Mileage-based user fees are increasingly viewed as a viable replacement of fuel excise taxes as the principal source of road user revenue. Directly charging per mile rather than indirectly per gallon of fuel consumed can future-proof revenue collection in the face of increasing fuel economy and changing propulsion sources. Despite the promise of the mileage-based user fee (MBUF) approach, many have raised privacy concerns about the technologies that may be involved. These concerns are legitimate, and MBUF customer privacy must be protected to gain public acceptance. Fortunately, by incorporating privacy protections at the beginning of technology development along with strict legal requirements on data handling, privacy concerns can be addressed.
The simplest way to address privacy concerns is to offer mileage-based user fee options that do not collect any location information, such as odometer readings. However, these options come with downsides to the customer experience, such as the inability to fully automate odometer readings, the inability to automatically deduct mileage driven out of state or off public roads from customer bills, the lack of seamless integration with separate toll facilities, and the reduced ability to audit mileage counts to support customer billing disputes.
In addition to offering customers a superior billing experience, location-based MBUF technologies can also give customers access to optional features they may desire, such as quickly locating their parking spot or receiving alerts if their teen children have driven too far from home.
So, how can location information be protected to prevent government surveillance?
First, it is important to understand how the location information is generated in the first place. These systems rely on the Global Positioning System (GPS) constellation of navigation satellites. GPS satellites in orbit around the Earth broadcast radio signals that transmit their locations and the precise time from onboard atomic clocks. A GPS receiver, such as one incorporated into a location-based MBUF device, detects these signals and uses the time of arrival to calculate its distance from a GPS satellite. Using the distance calculations from at least four GPS satellites allows a GPS receiver to determine its longitude, latitude, and altitude at a given point in time.
The upshot is that because GPS signals are sent one-way from the satellites and location is calculated by the GPS receiver using multiple satellites, GPS alone cannot be used to track the location of a GPS receiver. Privacy concerns only become an issue when a GPS receiver is paired with a secondary wired or wireless communications system, such as cellular, that can transmit the location information that is computed and stored locally on a GPS receiver. As such, addressing location-based MBUF privacy must focus on how that location information is transmitted, processed, and stored.
From here, location-based MBUF technologies can be designed so that location information used to calculate distances driven on roads subject to MBUFs is separated from the mileage counts that are transmitted for state revenue collection purposes. Location information should be held securely for a short period of time to facilitate audits and customer billing disputes, after which it is destroyed. During the specified period of time that location information is retained, strict warrant requirements can be used to prevent abusive surveillance.
Oregon, which led the country in developing both fuel taxes and their MBUF replacement, also developed strong privacy protections for location-based mileage-based user fees in consultation with civil liberties organizations. Here are key privacy protections codified in Oregon statute:
- Oregon relies on private “certified service providers” to administer the customer-facing elements of its location-based MBUF option, which then report metered road use stripped of location information for revenue-collection purposes. (ORS § 319.915(1)(a))
- All location data must be destroyed within 30 days upon the completion of payment processing, billing disputes, or noncompliance audits. (ORS § 319.915(4)(a))
- Location information and other personally identifiable information held to complete a monthly billing cycle are considered confidential and exempt from public records requests. (ORS § 319.915(2))
- Law enforcement officers are required to obtain a court order based on probable cause in an authorized criminal investigation in order to access any personally identifiable information of a person subject to that criminal investigation. (ORS § 319.915(3)(a)(G))
As other states contemplate replacing their gas taxes with mileage-based user fees, they must ensure that customer privacy is protected. Failure to do so will understandably undermine public acceptance of MBUFs and reduce the viability of user-based revenue collection in the long-run.