from the plus-cancer,-where-permitted-by-local-ordinances dept
There's apparently no situation legislators can't make worse. Self-driving cars are an inevitability, as are all the attendant concerns about autonomous vehicles roaming the streets unattended, mowing down buses at 2 miles per hour or forcing drivers behind them to obey all relevant traffic laws.
There are fears that people will just stop paying attention to driving, which is weird, because that's one of the few immediate advantages of self-driving vehicles. There are also fears that a robot car is nothing more than a tempting attack target for malicious hackers. There's some truth to this last one, especially as manufacturers have loaded up vehicles with on-board computers but given little thought to properly securing them.
Even so, that's no excuse for the sort of legislation being proposed by two Michigan politicians, which would reward self-driving car hackers with lifetime stays at the nearest prison.
Michigan Senators Ken Horn and Mike Kowall have proposed a cybersecurity bill aimed at hackers and connected and autonomous cars. While Senate Bill 928 (pdf) sets out the type of crime and corresponding sentencing guidelines for car hacking, Senate Bill 927 (pdf) spells out that car hacking will be a felony. Further down, the legislation says car hacking will be punishable by life in prison.This would be fine if… well, no, actually it's not fine at all. One tends to think of prison terms as being somewhat related to the harm caused and if someone fires off malware that prevents someone from starting their vehicle, there's no way that should be punished by a life sentence. I'm sure the legislators are contemplating worst-case scenarios where someone electronically hijacks a vehicle and causes someone's death, but that sort of thing should be punishable under other laws more commensurate with the end result of the hacking.
I can also see how not explicitly targeting hacking of vehicles might become a legal loophole which allows perpetrators to walk away from more serious charges. But this is overkill, especially because the list of violations is far too broadly written.
A PERSON SHALL NOT INTENTIONALLY ACCESS OR CAUSE ACCESS TO BE MADE TO AN ELECTRONIC SYSTEM OF A MOTOR VEHICLE TO WILLFULLY DESTROY, DAMAGE, IMPAIR, ALTER, OR GAIN UNAUTHORIZED CONTROL OF THE MOTOR VEHICLE.Basically the bill says all electronic systems created by manufacturers must be sealed black boxes that purchasers, security researchers, hobbyists, and third-party suppliers should never, ever access under the pain of life imprisonment. "Alter" could mean "make things work better," but it still would be treated as a criminal act under this law. Repairs to on-board computers by "non-certified" mechanics could net them charges, especially if something malfunctions down the road. I'm sure this is a perfectly acceptable outcome to the US automakers still cranking out cars in Michigan, that would now have something more than copyright to threaten people with.
The senators claim this is necessary because they want to stay out in front of any technological developments.
Automotive News quoted Kowall as saying, “I hope that we never have to use it. That's why the penalties are what they are. The potential for severe injury and death are pretty high. Some of these people are pretty clever. As opposed to waiting for something bad to happen, we're going to be proactive on this and try to keep up with technology.”You don't "keep up" with technology by treating electronic access to certain systems like some particularly powerful form of witchcraft, only punishable by the most severe sentences. This isn't legislators staying abreast of the latest developments. This is legislators bypassing evidence gathering and stocking up on fear. Because nothing eases the mind of the public more than declaring the autonomous car apocalypse to be upon us, with only this badly written bill standing in the way of death and destruction.