
1/1/2022-6/30/2023
Strategic Description / RD&T

    
Deployment Plan
Task 1: Summarize the literature on privacy issues of networked autonomous mobility
In our preliminary study, we found there is no survey paper or report on the privacy of NAM. So our first task is to write a comprehensive review paper by defining the taxonomy, reviewing the key methods people have used in related privacy fields, and summarizing the related resources and tools developed in the recent years. It will be the first review paper of the privacy of connected autonomous vehicles. We believe this paper will greatly benefit the community and increase a big impact on the field.

Task 2: Analyze the potential privacy issues of networked autonomous mobility devices with different types of sensing data
The networked autonomous mobility is a complex system. It includes onboard sensors such as LiDAR, cameras, radar and ultrasonic, GPS, etc. It also collects passenger information via passenger interfaces, such as the destinations, routes preferences, healthcare information, etc. Furthermore, it contains V2X information from roadside infrastructure and HD map. We will analyze the different types of privacy concerns with different types of data. We will not only analyze the first level (driving) usage of the data, but will also analyze how the raw data may infer the second level of information.

Task 3: Investigate privacy issues of public datasets published by autonomous vehicle companies
In this task, we will analyze realistic autonomous vehicle datasets published by autonomous companies. In Particular, we plan to study the data published by Argo AI and Baidu by comparing their data types, data processes methods, and inference capability. We will also analyze when training with a large scale model with millions of parameters on the dataset, how the model itself may leak critical information.

Task 4: Analyze different types of privacy issues on individual lever and group level.
We will study two types of privacy issues: individual privacy and group privacy. For individual privacy, we will analyze privacy leaked in driving tasks such as personnel identification and trips destinations. For group privacy, we will study the privacy issues with a few sensitive parameters such as race, disability etc. We will also analyze the potential conflict between the dividual privacy and group privacy, and provide an optimal solution when there is a trade-off.

Task 5: Develop novel protection mechanism based on differential privacy methods
In this task, we will develop certifiable privacy preserving algorithms for the two types of privacy identified in Task 4. We will adopt the structure of Differential Privacy (DP). We categorize the DP methods based on the basic DP techniques: input perturbation, objective function perturbation, output perturbation as well as gradient perturbation. For each of them, we will develop methods that are suitable for NAM. The mechanism will be applicable to both supervised learning and reinforcement learning, which can be adapted to train differentially private models in relevant autonomous driving applications.

Task 6: Implement the privacy protection algorithms on a real-world delivery autonomous robot 
In this task, our team will develop a mobile robot for sidewalk data collection and implement our privacy-preserving algorithm. NAM robot was built in previous projects, equipped with stereo cameras, multi-beam LiDARs, high-accuracy GPS, and cellular communication. In this project, we will develop real-time edge computing algorithms using the privacy-preserving methods and implement them on the robot. We will deploy the robot on CMU campus to test its real-world performance.

Task 7: Disseminate the project results with publications, reports, and talks
We will summarize our findings in a final report and publish papers on top conferences. We will present our research progress to our deployment partner Bosch on a regular basis. We will also reach out to the office of Attorney General of Pennsylvania and American Civil Liberties Union of Pennsylvania to report our findings and get feedback. The team plans to open the methods, tools, and datasets to build a good ecosystem and thus flourish the NAM community. Tools and data will be shared in a designated website built by the PI.
Expected Outcomes/Impacts
1. Define the taxonomy of potential privacy issues for networked autonomous mobility.
2. Analysis of potential privacy risks of existing public datasets collected by autonomous companies.
3. Privacy protection algorithms for data collection for both individual and group privacy.
4. Reports and publications on privacy of networked autonomous mobility.
5. We will reach out to the office of Attorney General of Pennsylvania and American Civil Liberties Union (ACLU) of Pennsylvania to report our findings and get feedback.
Expected Outputs

    
TRID


    

Individuals Involved

Email Name Affiliation Role Position
aharder@andrew.cmu.edu Harder, Annie CMU Other Staff - Business Manager
mattjr@umich.edu Johnson-Roberson, Matthew Carnegie Mellon University Co-PI Faculty - Tenured
dingzhao@cmu.edu Zhao, Ding Carnegie Mellon University PI Faculty - Untenured, Tenure Track

Budget

Amount of UTC Funds Awarded
$100000.00
Total Project Budget (from all funding sources)
$100000.00

Documents

Type Name Uploaded
Data Management Plan UTC_Privacy_Management_Plan.docx.pdf Nov. 21, 2021, 5:20 p.m.
Progress Report 406_Progress_Report_2022-09-30 Sept. 30, 2022, 7:47 p.m.
Progress Report 406_Progress_Report_2023-03-30 April 2, 2023, 2:22 p.m.
Final Report Final_Report_-_Zhao_406.pdf Aug. 8, 2023, 12:23 p.m.
Publication Your Room is not Private: Gradient Inversion Attack for Deep Q-Learning Oct. 18, 2023, 6:43 a.m.
Progress Report 406_Progress_Report_2023-09-30 Oct. 18, 2023, 6:47 a.m.

Match Sources

No match sources!

Partners

Name Type
Bosch Deployment Partner Deployment Partner
Uber ATC Deployment Partner Deployment Partner
City of Pittsburgh None
City of Pittsburgh None