Michigan Politicians Want People Who Hack Cars To Spend The Rest Of Their Lives In Prison

from the plus-cancer,-where-permitted-by-local-ordinances dept

There’s apparently no situation legislators can’t make worse. Self-driving cars are an inevitability, as are all the attendant concerns about autonomous vehicles roaming the streets unattended, mowing down buses at 2 miles per hour or forcing drivers behind them to obey all relevant traffic laws.

There are fears that people will just stop paying attention to driving, which is weird, because that’s one of the few immediate advantages of self-driving vehicles. There are also fears that a robot car is nothing more than a tempting attack target for malicious hackers. There’s some truth to this last one, especially as manufacturers have loaded up vehicles with on-board computers but given little thought to properly securing them.

Even so, that’s no excuse for the sort of legislation being proposed by two Michigan politicians, which would reward self-driving car hackers with lifetime stays at the nearest prison.

Michigan Senators Ken Horn and Mike Kowall have proposed a cybersecurity bill aimed at hackers and connected and autonomous cars. While Senate Bill 928 (pdf) sets out the type of crime and corresponding sentencing guidelines for car hacking, Senate Bill 927 (pdf) spells out that car hacking will be a felony. Further down, the legislation says car hacking will be punishable by life in prison.

This would be fine if… well, no, actually it’s not fine at all. One tends to think of prison terms as being somewhat related to the harm caused and if someone fires off malware that prevents someone from starting their vehicle, there’s no way that should be punished by a life sentence. I’m sure the legislators are contemplating worst-case scenarios where someone electronically hijacks a vehicle and causes someone’s death, but that sort of thing should be punishable under other laws more commensurate with the end result of the hacking.

I can also see how not explicitly targeting hacking of vehicles might become a legal loophole which allows perpetrators to walk away from more serious charges. But this is overkill, especially because the list of violations is far too broadly written.

A PERSON SHALL NOT INTENTIONALLY ACCESS OR CAUSE ACCESS TO BE MADE TO AN ELECTRONIC SYSTEM OF A MOTOR VEHICLE TO WILLFULLY DESTROY, DAMAGE, IMPAIR, ALTER, OR GAIN UNAUTHORIZED CONTROL OF THE MOTOR VEHICLE.

Basically the bill says all electronic systems created by manufacturers must be sealed black boxes that purchasers, security researchers, hobbyists, and third-party suppliers should never, ever access under the pain of life imprisonment. “Alter” could mean “make things work better,” but it still would be treated as a criminal act under this law. Repairs to on-board computers by “non-certified” mechanics could net them charges, especially if something malfunctions down the road. I’m sure this is a perfectly acceptable outcome to the US automakers still cranking out cars in Michigan, that would now have something more than copyright to threaten people with.

The senators claim this is necessary because they want to stay out in front of any technological developments.

Automotive News quoted Kowall as saying, “I hope that we never have to use it. That’s why the penalties are what they are. The potential for severe injury and death are pretty high. Some of these people are pretty clever. As opposed to waiting for something bad to happen, we’re going to be proactive on this and try to keep up with technology.”

You don’t “keep up” with technology by treating electronic access to certain systems like some particularly powerful form of witchcraft, only punishable by the most severe sentences. This isn’t legislators staying abreast of the latest developments. This is legislators bypassing evidence gathering and stocking up on fear. Because nothing eases the mind of the public more than declaring the autonomous car apocalypse to be upon us, with only this badly written bill standing in the way of death and destruction.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Michigan Politicians Want People Who Hack Cars To Spend The Rest Of Their Lives In Prison”

Subscribe: RSS Leave a comment
82 Comments
TheResidentSkeptic says:

Amicus Brief coming from...

Accel, Brembro, Cragar, Detroit Locker, Edelbrock, Federal Mogul, GForce, Holley, Isky Cams, JMS Chips, K&N, Lecarra, Manley, NGK, Oakley, Pirelli, Quaker State, Revtek,
Stromberg, Thrush, Unisteer, Vertex Pistons, Walker Exhaust, XForce, Yokohama, Zex Nitrous, and 1 Shot – and HUNDREDS more vendors who exist solely on modifying automobiles.

Don’t mess with us rednecks and our ability to modify our cars! Chip Tuning is just the latest in a LONG line of mods. Programming is the natural progression.

To all politicians – stop PROVING that you are the best that money can buy!

Anonymous Coward says:

Re: Re: Ways in which chips are better than politicians...

  • The don’t grandstand.
    – They never vote for stupid laws.
    – They don’t tell you to think of the children to get support for a bad law.
    – They don’t lie, cheat or steal.
    – They don’t sexually abuse their interns.
    – They don’t need $200 hair cuts.
    – But above all else, if you don’t like the job they are doing, you can legally eat them!
Mason Wheeler (profile) says:

On the one hand, yes, exemptions are necessary for legitimate access. On the other, I can totally see why such a high penalty would be appropriate for actual malicious hacking.

If you talk with security professionals, they paint a very different picture than the opinion given here:

One tends to think of prison terms as being somewhat related to the harm caused and if someone fires off malware that prevents someone from starting their vehicle, there’s no way that should be punished by a life sentence. I’m sure the legislators are contemplating worst-case scenarios where someone electronically hijacks a vehicle and causes someone’s death, but that sort of thing should be punishable under other laws more commensurate with the end result of the hacking.

Ask someone trained in computer security how to handle a malware infection, and the answer, if the person you’re talking to is competent, will invariably be some variation on “nuke it from orbit; it’s the only way to be sure.” There are so many places on a computer where malware can hide itself that the general consensus is that there is no way to “clean” an infected system and feel confident afterwards that it’s truly gone.

Needless to say, the ramifications of this are very different for a computer that costs a few hundred dollars to replace, and for a car that costs tens of thousands! Also, along the same lines, there’s no way to be sure what malware does simply by analyzing observable behavior, because it could always be waiting for new circumstances to arise in order to then trigger new behavior. The “mostly harmless” virus that prevents you from starting your vehicle may seem like a silly prank that doesn’t warrant locking anyone up, right up until you manage to get it started, feeling safe, and then it disables your brakes at 60 MPH.

There are two ways for the law to deal with this sobering reality. One is to ban all black-box development. Everything must be open-source and thoroughly analyzable by everyone, with system-level enforcement of this requirement. Under such circumstances, it would be possible to be sure that a system has been cleaned without having to throw it out. But the industry would never go for it.

The other is draconian-grade deterrence, which is what we’re seeing here. Until the first alternative can be implemented, it is, unfortunately, really the only reasonable option available.

Anonymous Coward says:

Re: Re:

Or you could, you know, have punishments have some correlation with what was actually caused.

You hack some one’s vehicle so that it won’t start?
Here’s a vandalism and/or destruction of property charge.

Your hack intended to stop people’s cars from starting unintentionally also cuts the brakes at 60 mph?
Here’s your unintentional manslaughter.

The problem with all the thinking from these dumb politicians is that instead of making new laws to specifically outlaw some existing crime but on a computer, all they really need to do (if they really need to do anything at all) is just lay out which things on a computer are really just the same crime as not on a computer.

As such that previous case about a guy working for a newspaper who gave out his credentials should have been sued for breach of contract instead of being brought to criminal trial for “breach of contract on a computer”.

Mason Wheeler (profile) says:

Re: Re: Re:

Your hack intended to stop people’s cars from starting unintentionally also cuts the brakes at 60 mph?
Here’s your unintentional manslaughter.

I wasn’t talking about unintentional effects; I was talking about hidden effects. Unless the code can be effectively analyzed, it could do anything. (Read up on the phrase “arbitrary code execution” sometime. That’s what it means.)

This is not theoretical; real-world malware has been doing equivalent things in computers for decades, and sometimes it’s not easy to figure out what they’re intended to do. To give a real-world example, the original computer worm, created by Robert Tappan Morris, brought the Internet of 1989 to its knees, crashing a huge amount of servers by making so many copies in memory that it bogged them down until they were unable to do anything.

Morris claimed, after he was caught, that all he wanted to do was create something that would “count the number of machines on the Internet,” and a bug causes it to multiply out of control. It wasn’t until much later that analysis of the source code showed a very different picture: he was a cybercriminal mastermind, years ahead of his time. There was code in the worm to establish what we call “a botnet” today, and it was only due to a fortuitous glitch that it never became active.

Any malware found in a vehicle should be treated as evidence of attempted murder by default, even if it’s detected before it actually kills anyone. If you understand the meaning of “arbitrary code execution,” that’s obvious. If not, please do some studying before declaring that those of us who do understand it are wrong.

Anonymous Coward says:

Re: Re: Re: Re:

Any malware found in a vehicle should be treated as evidence of attempted murder by default, even if it’s detected before it actually kills anyone.

Evidence of, maybe. Proof, no way… at least not until it’s analyzed. Malware that cuts the brakes at 60 MPH is perhaps like putting arsenic in someone’s drink, but malware that merely prevents the car from exceeding 25 MPH is more like slipping alcohol into someone’s punch – still illegal and in some circumstances could turn out deadly, but by itself it’s not attempted murder.

You wouldn’t convict someone of attempted murder based on pouring something unknown into a drink, so why would you convict someone of attempted murder for putting something unknown into a car’s electronics?

Chronno S. Trigger (profile) says:

Re: Re: Re: Re:

“Any malware found in a vehicle should be treated as evidence of attempted murder by default”

And this is why Tim’s comment “Self-driving cars are an inevitability” is wrong. Just like how people’s fears of Google Glass killed the product, people’s fears of self driving cars will kill that as well. Seriously, how many people will be willing to get a self driving car if they’re worried about other people assaulting them out of fear?

Anonymous Coward says:

Re: Re: Re: Re:

Arbitrary code execution is a problem when external files or data used by a program running on a computer triggers a bug that let it execute arbitrary code, and should never ever be a problem for safety critical control systems. If it is a problem for cars, like enabling the entertainment system to modify the safety critical system, then the manufacturers should be held liable for building an unsafe system.
An owner, or someone they ask to, should be allowed to modify the control system software of a car, so long as they accept responsibility for any errors, and anybody who gains access to the vehicle and modifies the software should be prosecuted under existing criminal laws, with intent and outcome determining their punishment.
Blanket prohibition and draconian punishment like these proposals are simply a way that corporations can reduce people to serfdom, by taking control of things that they need in order to live in a modern society.

Anonymous Coward says:

Re: Re:

On the one hand, yes, exemptions are necessary for legitimate access. On the other, I can totally see why such a high penalty would be appropriate for actual malicious hacking.

I disagree. The only way life in prison is appropriate is if the person actually murders someone with this method. And if that happens, we already have murder and/or manslaughter charges that can be brought. If they hack and destroy the car, we have laws about destroying other people’s property too.

This law doesn’t even require maliciousness. But even in cases where there IS maliciousness, I fail to see why hacking the car’s electronics to disable the brakes is worse than cutting the brakes, or putting a small explosive charge with a timer on the brakes, or ramming the car with a cement truck, or just pulling out a gun and shooting the driver.

Anonymous Coward says:

Re: Re:

Wow, I’m just blown away by your technical insight – NOT!

Just because your so myopic you can only see two legal options doesn’t actually mean there are only two.

How about these:

– Legally mandate that any programmable control system must be easily and cheaply replace.
– Legally mandate that any programmable control system must be wholly reprogrammable, so that any installed malware is wiped (if you think this is not possible, go read up on JTAG and then come back to the discussion when you actually know something).
– Legally mandate that programmable control systems be isolated from remote communications, so that malware can only be installed by someone physically adjacent to the target vehicle.

You know, require the technology developers to do what decent, conscientious engineers should be doing anyway, but aren’t.

There are many, many legal options. Freaking out and passing a totally disproportionate, draconian law that will only decrease the already falling respect for the rule of law is not even a good one, never mind the best. No legal change would be better than this one.

Mason Wheeler (profile) says:

Re: Re: Re:

– Legally mandate that any programmable control system must be easily and cheaply replace.

There are two meanings of the word “cheap.” One is “low price”, and the other is “low quality.” They’re attached to the same word due to their high tendency to be correlated. This “option” would effectively require that one of the most critical components of a car be selected based on low price rather than high quality.

– Legally mandate that any programmable control system must be wholly reprogrammable, so that any installed malware is wiped

Which is great in theory, right up until you miss something. Problem is, the fact that malware got in in the first place is prima facie evidence that they missed something, which tends to diminish confidence in the idea that they wouldn’t have missed anything else.

– Legally mandate that programmable control systems be isolated from remote communications, so that malware can only be installed by someone physically adjacent to the target vehicle.

Congratulations, you just shut down Tesla’s incredibly effective and efficient system of fixing car software bugs by deploying remote updates!

Got any more brilliant ideas?

Anonymous Coward says:

Re: Re: Re: Re:

Congratulations, you just shut down Tesla’s incredibly effective and efficient system of fixing car software bugs by deploying remote updates!

I do not want any system on which my life depend connected to the Internet. Direct access, which can be as simple as an SD card reader, is a much safer way of updating such system, and a visit to a dealer, or downloading and copying to a card to plug in to the car. This ia a small price to play to reduce the chances of bad guys gaining remote access or control of a car.

RedBeard (profile) says:

Re: Re: Re: Re:

“Congratulations, you just shut down Tesla’s incredibly effective and efficient system of fixing car software bugs by deploying remote updates!”

Efficiency and security often do not go together. It is inefficient for me to have to enter my password 27 time a day to use my computer . . . should we get rid of passwords?

This efficient system increases the potential for a security breach to impact large numbers of vehicles by orders of magnitude.

Mason Wheeler (profile) says:

Re: Re: Re:2 Re:

This efficient system increases the potential for a security breach to impact large numbers of vehicles by orders of magnitude.

Good point! That would explain why Tesla’s cars are getting remote-hacked left and right… oh wait, no, they aren’t. In fact, security researchers trying to hack Teslas are saying the same thing about them that physical crash testers are saying: they’re the safest cars on the road. This is probably because Tesla is not “a car company” as commonly understood, but rather a high-tech company whose product is cars. It’s run by tech-savvy people who understand computers and computer security, and that makes a huge difference.

I’m not privy to any details, but I can only assume that people aren’t spreading malware to Tesla systems over their remote update protocol for the same reason we haven’t seen malware pushed en masse to billions of computers worldwide over Windows Update: because the updates are cryptographically signed to prevent such attacks.

RedBeard (profile) says:

Re: Re: Re:3 Ok then

“Good point! That would explain why Tesla’s cars are getting remote-hacked left and right… oh wait, no, they aren’t.”

So, since no one has found a way in yet, that means it will never happen. OK, I guess you are right history has shown that time and time again, right… right… oh wait, no history has not shown that. Ever. If there is a door someone will find a way to open it.

LOL You are a very optimistic chap or maybe you have stock in Tesla . . . .

Anonymous Coward says:

Re: Re: Re: Re:

If the bulk of the auto industry puts economics (and a hell of a lot of other things) ahead of good engineering, letting politicians write their own ham-fisted kluge that gives the government more power to punish arbitrarily and selectively probably isn’t a fix that’s going to lead to better, longer-term solutions.

Implement legislation like this, and the government has a powerful, exploitable weapon at its disposal and no reason to trade down by writing better laws and sensible regulations. Corporations bear even less responsibility for the damage enabled by their own crappy, dangerous, recklessly half-assed designs and quality controls. And, of course, consumers watch as the idea of ‘owning what you buy’ fades into the distance.

I’m less worried about the car-hackers than I’m worried about handing corporations and governments another exploit.

John Fenderson (profile) says:

Re: Re: Re: Re:

“Congratulations, you just shut down Tesla’s incredibly effective and efficient system of fixing car software bugs by deploying remote updates!”

There’s nothing wrong with having to plug a memory stick into a slot to do a software upgrade, and there’s a whole lot right with it in terms of safety and security.

The advantage of OTA updates is convenience. That’s a huge advantage for sure, but nearly all of the systems implemented so far have presented huge disadvantages as well.

Anonymous Coward says:

Re: Re:

The potential for malware hiding out in some obscure spot in a car does not justify this sort of attempt at draconian deterrence. Your car gets infected with malware, forcing you to replace it for fear it can’t be cleaned? Treat it the same as the car being stolen. Malware disables the brakes resulting in a fatal accident? Treat it the same as cutting the brake lines resulting in an accident. There’s nothing that malware can do that isn’t comparable to some existing tampering with a car. Malware simply potentially makes tampering easier. That does not suddenly make it worthy of much more stringent punishments.

Mason Wheeler (profile) says:

Re: Re: Re:

There’s nothing that malware can do that isn’t comparable to some existing tampering with a car.

I beg to differ. Read up on the Jeep hack: the hackers were able to take control of the vehicle remotely, with the driver inside. That’s something new that you can’t get without a computer. What if the next malware is being run by someone less benevolent than a couple of security researchers, and they decide to play demolition derby on a highway–or in a residential neighborhood?

Anonymous Coward says:

Re: Re: Re: Re:

What if the next malware is being run by someone less benevolent than a couple of security researchers, and they decide to play demolition derby on a highway–or in a residential neighborhood?

What if they do? Do you think this law will deter them and existing laws won’t?

I think we can find something to charge them with. Even assuming it wasn’t murder, manslaughter is 15 years. If nobody dies, “Assault with intent to do great bodily harm less than murder” or “Assault with intent to commit felony not otherwise punished” is 10 years, and the demolition of the cars could be that felony, if nothing else. Multiply that by the number of people in the cars, then tack on the destruction of the cars – “willful and malicious destruction of property” is 10 years if the property is over $20,000, or 5 years if it’s over $1000. Do you really think they’re getting out anytime soon?

Anonymous Coward says:

Re: Re: Re: Re:

Read up on the Jeep hack: the hackers were able to take control of the vehicle remotely

Which show exactly why safety critical systems should NOT be connected to the Internet, or phone Network. A law that made such practice illegal would make much more sense than a law that criminals will ignore.

s2lim (profile) says:

Re: Re: Re: Re:

You sort of invalidated any argument you thought you might’ve had. 1) There are laws to punish people when bad things happen. Our jeep scenario, or others like it, invariably make those with control culpable for their actions. 2) Security researchers (e.g. hackers) are what keeps bad things from happening in the tech world by proactively investigating anything they can get into. This bill is a protectionist bill in the worst sense. When a law prevents progress it’s bad law. We have a lot of bad laws and, as a result, we have a lot of good people in prison. This bill is uninformed, fear-based nonsense.

Thumbs down.

btr1701 (profile) says:

Re: Re: Re: Re:

Read up on the Jeep hack: the hackers were able to take
> control of the vehicle remotely, with the driver inside.

Which is just one more reason I’m perfectly happy with my old 4Runner. Still runs like a dream, never had any mechanical issues with it, and it has none of this “connected to the internet, GPS monitoring, black box” crap that turns my own vehicle against me as an Orwellian wet dream.

Anonymous Coward says:

Re: Re: Re: Not a reasonable option

No the first ones correct. Indication was ANY UNAUTHORIZED HACKING would mean jail time. You or I do not own the software so any hacking even if I own the car is unauthorized. I imagine it is one of the real reasons for the bill, to make sure you have to take all vhicles to an authorized facility who in turn send money to the manufacturer to maintain their certification.

Anonymous Coward says:

Re: Re: Re:2 Not a reasonable option

No, it doesn’t say unauthorized hacking.

A PERSON SHALL NOT INTENTIONALLY ACCESS… AN ELECTRONIC SYSTEM OF A MOTOR VEHICLE TO WILLFULLY DESTROY, DAMAGE, IMPAIR, ALTER, OR GAIN UNAUTHORIZED CONTROL OF THE MOTOR VEHICLE.

Under the letter of this stupidly worded law, it’s a crime to access the electronic system to alter the vehicle. “unauthorized” only modifies “control”, as I noted before. It doesn’t matter whether you’re a Ford employee; it’s still life in prison.

Mason Wheeler (profile) says:

Re: Re: Re:3 Not a reasonable option

…which is why I specifically said that exemptions for legitimate use are necessary to make this reasonable. It was literally the first thing I wrote in my original post. Why are you acting as if I was supporting the entire proposed law exactly as written, when I specifically said the opposite?

Anonymous Coward says:

Re: Re: Re:4 Not a reasonable option

It was literally the first thing I wrote in my original post.

I didn’t realize we were on that thread, since the title changed.

But it still isn’t reasonable to give life in prison for hacking. If the hacking results in a murder, then charge them with murder. If it recklessly endangers 157 people, then charge 157 counts of recklessly endangering safety. If it renders the car undrivable, charge them with willful and malicious destruction of property. If they just turned the heater on full blast in summer, then that should still be a crime, but one with an appropriate punishment.

If someone breaks into your property while you are away, they could, for all you know, have poisoned your well, put nitroglycerin in your lawn mower tank, or done all sorts of other things that might trigger later and kill you. But we don’t make trespassing carry a maximum sentence of life in prison because of what might have been done, and we don’t claim a house is unlivable if it has been burgled while the owners were away and you don’t know what the person did, unless there’s some actual reason to think they planted something.

Andy says:

Re: Re:

Also car manufacturers should have no problem protecting there cars from hackers, damn if they cannot they are doing things wrong. Just disable the ability to update until the car is in a safe place and only allow updates via a physical cable simple solution to the whole problem without having to spend millions creating a new law.

RedBeard (profile) says:

Re: Re:

If car manufacture’s need the ability to “nuke it from orbit” to address an attack on their systems, it is incumbent on them to design their system(s) with this ability in mind. They also need to separate critical systems from non-critical systems within the vehicle.

Neither open-source software nor draconian-grade deterrence will solve the problem. Linux is open-source software, but it is not now or will it ever be completely secure. Draconian-grade deterrence has yet to end murder. In addition, draconian-grade deterrence rarely deter people with adequate resources, people that believe they are smarter than everyone else or governments.

The only reasonable options are to require auto manufacturers to implement reasonable security system for critical auto systems; ensure that failure to do so results in punishment that are harsh enough to force compliance; and subject people that cause harm punishment that fits the crime. We have plenty of laws that deal with punishment for harm caused by a person’s actions. Doing it on a computer does not make one a super villain that should be imprisoned for life.

Ninja (profile) says:

Re: Re:

Hmmm, no. Even if I agreed with the law, the punishments are disproportionate.

Besides, one person said above, there are plenty of legal alternatives to this bullshit such as vandalism or other less destructive methods. Prisons should act as a deterrent but also as channels to rehabilitate those who get thrown there. With very, very specific exceptions the punishment should be both proportional and should give the opportunity to reintroduce the person into society. Life imprisonment for some hack is completely insane.

Anonymous Coward says:

This is an awfully written law.

The law says:

A PERSON SHALL NOT INTENTIONALLY ACCESS OR CAUSE ACCESS TO BE MADE TO AN ELECTRONIC SYSTEM OF A MOTOR VEHICLE TO WILLFULLY DESTROY, DAMAGE, IMPAIR, ALTER, OR GAIN UNAUTHORIZED CONTROL OF THE MOTOR VEHICLE.

This article says:

Repairs to on-board computers by “non-certified” mechanics could net them charges, especially if something malfunctions down the road.

But “authorized” mechanics would fall under the umbrella of this law just as much.

First of all, “authorized” must be read to mean “authorized by the owner of the car”, not “authorized by the manufacturer”.

Secondly, regardless of the preceding, “unauthorized” only modifies “control”. It doesn’t modify “alter”. There is nothing in this law that allows authorized mechanics or anyone else (including the owner!) to alter the car. Altering by accessing the electronic system is made illegal, punishable by life in prison.

Dave Cortright says:

Re: DUI

I concur. DUI is far more dangerous than what is proposed in this bill. As is driving a vehicle with serious safety issues (bad brakes, bald tires, a sticky throttle, etc) How about actually looking at the numbers when it comes to how motor vehicles are hurting our citizens, and legislating commensurately?

Anonymous Coward says:

The problem is that politicians like to write laws. Danger in this instance is already covered. You tamper with a cars system and the person dies because of it, you could be charged with murder today. Why the need for a new law? A guy was dragged behind a pickup truck in Texas and they pass a hate crime law. Seems to me that dragging someone behind your truck and killing them was already against the law. Immigration? Why do we need new laws? Seems to me it is against the law to enter or stay in the country illegally is already against the fucking law. We don’t have a law problem, we have an enforcement problem, or at least the will to enforce laws.

Anonymous Coward says:

Re: Re:

When police can just really, really, really believe that the law says X, regardless of that being true, and still be found to have adequately applied it based on the belief alone, I don’t know if all you have is an “enforcement of the law” problem against a more general “enforcement problem”.

Anonymous Coward says:

I’m sure the legislators are contemplating worst-case scenarios where someone electronically hijacks a vehicle and causes someone’s death, but that sort of thing should be punishable under other laws more commensurate with the end result of the hacking.

This is Rube Goldberg legislating, where you go through all the steps after the initial act you were legislating on and punish that act according to the worst outcome possible that you can think of, no matter how removed it was from that initial cause.

Rich Kulawiec (profile) says:

This isn't about safety in the least

It’s about CYA for car makers, who are already shipping vehicles with non-existent security.

If legislators were actually interested in security, then they would mandate that all vehicle control systems be completely over-source (hardware and software) and they’d require a fully-public process whereby issues can be reported and tracked, so that we can all see what they are, how they’re resolved, and when they’re resolved.

But this piece of legislation…well, it pretty much guarantees that people will die in vehicles that were hacked because their systems were never subjected to independent peer review.

That One Guy (profile) says:

Re: This isn't about safety in the least

Car makers to politicians: Now, we could spend a lot of money developing robust and strong security for our cars, or we could spend a more modest amount on your campaign funding, which would you rather we pursue?

Five minutes later

Politicians to reporters: … and that is why we are focused on making it absolutely positively illegal to so much as access the system on-board vehicles, with penalties harsher than deliberate murder whether or not a death results from the access, because tech is advancing and we need to stay ahead of it.

Anonymous Coward says:

Witch hunt is pretty accurate.

Politician/leader: “There are some people out there who can do things we do not understand how is done. Let us destroy their life for doing those things.”

Granted, it is not a burning at the stake, but it is destroying the rest of someones life based on ignorance.
Many socalled witches were healers or just people that made others unconfortable. I see this law being used in much the same way. To make the smallest crime a life sentence, just throw in that he did something with a computer.

Repeating the past always works out so well.

Andy says:

laws are irrelevent if stupid!!!

My cousin was warned by a police officer for travelling the speed limit. She was told to drive at the average speed of those other drivers on the road as she was causing a backup and a chance of accidents happening. On a road she was previously fined on for travelling at 5 miles over the limit.

So what happens when a google car drives the speed limit and causes massive tailbacks and causes accidents due to said backups.

There is a reason people drive faster than the law allows and on roads that allow it, damn i have been on a duel carriageway on a straight stretch of over 2 miles where there the speed limit was the same as the speed limit driving through a densely populated city road. That is just stupid and makes no sense other than the fact that the road had multiple speed cameras that made the taxman happy.

Self driving cars could end up causing a lot of problems and accident by doing nothing but obeying the law.

Anonymous Coward says:

Re: Re: laws are irrelevent if stupid!!!

A while back in Ontario there was a truck driver protest over something (I don’t recall what). One act of protest was a couple of truck driving side-by-side at the speed limit on a four lane divided highway at the speed limit. As I recall it, they were successfully prosecuted for causing an obstruction. (They were definitely arrested and charged.)

Nick (profile) says:

Automotive News quoted Kowall as saying, “I hope that we never have to use it. That’s why the penalties are what they are. The potential for severe injury and death are pretty high. Some of these people are pretty clever. As opposed to waiting for something bad to happen, we’re going to be proactive on this and try to keep up with technology.”

Which is why they promptly went on to passing the following laws:
Anyone who is caught driving over the legal alcohol limit is sentenced to life in prison.
Anyone who texts while driving (or otherwise doesn’t stare unblinkingly at the road 100% of the time)is sentenced to prison.
Anyone who talks to drivers is sentenced to life in prison.
Anyone who doesn’t perform a legal lane change is sentenced to life in prison.
Anyone who drives even a fraction of an MPH over the legal speed limit is sentenced to life in prison.
And lastly… Anyone who buys firearms is sentenced to life in prison.

Loki says:

I fail to see why this is an issue. Now that pot is becoming increasingly decriminalized we need some way for the increasingly privatized prison industry to remain profitable (as well as finding ways to remove large swatches of commoners from being able to vote). We can’t rely on just copyright infringement alone.

Think of the children, dammit, or the terrorists will win.

btr1701 (profile) says:

Speeding

> But when you go out and drive the speed limit on the
> highway, pretty much everybody on the road is just
> zipping past you. And I would be one of those people.”

That’s because speed limits on most roads are set artificially low, for various reasons. I spent some time years ago as a city attorney and was privy to many closed-door discussions by city council members about speed limits. They take the recommended speed provided by the highway engineers which is based on science, and drop it by about 10 mph or so. Why? Everything from nanny-state safety mavens who constantly fret about the possibility someone somewhere might get hurt by something, to officials who figure that setting the limit artificially low will result in more speeders, and hence more revenue.

Anonymous Coward says:

Re: Law

I’m the only one who determines access to my own car, so how can it ever be unauthorized for me to do it?

Your own access indeed isn’t unauthorized. But it’s a big “or” statement; you only have to do one thing on the list for it to be a crime. So if you altered your car via the electronics (or had someone else do it), that would be a crime under this law, because there’s no “unauthorized” modifier on “alter” like there is on “control”.

Anonymous Coward says:

Re: Law

I’m the only one who determines access to my own car, so how can it ever be unauthorized for me to do it?

You don’t own the control software in it, you only license it to be used as they intend. So if the software owner didn’t give you permission to alter it, then the resulting control is unauthorized.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...