The Michigan Senate has introduced a legislation which makes it illegal for anyone to hack into a car’s electronic system, or any actions which might be viewed as exploiting the internal bugs of the car. If found guilty vehicle hackers can find themselves going to prison for life according to the legislation. This would make car hacking illegal and those who use car hacking software will be prosecuted.
The bills are a way in which the Republican-led Michigan Senate is trying to increase the rules and regulations pertaining to the state’s emerging connected and autonomous vehicle industry. The idea is a good idea, but in the end, it will deter well-meaning security researchers and white hat hackers from working on systems and trying to find flaws in the system.
The Senate Majority leader, Mike Kowall, who is also the prime sponsor of the bill told reporters that they had made the penalty of committing the offence a big penalty because of the stakes that were involved in car hacking. The fact that vehicle hackers could take control of the braking system, steering and the vehicle’s transmission made the offence a big deal. Kowall also said that he was hoping they never had to use the legislation on anyone especially mentioning the life sentence. He noted that the penalties were that high because potential of severe injury and death were pretty high for everyone involved.
Vehicle hackers who qualify for the life imprisonment sentence are only those who have been convicted with three felonies before. Even though, the simple idea of sending someone to jail to go and rot there just because they managed to exploit a vehicle’s system or the bugs found in it might be a little excessive. This essentially means white hat hackers can do anything if they suspect cars which are in Michigan State to have any bugs.
There has been a long history of security researchers being sent to prison. Russian programmer, Dmitry Skylarov, was arrested by the FBI during a security conference in Las Vegas, where he was giving a report on decrypting Adobe ebook files. Luckily for him, Adobe eventually dropped all charges against him. Skylarov was the first person to be jailed under the Digital Millennium Copyright Act (DMCA).
The new law suggests that car manufacturers will be able to find bugs all on their own. This is something impractical because the over reliance of modern cars on internal computer systems makes the car complicated even for the manufacturer themselves to track it. Many of the giant tech companies in Silicon Valley and even some of the vehicle manufacturers themselves host bug bounty programs which encourage hackers to come and look for flaws in the companies systems thus allowing them to find any bugs with their systems. The program implies that the best people to stop hacking are hackers themselves.
The car industry was put on edge since last year when reports that detailed an open flaw in the Chrysler’s uConnect system was released. The flaw allowed vehicle hackers to take control of different actions of the car. Later on, security researchers also revealed another flaw in the Nissan Leaf car which allowed hackers to adjust the air conditioning system at will and also allow them to retrieve any of the drivers’ trip histories.
States might be making their own rules and regulations making car hacking and use the of vehicle hacking software illegal, but the US Senate is thinking of giving rules and regulations which make car makers give users standards to protect their privacy and adopt measures to stop deadly hack attacks. The NHTSA is also trying to find and implore a template through which the auto industry will regulate and adopt the emergence of the self-driving cars. The whole aim of the legislation would be to make a country wide law that would be adopted so as not to stifle innovation just as the Michigan legislation will likely do.
Image credit: CNN