Congestion pricing that respects “driver privacy”
by Andrew J. Blumberg, Stanford University, Mathematics Department
and Robin Chase, Meadow Networks
Accepted by the IEEE Intelligent Transportation Systems Society Conference, Toronto September 2006. Download a PDF of the full paper.
Abstract
In 2003, the city of London implemented a congestion pricing policy in order to reduce traffic and raise revenues for transit improvements. The dramatic success of this system has led to widespread consideration of the adoption of such variable tolling, including road pricing, in dense urban cores around the world. While from many perspectives the broad implementation of such congestion pricing systems would be socially beneficial, the likely consequences for the privacy of motorists are extremely negative. A sophisticated congestion pricing strategy will assign a cost to a specific space-time path of a vehicle through the pricing zone. Straightforward implementations of monitoring systems to assess congestion tolls thus require detailed tracking technology to monitor the paths of each individual vehicle.
In this paper, we introduce a novel protocol for computing congestion pricing tolls in a fashion that preserves driver privacy. Our scheme uses cryptographic algorithms to guarantee that the state can collect arbitrarily nuanced congestion pricing tolls without being able to track the movements of individual drivers. That is, the system provides simultaneous guarantees that the state can correctly compute the tolls for a particular driver from the information it collects but that the state cannot reconstruct the path of the driver no matter what it does with this information.
Our system is built using a variant of the protocol we described in a previous paper to handle automated traffic enforcement (i.e. stop-light violation detection) in a way that preserves driver privacy and eliminates camera use. The protocol is relatively easy to implement with existing technology, and such implementation can be done in a fashion which is sufficiently robust to handle realistic operational requirements. In particular, we discuss methods for ensuring resistance to attempts to cheat and modifications to handle sporadic users (tourists).