Transportation

Making Teleop Safe


This is the fifth in a series of articles I’m calling ‘Opening the Starsky Kimono,’ where I reveal the Starsky insights we previously considered top secret. You can read about Starsky’s approach to safety here and here, business model here, and thoughts on AI here.

A truck glides down the interstate.  Drivers speeding by look up and are shocked – there’s no driver in that autonomous truck! Up ahead a deer jumps into the trucks lane and hundreds of miles away a teleoperator is asked to take control of the vehicle.  But they aren’t able to in time – either the deer jumped too quickly, or the teleoperator wasn’t able to get situationally aware or worse yet: the cellular connectivity isn’t good enough!

Such was the situation painted to me time after time after time as CEO of Starsky Robotics, whose remote-assisted autonomous trucks were supposed to face exactly such a scenario.  And yet, it was an entirely false scenario.

As I’ve written about before, safety doesn’t mean that everything always works perfectly, in fact it’s quite the opposite.  To make a system safe is to intimately understand where, when, and how it will break and making sure that those failures are acceptable.  

Just as you can constantly test whether or not your radar is working, you can do the same with a cellular connection.  You can whitelist the routes that have sufficient connectivity, so that if you’re ever in a dead zone you know something must be going wrong and and that pulling over is appropriate.  Finally you can design the entire teleop product around the limitations of human situational awareness – at Starsky we figured that it would take 10 seconds to get situationally aware of a truck and that any emergency within that window needed to be solvable by the truck itself.

Much of the condemnation of teleop safety stems from the availability heuristic – the notion that if something can be recalled it must be important or at least more important than things that can’t be as easily recalled.  Almost everyone has experienced poor cellular connectivity first hand, and it’s always particularly frustrating.  On the other hand, few have been nearly as annoyed at the failures of radars, LIDARs, GPUs, or high grade cameras.  

Of course the connectivity of a teleoperated vehicle will have problems, just as LIDARs will fail and machine learning models will spit out bad results.  Safety critical systems are never perfect, and to that end teleop is unexceptional – you also need to build a safety case around it.

That safety case is far less difficult than most expect.  The two frequently failing components of a teleop system are the connectivity and the remote driver.  For the former you can easily write specs on the required level of connectivity, tests to verify them, and then the logic that if the system starts failing tests it pulls over.  You can make all of that a lot easier if you’re able to control where your system operates, so as to give you a fighting chance of good connectivity.  

When planning around teleoperators the primary issue comes from product design.  As my Starsky co-founder pointed out here, latency becomes a larger issue for direct teleoperation at higher speeds (because with constant latency more distance passes between a command being ordered and carried out).  At Starsky we solved this by designing what we called “Supervised Autonomy,” where a remote driver would choose from a finite list of discrete behaviors (like left lane change, slow down 5mph, etc).  Not only was this approach far less latency intensive, it also meant that every time our remote driver ordered a command we would create low dimensional decision making data that we could eventually use to train a higher-level AI (if there was ROI).

I was once having a candid discussion with a peer who told me that there were two types of autonomy companies: those who weren’t serious about unmanned and those who use teleop.  

As the trough of AI disillusion continues to deepen, I reckon there will be more and more who realize that not only is teleop useful for taking the person out of the vehicle, it’s safe.



READ NEWS SOURCE

Also Read  Changing Company Culture For Agile Project Management: Avoiding The “Can’t Ban”