Automated flight data recorders have been standard equipment in commercial aircraft for many years, and are commonly called “black boxes” (even though they’re usually bright orange to aid in their recovery). These devices continuously record flight dynamics so investigators can help determine the cause of a crash when one occurs.
More recently, devices very much like the flight data recorders have been showing up in common ground vehicles, including most later model General Motors and Ford products. The information contained in these recorders is often valuable for law enforcement investigators, but its use is complicated by a concern for personal privacy.
The typical vehicle “black box” is more properly called an event data recorder. GM prefers the name “Sensing and Diagnostic Module” (SDM), and has used this term since 1994. The devices were first installed in GM products in 1990. Their original intended purpose was to monitor the function of the air bag system, reduce unintended deployment of the air bags, and determine what factors caused the air bags to deploy.
The recorders use a solid state memory chip to continuously record the status of a number of vehicle dynamics on a five-second loop, so that conditions five seconds before an “event” are retained in the module. An “event” is usually a situation that has caused the air bag to deploy or some other unusual situation where the sensor module suddenly loses power. The critical event can also be a “near deployment,” characterized by sudden deceleration or excess G-forces detected by the sensors.
The number of factors that the event recorder can record varies with the model year. Newer event recorders capture more data than the older ones. Information that is potentially recoverable from a Sensing and Diagnostic Module can include: vehicle speed (five seconds before impact); engine speed (five seconds before impact); brake status (five seconds before impact); throttle position (five seconds before impact); Whether or not the driver’s seat belt was fastened; if the passenger-side air bag had been disabled; Supplemental Inflatable Restraints (SIR) warning lamp status; and time from vehicle impact to air bag deployment.
The module can also include: the number of times the ignition system had been cycled at the time of the event and at the time the data was downloaded; maximum Delta V (change in velocity or speed) for near-deployment event; Delta V vs. time for frontal air bag deployment event; time from vehicle impact to time of maximum Delta V; and time between near deploy and deploy event (if within five seconds).
The information recorded isn’t continuous, even over the five-second window immediately preceding the event. Instead, variables such as vehicle and engine speed, brake status and throttle position are captured at one-second intervals, more like a series of snapshots than a five-second movie. That can produce some misleading information. If a driver was pumping his brakes in the seconds before a collision, it is conceivable that the event recorder data would reflect only the moments when the brake pedal was not depressed, giving the impression that the driver was making no effort to stop.
Speed data is gathered from a sensor that measures wheel revolutions. If the wheels were not in firm contact with the roadway, as would be the case if the car was airborne or had otherwise lost traction, then the wheels could spin at a rate inconsistent with the actual speed of the vehicle, and provide confusing information to the person(s) interpreting the data.
These limitations are largely the result of the relatively low memory capacity of the event recorder. In 1994, when the devices in use today were first placed into service, computer memory chips were fairly expensive at around $50 per megabyte, and a computer with a megabyte of memory (1 MB) was a fairly high-end machine.
Now, computer memory is commonly 256 MB to 1024 MB (1 GB), and cost is often less than $0.50 per MB. The event data recorders in present use have only about 512 bytes of memory available to hold the information they record. That’s not 512 MB, but rather 512 bytes, or .5 MB. A byte is one character’s worth of information. The list of events the recorder will document, shown a couple of paragraphs above, would be too long for the recorder’s memory to contain by approximately one-third.
The data that is held in the event recorder can’t be read in native format. It is contained in hexadecimal code, more or less incomprehensible to the average human. Hex code looks something like this: B640: 41 3E 37 33 2F 2C 27 24.
The information surrendered by the event data recorder would go on like that for many lines, and is obviously not very useful to humans. In order to interpret the information into something more digestible, one needs a Crash Data Retrieval System, available only from a company called Vetronix
for a little under $2,500. Vetronix has the sole license granted to access and interpret this information, so, at this writing, it is a monopoly.
The Crash Data Retrieval System is a compact kit of cables, plugs and a reader/printer, all of which fits into a briefcase-size box. When an investigator wishes to retrieve the contents of an event data recorder’s memory, he connects the Vetronix hardware to the onboard diagnostics socket that is located under the dashboard in most vehicles. This is the same connector used by automotive technicians to “put a car on the computer” and determine what might be ailing it.
The Vetronix equipment produces various reports and graphs documenting the information contained in the event recorder. This information is somewhat easier to read than the hexadecimal stream depicted above.
There are some other limits and caveats associated with the information obtainable from the event data recorder. Acceleration information is limited to the longitudinal axis of the vehicle. In simpler terms, the recorder will only record the rate the vehicle is gaining or losing speed in the direction the vehicle is facing. Speed or velocity (they are the same thing) is a vector quantity, meaning that in order for the measurement to have meaning, two components are necessary.
For velocity, these are distance and time, e.g. miles per hour, feet per second, etc. Distance and time are scalar quantities, where only one number or measurement is needed to give the data meaning. “45 miles” is a scalar, where “45 miles per hour” is a vector. Acceleration is also a vector quantity, but instead of being composed of two scalars, it is instead a combination of another vector (velocity) and a scalar (time). A falling object has an acceleration of 32 feet per second squared, also expressed as “32 f/s2” or “32 feet per second per second.”
One full second after an object is dropped, it will be moving at 32 feet per second. In the next full second, it accelerates another 32 feet per second, for an instantaneous velocity of 64 feet per second. Each second the object continues in free fall, it will gain another 32 feet per second in speed, until it attains terminal velocity, where the air drag offsets the acceleration force of gravity. This acceleration rate of 32 f/s2 is often expressed in terms of “G forces,” and 32 f/s2 equals 1 G. Changes in speed are also expressed by engineers as “Delta V,” “delta” being engineering shorthand for “change” and “V” an abbreviation for “velocity.”
Cars involved in accidents often experience G forces at catastrophic levels in multiple directions. As mentioned above, an event data recorder may capture Delta V information only along the long axis of the vehicle (back to front or front to back), where the highest and most critical G forces may be in another direction. Further, this information is often obtained from the speed of the wheel rotation, and wheels that are locked or spinning free will give misleading information here.
Some newer vehicles actually contain accelerometers that measure Delta V along multiple axes (this is especially true of vehicles equipped with side air bags), so the available information may get better over time. However, most of the vehicles on the road now will yield relatively limited information on acceleration and deceleration directly from the event data recorder.
All of the information saved by the event data recorder for later analysis is from sensors that are mounted in and around the vehicle. Any of these sensors can be or become defective, and yield erroneous information. A study by the National Highway Traffic Safety Administration (NHTSA) showed that there was a 40% incidence in problems downloading data from event recorders. The sensors are designed to perform reliably throughout the life of the car, but any mechanical device is subject to failure.
The information downloaded from the recorder has to be interpreted judiciously by someone skilled in crash analysis and reconstruction. One would not place a sophisticated medical instrument such as a Magnetic Resonance Imager (MRI) in the hands of an untrained layman and expect to get a reliable diagnostic result. Interpretation of the medical data needs to be done by a physician with many years of training, and crash analysis and reconstruction should similarly not be left to amateurs. Legal Considerations
Use of the information from an event data recorder also has some legal strings attached. It is not completely clear from the current case law as to who “owns” the information produced from an event data recorder. The owner of the car pays for the recorder as an installed component of the vehicle, even though he might not be aware the recorder is even there. It’s unclear whether there is a reasonable expectation of privacy in a store of data that you’re not even aware you have.
Law enforcement officers who go to retrieve the information stored in the recorder after a collision clearly have to have lawful access to the vehicle in order to do so. But the limits of a search made incident to arrest or during an inventory might not extend to attaching a special electronic device to the onboard diagnostics connector and downloading the contents of the data recorder.
One might argue (from the defense perspective) that the information contained in an event data recorder is not volatile, in that it is retained whether the data is downloaded immediately post-crash or three weeks later. For cases where the air bags have deployed, this is essentially true. If the vehicle is not totaled and the air bags are replaced, part of the installation procedure requires that the event recorder be reprogrammed or replaced completely, essentially wiping the memory.
Until this is done, the data contained there will remain indefinitely, and there is no special need to rush to retrieve it (providing, of course, that the data recorder itself is secure). However, event data recorders capture information not only when the air bags deploy, but also during what the manufacturers call “near-deployment events.” These are characterized by abrupt stops, sudden jars to the vehicle, and other episodes producing sudden and extreme G forces that exceed the thresholds set by the manufacturer.
The information from a near-deployment event is saved until an event that exceeds the limits of the previous event occurs (an exception is when a deployment event occurs within five seconds of the near-deployment event), or when the ignition system has been cycled 250 times. Thus, a driver who wished to conceal the information contained in the data recorder could start his car repeatedly over a short span of time and erase the memory of the recorder.
An attempt to do this would be documented by the number of ignition cycles recorded in the data download (both the number of ignition cycles at the time of the event and at the time of the download are preserved), but, for this reason, the information could be characterized as volatile or dissipating, like that of blood alcohol.
The upshot here: absent consent from the driver, get a search warrant for the event recorder data, and hold the vehicle in secure storage until the warrant is either obtained or the request for it is denied. Some states are starting to recognize the significance of this evidence in their statutes.
California has a new law under which vehicle owners must be told at the time of purchase if their car contains an event data recorder. Further, the information contained in the recorder can be retrieved only with the driver’s permission, a court order, or when used for medical or safety research, anonymously. Other states may or may not follow suit, but it remains clear that a search warrant is the safest method of ensuring that whatever information comes from the recorder will be admissible in court. Public Safety Vehicles
As the vast majority of public safety vehicles on the road are late model GM and Ford products, virtually all of them carry event data recorders that will document the vehicle’s operating status after a deployment or near-deployment event. This recording is subject to the same limitations described above, which apply to all vehicles regardless of use.
There is no privacy concern in retrieving the data from these recorders, as the vehicles are the property of the agency that fields them, and drivers have no reasonable expectation of privacy in the mechanics of a vehicle they are assigned to drive by their employers. In the case of a near-deployment event, a driver could wipe the event data recorder’s memory by repetitive cycling of the vehicle ignition, and the required 250 cycles could conceivably be done before the end of a duty tour.
Therefore, if a public safety manager thinks it might be necessary to download the data from a vehicle involved in some type of mishap, it would be a wise move to get that vehicle into secure storage as quickly as possible.
Managers who want to monitor the behavior of their drivers more closely have better options than the stock event data recorders. Before the widespread deployment of solid state electronics, some emergency vehicles were equipped with tachygraphs that charted a vehicle’s speed on a paper chart. The charts generally needed to be changed every 24 hours or so and would seldom preserve data much more elaborate than speed and light/siren status.
Devices such as those marketed by SmartDriver
contain considerably more memory than the standard event data recorder, and download the information they store directly into a PC, where it can be viewed by the owner (no Vetronix hardware necessary). SmartDriver monitors continuously and starts recording when owner-configurable thresholds are exceeded. It can also sound warning tones when a driver exceeds the preset speed threshold and thus will be popular with parents of young drivers who want to monitor their kids’ driving habits (maybe they should call it DIPS— Dad In Passenger Seat).
SmartDriver downloads its data through a hardwired serial port, where RoadSafety hardware can communicate with a base station wirelessly when the vehicle comes into range. SmartDriver is more of a consumer product, where RoadSafety is targeted to the fleet manager market. Both connect to the onboard diagnostics cable harness, so installation is relatively inexpensive.
Digital video systems can also supply a considerable volume of vehicle operational data, even when they are not in active record mode. Where analog (Hi-8 and VHS tape-based) video systems are more or less limited to the view of the camera and possibly a flag indicating emergency light and siren status, digital video systems can record as much as 128 additional channels of data, continuously or when in active record mode.
Many of these systems include “pre-event” recording, meaning that the system is always capturing the output of the camera onto a memory chip in a loop ranging from 20 seconds to two minutes. When the operator hits the “record” button, the pre-event loop is routed to the recording medium (disk, DVD, tape or a solid-state memory chip) and appended to the start of the recording, so everything in the pre-event loop will be seen along with the events that occur after the button is pressed.
These systems can also be set to activate the recording in the event of a collision, so not only the collision will be recorded, but the events leading up to it will be documented, as well. The data channels available to the system can record all of the parameters of the event data recorder, as well as siren and emergency light status, whether or not the two-way radio was transmitting, and other critical factors.
Moreover, because these systems operate at a typical frame rate of 30 frames per second (fps), this information will be updated every 1/30 second, providing a much more fluid picture of what transpired. There are still some issues to be resolved with digital video recording, not the smallest of which is an industry standard, but these systems have the potential to yield far more information than just what happens in front of the patrol car’s windshield. And, although the information they yield has to be evaluated carefully, “black boxes” can make a substantial contribution to the information available to accident investigators and police managers.