‘Safety Cases’ Could Prove Driverless Cars Make the Grade

How can we be sure driverless cars are safe, if the safety standards we’ve relied on assume there’s a driver behind the wheel?

That’s a question that lawmakers and autonomous vehicle makers take on as soon as they look beyond closed-track testing and grapple with whether AVs are safe for their occupants and other road users.

Now a self-driving car expert from Carnegie Mellon University is proposing a way to ensure AV safety that he says would free companies to develop new technologies and get them on the road quickly, but safely. Rather than pass prescribed tests, manufacturers could identify the safety goals for each feature and show how they met them. This concept may earn backing from both AV skeptics and proponents.

No car is allowed on public roads unless it complies with federal motor vehicle safety standards (FMVSS), which spell out parameters for all parts of a car that affect safety. The standards spell out tests to prove that these systems comply.

But when it comes to AVs, those tests may be irrelevant.

For example, FMVSS requires cars to have steering wheels and brake pedals, assuming there will be human drivers to use them. If an automaker designs a driverless car from the ground up without those parts, the tests can’t be used to prove it’s safe.

Safety standards have relied on the letter of the law rather than its purpose, Carnegie-Mellon University Associate Professor Philip Koopman argues.

“The weakness of the conventional vehicle standards approach is that the tests don’t explicitly capture the ‘why’ of the safety standard,” Koopman wrote in an op-ed piece on the political news site The Hill this week.

AVs can be exempted from FMVSS. The AV START Act, a bill intended to jumpstart the AV industry that’s currently stalled in the US Senate, would eventually allow a manufacturer to get up to 100,000 exemptions per year. Regulations already in place require that any exempted vehicle is just as safe, overall, as a vehicle that complies with FMVSS. But they don’t spell out how that’s determined.

AV START might give the Department of Transportation too much latitude to exempt new AVs from FMVSS, said Navigant Research analyst Sam Abuelsamid.

“Under the current environment, providing the DOT with such an open-ended regulation [would] leave the door open for regulators to say, ‘You’re exempt from all FMVSS regulations,’ which would be a terrible idea,” he said.

Koopman says AV makers should submit “safety cases,” or written explanations of why a system is appropriately safe. Each would include a safety goal, a strategy for meeting the goal, and evidence that the strategy works.

For example, the rule on low-tire-pressure warnings says a car needs a light that warns the driver the tires are low. The goal is to avoid blowouts that can cause accidents. A strategy to meet that goal in an AV, where there is no driver to see a warning or act on it, might be to program the car’s software with speed and distance limits that kick in when pressure gets low. To prove it works, the company would show its car pulls over within a certain time limit.

Manufacturers would have to submit safety cases before their vehicles hit the road, and possibly update them over time, Koopman said. But they could be handled in several ways, including having the National Highway Traffic Safety Administration evaluate the cases for safety, just evaluate them for completeness, provide them to third parties for assessment, or other methods, Koopman told The Connected Car.

“In my experience, if you skip the safety case, there is a high risk you’re building an unsafe system even if you don’t realize it at the time,” Koopman said via e-mail.

Abuelsamid said Koopman’s proposal is an excellent idea.

“Any exemption from an FMVSS for AVs should be accompanied by a safety case study to show what the company will do instead to ensure safety,” he said.

So did Amitai Bin-Nun, vice president of autonomous vehicles and mobility innovation at Securing America’s Future Energy, a strong advocate of AV exemptions. Safety cases could be the way to advance new self-driving technologies, he said.

“We want to have a framework in place that lets these ideas on the road as long as they don’t diminish the overall level of safety.”

— Stephen Lawson is a freelance writer based in San Francisco. Follow him on Twitter @sdlawsonmedia.