Tuesday, 29 August 2017
What would happen if a robot got hit by a train?
A couple of weeks ago, while waiting for a commuter train back to San Francisco from Redwood City, I had an unexpected and disturbing encounter with one of the "self-driving" motorized delivery robots that are currently being tested in Redwood City.
The robot -- a knee-high wheeled box about the size of a hassock fan or footstool -- was working its way along the edge of the platform, beyond the yellow line marking the danger zone, where it could have been struck by or sucked into a passing train and turned into 50 pounds of flying shrapnel. Some "Baby Bullet" express trains on that track go past the platform in Redwood City at 60 mph without stopping.
I was surprised to see one of these robots on the Caltrain platform at all, much less to see it trying to use the platform as a through passageway, and even more surprised to see it drive right up to the edge of the platform before it jerked to a stop and turned to continue along the platform toward me.
I yelled at the robot, hoping that a human operator might be monitoring it, but the only response from the robot was a repeated recorded message, "Let me go! I'm working! I'm going to be late!" -- as if the platform was a right-of-way, and humans were expected to yield to robots.
I saw no marking on the robot, but another passenger on the train had encountered a similar robot accompanied by a human minder earlier in the day. They passed on the card they'd gotten from the robot handler with the name of the company that operates the robots, "Starship Technologies".
The e-mail address on the business card didn't work, and there's no phone number on the company's Web site. I got in touch with a spokesperson for Starship Tech only after they responded to my Tweet about the incident. But almost three weeks later, and after multiple exchanges with staff of Starship Tech, Caltrain, and the government of Redwood City, I still haven't gotten any coherent explanation of what happened or why.
Last night, all else having failed, I took the Caltrain to Redwood City again to bring the issue before the city council. I hadn't planned on writing about this yet, but since I've heard that some of my comments from the webcast of the city council meeting are circulating and being discussed elsewhere online, I'm posting them here in full.
My name is Edward Hasbrouck, and I came down from San Francisco today to alert you to a serious safety issue involving the delivery robots that are operating here in Redwood City.
On August 9th, I was on the Redwood City Caltrain platform when I saw a delivery robot on the platform, out at the edge beyond the yellow line marking the danger zone. The robot went almost to the drop-off before it turned back, and then it tried to push along the platform through the crowd of people waiting for the oncoming train, playing a loud recorded demand that we move aside to let it pass.
There was no visible marking on the robot. There's no phone number on the Web site of the company, Starship Tech. Supposedly there's a 2 × 3" label on each robot with a phone number. But that's too small to read from any distance, and that phone number goes to voicemail, so it doesn't provide any way to communicate with the human operator or report problems in real time.
Caltrain told me they don't believe that the city permit authorizes use of the Caltrain platform by these robots. But a spokesperson for Starship Tech told me that the company intends to continue using the Caltrain platform as a robot thoroughfare at all times except 4 to 6 p.m.
One of the first things we teach small children before we let them out on the street is to stay away from train tracks. Similarly, keeping robots away from moving trains should have been a priority for robot programmers and operators.
This incident should be a wake-up call that the city needs policies and procedures to deal with the inevitable cases when robots get into places where they aren't allowed, aren't wanted, fail to yield to pedestrians, or cause a nuisance, tripping hazard, or even a greater danger.
Redwood City took the lead on this issue, and you are setting a precedent not just for this technology, but also for the regulatory framework in which it operates. You need to get this right, not just for your own sake but also for the sake of other cities following your lead. But because there wasn't yet any experience with these robots, some of the problems may not yet have been apparent.
Other cities and states that have more recently adopted rules for delivery robots have almost all included requirements that aren't part of the Redwood City pilot. These include an adequately sized label with an ID number and contact information on each robot, prompt responses to public inquiries, and reporting of safety incidents to the authorities.
People who see robots where they shouldn't be, or doing things they shouldn't do, need to be able to identify the robot, communicate the
problem quickly to the robot operator, and have their complaints reported to the city so it can learn from experience.
I request that the City Manager revoke the delivery robot permit until the permit conditions can be revised to deal with incidents such as this. If the City Manager does not do so, I request that you place on the agenda for your next meeting a resolution to suspend the pilot program and direct that the permit be rescinded pending revision of the rules for operation of these robots.
I could have gone into more detail if I hadn't been limited to three minutes. But I've already heard from the Mayor and one of the other members of the City Council today, promising that city staff will be looking into this matter further.
If you see a robot on any of the Caltrain platforms, please report it immediately to Caltrain staff, with a photo if possible. If you send me a copy of your report and/or photos, I'll also do what I can to get them to the relevant Caltrain and city staff.
Posted by Edward on Tuesday, 29 August 2017, 12:39 (12:39 PM)
My first concern was with safety, but some of the people with whom I have discussed this incident have also raised questions about privacy invasion.
Starship Tech has not yet told me what records they have of my encounter with their robot. But they have said publicly that each of their robots has nine video cameras. Starship Tech has been silent on whether there are also microphones, and on whether video (and/or audio) is recorded or only available in real time to the human operator (if there is one).
Starship Tech has no privacy or data protection policy on their Web site governing retention, use, or access to video or other data, even though it describes itself as a "European" company and their robots are deployed in the European Union. This appears to violate EU data protection law.
Starship Tech was founded by some of the Estonian creators of Skype, who sold Skype to Microsoft for US $8.5 billion, and has operations in Estonia, the UK, and Germany as well as the US. Any EU corporation must comply with EU law in its worldwide operations, just as US corporations and persons must comply with US law (as well as local law) even when they are acting outside the US.
I don't know if anyone who has encountered one of their robots has requested the records of that encounter under European data protection law, or if so, how that request was dealt with.
The next meeting of the Redwood City City Council is tonight, and I planned (and told Starship Tech, the company that owns and operates the robots) that I would be reporting back to the City Council on the lack of action by Starship tech and by city staff responsible for oversight of the delivery robot permit.
Just a few hours before the City Council meeting, a Starship Tech spokesperson e-mailed me that:
(1) "Our support number is now on the website." (Supposedly this number, 844-445-5333, is also printed on a 2" x 3" label somewhere on each robot, although I've never gotten close enough to read it.)
(2) "We're in the process of forwarding the calls to respective colleagues depending on the time of day. This means it will not just be a voicemail."
(3) Starship Tech has posted a privacy and data protection statement at:
As of now, this appears to be a "hidden" page not linked to from the Starship.xyz home page, contact page, or any other sequence of links from them that a search engine or crawler might follow.
(4) Starship Tech has identified a Data Protection Officer, Rao Pärnpuu, firstname.lastname@example.org.
No phone number or postal address is specified. Starship Tech uses aggressive spam filtering and may not receive e-mail sent to this address. None of the e-mail I have sent to any address in the Starship Tech domain has been received. Starship Tech lists addresses and operations in Estonia, Germany, the UK, and the US, but doesn't say in which of those offices Mr. Rao is located, or which EU member state's data protection rules apply to Starship Tech's parent company.
According to the statement posted by Starship Tech, "In case of legal requests or in rare cases of internal valid business reasons that cannot be solved by other means, medium-resolution unobfuscated [video] images may be retrieved by authorized personnel."
Unfortunately, none of these measures are required by the Redwood City permit, and all of them could be undone by the company at any time.
All of this should have been anticipated, required by the permit, and put in place before the robots were sent out on the streets as nine-eyed self-propelled video surveillance platforms.
I was told earlier by a Starship Tech spokesperson that video of my encounter with the robot on the Caltrain platform would be reviewed, so I believe that it was retained. I'll be requesting a copy of all video, audio, still images, or other records of this encounter.
In response to my "subject access request" to Starship Tech for all information pertaining to me held by the company, I've receive the message excerpted below from Starship's data protection officer, Rao Pärnpuu. The company refuses to provide any of the information I requested, but does provide some information about what laws it recognizes as applying to its activities in the USA:
"*First* - I will clarify that the operation of STARSHIP robots falls under the jurisdiction of the Republic of Estonia with regard to data protection regulation (cameras and other telemetry). Estonia is a member of the European union and as such all guarantees that the EU regulations provide for do apply. Operations in Redwood City are managed by an US entity but since data processing in this context is done by the Estonian entity, the laws of the jurisdiction where data processing is done, apply....
"*Second* - ... We have checked and re-checked our databases for any data in the context of data protection regulation of the aforementioned data subject (i.e. you). This included visual or other data we have from the northbound Caltrain platform in Redwood City at the time specified in your e-mail... We have determined... that we have collected no identifiable data regarding you in the context of EU data protection regulation (except e-mail correspondence with you post factum). Therefore, we cannot forward to you any data, as we have collected none....
*Third* - The aforementioned analysis does not include e-mail correspondence with you, in-house correspondence that was necessary to process your request or any correspondence with our legal counsel....[W]e cannot and are not obligated by law to forward such internal communication to you."
Estonian law requires a company to respond to a request like this within 5 days. Starship's "response" came 20 days after my request.
As I have explained by reply e-mail:
"The limitations and exceptions to subject access rights in Article 20 of the Estonian "Personal Data Protection Act" do *not* include any exemption for so-called "internal" communications:
"There is a good reason why the law does not provide such an exception. An exception for "internal" records would allow for the creation and maintenance of dossiers of private or corporate surveillance of individuals, and the withholding of those dossiers from disclosure on the basis of a claim that they are "internal" corporate records.
"This issue is of paramount importance in relation to corporate collection and use of "big data" pertaining to individuals. An exception to subject access rights for "internal" data would render those rights meaningless.
"I agree with the Estonian legislators who chose not to include any such exception in the Data Protection Act. An Estonian data controller or data processor cannot lawfully self-designate personal information as "internal communications", and use that claim as the basis for withholding required information from disclosure in response to a subject access request.
"If Estonian citizens disagree, they can ask their government to amend the Estonian Data Protection Act (which might also require amending the EU data protection legislation to permit such an exception). For now, this is the law in the Estonia which you must follow....
"You have deployed nine-eyed mobile surveillance devices with an unknown array of other sensors on the streets (and on private property such as the Caltrain platform) of Redwood City and elsewhere.
"It is inevitable, and you as data protection officer should have anticipated, that the data collected by these robotic mobile surveillance platforms will be requested (1) by data subjects, (2) by parties to private litigation, and (3) by law enforcement agencies.
"As data protection officer and point of contact for subject access requests, you should have prepared procedures and templates for responding to each of these three categories of requests *before* the robots were first deployed. You should have ensured that these procedures and the appropriate point of contact and identification of the data controller were posted on your Web site(s) (and on a page or pages accessible from other pages, not an unlinked and effectively hidden page, typically as a "data protection " and/or "privacy" tab on the home page or on each page).
"You should have ensured that the robots as mobile video recording devices were marked or labeled with the identity and point of contact of the data controller -- just as are other surveillance cameras in public places.
"*Most* of the personal data collected by your company is that which is, of course, that which is collected by your robots. As data protection officer, ensuring protection of this data and preparing to respond to all categories of request for this data should have been your highest priority.
"Your robots have been operating and collecting personal data for some time. A request such as mine should have been routine and easily answered following what should have been well-established procedures.
"Your failure to do so, and your inability to provide a timely response (or a response which complies with the law), reflect poorly on your company's data protection practices, and provide a strong basis for revocation of the permit for your operation of these robots in Redwood City."
If Starship as an Estonian corporation doesn't provide the information required by Estonian law, I will bring a complaint to the Estonian Data Protection Inspectorate:
In response to my complaint, Starship Tech has added a "Data Privacy" link to the footer at the bottom of the pages on their Web site, and sent me the following message today:
"Dear Mr. Hasbrouck,
Thank you for your reply. You will be provided with the additional information in regards to your subject access request in the next few days.
In response to your request, I have included the information about the Estonian and US operational legal entities of STARSHIP.
Starship Technologies OÜ,
registry code: 12673365,
address: Teaduspargi tn 8,
Starship Technologies, Inc
registry code: 5897542
address: 15260 Ventura Boulevard,
I was contacted by a lawyer in Southern California, Louis A. Wharton, "email@example.com", who claimed to be representing "the Starship organization", then said he was representing "Starship Holdings, a Delaware corporation, and its subsidiaries" but declined to identify those subsidiaries.
After first requesting a telephone conference call with himself and another lawyer in Estonia, Rauno Kinkar, "Rauno.Kinkar@lextal.ee", also purportedly representing one or more of the Starship companies, he first postponed the call and then sent me the following message:
"We believe that Starship has complied with its obligations under applicable privacy laws by virtue of its prior responses to you, and Starship has no further information to provide."
I still have received none of the video, telemetry data, or other records of any of the Starship companies about me or my encounter with their robot in Redwood City.
"Coming soon: Security robots that patrol streets – or guard your home" (by Tim Johnson, McClatchy News Service, 30 October 2017)
"Elected officials in San Francisco this month pondered whether delivery robots should be banned from city sidewalks, pushing them on to bicycle lanes and away from the elderly.
'There are a lot of issues of how to stop it from hurting people, accidentally running over their toes, pushing over children and dogs, that kind of thing,' said A. Michael Froomkin, a University of Miami Law School professor who specializes in policy issues around robots.
Among practical issues, Froomkin said, is how to contact robot owners in case of mishap.
'If you have a robot with no distinguishing marks, who are you going to call? It’s a very good question and it’s already happened in real life,' Froomkin said.
He referred to Edward Hasbrouck, a consumer advocate and author who blogged in August about a “disturbing encounter” with a delivery robot on a Caltrain platform in Redwood City, California, that rolled near the edge of the platform, inches from a speeding train...."