When the cabin sensor classified the wrong driver, who has the receipt?
Interior cameras and cabin microphones author biometric inferences about the driver and passengers, propagate the captured signal and inference output through downstream pipelines, and the manufacturer controls the only audit log of what was captured, what was inferred, what was looked up, and to whom the result was disclosed. The occupant has no architectural path to verify any of it.
In-cab biometric capture is held by the manufacturer. AAM is the post-market monitoring receipt layer regulators and occupants can verify.
- The capture problem. Interior cameras and cabin microphones author biometric inferences about driver and passengers, propagate through downstream pipelines, and the manufacturer controls the only audit log of what was captured, what was inferred, and to whom the result was disclosed.
- Five Knox event types. vehicle_biometric_capture_observed · vehicle_audio_inference_observed · vehicle_database_lookup_observed · cab_occupant_consent_state · vehicle_disclosure_event — each anchored to Bitcoin at the moment of the event.
- Regulator-facing. NHTSA post-market monitoring · EU AI Act Articles 9/15 audit logging · BIPA / Texas CUBI / Washington biometric statute · GDPR data-subject access — same primitive across every regulatory regime.
- Vendor-neutral. Above every OEM, every supplier, every cabin-AI vendor. Same primitive across the fleet.
- Posture. Defensive-only. Bonis records what was captured, inferred, looked up, and disclosed; never accesses cabin sensors, never operates the inference pipeline.
The manufacturer authors the inference, propagates it, and owns the only audit of it.
An in-cab biometric system observes the driver and passengers through interior cameras, runs cabin microphones through speech, lip-reading, speaker, and emotion classifiers, and handles occupant authentication at the infotainment surface. The captured signal is committed to inference inside the vehicle; the inference output may then be matched against a manufacturer identity database, a third-party watchlist, a fleet roster, or any other downstream classifier. The captured features may be held locally, transmitted to the manufacturer cloud, or disclosed to a third party — fleet operator, insurance carrier, law-enforcement subpoena, civil discovery, or regulator under post-market monitoring rules.
When the inference is wrong — a misidentified occupant, a misclassified emotion, a wrong fatigue assessment, a wrong sentiment classification, a downstream watchlist hit on a feature-set the occupant never agreed to be matched against — the manufacturer’s telemetry log is the only record of what was captured and what happened next. The occupant has no architectural path to verify what the cabin sensor actually saw, what the inference pipeline actually decided, what database was actually queried, what the outcome was, or to whom the outcome was disclosed. Even after a wrongful classification harm event is litigated, the audit log that would prove the pattern of capture, inference, and disclosure sits inside the same pipeline that authored the original wrong classification.
AAM closes the gap without coupling to any single in-cab architecture. The audit primitive is content-addressed: the SHA-256 of a feature-hash commitment, an inference-output commitment, a query-hash commitment, or a disclosure-bundle commitment, plus the chain-of-command stamp identifying the emitting subsystem and the policy under which it acted, plus the sequence link to the previous event in the relevant stream. The captured biometric signal itself never enters the chain; only the cryptographic commitments do. Knox anchors each, aggregates the hourly Merkle root, and publishes the root to the Bitcoin blockchain. The manufacturer cannot silently rewrite a history that exists outside its own systems; the occupant, regulator, IG office, or court can finally verify the chain without re-trusting the manufacturer.
The patents are pending. The cabin sensors are shipping. The audit gap is architectural.
Two pending USPTO patent applications make the architectural target visible. US 2025/0104469 A1 (in-cab biometric matching, pending; pre-issuance submission window open under 35 U.S.C. §122(e)) and US 2026/0095520 A1 (lip-reading ML for convertibles operating in high ambient noise, pending) describe inference pipelines that capture biometric features in the cabin, run downstream classification and database matching, and emit results to manufacturer-controlled or third-party-controlled systems. Neither application is granted; both remain pending as of the publication date of this page.
The architectural reading: the patents do not specify an audit-permanence layer the occupant can verify. The captured-feature record, the inference output, the downstream lookup, and the disclosure path are sole-custody of the inference pipeline by construction. AAM is the independent layer the patents do not include — vendor- neutral, content-addressed, Bitcoin-anchored, available to any manufacturer that wishes to instrument an emit path, and available to any occupant, regulator, IG office, fleet operator, insurance carrier, or court that wishes to verify the chain.
The patent applications are cited from public USPTO Patent Center records. The assignee identity appears on the public USPTO documents for any reader who follows the citation. They are referenced here as public-record proof of the architectural pattern AAM closes — not as an adversary naming, not as an engagement claim, not as a partnership claim, and not as legal advice. The architectural pattern generalizes across every vehicle manufacturer shipping in-cab biometric inference; AAM is vendor-neutral.
The harm pattern AAM is built to surface — wrongful biometric classification, undisclosed downstream lookups, opaque consent state changes, undocumented disclosures to third parties — is not yet documented at the mass-deployment scale at which the cabin sensors are shipping. The architectural target is to surface the chain of capture, inference, lookup, consent, and disclosure before the first mass-deployment harm case is litigated, so the chain already exists when the question arrives.
Every interaction at the in-cab biometric audit surface becomes a Knox event.
The in-cab biometric audit surface is small, structured, and content-addressable. Five interaction shapes map to canonical Knox event types — each with a chain-of-command stamp and content-addressed pointers to the underlying record. The captured biometric signal itself never enters the chain; only the cryptographic commitments do.
An in-cab biometric capture event is observed — a camera frame committed to inference, an audio buffer committed to inference, a fingerprint or eye-state read. The anchor commits the capture modality, the time window, and a feature-hash commitment so the captured data itself is never anchored, only the fact of capture and the binding to the captured features by hash.
An in-cab audio inference completes — lip-reading, speech-to-text, speaker classification, emotion classification, fatigue classification. The anchor commits the inference type, the inference confidence, and an opaque inference-output commitment so the inference text or label is never anchored, only the fact and confidence of inference and the binding to the inference output by hash.
A captured biometric feature is matched against a downstream database — manufacturer identity database, third-party watchlist, fleet roster, insurer-side risk classifier. The anchor commits the database identifier class, the lookup outcome class, and a query-hash commitment so the queried features are never anchored, only the fact of lookup, the outcome class, and the binding to the queried features by hash.
An occupant consent state changes — granted, withdrawn, scope-narrowed, scope-expanded. The anchor commits the prior state, the new state, the scope delta, and the actor that initiated the change. The consent-record-trail is independently reconstructable from the chain — the question of whether the occupant ever consented to a particular capture, inference type, downstream lookup, or disclosure is answerable from the chain rather than from the manufacturer's logs alone.
Captured biometric data, inference output, or downstream lookup result is disclosed to a third party — manufacturer cloud, regulator, law-enforcement subpoena, civil discovery, insurance carrier, fleet operator. The anchor commits the disclosure recipient class, the legal basis class, and a disclosure-bundle commitment. The disclosure trail is independently reconstructable — the question of when, to whom, and under what legal basis the captured data was disclosed is answerable from the chain rather than from the manufacturer's logs alone.
The questions are predictable. The records should be too.
Once an in-cab-biometric-implicated wrongful classification, undisclosed lookup, BIPA private-right-of-action, post-market monitoring inquiry, civil-rights matter, or insurance sub-rogation comes into scope, the same five questions arrive on every case. AAM primitives produce records architected to answer each one without re-trusting the manufacturer or any single downstream consumer of the captured data.
What did the cabin sensor actually capture, and when?
The capture-observation anchor commits the capture modality, the time window, and the feature-hash commitment. The manufacturer record and the public-chain record can be cross-checked. A subsequent silent rewrite of the captured-feature record does not propagate to the public chain.
Did the inference pipeline run on the captured features, and with what confidence?
The audio-inference anchor commits the inference type, confidence, and inference-output commitment. The chain records that the inference happened, what kind, and at what confidence — answerable independently of the manufacturer's own logs. Confidence-threshold compliance against an SOW or post-market monitoring rule has a chain-based check.
Was the captured feature looked up against a downstream database, and which class?
The database-lookup anchor commits the database identifier class (manufacturer ID, third-party watchlist, fleet roster), the lookup outcome class, and the query-hash commitment. The fact of a downstream lookup, and the class of database queried, is recoverable from the chain — the occupant's question of 'was my biometric matched against a watchlist' has a chain-based answer.
Did the occupant ever consent to the capture, the inference type, the lookup, or the disclosure?
The occupant-consent-state anchor commits each consent state transition with the scope delta and the initiating actor. The chain records exactly what the occupant agreed to, when, in what scope, and under whose initiation — recoverable independently of the manufacturer's consent-management surface alone.
To whom was the captured data, the inference output, or the lookup result disclosed?
The disclosure-event anchor commits the disclosure recipient class, the legal basis class, and the disclosure-bundle commitment. The chain records when, to whom, and under what legal basis the captured data exited the manufacturer's perimeter — recoverable independently of the manufacturer's logs alone, and therefore answerable to a GDPR Article 15 right-of-access request, a BIPA disclosure-tracking subpoena, or an EU AI Act post-market monitoring inquiry.
What composing AAM above an in-cab biometric pipeline gives you.
Vendor-neutral
Any in-cab biometric pipeline, authored by any manufacturer, can be paired with Knox by instrumenting an emit path on the manufacturer’s side. The inference pipeline does not need to know about Knox, consent to Knox, or be modified for Knox. The captured biometric signal stays inside the cabin; only the cryptographic commitments exit.
Captured signal stays in the cabin
Captured biometric features, inference outputs, queried feature-sets, and disclosure bundles are anchored as feature-hash, inference-output, query-hash, and disclosure-bundle commitments respectively. The chain records the fact of capture, inference, lookup, consent, and disclosure; it never records the captured signal itself. The chain is privacy-preserving by construction.
Independently verifiable
Anchors are published to the Bitcoin blockchain via OpenTimestamps. Verification does not require Bonis, the manufacturer, or any agency to be online, in business, or cooperative. The receipt outlives the manufacturer.
Tamper-evident architecture
Anchors and the affidavits derived from them are architected to meet the self-authentication requirements of FRE 902(13) and 902(14). Admissibility in any given matter remains a determination of the presiding court; the structural requirements are met by construction.
Post-quantum resilient
Capture-class, inference-class, and disclosure-class commitments may carry post-quantum signatures via Knox Agent #11 Layer 4 — ML-DSA-44 / 65 / 87 (NIST FIPS 204) and SLH-DSA-128s / 192s / 256s (NIST FIPS 205). The audit chain remains verifiable under threat models that assume future quantum-capable adversaries — relevant for biometric records that may be litigated decades after the originating capture.
Cross-checkable with manufacturer logs
The manufacturer’s telemetry log continues to operate as designed. The public-chain record provides an independent comparison point. Divergence between the two — silent rewrites, late additions, retroactive consent re-classification, selective retention — is detectable rather than assumed.
The pattern is in the public record.
The structural conflict — manufacturer as both author of the inference and sole custodian of the audit log, with no architectural verification path available to the occupant — is documented across patent filings, regulatory frameworks, and statutory regimes. Each is sourced to public USPTO, regulatory, or legislative records. None of the below names a Bonis prospect, partner, or customer; they are cited as public-record proof of the architectural gap that AAM closes.
USPTO 2025/0104469 A1 — in-cab biometric matching
A pending USPTO patent application describing an in-cab biometric matching pipeline. Pre-issuance submission window remains open under 35 U.S.C. §122(e). The application does not specify an audit-permanence layer the occupant can verify; the captured-feature record, the inference output, and the downstream lookup are sole-custody of the inference pipeline by construction. Public USPTO Patent Center record.
USPTO 2026/0095520 A1 — in-cab lip-reading ML
A pending USPTO patent application describing a lip-reading ML pipeline for convertibles operating in high ambient noise. Pending; not granted. The application describes inference output generation but does not specify an audit-permanence layer the occupant can verify. Public USPTO Patent Center record.
Illinois BIPA — Biometric Information Privacy Act (740 ILCS 14/)
The Illinois Biometric Information Privacy Act provides a private right of action for capture, storage, transmission, or disclosure of biometric identifiers without informed written consent. Per-violation statutory damages have produced multiple class-action settlements against in-vehicle and consumer-electronics OEMs since enactment. The statute does not require an audit-permanence layer the captured person can verify; the chain has historically been reconstructed via discovery.
EU AI Act — Regulation (EU) 2024/1689
The European Union Artificial Intelligence Act classifies certain biometric categorization systems as high-risk under Annex III, prohibits certain real-time biometric identification under Article 5, and establishes post-market monitoring obligations under Articles 72–73. The Regulation does not specify an audit-permanence layer the captured person can verify; obligations are imposed on the provider and the deployer of the AI system.
Independent verifiability is becoming a procurement and constitutional question.
NHTSA — post-market monitoring authority
The National Highway Traffic Safety Administration holds post-market monitoring authority over motor vehicle safety under 49 U.S.C. §30101 et seq. In-cab biometric inference systems sit at the intersection of driver monitoring, occupant safety, and FMVSS evolution; the question of independent verifiability of the in-cab inference record is an open agency-direction-of-travel question.
49 U.S.C. §30101 et seq. · NHTSA · in developmentEU AI Act — biometric high-risk classification
Regulation (EU) 2024/1689 classifies biometric categorization systems as high-risk under Annex III, imposes risk-management, logging, and post-market monitoring obligations under Articles 9, 12, 72–73, and prohibits certain real-time biometric identification under Article 5. The Regulation creates demand for provider- and deployer-side audit surfaces; vendor- neutral chain-of-custody fits the direction of travel.
Regulation (EU) 2024/1689 · in forceBIPA + state biometric-privacy statutes
The Illinois Biometric Information Privacy Act (740 ILCS 14/), Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code §503.001), Washington biometric-identifier statute (RCW 19.375), and parallel statutes in additional states establish consent, disclosure, and retention obligations on biometric identifiers. None require an audit-permanence layer the captured person can verify; the chain is reconstructed via discovery when reconstructed at all.
740 ILCS 14/ · state biometric statutesGDPR Article 9 — special-category data
The General Data Protection Regulation classifies biometric data processed for the purpose of uniquely identifying a natural person as a special category of personal data under Article 9, requires explicit consent or another lawful basis under Article 9(2), and grants the data subject a right of access under Article 15. The right-of-access surface benefits from an independent chain of capture, inference, lookup, and disclosure events.
Regulation (EU) 2016/679 · in forceOne HTTP call per in-cab biometric event.
The operator does not have to wait for an in-cab-biometric- specific Knox SDK to ship. The public anchor endpoint is already live, and any pipeline that can issue an HTTP POST can pair its event surface with Knox today — whether the operator is the manufacturer, the fleet operator, the insurance carrier, the IG office, the regulator, or the occupant directly.
Audit-permanence layer, not enforcement, not counter-surveillance.
Bonis does not access in-cab cameras, does not read or transmit camera or microphone feeds, does not intercept manufacturer or vendor pipelines without consent, does not disable, modify, or interfere with any in-cab biometric pipeline in any way, does not provide counter-surveillance or biometric-spoofing or fingerprint-defeat or gaze-spoof or voiceprint-defeat or detection-evasion tooling, and does not advocate against in-cab biometric programs as policy. Knox is invitational: a manufacturer, regulator, IG office, plaintiff’s bar firm, civil-rights organization, fleet operator, insurance carrier, or occupant who wants a tamper-evident record of every capture, inference, lookup, consent state change, and disclosure event instruments their own emit path. Bonis produces the audit primitive; lawful authority — courts, federal IG offices, NHTSA, FTC, DOJ, state AGs, EU regulators under the AI Act and GDPR, agency procurement, and the constitutional and statutory rights of the persons captured — decides what to do with the resulting evidence.