Dashcams are enjoying growing popularity: in the event of an accident, they can provide clarity about the exact course of events. But the permanent recording of the traffic environment can violate privacy rights and data protection. With the "Privacy BlackBox", Fraunhofer AISEC and its partners are presenting a solution that will enable the use of dashcams in cars in compliance with data protection regulations.
In some countries, including Germany, the fact that dashcams are filmed through the windshield without a reason and, above all, permanently, is considered a violation of the Data Protection Act and the privacy rights of road users. Unlike in the USA or Russia, the recordings in German courts are thus controversial as evidence.
There is currently no uniform EU-wide data protection regulation on how to deal with such recordings. The question as to whether and how the data collected may be used must be decided on a case-by-case basis on the basis of a weighing of interests and goods and the corresponding guidance provided by the data protection supervisory authority. In the past, it usually required the use of several judicial instances.
In the opinion of many experts, the manually triggered, occasion-related recording by cameras, which are only activated when sensors register violent braking or vibration - so-called crash cams - does not offer a solution to the dilemma and also requires additional effort. The question of the lawful use or targeted manipulation of the recordings remains.
The Privacy BlackBox now being developed by Fraunhofer AISEC and partners, is based on two central components: A trustworthy recording device enables decentralized data storage without single point-of-failure and operator-safe data encryption directly on the device. A digital trustee infrastructure protects against unauthorized access to the data and guarantees transparent traceability and secure logging of events.
The basis is an embedded platform that makes it possible to connect a wide variety of sensors to the data recorder, for example the built-in automotive sensors or sensors for driving style analysis. Through the use of hardware-supported cryptography, the decentrally stored data is immediately encrypted and digitally signed in the device. Physical attacks against the system, such as violent opening of the housing, are also detected. In addition, one of the keys required to read the data is destroyed, so that data already recorded can no longer be decrypted and become worthless for attackers. Each camera has a unique key that is bound to its hardware. This key is used to sign the video material and can thus be perfectly assigned to a specific device.
Even after the data has been collected, strict control of access and transmission of the data is necessary. As industrial partner, Uniscon GmbH is responsible for setting up and operating the digital trustee infrastructure, which protects the data from unauthorized access and only generates a key for accessing the necessary data section when predefined conditions occur.