Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
‹#›
1
These are the different areas of the connected vehicle research program.  The policy program is a key area and involves researching key policy issues/challenges for supporting deployment/establishment of the connected vehicle environment…..
3
Overarching Policy Issues: These issues cut across modes/programs and are interrelated with other policy issues. The issue of governance interacts and/or has implications for individual policy issues, such as security, privacy, etc.
Individual policy issues tend to be more specific to programs/modes (although some of them overlap): but mainly these issues are closely tied with the technical research and address policy challenges that must be resolved in order to keep the technical research moving forward.
Security
Security of communications and data
Privacy
Protecting personal information
Certification
Certifying equipment/devices, ensuring standards are met
Spectrum
Managing access and rules of the spectrum
Risk Allocation and Liability
Identifying risks and liability conflicts
Cost-Benefit Analysis
Overall benefit/cost of adoption
4
Who certifies the certifiers?
10
Perform various analyses in support of regulatory decision making:
Safety-benefits estimation
Cost estimation (operating, maintenance, deployment, etc.)
Cost-effectiveness and alternatives analysis for applications
Societal benefits / (Traditional) BCA
14
Healthcare Industry / Health IT
Markle Connecting for Health
This is a public-private collaboration whose goal is advance the quality of healthcare in the United States through innovations in information technology.  Connecting for Health has created a framework of policy and technology practices for exchanging medical information while protecting privacy.
US Dept of Health and Human Services (HSS)
HSS is currently in the process of developing a Nationwide Health Information Network.  Two Federal Advisory Committees have been initiated to advise HSS – 1) Health Information Technology Standards Committee to advise on federal health IT standards issues; and 2) Health Information Technology Policy Committee to establish a framework for governance of the Nationwide Health Information. 
 
Public Safety / Emergency Response Communications:  Highlights the issue of interoperability between first responders and public safety agencies as well as issues dealing with spectrum sharing.
 
National Standards of Standards and Technology (NIST): NIST is the federal technology agency that works with industry to develop and apply technology, measurements, and standards.  This provides an example of challenges with technology adoption due the private sector struggling with costs and impacts. 
 
Internet / ICANN (Internet Corporation for Assigned Names and Numbers):  ICANN coordinates a global governance structure and develops policy to oversee all of the Internet’s unique identifiers or addresses. ICANN is an example of governance structures already being in place (implemented by the US Department of Commerce) but then dismantled and reconstructed to transition management to the global community.  Developing the structure and technical standards also has societal and political implications – such as when they were developing addresses and whether or not to use “xxx” as a URL suffix.
 
Smart Grid: This is a project aimed at modernizing the electrical transmission and distribution system within the United States to increase efficiency and to give consumers better control over their electricity usage and costs. Governance issues include dealing with privacy of consumer data and security issues as well as answering the question of data ownership.   The answers to these questions can create implications for innovation.  
 
Telecommunications / Cell phone industry:  The governance of the cell phone industry is relevant (may not necessarily be a model) but a parallel transportation communications system.
 
Privacy reports: The Federal Trade Commission and Department of Commerce both released separate preliminary reports on consumer privacy at the end of 2010.  Each report has differing but interesting views on privacy and enforcement. 
 
Fair Information Practice Principles (FIPS):  FIPS offer a solid model on how to best deal with information from a privacy perspective and information management perspective.  The Department of Homeland Security (DHS) has a very well designed set of FIPS. The Department of Health and Human Services (HHS) and Organisation for Economic Co-operation and Development (OECD) also have good FIPS in place.    Using FIPS implements a process of identifying for what purpose the information will be collected and determine if the correct information is being collected. 
 
Cognitive radio:  This is an example of governance structure that used to be a federal government function, but is now in a private sector laboratory which has been delegated a government role.  Also deals with issues concerning wireless governance, spectrum sharing and white space. 
20
21
Technology and policy should be developed simultaneously. 
Avoid developing technology and then evaluating policy as an afterthought.  If technical standards have been established early without considering governance, it becomes more difficult to integrate and implement a sound governance structure later in the process.
There is concern that having policy and governance as separate tracks and expecting to marry the two ideas at the end of the process could be difficult.
Consider what information is being collected and stored.  This may warrant establishing a privacy and security working group.  Examine questions such as:  What information are you collecting?  How long will it be stored?  How is the consumer or public being informed?  There needs to be “privacy by design” early in the process.  It is important to understand that not all information can or should be treated equally.
Identify and separate the types of information gathered (generic, androgynous, user specific, incentive-based) and determine if the governance structure will include the right to exclude access to certain information.  Consider if collecting different types of information will result in different policy implementations.
Examine the end-to-end principle:
In an ‘open network’, such as the Internet, there are very few control points in the network itself and it is based on simplicity and openness.
The Internet is constantly leaking access / data, which spurs innovation, making it easy for entrepreneurs to gather data and generate new ideas.  Leaking has positive aspects.
Open standards and open access can be beneficial, but one should remain conscious of possible security issues. 
23
AN interesting outside perspective: Experts asked if the mission was to create a platform upon which others can innovate, or was the mission to create a closed system where information is only exchanged through trusted entities?  As we discussed the mission, experts noted a divide between the mission for safety and the one for mobility and environmental performance, and asked if we thought we should keep those two separate.  This will come up as we go through these slides and through our exercises today.  Importantly, experts stressed that we not lose sight of the mission once it is established and gave us a good example. They said, remember that it is not about adopting technology; instead it’s about what you want to do with the technology.  For example, the electronic medical records initiative is not about the technology for collecting records, but about improving health.  The performance measures or goals developed for this initiative should be based on improving heath in this case.  Records are only the technological tool.
Using the mission as a guide, establish the principles that form the basis for establishing Governance.  Some principles to consider are:
Participation / Voice – Those who will be impacted by the system will need to be part of the decision making process
Accountability – How do you deal with disputes?
Representation – Recognize stakeholder participation and interests
Transparency – Need to be clear on how and why decisions were made
Efficiency – Recognize that there are trade-offs with participation
Flexibility – Don’t lock into decisions that may lead to stalled innovation
With the list of principles, we can conduct two further analyses:
Evaluate and prioritize these (and other) principles so that we can look at the vulnerabilities and risks and decide where flexibility is desired. Note, also, that there may be important trade-offs in this principles.  For instance, transparency and efficiency are usually in conflict.
And, Identify best practices to use as models when developing principles.  As questions such as “What are models for accountability? Dispute resolution?  Transparency?   Participation?  Voice?  Efficiency and effectiveness?” 
Finally, define the level of failure that is acceptable and /or the tolerance of failure.  This will help define where government roles are needed most.
Experts noted that our processes will likely result in a blend of models to create the program best suited to meet mission and goals.  Also, they said to separate goals from regulatory tools. 
25
A mapping document should show all of the organizations involved, who they are, who they represent, what their interests area, and their relationship to other stakeholders.  It is important to map interests and stakeholders to help better identify which stakeholders should be included in the discussions throughout the process.
27
This is a complicated system because it involves different types of governance each with its own processes but also all levels need to interact with each other.  Each type will also be in various stages of development, creating an unstable matrix of collected decisions as what is being governed changes over time.  Acknowledge that different stakeholders (government versus private sector) move at different paces.  Also, different processes give you different types of legitimacy.  Start by taking an inventory of the various governance structures currently in operation.  Determine what would be needed for the Connected Vehicle program and consider how existing structures may need to evolve.  What would be needed that is completely new? 
There are several common themes present in various examples:
Best if you commit yourself to a representative process – map everyone at the table
Identify sub-groups of expertise – this worked well when larger groups were broken into subgroups on technical issues versus policy
Size of the overall group matters – there are optimal sizes for each particular problem to encourage engagement
One suggestion is to examine what the FTC has done regarding privacy.  They have created FIPS – Fair Information Practice Principles – a series of reports, guidelines, and model codes that represent widely-accepted principles concerning fair information practices.  DHS FIPS are probably the most modern example. 
.  Each time a decision is made about one of the processes listed below, the principles should be revisited to see how they measure. 
Identification
Oversight
Enforcement
Certification
Coordination
28
Certification used to be pure government function, but now there are commercial sector labs available. However, there are government requirements to become a certification lab.  It is assumed that real-time safety applications will have to be certified. 
Example:  With cognitive radio, the Federal government initially set standards and certified devices. Now certification of technology for interoperability and safety is done by a commercial sector laboratory, but maintains that certification standards are still set by the government, acting as a delegated role. 
Divide portions of the Connected Vehicle program into separate elements.  In particular, examine DSRC requirements separate from mobility requirements.  A similar idea was used in the health industry.  They focused on the key elements for simple information exchange but identified some areas for higher security. 
When considering models, the Internet is one possibility, but the Internet model contains a large amount of risk since it is open and insecure.  The DOT standards seem high – making tolerance for failure low.  However, the Internet is many different models (ITF, ICANN, etc) that contain some useful elements, particularly information management.  There is a large amount of information flowing into an infrastructure, which asks questions such as “Where is it going?” and “Who is using it?”  There are many models for managing complex information systems. 
30
36
By managing keys and certificates through a PKI, the V2V/V2I Security System establishes and maintains a trustworthy communications environment.
38