While some Canadian officials are worried about distracted driving in the future, such as drivers being too busy having sex in self-driving cars to be attentive to the vehicle’s “take over” command, Michigan lawmakers are so worried about car hacking that they’ve proposed making it punishable by life in prison.
Michigan Senators Ken Horn and Mike Kowall have proposed a cybersecurity bill aimed at hackers and connected and autonomous cars. While Senate Bill 928 (pdf) sets out the type of crime and corresponding sentencing guidelines for car hacking, Senate Bill 927 (pdf) spells out that car hacking will be a felony. Further down, the legislation says car hacking will be punishable by life in prison. I pasted that portion under the red line for your convenience to see it for yourself.
Automotive News quoted Kowall as saying, “I hope that we never have to use it. That's why the penalties are what they are. The potential for severe injury and death are pretty high. Some of these people are pretty clever. As opposed to waiting for something bad to happen, we're going to be proactive on this and try to keep up with technology.”
Of course we don’t want to wait until hackers are remotely taking control and crashing cars before we figure out what should be done to malicious attackers, but if security researchers can’t look for vulnerabilities without fear of life in prison, then aren’t we all less safe?
Would we have been better off not to know that hackers could remotely seize control of a Jeep as it is speeding down the highway? I don’t think so. 1.4 million vehicles were recalled to fix the flaw in Fiat Chrysler’s uConnect. How else would the vulnerability have been fixed? Last month, the FBI and the U.S. National Highway Traffic Safety Administration issued a warning about cars being “increasingly vulnerable” to hacking. It specifically mentioned the scary Jeep hack. Security awareness is a good thing, but locking up people who discover the flaws that lead to awareness is a terrible idea.
If the bill was approved, it could signal a screeching halt to presentations such as the upcoming “Remote Exploitation of an Unaltered Passenger Vehicle” keynote to be given by Charlie Miller at the SecureWorld conference. Miller seems understandably aggravated, judging by an all-CAP tweet.
His follow-up tweet suggests we could all be convicted of a car hacking felony in Michigan.
And this is being proposed in Michigan, really? Ironically, Michigan is home of the University of Michigan’s Mcity, “the world’s first controlled environment specifically designed to test the potential of connected and automated vehicle technologies that will lead the way to mass-market driverless cars.” The 32-acre “full-scale simulated real-world urban environment” has been used for testing by Ford. Testing the real potential of connected or semi-autonomous cars surely involves hacking for safety and security purposes?
Michigan has Detroit, aka Motor City, and the state is also competing against California as the ultimate testing site for autonomous vehicles; in fact, Michigan used its harsh winters and “real potholes” as an argument for why it should be selected. All together, it makes Michigan a mighty strange place to try to pass a law which would lock car hackers up for life.
Regarding the Canadian concerns about distracted driving mentioned at the beginning of the article, CBC News quoted Barrie Kirk, of the Canadian Automated Vehicles Center of Excellence, as saying: “I am predicting that, once computers are doing the driving, there will be a lot more sex in cars. That's one of several things people will do which will inhibit their ability to respond quickly when the computer says to the human, ‘Take over.’” Kirk believes that once cars are fully self-driving, it may not be an easy task to ensure drivers are paying attention to the road and can assume control of the vehicle in case of an emergency.
Maybe don't tell Michigan...it might be outlawed and punishable by being locked up for life.