1
ACCEPTING SAFETY OVER SECURITY OF YOUR CAR?
A stated-preference research into the role of cybersecurity
in the public acceptance of the autonomous vehicle.
Master thesis submitted to Leiden University
in partial fulfilment of the requirements for the degree of
MASTER OF SCIENCE
In Crisis and Security Management
Faculty of governance and global affairs
By
Jay Jay Kleinendorst
Student number: S1763989
To be defended January 2020.
Graduation committee:
Supervisor Dr. T. van Steen t.van.steen@fgga.leidenuniv.nl
2
P
REFACE
My academic career started in the summer of 2012, well over 7 years ago, at the Technical University Delft. Here, my endless curiosity drove me to expand my knowledge beyond the safety of the engineering department and dive head-first into the world of Governance and Global Affairs. With the completion of this thesis, I can look back at plenty ups and downs, but most importantly, at a successful and speedy completion of my master’s degree in Crisis and Security Management. This study has brought me a lot and has expanded my horizon noticeably. The change of scenery to Leiden/The Hague not only allowed me to study a new discipline, it also left me with new friends and led to this thesis which I must admit to being pretty proud of. It is then with great joy that I present to you the resulting product.
This master thesis is the result of a three month long research into the social acceptance of the self-driving car. Being a huge car enthusiast myself, AV technology is something that excites me greatly. I have always felt like AV technology could be the future, but too much attention was spent on the technical, and too little on the social effect of self-driving cars. Fortunately, the Leiden University allowed me to turn this into a graduation study. But as there is still an engineer deep inside me, I could not help but to make this thesis also a tiny bit technical. It simply runs in my veins. And this led to some issues for a non-technical university.
So first and foremost, I would like to thank my thesis supervisor Dr. Tommy van Steen. It was he who believed in my thesis topic from the start, and did not fear the technical nature/basis of the study when others told me I could not perform such research at the Leiden University. Dr. van Steen slammed the brakes when I was going into too much detail, but also stimulated me to get the most out of it, allowing me to incorporate some knowledge from my engineering degree into this master’s thesis. In my extensive academic career, I have rarely seen a supervisor/professor this involved, approachable, cooperative and helpful. Dr. van Steen seemed to enjoy my research, which was a huge motivation for myself to keep going and pressing forwards. Many, many thanks also for taking all the time during our feedback sessions which never felt (or were) rushed, and were usually scheduled on a very short notice. I also want to thank Dr. James Shires for his feedback as my second reader, I hope I pleasantly surprised you by far exceeding that 385 respondent threshold I set out for myself.
Furthermore, I would very much like to thank my parents for without whom I could have never gotten to college, let alone try to complete two master’s degrees. Their continuous love, support and financial aid allowed me to fully focus on my degrees, passions, joy and future career worry free. A special thanks to my girlfriend for making sure I obtained the utmost achievable. My friends were there for me to provide some much needed thesis counselling at times and gave me some great feedback. Lastly, I want to thank each and every person that completed my survey. Special thanks to Carlo Brantsen for publishing my survey in both CARROS magazine and on the KNAC Facebook page.
Thank you all for helping me one way or another. I hope you enjoy the read!
Jay Jay Kleinendorst Arnhem, January 2020.
3
E
XECUTIVE SUMMARY
I
NTRODUCTIONWithin choice modeling, humans are notoriously bad at making decisions. People are known throw all caution to the wind and make erratic choices regardless. And in a highly dynamic and dangerous
environment such as traffic, this could result in potentially dangerous situations. As vehicular technology ever advances, the car is becoming increasingly autonomous. Car manufacturers are trying to eliminate this erratic choice maker, a human, from having control over the vehicle. Research indicates that fully autonomous vehicles (AVs) could significantly increase road safety, as long as the cybersecurity of this vehicle is guaranteed. As such, many manufacturers are currently investing a lot of resources in the development of these self-driving cars. As it is becoming increasingly assumable that in the near future AVs will be fully marketable, the question remains: is the market ready?
In light of recent new privacy laws and attention to data-leaks, cybercrime has received a lot of attention. This research focusses on the impact of cybercrime on the social acceptance of the AV. It aims to fill the knowledge gap on the social acceptance of the AV of the Dutch public, and how the risk of a potential cyberthreat influences this. Are the Dutch willing to sacrifice cybersecurity of their vehicle in order to gain some road safety? Or is the public even aware that there are (cyber-)risks associated with the highly connected computers within a vehicle? Through the following research questions, an conclusion to these questions was sought.
How does the factor ‘cybersecurity’ play a role in the social acceptance of the self-driving car, for the Dutch market?
An answer to this research question was sought through the answering of the following questions: 1) What is the current willingness to accept the self-driving car as a replacement of the traditional
car amongst Dutch driver’s license holders?
2) Do potential customers take the factor cybersecurity into account when choosing between an AV or traditional car?
3) Do potential consumers value themselves “tech savvy” enough to transition from personal vehicle to autonomous vehicle?
4) What is the level of awareness amongst Dutch driver’s license holders regarding the ability that cybercrime could affect the operations of an autonomous vehicle?
5) How do people adjust their acceptance of the self-driving car once a universal understanding of the dangers of cyberattacks is established?
4
T
HEORETICAL FRAMEWORKFor this analysis, a theoretical framework by Davis (1989) is used. His Technology Acceptance Model (TAM) dictates that the acceptance of a technological innovation is dependent on a number of utility-generating processes. The random utility theory is then applied with the assumption that humans are Random Utility Maximizers (RUM-assumption). Meaning that a human would do whatever it takes to maximize their utility. This assigns great explanatory powers to this research, as it can be used to explain unobserved factors. If for instance the AV gains 20 utils (measurement of utility) over the car, and a respondent still prefers the car over the AV, it can be concluded that there is a latent factor responsible for a utility assignment of more than 20 utils. As such, it can be investigated if the average respondent is inclined to be convinced by various stimuli to purchase an AV, or if he/she has a strong preference that is not likely to change.
M
ETHODA survey was constructed to measure factors like acceptance, expectation and ability to absorb and process data in order to reach a conclusion to the research question. In this survey, the respondent is asked to state his preference between a traditional car and an AV in an explicit case. This means that all
parameters on which the respondent should base their personal opinion are given. In the first observation, the car is made totally equal to the AV but for the fact that the AV drives itself. To measure latent factors, a second choice set is added in which the AV gained a one star safety rating. The respondent is then asked to give his opinion on several factors such as how well informed he is about autonomous vehicular technology and the risks of cybersecurity on the vehicle. Furthermore it is asked on what criteria he/she would rank a vehicle for purchase. As a final step in the survey, the respondent is asked to watch a video. This video is either non-related to the topic, to serve as a baseline establishment, or is a video in which the dangers of AV in regards to failing cybersecurity are made explicit. Following the video, the respondent is again asked to state their preference.
C
ONCLUSIONThe majority of the sample indicated to have great understanding of AV technology and the dangers of cybersecurity to the AV. As expected, this resulted in an increase of the importance of cybersecurity in case of an AV compared to the traditional car. However, surprisingly, an above average amount of people indicated to hardly value cybersecurity for the AV. So although awareness was high, it does not
necessarily lead to an increased importance of cybersecurity for everyone.
It was further found that the social acceptance of the AV is currently at about a third of the sample, which is set to increase to a 50%-50% distribution once the AV gains in utility over the car. Women are found to behave the most utility maximizing, whereas males showed to assign the most utility to latent factors. Males are more adamant that they have good knowledge on the topic, and when presented with new information, they show an inability or lack of motivation to incorporate this information in their decision. Females on the other hand have shown to be less sure about the knowledge they have on vehicular technology, and as such adjust their opinion more easily once new information is presented. So although people indicate that cybersecurity plays an important role, it is often outweighed by latent factors such as personal preference.
5
L
IST OF ABBREVIATIONS
(D)DoS (Distributed) Denial of Service ADAS Advanced Driver-Assistance Systems
AV Autonomous vehicle
CBS Central Bureau for Statistics (Statistics Netherlands)
CS Choice Set
DARPA Defense Advanced Research Projects Agency
ECU Electronic Control Unit
ESP Electronic Stability Program
EURO NCAP European New Car Assessment Programme
GPS Global Positioning System
IR InfraRed
MITM Man-In-The-Middle
MNL Multinomial Logit
NL Nested Logit
RRM Random Regret Minimalization
RUM Random Utility Maximization
SecRAM Security Risk Assessment Methodology SESAR ATM Single European Sky Air traffic management
SP Stated Preference
TAM Technology Acceptance Model
TIL (Department of) Transport, Infrastructure and Logistics UTAUT Unified Theory of Acceptance and Use of Technology
6
T
ABLE OF CONTENT
Preface ... 2 Executive summary ... 3 List of abbreviations ... 5 Table of content ... 6 1 Introduction ... 8 1.1 Background ... 8 1.2 Problem depiction ... 91.3 Security and acceptance of the AV ... 9
1.4 Research question ... 10
1.5 Thesis outline ... 10
2 Theoretical framework ... 11
2.1 Main theoretical framework: acceptance and technology ... 11
2.2 Modeling discourse ... 13
2.3 Core concepts ... 15
2.4 Probability of a cyberattacks ... 16
2.5 Demarcation of further concepts ... 17
3 Research approach ... 19
3.1 Analysis method ... 19
3.1.1 Reliability and sample size ... 20
3.1.2 Obtaining data ... 20
3.2 Formulation of research goals (sub-questions) ... 20
3.3 Respondents/target group ... 24
3.4 Procedure ... 25
3.4.1 Respondent acquirement ... 25
3.4.2 Consent & introduction ... 25
3.4.3 Survey process ... 26
3.4.4 Debrief ... 27
3.5 Terminology in the survey ... 27
3.6 Data cleaning ... 28
3.7 Population ... 28
3.7.1 Age distribution... 28
3.7.2 Distribution of gender ... 29
3.7.3 Distribution of education ... 30
3.7.4 Ownership driver’s license, cars, and car usage ... 32
3.7.5 Conclusion generalizability ... 32
3.8 Operational definition of research variables ... 33
3.9 Dimension reduction ... 33
3.10 Limitations to statistical analysis ... 35
4 Data analysis and interpretation ... 37
4.1 Sub-question one ... 37 4.1.1 Research question ... 37 4.1.2 Main analysis ... 37 4.1.3 Adjunct analyses ... 38 4.1.4 Conclusion ... 41 4.2 Sub-question 2 ... 42 4.2.1 Research question ... 42
7 4.2.2 Main analysis ... 42 4.2.3 Adjunct analyses ... 44 4.2.4 Conclusion ... 45 4.3 Sub-question 3 ... 46 4.3.1 Research question ... 46 4.3.2 Main analysis ... 46 4.3.3 Adjunct analyses ... 48 4.3.4 Conclusion ... 49 4.4 Sub-question 4 ... 49 4.4.1 Research question ... 50 4.4.2 Main analysis ... 50 4.4.3 Adjunct analyses ... 51 4.4.4 Conclusion ... 53 4.5 Sub-question 5 ... 53 4.5.1 Research question ... 53 4.5.2 Main analysis ... 54 4.5.3 Adjunct analyses ... 57 4.5.4 Conclusion ... 57
5 Conclusion, Recommendations & Discussion ... 59
5.1 Research goals ... 59
5.2 Results and Implications ... 59
5.3 Recommendations & reflection ... 61
6 Bibliography ... 63
7 Appendix ... 69
Appendix I: Rating scheme ... 70
Appendix II: Questionnaire ... 71
Appendix III: Choice sets ... 101
Appendix IV: Mathematical approach to preference ... 103
Appendix V: Recoding of data... 106
8
1 I
NTRODUCTION
1.1 B
ACKGROUNDTimes change, and people change with them. The highly competitive consumer market for electronic goods is a good example of this (Ernst, 2000, Porter & Heppelmann, 2014). Manufacturers try to outperform each other by adding utility to objects to increase its functionality (Porter & Heppelmann, 2014). Most recently, this is done through creating “smart products” (Porter & Heppelmann, 2014). By adding computers, internet connections, interfaces, or other kinds of computing powers, regular products are being “smartened” to add new functionality to the product (Buurman, 1997, Porter & Heppelmann, 2014). As a result, objects can now make decisions autonomously, as their computers are able to process data and computational rules dictate the adequate response accordingly (Porter & Heppelmann, 2014). Experts have shown that the current generation of computers are able to process a lot of information much better and faster than any human possibly ever could (Porter & Heppelmann, 2014). And with ever advancing technology, as well as decreasing costs thereof, this means that these computers only get better at making decisions at a more reasonable price. This phenomena is in the industry better known as Moore’s law (Moore, 1965, Waldrop, 2016). For the automotive sector, this makes for a great
opportunity. The concept of the fully self-driving car, otherwise known as Autonomous Vehicle (AV), is born. But aimed at increasing road safety, the AV introduces a whole new threat to the transport sector: vulnerability to cyberattacks (Parkinson, Ward, Wilson & Miller, 2017). And with recent exposure to privacy-sensitive data leaks and hacks, the awareness of cyberthreats has never been bigger (Parkinson et al., 2017; Zamfirescu, Rughinis, Hosszu & Cristea, 2019). This makes one wonder, is the public aware of the dangers of the AV?
Structure
This chapter is the introduction to the knowledge gap surrounding the social acceptance of the
self-driving vehicle in regards to cyber vulnerabilities. Paragraph 1.1 serves as an introduction
to the current market in which the AV is to gain a target audience. In section 1.2, the dangers
of cybersecurity in regards to the AV are introduced. Section 1.3 introduces the notion of the
knowledge gaps when discussing AV cybersecurity and acceptance. In paragraph 1.4, the
primary research question is presented. Section 1.5 gives an outline of the thesis.
9
1.2 P
ROBLEM DEPICTIONWhere the focus of vehicular safety used to lie in the aiding of the driver, this next innovation goes one step further (Bengler, Dietmayer, Farber, Maurer, Stiller & Winner, 2014; Schaefer & Straub, 2016). To achieve total safety, car manufacturers aim to remove the driver altogether (Schafer & Straub, 2016). It is argued that the AV is significantly better at navigating traffic in a safe matter than any human ever could (Lu, Wevers & Van Der Heijden, 2005; Bai, Hartenstein, Gruteser, Krevets, Zhang & Stancil, 2013; Zhan, Porter, Polgar en Vrkljan, 2013; Snelder, van Arem, Hoogendoorn & van Nes, 2015). It has the potential to save many lives, utilize road capacity better and limit the carbon emissions (Parent, 2004; Heide & Henning, 2006; Chong, Qin, Bandyopadhyay, Wongpiromsarn, Parkin, Ang Jr.,Frazzoli, Rus, Hsu & Low, 2011). It does this by relying on lasers, cameras, radar/lidar and remote computers (Narla, 2013). Through these sensors and computers, the self-driving car constantly exchanges data (Narla, 2013). It transmits and receives feedback from other cars (V2V) as well as from the
environment/structures, which is then processed by more than 70 to 100 highly interconnected electronic control units (ECUs) (Charette, 2009; Narla, 2013). A premium-class car is estimated to have well over 100 million lines of software code, roughly 15 times more code than a Boing 787 Dreamliner, and 59 times the amount of coding that goes into an U.S. Air Force F-22 Raptor (Charette, 2009). And therein lies a big vulnerability.
A lot is being publicized on the dangers of internet-connected smart devices. It is feared that the influx of these IoT devices make for bigger threats in cyberspace, and that total disruption of operations is more likely (Tzezana, 2016). And by definition, a modern car is no exception to this (Charette, 2009). Although a disruption of your phone’s operation might be inconvenient, the disruption of a vehicle in a highly dynamic and dangerous environment has the potential to be deadly (Poulsen, 2010; Cerrudo, 2014; Harris, 2015; Nie, Liu & Du, 2017). And with the AV technology being relatively new and untested, these risks are high (Parkinson et al., 2017).
1.3 S
ECURITY AND ACCEPTANCE OF THEAV
If hackers are able to hack the computer in a toothbrush, imagine what they could do to a car with well over 70 computers on board (Tan, 2016). Not only can it lock you out, hackers even have the ability to turn the car into a weapon, taking over all control from the driver. Several hackers, including researchers from the Defense Advanced Research Projects Agency (DARPA), already have shown their capability to fully take over cars remotely (Bécsi, Aradi, & Gáspár, 2015; Harris, 2015). Requiring just a laptop, antenna and a little know-how, they were able to disable a driver’s brakes and steering wheel, setting off airbags and trapping the driver in the seatbelt (Wright, 2011; Zhang, Ge, Li, Shi & Li, 2016). Regardless
10 of the risks, many governments would like to see the introduction of the AV sooner than later
(Rijksoverheid, 2015a; Rijksoverheid 2015b; Levy, 2016; Smith, 2017; Payne, 2019). Some governments even facilitate road-testing of AVs in regular traffic (Ibañez-Guzman, Laugier, Yoder & Thrun, 2012; Rijksoverheid 2015a). This makes for an interesting development.
1.4 R
ESEARCH QUESTIONA classic car is infinitely more secure than a potentially “hackable” AV in regards to the cyber domain. Yet no research has been conducted to what extent the public is willing to accept this. And with AVs still being in a development phase, there is little known about the possibility of the AV being subject of cyber-attacks. It can thus be concluded that although the government prefers traffic safety over a car’s security, the public might not. As such, this trade-off between safety and security might then prove to be a
determining factor in the social acceptance of the AV.
This research aims to identify this trade-off, made by the end-users, and how this (in)balance influences the minds of the potential client base of the car market. In other words: is the public even concerned with, or aware of, the (cyber) security of the self-driving car? A conclusion on that question is sought through the answering of the following research question:
How does the factor ‘cybersecurity’ play a role in the social acceptance of the self-driving car, for the Dutch market?
1.5 T
HESIS OUTLINEThe structure of this thesis is as follows. In the second chapter, the theoretical outline is presented as well as the modeling discourse and the core concepts used throughout the study. Using these concepts, chapter three discusses the research approach through the discussion of the analysis method and sub-research questions. These sub-research questions are then further elaborated upon. After discussing ways of data-cleaning and the limitations of this type of study, the research results will be presented and a conclusion to each sub-question is sought in chapter four. Chapter five reflects upon these conclusions and seeks to combine these into a general understanding of the main research questions. This is followed up by some recommendations for further research and a discussion of the methodology used.
11
2 T
HEORETICAL FRAMEWORK
This study seeks to combine two concepts into one, which has not been achieved in the context of AVs for the Dutch market. Public acceptance is quite easily gauged with a direct questionnaire, but holds little analytical value since it is only a capture of momentum. Further limitations apply to this style of
questionnaire. Information asymmetry or misinformation might play an important role in the forming of the concept of acceptance (Wankhade & Dabade, 2006). Since autonomous vehicular technology is an emerging technology, it is assumed that the public might not be equally informed about the pros and cons of the system, especially in regards to the cyber domain (Buurman, 1997; Wong, 2015). As such, this study will also account for this information asymmetry by modeling changes in choice behavior once a universal understanding of the technology is established.
2.1 M
AIN THEORETICAL FRAMEWORK:
ACCEPTANCE AND TECHNOLOGYA theoretical framework is then to be sought which can explain a change in choice behavior according to provided information. The outcome of the framework should be, or lead to, an understanding of the acceptance of AV technology amongst the public, while explaining how new information forms or shapes this acceptance. This theoretical framework was found in the Technology Acceptance Model (TAM) by Davis (1989) and an adaptation thereof, the Unified Theory of Acceptance and Use of Technology (UTAUT) by Venkatesh, Morris, Davis & Davis (2003).
The figure presented below represents the TAM, The UTAUT is depicted below the TAM.
Structure
This chapter discusses the body of knowledge that is already established, and to which this
thesis seeks to add new insights. In paragraph 2.1, the main theoretical framework, being the
TAM, is described. Section 2.2 discusses the modeling assumptions in regard to preference.
In section 2.3, core concepts are discussed as they present the structure of this thesis. In
section 2.4, an important decision is made in regards to the framing of likelihood of
cyberattacks. Paragraph 2.5 is used to demarcate other various concepts.
12
Figure 1: TAM model by Davis (1989)
Figure 2: UTAUT model by Venkatesh et al. (2003)
The TAM dictates the attributes a technological innovation has to possess in order to be accepted by the public and to be put into practice (Davis, 1989). It is a non-exclusive qualitative model that can be interpreted into a score-card setting. The UTAUT further specifies “attitude toward using” as factors of “performance expectancy”, “effort expectancy”, “social influence” and “facilitating conditions” (Venkatesh et al., 2003). The TAM facilitates irrationality attached to human choice behavior while upholding the random utility maximize (RUM) assumption that is dominant in the transport and logistics
13 modeling sector (Sivakumar, 2007; Arentze, Kowald, & Axhausen, 2013). RUM is the assumptions that humans behave rational, and thus would prefer the alternative that provides the most utility (McFadden, 1973; Ben-Akiva & Bierlaine, 1999; Arentze et al., 2013). Within transport, this usually means the shortest, cheapest or most comfortable alternative. The RUM assumption is widely used for calculating origin-destination matrices using gravity models, as well as in the calculation of modal splits using Multinomial Logit (MNL-RUM) or Nested Logit (NL) modelling. NL and RUM-MNL models are at the basis of many governmental policies for calculating modal splits, which will have to be recalculated for the final introduction of the AV (McFadden, 2000).
Within the TAM, perceived usefulness and perceived ease of use all describe the utility of the technology, whereas the attitude toward using is the first factor to take a human rationale into account (Porter & Donthu, 2006). And this is where the perception of cyber risk links to the overall public acceptance of AV technology. If the public sees great threat in the cyber aspect of the car, no matter how useful it is and how easy it is to use, the attitude will be negatively impacted and thus result in low actual system usage. It is then the question: how heavily, if at all, the security aspect of a system is taken into account by the public. Are they aware of the cyber risks? And if so, how do they trade off this decreased (cyber) security to the commonly portrayed safety increase of the AV? It connects the social to the technical. Studies have indicated that the safety of a vehicle is on top of a buyer’s priority list, above any other factor like price, brand or even comfort (Koppel, Charlton, Fildes & Fitzharris, 2008). So this would indicate a definite yes. But the effect cybersecurity has on the preference for an AV was not researched until now. Clear insight in the valuation of the AV in light of cyber-attacks might be valuable to car manufacturers and governments, as policy could be based off this insight. If for instance the public is very hesitant to accept the self-driving car in fear of hacking attacks, policy might be formed to better educate the public on the actual risks and security of the personal vehicle.
2.2 M
ODELING DISCOURSEModeling any kind of choice behavior requires setting the context of which choices are made (Burbank, 1997). To establish this context, the choice behavior of the individual is placed within a modelling paradigm of the transport, infrastructure and logistics (TIL) sector. These models are specifically
designed to model a modality-split/mode choice and Origin-Destination matrices. In the Netherlands, and especially within the TIL sector, a lot of thought is being put into choice behavior by the public, as this for instance has shown to be a great predictor for congestion or the degree of demand for a train (route) (McFadden, 2000). For this study to facilitate further policy making in regards to the AV, it is opted to consider choice behavior of the individual in light of TIL forecasting modelling.
14 Within the TIL domain, two dominant modeling methods are used to describe choice behavior (Chorus, Arentze & Timmermans, 2008; Guevara, Chorus & Ben-Akiva, 2013). These methods describe how the respondent choses his preferred alternative and such are an integral part of understanding the model. These different modeling paradigms will be briefly touched upon as part of the framework of this study. There are two schools of thought when considering choice behavior in the transport sector. The most used modeling method for choice behavior is the MNL, Multinomial Logit model, for its simplicity and closed form (Koppelman & Sethi, 2000; Wen & Koppelman, 2001; Chorus et al., 2008). A more complex form of the MNL model is the Nested Logit (NL) model, where modes with the same attributes are grouped together (Koppelman & Sethi, 2000; Wen & Koppelman, 2001). Both the MNL and NL are based on the RUM assumption as discussed in paragraph 2.1. Recently a shift in theory took place, as it was
discovered that Random Regret Minimization (RRM) modeling was a better predictor for some cases of choice behavior (Chorus et al, 2008; Guevara et al., 2013). RRM models assume that instead of a utility maximization, regret is avoided (Chorus et al., 2008; Guevara et al., 2013). With potential losses valued more impactful than possible gains, RMM does not assume the “best” alternative is always chosen, rather that the “safe bet” is the likely winner of a choice set (Chorus et al., 2008; Guevara et al., 2013).
For this study, it was identified that the RUM assumption yields the most valuable information. Whereas the AV technology is relatively new and uncertain, it might be associated by the public as a first-mover scenario. In a first-mover scenario, technological leadership creates an opportunity but at a cost of high risk/uncertainty (Song, Zhao & Di Benedetto, 2013). This would make it less desirable to the relatively proven and thus risk-free regular car alternative in a RRM modeling paradigm. Furthermore, as the focus of this study is on the acceptance of AV’s over regular vehicles, there is no “middle road” (third
alternative) that is often favored in RRM studies (Chorus et al., 2008). The TAM aims at utility as an indicator, not facilitating for regret in its current, most basic, form. As such, the RUM assumption will feature as the dominant explanatory framework in this study, and on which the TAM results are placed upon.
15
2.3 C
ORE CONCEPTSThere are a few concepts used throughout this paper that might demand further explanation. This chapter is set at creating a universal understanding of the notions used in this thesis.
2.3.1 Autonomous Vehicle (AV)
The notion “AV” as used in this study is will be discussed first. A framework by Richards and Stedmon (2016) suggests passenger cars are to be categorized in five categories of autonomy. These categories go from zero: no (Advanced) Driver-Assistance Systems (ADAS), to category five: fully autonomous. Already described in the introduction, this research focusses on a fully driverless vehicle. It is assumed to have connections to external parties (such as other cars, the infrastructure etc.) and have a potential weak point to cyber-attacks. This weak point is proven to exist, and in the worst case, it is assumed that a hacker could make a car crash at high speeds disabling all safety measures (Marks, 2013, July 17). The degree of autonomy is 100%, or level 5, and the vehicle is to be a direct replacement of the personal vehicle. This means the car is not shared.
2.3.2 Public acceptance
The second core concept is public acceptance. Public acceptance relates to the market driven evaluation of pros and cons, and in this study will be used to describe, measure and define the perception of the public in regards to the AV as either a positive or negative technological advancement. So in a system with high public acceptance, the technology discussed is assumed to be viable and will be used in practice (Davis, 1989). The acceptance process is depicted by the TAM. When considering public acceptance, it is aimed at the acceptance of the AV by Dutch residents. Social acceptance in this research indicates a Willingness to Accept (WTA) rather than a Willingness to Pay (WTP). Theory dictates that WTP questions are in the “positive” spectrum of change, meaning willingness to pay can only be gauged for positive effects e.g.: travel time savings, comfort increase etc. (Ojeda-Cabral, Hess & Batley, 2018). Since it is unknown if the public sees advantages or disadvantages in the autonomous vehicle, and since this study focusses primarily on one of the major downsides of the AV, it is opted to focus on the WTA. Choice behavior models in the TIL domain often feature a bigger WTP delta than WTA, meaning WTP is easier achieved than WTA (Ojeda-Cabral et al., 2018). In other words: people are quicker to accept a costs for a gain rather than receive compensation for a loss. As this study focusses on the potential threats of the technology and the social acceptance of this, the cost aspect of the AV is neglected in this study. This makes WTA the core concept of how this acceptance is defined.
16
2.3.3 Cyberthreat
The third and final core concept is the notion of cyberthreat. Cyberthreat, as used in this paper, concerns the safety of assets within the cyber domain. A cyberattack is an offence that “can only be committed using a computer, computer networks or other form of information communications technology” (McGuire & Dowling, 2013). Cybercrime is further divided into two main categories by McGuire and Dowling (2013): “illicit intrusions into computer networks” and “Disruption or downgrading of computer functionality and network space”. The first category is more commonly known as hacking, whereas the other category consists of DoS/DDoS attacks, worms, viruses, trojans and spyware (McGuire & Dowling, 2013). For the AV, a third category of cybercrime was identified by Petit & Shladover (2014). It was found that influencing signals inbound to the AV, traditionally known as a man-in-the-middle (MITM) attack, is also a way of interfering with the car’s functionality (Petit & Shladover, 2014). GPS spoofing for instance, the altering of the assumed location by the device, was identified as a high threat to the AV (Petit & Shladover, 2014). Combining these findings makes for the creation of three categories of cyberattacks:
- Hacking: Taking over driving operations of the car by a third party with malicious intent, or
actively altering functionality real-time manually
- Disrupting: Disabling functionality of the car by infecting it with malicious software such as
DDoS
- Altering: Interfering with the data input of the car either through disrupting devices or spoofing
devices, to make them see things that are not there
2.4 P
ROBABILITY OF A CYBERATTACKSAlthough there are measures to effectively mitigate different cyberthreats to the AV, there is still much uncertain about the degree of cybersecurity and exact operations of the AV (Tan, 2016; Parkinson et al., 2017). Because the technology is relatively new and still being highly developed, car manufacturers are hesitant to share any specifics about the coding. This makes that details on the exact vulnerability of AV systems is largely unknown. But experts argue that any sort of device connected to the internet can be hacked (Poremba, 2015; Tan 2016). And with several AV/car hacks conducted by scientists, little
evidence points to a fully secure AV system (Bécsi et al., 2015; Harris, 2015). For this research, the rating scale of the framework by Petit and Shladover (2014) is used to evaluate the likelihood of such attacks. This is done through the factor “probability of success” combined with the factor “feasibility of the attack”. It is assumed that a high probability of success of a cyber-attack, combined with a low resource requirement (high feasibility) could lead to a high likelihood of attacks. This assumption is a logical
17 deduction from many cybersecurity threat trees, like the SESAR ATM security risk Assessment
methodology (SecRAM), which concludes that risk level evaluation is the result of impact and likelihood (Marotta, Carrozza, Battaglia, Montefusco & Manetti, 2013).
Petit and Shladover (2014) identified the feasibility of various attacks on an AV and the probability of success of that attack. The combination of these two factors leads to the likelihood of attack as discussed earlier. As such, a rating scheme is established (Appendix I) in which different kinds of attacks on the AV are evaluated on likelihood. It was concluded that all cyber-related attacks scored a “medium” likelihood at the least, and thus it was concluded that hacking, disruptive and altering cyber-attacks on the AV are to be qualified as likely. Therefore, this paper will refer to cyberattacks as a unity, covering the likelihood of all three types of attacks.
2.5
D
EMARCATION OF FURTHER CONCEPTSSeveral assumptions lie at the basis of this analysis or at the use of certain phrases. These assumptions form a clear boundary to the system and thus help to demarcate the problem and create sub-questions. These assumptions, and the justification thereof, are discussed in this paragraph. The first paragraph will discuss the use of AV in a modeling sense of the word, the following paragraphs will discuss the usage of the three styles of cyber-attacks as discovered in section 2.3.3
2.5.1 AV and choice behavior
As discussed in the core concepts (section 2.3.1) this research is aimed at private passenger transport via road, also known as car usage. Autonomous transport through other modalities, such as railways and aerial, are excluded of this definition for this research. With AV, the autonomous movement of a privately owned vehicle is meant. With car, the traditional privately owned vehicle is meant, without ADAS. It is further assumed that all characteristics of the AV are equal to that of the car, unless mentioned otherwise. These characteristics include price, safety, status, fuel economy etc. This assumption is made to fully focus on the effects that cyberthreats have on the acceptance of the AV, and prevent spurious effects shaping observed correlations. The RUM assumption further makes it that total utility maximizing
behavior is expected, so by equaling all characteristics of the cars, the only different variable is the degree of autonomy. This is still no guarantee that some erratic behavior, like unexplainable preferences, seep through into the stated preference (SP) data. This is attempted to be mitigated by preventing associative behavior with available cars on the market. Meaning no brands or models are depicted in order to prevent further bias in the questionnaire (Rose, Bliemer, Hensher & Collins, 2008). Although brands and specific cars are not labeled, the different grouping variables/nests (traditional car, self-driving car) are labeled to
18 distinct between the two choices. A car is identified to be a different nest as the AV, as the AV shares more attributes with a taxi in regard to transportation.
Research indicate that labeling could slightly affect the WTP estimates but does not go into the WTA that is being researched in this analysis (Jin, Jiang, Liu & Klampfl, 2017). As such, it is argued that the labeling between car and AV will not influence the SP of the respondent.
2.5.2 Hacking
The cyberthreat “hacking” in this research addresses the possibility of accessing the vehicle remotely, taking over all functionality. It basically turns the car into a remote-controlled car. A viable scenario, hackers have shown (Bécsi et al., 2015; Harris, 2015). Researchers agree that safety systems of AVs can quite easily be disabled (brakes, airbags etc.) and hackers are able to take control of driving functions (steering, throttle etc.) (Bécsi, Aradi, & Gáspár, 2015; Harris, 2015; Marks, 2013). It is assumed that this threat is constant, unspecific, and at random (Petitt & Shlover, 2014). It is further assumed that these hacks are perpetrated wirelessly as shown to be possible (Bécsi et al., 2015; Harris, 2015; Nie et al., 2017). Possible consequences of hacking cyber-attacks are: 1. Hacker taking over all control from the vehicle while in motion and 2. Vehicle theft
2.5.3 Disrupting
The second cyberthreat was identified as disrupting attacks, and aims at disabling systems within the AV. This can either be while in motion or stationary. It includes uploading malicious software to the car or completely blocking any data inputs. Possible consequences of disrupting cyber-attacks are: 1. AV losing all control in motion and 2. Vehicle rendered inoperable from a standstill
2.5.4 Altering
The third cyber-treat was found in the altering of the functionality of the AV. It changes the way the AV sends and receives data. This can be achieved by fooling sensors or altering the environment, internally or externally. One example of internal altering is spoofing, which for instance relays a wrong GPS position to the AV. Examples of external altering can be found in the hacking of e.g. traffic lights to alter the green-light signal, falsely lowering the maximum speed limit that is perceived by the AV, or creating a ghost vehicle. A ghost vehicle is a non-existent entity that is perceived by the other users as a real car and can thus influence the system. These alterations are assumed to be either wirelessly or by adjusting environmental feedback. Possible consequences of altering cyberattacks are: 1. AV making false corrections to movement and 2. Vehicle operations are altered
19
3 R
ESEARCH APPROACH
The main research question as posed in chapter one is too general and to broad to be answered in a single straight-forward matter. This chapter will discuss the research approach and experimental setup. It includes sub-questions, methodology and limitations of the suggested research approach.
3.1 A
NALYSIS METHODAnswers to the main research question are sought to be found through quantitative analysis. Quantitative analysis aims to achieve valid, reliable and generalizable results (Srnka & Koeszegi, 2007). Because the target population is the entire Dutch population, the method is to be non-exclusive and to cover as much sociodemographic differences as possible. Quantitative analysis is a great tool to process more data in a shorter amount of time, thus allowing for easier generalization (Srnka & Koeszegi, 2007). Due to a high heterogenous population in regards to knowledge on AVs and cyberthreats in general, it is expected that a number of predictors are present that determine the social acceptance of AVs. Via a quantitative analysis some of these predictors are sought by leaving little room for personal interpretation.
For to the choice of a quantitative analysis, the methodology is a questionnaire. This is a fixed form of survey which only allows respondents to answer in predetermined categories. These categories are selected with the utmost care to facilitate the heterogenous population, while maintaining as much explanatory power as possible, but will not be all-encompassing. Simply not all aspects can be covered
Structure:
In this chapter, the research method will be described. Section 3.1 will feature a description of
the analysis method, being quantitative research, and some assumptions regarding sample size
and reliability. In section 3.2, using further demarcations as discussed in the previous chapter,
sub-research questions are formulated and specified. Section 3.3 will discuss the
characteristics of the primary target audience for this study. Paragraph 3.4 describes the
procedure, and is used to give an indication on how a respondent walked through the survey
from introduction to debrief. In paragraph 3.5 a note is made of adjusted terminology in the
survey in regards to associative behavior. Section 3.6 describes the process of data cleaning
and outlier identification. In section 3.7, the characteristics of the chosen population (the
Netherlands) is compared to the characteristics of the sample. Some variables need
adjustment in order to reproduce the experiment. These adjustments are made explicit in
paragraph 3.8. Alongside these adjustments, section 3.9 discusses the conducted dimension
reductions. Finally, section 3.10 discusses some general limitations to statistical analysis in
regards to this experiment.
20 within this questionnaire. Respondents are sought digitally. More on this in paragraph 3.1.2. The
questionnaire itself can be found in appendix II.
3.1.1 Reliability and sample size
The data will be analyzed using the best fit analysis at a 5% reliability interval. This results in a mixture of regression analyses, non-parametric analyses and chi-square tests throughout the study. The 5% reliability is best-practice in statistics and is widely accepted for representing reliable results (Sedgwick, 2012). This research aims to find conclusions generalizable to the entire Dutch population of 17 million (Central Bureau for Statistics, 2019, sept 24). With a 95% confidence interval, which translates to a 1.96 z-score, and a 5% margin of error, this results in a requirement of a sample size being n = 385 (Israel, 1992). This is calculated through the widely used sample size formula:
𝑛𝑜 = 𝑍2𝑝𝑞 𝑒2 = (1.96)2(. 5)(.5) (.05)2 = 385 3.1.2 Obtaining data
A sample size of at least 385 respondents is sought to be achieved through online surveys. The online surveys will be distributed amongst various channels like social media and different chat boards/forums. It is expected that the online questionnaire is mostly completed by respondents that have some sort of affiliation with motoring. Although this may increase bias in the sample size, it is likely that these people will be the first adopters of the technology. In other words: those in the market for a new vehicle are likely to be people with an affiliation to motoring. This will be reflected upon in the final reflection. In order to partially prevent this bias, the online survey will also be distributed amongst public transport forums. It was opted not to conduct the survey in a paper form due to the length of the survey and due to the digital content it features (videos).
3.2 F
ORMULATION OF RESEARCH GOALS(
SUB-
QUESTIONS)
As mentioned in the introduction, the research question to this analysis is as follows:
How does the factor ‘cybersecurity’ play a role in the social acceptance of the self-driving car, for the Dutch market?
Due to the complexity of this research question, it is further divided into sub-research questions. By means of answering these sub-questions, an answer to the main research question is sought. As there is for instance no universal social acceptance, these research questions aim to further differentiate and nuance the findings of the final conclusion. This makes for the following sub-questions.
21 1) What is the current willingness to accept the self-driving car as a replacement of the traditional
car amongst Dutch driver’s license holders?
2) Do potential customers take the factor cybersecurity into account when choosing between an AV or traditional car?
3) Do potential consumers value themselves “tech savvy” enough to transition from personal vehicle to autonomous vehicle?
4) What is the level of awareness amongst Dutch driver’s license holders regarding the ability that cybercrime could affect the operations of an autonomous vehicle?
5) How do people adjust their acceptance of the self-driving car once a universal understanding of the dangers of cyberattacks is established?
Below, each sub-research question is further discussed.
3.2.1 What is the current willingness to accept the self-driving car as a replacement of the traditional car amongst Dutch driver’s license holders?
This first question is aimed to identify the current level of acceptance of the AV. It is gauged if the respondent is willing to pick an AV over a regular car within their current understanding of AV
technology. For this, no baseline is established amongst respondents other than the car characteristics as described in appendix III being equal for AV and regular car. Because there is a high probability that the self-driving car will be much safer, the respondent is presented with a second choice set in which the AV gains in safety rating over the regular car. These questions serve as a tool for sub-questions five, where new information is given in order monitor changes in choice behavior.
3.2.2 Do potential customers take the factor cybersecurity into account when choosing between an AV or traditional car?
In this sub-question the choice behavior of the respondent is determined by analyzing his/her car
functionality preference. This is done by asking the respondent what the most important factors are when deciding for another car. This creates an understanding of what attributes make for a likely choice. According to Koppel et al., there are sixteen primary features that determine the preference for a vehicle (Koppel et al., 2007, p.5, table 2). These are:
22 Table 1: “List most important factors considered by participants when purchasing their new vehicle
Comfort Engine Maintenance/Service Reliability
Design/style Equip./tech./features Make/model Safety
Feeling when driving ESP Performance Size
Economy/value Fuel consumption Price Space
In order to gain further understanding of the distribution amongst the Dutch population in the closed-form survey, respondents are asked to rate these factors. For the purpose of this research, this list is however too exhaustive. To rate these 16 factors from most important to least important is assumed to induce bias and/or errors. Furthermore it does not include factors related to cybersecurity.
To serve the analysis better, the list from table 1 was shortened. A new set of factors was created, composed of some as presented in the work by Koppel et al. (2007), with the addition of the factor “cybersecurity”. A mathematical approach, further discussed in appendix IV, determined which factors were used in the new set. Through this mathematical approach, it was found that five factors were dominant in the findings of Koppel et al. To these five factors, listed in table 2, the factor cybersecurity was added. One more factor was added to this list, ESP, being the least chosen factor in the research by Koppel et al. This serves the purpose of better determining the position of cybersecurity within the ratings. The resulting seven factors are:
Table 2: Rating choices for importance of cybersecurity when buying a car
Factor Explanation
Comfort The degree of ease and good state of mind the car offers its occupants Design/style Purely aesthetics, both externally as well as internally of the car
ESP If the car has an Electronic Stability Program Fuel consumption Average mileage the car gets on a single unit of fuel
Price The purchasing price of the car
Safety The extent to which the car shields users and its environment from physical harm
23 The respondent is tasked asked to rate all the attributes from 1, being the driving force behind their
buying decision, to 7, meaning it plays the smallest role of the factors in the decision making for buying a car. This question is repeated in the same manner for the AV. This rating task will indicate roughly where the factor cybersecurity would fit into the list by Koppel et al. and thus the importance of cybersecurity for the respondent. This is in no way descriptive. It will not explain the “why” as to low or high
evaluations of cybersecurity when picking an AV. In order to add some partially explanatory powers to the quantitative analysis, this result needs to be combined with other data points. For instance the general questions can be used to add a grouping/nesting variable. Furthermore, the following sub-question was formed in order to gain some explanatory powers.
3.2.3 Do potential consumers value themselves “tech savvy” enough to transition from personal vehicle to autonomous vehicle?
In order to add an explanatory factor to the analyses, it was opted to estimate the level of understanding the respondent has of IT systems. This is done through the questionnaire. The respondent is asked if he/she values him/herself tech savvy enough to transition to the AV through a five point Likert scale, ranging from strongly agree to strongly disagree. Although this will not grant any concrete values on the degree of “tech savviness” of a person, it does provide insight into the level of understanding the
respondent claims to have. This poses a control question as well as an explanatory question. If the respondent claims to have good understanding of AV systems, but changes his acceptance in the final question, it could indicate that the cyber aspect is underexposed or misunderstood. Or, if tech savviness highly correlates with the evaluation of factor cybersecurity when buying a car, it can be used to further distinguish groups within the sample.
3.2.4 What is the level of awareness amongst Dutch driver’s license holders regarding the ability that cybercrime could affect the operations of an autonomous vehicle?
In this part of the survey, the respondent is slowly being introduced to the concept of cybersecurity within autonomous vehicular systems. It does this by comparing the AV directly to the regular car. The
respondent is again asked to use the Likert scale to rate for instance possibility of theft of AV to be higher or lower than that of the regular car. These questions relate back to the three identified categories of cyber-attacks: hacking, disrupting and altering. For all questions, see appendix II. Finally, the respondents are asked directly to value the possibility that the AV would fall victim to either of the cyber-attack categories. This is a set-up to the last question.
24
3.2.5 How do people adjust their acceptance of the self-driving car once a universal understanding of the dangers of cyberattacks is established?
Here, a universal level of understanding of cyberthreats amongst respondents is reached by providing information regarding cyber risks to the AV. For this, the rating scheme of appendix I, based on the work of Petit and Shladover (2014), is used. Without providing any concrete numbers to the risks, as these are unknown, they are simply explained to be “likely” or not. For this, a scale of 0, being “probable”, +1, being “likely” and +2, being “very likely” is used (Appendix I, table 3). This is supported by empirical evidence to the respondent, by showing a video of hackers hacking a car and providing some case details on the DARPA car hack. The respondent is then again asked to re-evaluate their car/AV preference in an exact copy of the first sub-question experiment.
In order to monitor if the questionnaire itself did not adjust the respondents stated preference, a control group is established by providing only roughly half of the respondents with this information. The other half of the sample will be given no information and an irrelevant video of how a car is produced. A comparison between these categories will allow insights into the way how this new information on AVs is processed, and allow a direct measurement of causality between the newly presented information and stated choice preference.
All this information is aimed to find a conclusion to the main research question. Data gathered from the survey allows statistical analysis to be conducted to identify not only if a change in choice behavior is observed, but also to identify predictors for certain choice behavior. It allows a conclusion on how cyber plays a role in the purchasing of the AV, how respondents compare the AV to the regular car, and if cybersecurity plays a role when selecting a new vehicle. Furthermore it allows for analysis on the tradeoff between safety and security. The questionnaire is depicted in appendix II, the questions and choice alternatives are presented in chapter III.
3.3 R
ESPONDENTS/
TARGET GROUPThis study is aimed at identifying social acceptance for the Dutch general population in regards to the vehicular market. This includes anyone looking to buy a car on the Dutch market, or buying one abroad and importing it to the Netherlands. In the questionnaire, respondents are asked their highest degree or level of school they have obtained or are in the process of obtaining. For this question, the Dutch school system is used. This Dutch system does not necessarily translate well into foreign school systems, so foreign/immigrated respondents might increase noise, the error component, in this factor. It is for this reason encouraged if respondents do not exactly know the answer to this question, they pick the “do not know” box instead of “prefer not to say”. Based on numbers from 2017, within the Netherlands, 11.7% of
25 the total Dutch population is not born in the Netherlands (Central Bureau for Statistics, 2019, sept 24). How many of the total population has an education level that does not translate well into the Dutch system is unknown and will result from an analysis separately ran for the sample size. It is however important to note that this question can be responsible for introducing some uncertainty in the results. A question about the country issuing their drivers’ license is included for filtering/analysis and further grouping purposes.
3.4 P
ROCEDUREThe section below will describe the process for the respondent by discussing the flow of the
questionnaire. The complete survey itself can be found in appendix II. The survey was conducted in the online survey tool Qualtrics exclusively.
3.4.1 Respondent acquirement
The survey was brought to the attention of the public through means of social media. Besides personal relations of the researcher, the survey was mainly distributed amongst various public groups. It was found that car groups yielded high response rates, such as the “BMW drivers Nederland & België”, “Tesla NL” and many other car-enthusiasts groups. This survey was furthermore distributed amongst various public-transport related channels, such as the Facebook group “Bussen”. CARROS Magazine (car related news) and the KNAC (Koninklijke Nederlandsche Automobiel Club, in English: Royal Dutch Automotive Club) also published the survey on their social media accounts, with the potential of reaching over 40.000 followers.
Much thought went into the process of making the social media post as captivating as possible in order to reach a high conversion rate. The goal was that a potential respondent should feel inclined to answer the survey. The use of a clear picture, combined with the logo of the Leiden University and a short caption “Would you enter the self-driving car? Complete the survey and help me graduate” was used as an eye catcher. A short message introduced the topic in a playful matter: respondents were asked if they would prefer the AV over the car. Then the researcher was introduced, as well as the aim of this study, followed by the survey link.
3.4.2 Consent & introduction
Once the respondent entered the digital survey environment, an introduction was presented to the
respondent. This introduction displayed the time required to successfully complete the survey and to what purpose their responses would be used. It was further noted access to the (anonymized) data could be requested by the direct thesis supervisor (being: Dr. T. van Steen) and the second reader (Dr. J. Shires),
26 and that the final result will be published on the university repository. The respondent was then asked to consent to the following conditions:
1) Participation in the survey is completely voluntary and can be stopped at any given moment 2) The data will be completely anonymized before use.
3) The data will not be used or sold other than for the graduation of the researcher.
4) The respondent cannot go back to the previous question to alter their stated preference. In total only 3 respondents did not agree to these conditions.
3.4.3 Survey process
3.4.3.1 Sociodemographic and descriptive data
The very first question in the survey contained questions related to sociodemographic attributes of the respondent, mixed with some questions about their current car use. Questions included in this first page were gender, age, current country of residence, highest education level, owning a driver’s license and car, and car usage (in hours and annual kilometers).
3.4.3.2 Choice set cluster 1
The respondent was then presented with an image representing two different vehicles, one being an AV, the other a car, with similar attribute levels. The respondent was asked to state their preference. This first choice set was followed up by a second choice set, in which the AV alternative gained some level of utility. Again the respondent was asked to state their preference. The results of this choice set cluster were used in the interpretation of sub-question one.
3.4.3.3 Purchase motivation
After stating their preference, the respondent was asked to rate different attributes of vehicle qualities when buying a new car and AV. These attributes originate from the Koppel et al. (2007) research as discussed in section 3.2.2. Via a drag and drop system, the respondent was able to rate the factors from most to least decisive/important. The data gathered here was used for sub-question two.
3.4.3.4 Self-evaluation tech savviness
After indicating their vehicular preference and the attributes that make for this preference, the respondent was asked to evaluate themselves on their general tech savviness. This was done through five questions on a Likert-scale, asking the respondent how well they have knowledge on various ICT and car related topics. For a full overview of these questions, see appendix II. This self-evaluation was used in answering sub-question three.
27
3.4.3.5 Expectations AV
After the self-evaluation of the savviness, the respondent was asked to rate different safety aspects of the AV, relating to the cyberattack categories as identified in paragraph 2.5.2 - 2.5.4. This was done through the same Likert-scale, and had the control question “I would feel safer in an AV”. This rating was used in the answering of sub-question four.
3.4.3.6 Video
After answering these questions, a video would be brought to the attention of the respondent. A text would further explain the main message of the video in case audio did not work for the respondent. The contents of these videos are explained in section 3.2.5. These videos were obtained from YouTube and were voiced-over by the researcher giving either a negative report of AV security, or simply showing the production process of a vehicle.
3.4.3.7 Choice set cluster 2
The final question is an exact copy of the steps in choice set cluster 1 (section 3.5.3.2) and the respondent is asked to evaluate exactly the same choice sets again. None of the attributes are changed, as to witness the pure effect of the video and information processing mechanism by the respondents. This allowed for a comparison between sub-question one and five, giving a distilled image of the effect of the video.
3.4.4 Debrief
After completion of the survey, the respondent was asked if he or she wished to be kept informed of the outcome of the thesis. Roughly one-fourth of the respondents left their email address and will be sent a copy of the thesis alongside the main findings. A thank you note and debrief formed the final page of the survey, in which the respondent was thanked for their time, a means of contact was presented if they sought contact with the researcher, and a debrief was given. In this debrief, the contents and the purpose of the videos was discussed. In the case of the AV hacking video, it was discussed that some facts were exaggerated and that the video depicted a programming weakness that since has been solved.
3.5 T
ERMINOLOGY IN THE SURVEYTo prevent possible confusion or form a barrier for less-educated respondents, some of the terminology in the survey has been changed. For instance, the term AV in the survey is replaced by self-driving car for it to provoke associative behavior more easily. The terminology for car is replaced by “traditional car” to further prevent confusion. The safety rating of the car is resembled by a five-star rating and is to represent the NCAP safety standard as known to most Europeans. Although some associative behavior could induce bias into the survey and is deliberately excluded, this terminology is intended to cause associative
28 behavior. Associative behavior between the two researched classes, AV and car, are in fact what this research aims to investigate. As such, it is chosen to perform a labelled stated preference study. Associative behavior within classes is however problematic and could increase the error term of this study. If for instance a brand of car is depicted within a class, associative behavior could impact the perception of the depicted factors. E.g. Volvo often associated with being very safe, so featuring Volvo in any of the choice samples will likely increase the subconscious safety rating of this choice set and thus increase bias. For this reason it was opted to only label the choice sets as AV and car alternatives to prevent associative behavior between classes.
3.6 D
ATA CLEANINGData quality is an important feature in any statistical analysis. Faulty or incomplete data might impact the analysis negatively and lead to faulty conclusions (Kang, 2013). It is for this reason important to clean data to exclude possible outliers and missing values. This is done through an outlier analysis. When answers deviate too much from the expected range, they will be deemed an outlier or unrealistic answer and as such will be deleted. This only resulted in one deleted response, in which the respondent probably made a typing error in the “age” field.
Missing and out-of-scope data made up a larger proportion of the total responses. Out of the total 542 responses, 91 cases were identified to contain too many missing values and were excluded. These cases include respondents that did not agree with the terms and conditions of the survey or had less than 75% completion of the survey. Some foreign respondents (Belgian mainly) were also excluded from the sample.
3.7 P
OPULATIONThis section discusses the sample size in regards of the sociodemographic data that was gathered. In order to have a representable data sample, the data from this sample should closely resemble the distributions as observed in the entirety of the Netherlands. This national data is obtained from the Dutch Central Bureau of Statistics (CBS).
3.7.1 Age distribution
Within the sample of n = 451, respondents were found to be of age 16-80, with a high peak of
respondents being of age 21-27. It was found hard to obtain respondents of age 60 and upwards through digital means. The distribution of age in the sample, compared to the population, is as following:
29 Figure 3: Distribution of age in population and sample
As observed in figure 3, between ages 30 and 50, the sample somewhat resembles the population. Before ages 30, and after ages 60, the graph from the sample starts to deviate from the population. It can be concluded that, possibly due to the nature of survey distribution, younger respondents are overrepresented in the sample whereas the elderly are not properly represented in the sample.
3.7.2 Distribution of gender
The distribution of gender within the Netherlands is roughly 50%-50% males to females (Central Bureau for Statistics, 2019, sept. 24). This distribution is hugely offset by males in the sample. With 363
respondents claiming to be male, the distribution of males to females (n = 86) is 81%-19% within the sample. This makes the sample fail on external validity in regards to sex. The male/female factor will be used in every sub-question to investigate if there is a difference between gender in the way something is perceived. For this use, this failed validity is of limited importance. However it must be concluded that although the results for males are generalizable for the entire population, the outcomes for females is not.
0% 1% 2% 3% 4% 5% 6% 19 23 27 31 35 39 43 47 51 55 59 63 67 71 75 79 83 87 91 95 99+ Pe rc en ta g e Age
Age distribution
Population Sample30 Figure 4: Distribution of sex in population and sample
3.7.3 Distribution of education
In the Netherlands, there are five categories of education levels as identified by the CBS. Within the survey, respondents were presented with more detailed categories. In order to compare the population to the sample, survey data had to be recoded (appendix V). This resulted in the following comparison.
Male 49.65% Female 50.35%
POPULATION
Male 81% Female 19%SAMPLE
31 Figure 5: Distribution of education level in the population
Figure 6: Distribution of education level in the sample
Within the sample, more persons with a higher level of education are observed, compared to the national average. A partial explanation to this is found at the age distribution of the sample, as its minimum age is 16 years old in the sample, whereas younger people included in the CBS data, are more likely to have only completed primary school (“basisonderwijs”).
Basisonderwijs, 9% Vmbo, havo-, vwo-onderbouw, mbo1, 20% Havo, vwo, mbo2-4, 40% Hbo-, wo-bachelor, 19% Hbo-, wo-master, doctor, 11% Unknown, 1%
POPULATION
Basisonderwijs,0.70% Vmbo, havo-,
vwo-onderbouw, mbo1, 6.90% Havo, vwo, mbo2-4, 36.30% Hbo-, wo-bachelor, 33.70% Hbo-, wo-master, doctor, 19.60% Unknown, 2.60%
