Michigan Politicians Want People Who Hack Cars To Spend The Rest Of Their Lives In Prison

from the plus-cancer,-where-permitted-by-local-ordinances dept

There's apparently no situation legislators can't make worse. Self-driving cars are an inevitability, as are all the attendant concerns about autonomous vehicles roaming the streets unattended, mowing down buses at 2 miles per hour or forcing drivers behind them to obey all relevant traffic laws.

There are fears that people will just stop paying attention to driving, which is weird, because that's one of the few immediate advantages of self-driving vehicles. There are also fears that a robot car is nothing more than a tempting attack target for malicious hackers. There's some truth to this last one, especially as manufacturers have loaded up vehicles with on-board computers but given little thought to properly securing them.

Even so, that's no excuse for the sort of legislation being proposed by two Michigan politicians, which would reward self-driving car hackers with lifetime stays at the nearest prison.

Michigan Senators Ken Horn and Mike Kowall have proposed a cybersecurity bill aimed at hackers and connected and autonomous cars. While Senate Bill 928 (pdf) sets out the type of crime and corresponding sentencing guidelines for car hacking, Senate Bill 927 (pdf) spells out that car hacking will be a felony. Further down, the legislation says car hacking will be punishable by life in prison.
This would be fine if… well, no, actually it's not fine at all. One tends to think of prison terms as being somewhat related to the harm caused and if someone fires off malware that prevents someone from starting their vehicle, there's no way that should be punished by a life sentence. I'm sure the legislators are contemplating worst-case scenarios where someone electronically hijacks a vehicle and causes someone's death, but that sort of thing should be punishable under other laws more commensurate with the end result of the hacking.

I can also see how not explicitly targeting hacking of vehicles might become a legal loophole which allows perpetrators to walk away from more serious charges. But this is overkill, especially because the list of violations is far too broadly written.
A PERSON SHALL NOT INTENTIONALLY ACCESS OR CAUSE ACCESS TO BE MADE TO AN ELECTRONIC SYSTEM OF A MOTOR VEHICLE TO WILLFULLY DESTROY, DAMAGE, IMPAIR, ALTER, OR GAIN UNAUTHORIZED CONTROL OF THE MOTOR VEHICLE.
Basically the bill says all electronic systems created by manufacturers must be sealed black boxes that purchasers, security researchers, hobbyists, and third-party suppliers should never, ever access under the pain of life imprisonment. "Alter" could mean "make things work better," but it still would be treated as a criminal act under this law. Repairs to on-board computers by "non-certified" mechanics could net them charges, especially if something malfunctions down the road. I'm sure this is a perfectly acceptable outcome to the US automakers still cranking out cars in Michigan, that would now have something more than copyright to threaten people with.

The senators claim this is necessary because they want to stay out in front of any technological developments.
Automotive News quoted Kowall as saying, “I hope that we never have to use it. That's why the penalties are what they are. The potential for severe injury and death are pretty high. Some of these people are pretty clever. As opposed to waiting for something bad to happen, we're going to be proactive on this and try to keep up with technology.”
You don't "keep up" with technology by treating electronic access to certain systems like some particularly powerful form of witchcraft, only punishable by the most severe sentences. This isn't legislators staying abreast of the latest developments. This is legislators bypassing evidence gathering and stocking up on fear. Because nothing eases the mind of the public more than declaring the autonomous car apocalypse to be upon us, with only this badly written bill standing in the way of death and destruction.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    TheResidentSkeptic (profile), 4 May 2016 @ 6:56am

    Amicus Brief coming from...

    Accel, Brembro, Cragar, Detroit Locker, Edelbrock, Federal Mogul, GForce, Holley, Isky Cams, JMS Chips, K&N, Lecarra, Manley, NGK, Oakley, Pirelli, Quaker State, Revtek,
    Stromberg, Thrush, Unisteer, Vertex Pistons, Walker Exhaust, XForce, Yokohama, Zex Nitrous, and 1 Shot - and HUNDREDS more vendors who exist solely on modifying automobiles.

    Don't mess with us rednecks and our ability to modify our cars! Chip Tuning is just the latest in a LONG line of mods. Programming is the natural progression.

    To all politicians - stop PROVING that you are the best that money can buy!

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 4 May 2016 @ 8:31am

      Re: Amicus Brief coming from...

      I propose we substitute all politicians by chips. I think they'll do a better job.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 May 2016 @ 8:58am

        Ways in which chips are better than politicians...

        - The don't grandstand.
        - They never vote for stupid laws.
        - They don't tell you to think of the children to get support for a bad law.
        - They don't lie, cheat or steal.
        - They don't sexually abuse their interns.
        - They don't need $200 hair cuts.
        - But above all else, if you don't like the job they are doing, you can legally eat them!

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2016 @ 11:12am

      Re: Amicus Brief coming from...

      I don't think its about the cars at all, just another law to throw people in prison. No wonder America has the most citizens imprisoned for their size.

      reply to this | link to this | view in chronology ]

  • identicon
    Ricardo Montelban, 4 May 2016 @ 8:26am

    Anyone want to wager

    that the automobile industry had a hand in drafting this?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2016 @ 12:35pm

      Re: Anyone want to wager

      I'd also guess the FBI and it's brethren. They foresee cars of the future coming from the factory with builtin tracking devices and they sure don't want anyone disabling them.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 4 May 2016 @ 8:30am

    The senators claim this is necessary because they want to stay out in front of any technological developments.

    Seeing it like that means they may actually be doing a good job. They are putting a wall in front of security breaches discovery and between the car owners and their own car. So,yeah..

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 4 May 2016 @ 8:41am

    We jail more PPL than Cuba, Russia, and China.

    Land of the free... Murika!!! fuk yeah!!!
    5% of the population... 1/4 of the worlds prison population.

    Did I say Murika fuk yeah?

    Lets get legislation passed for life imprisonment for shit stupid bills proposed. Ken and Mikee can be the first two.

    reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 4 May 2016 @ 8:42am

    On the one hand, yes, exemptions are necessary for legitimate access. On the other, I can totally see why such a high penalty would be appropriate for actual malicious hacking.

    If you talk with security professionals, they paint a very different picture than the opinion given here:
    One tends to think of prison terms as being somewhat related to the harm caused and if someone fires off malware that prevents someone from starting their vehicle, there's no way that should be punished by a life sentence. I'm sure the legislators are contemplating worst-case scenarios where someone electronically hijacks a vehicle and causes someone's death, but that sort of thing should be punishable under other laws more commensurate with the end result of the hacking.

    Ask someone trained in computer security how to handle a malware infection, and the answer, if the person you're talking to is competent, will invariably be some variation on "nuke it from orbit; it's the only way to be sure." There are so many places on a computer where malware can hide itself that the general consensus is that there is no way to "clean" an infected system and feel confident afterwards that it's truly gone.

    Needless to say, the ramifications of this are very different for a computer that costs a few hundred dollars to replace, and for a car that costs tens of thousands! Also, along the same lines, there's no way to be sure what malware does simply by analyzing observable behavior, because it could always be waiting for new circumstances to arise in order to then trigger new behavior. The "mostly harmless" virus that prevents you from starting your vehicle may seem like a silly prank that doesn't warrant locking anyone up, right up until you manage to get it started, feeling safe, and then it disables your brakes at 60 MPH.

    There are two ways for the law to deal with this sobering reality. One is to ban all black-box development. Everything must be open-source and thoroughly analyzable by everyone, with system-level enforcement of this requirement. Under such circumstances, it would be possible to be sure that a system has been cleaned without having to throw it out. But the industry would never go for it.

    The other is draconian-grade deterrence, which is what we're seeing here. Until the first alternative can be implemented, it is, unfortunately, really the only reasonable option available.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2016 @ 8:52am

      Re:

      Or you could, you know, have punishments have some correlation with what was actually caused.

      You hack some one's vehicle so that it won't start?
      Here's a vandalism and/or destruction of property charge.

      Your hack intended to stop people's cars from starting unintentionally also cuts the brakes at 60 mph?
      Here's your unintentional manslaughter.

      The problem with all the thinking from these dumb politicians is that instead of making new laws to specifically outlaw some existing crime but on a computer, all they really need to do (if they really need to do anything at all) is just lay out which things on a computer are really just the same crime as not on a computer.

      As such that previous case about a guy working for a newspaper who gave out his credentials should have been sued for breach of contract instead of being brought to criminal trial for "breach of contract on a computer".

      reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 4 May 2016 @ 9:58am

        Re: Re:

        Your hack intended to stop people's cars from starting unintentionally also cuts the brakes at 60 mph?
        Here's your unintentional manslaughter.

        I wasn't talking about unintentional effects; I was talking about hidden effects. Unless the code can be effectively analyzed, it could do anything. (Read up on the phrase "arbitrary code execution" sometime. That's what it means.)

        This is not theoretical; real-world malware has been doing equivalent things in computers for decades, and sometimes it's not easy to figure out what they're intended to do. To give a real-world example, the original computer worm, created by Robert Tappan Morris, brought the Internet of 1989 to its knees, crashing a huge amount of servers by making so many copies in memory that it bogged them down until they were unable to do anything.

        Morris claimed, after he was caught, that all he wanted to do was create something that would "count the number of machines on the Internet," and a bug causes it to multiply out of control. It wasn't until much later that analysis of the source code showed a very different picture: he was a cybercriminal mastermind, years ahead of his time. There was code in the worm to establish what we call "a botnet" today, and it was only due to a fortuitous glitch that it never became active.

        Any malware found in a vehicle should be treated as evidence of attempted murder by default, even if it's detected before it actually kills anyone. If you understand the meaning of "arbitrary code execution," that's obvious. If not, please do some studying before declaring that those of us who do understand it are wrong.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 May 2016 @ 10:11am

          Re: Re: Re:

          Any malware found in a vehicle should be treated as evidence of attempted murder by default, even if it's detected before it actually kills anyone.


          Evidence of, maybe. Proof, no way... at least not until it's analyzed. Malware that cuts the brakes at 60 MPH is perhaps like putting arsenic in someone's drink, but malware that merely prevents the car from exceeding 25 MPH is more like slipping alcohol into someone's punch - still illegal and in some circumstances could turn out deadly, but by itself it's not attempted murder.

          You wouldn't convict someone of attempted murder based on pouring something unknown into a drink, so why would you convict someone of attempted murder for putting something unknown into a car's electronics?

          reply to this | link to this | view in chronology ]

        • icon
          Chronno S. Trigger (profile), 4 May 2016 @ 10:16am

          Re: Re: Re:

          "Any malware found in a vehicle should be treated as evidence of attempted murder by default"

          And this is why Tim's comment "Self-driving cars are an inevitability" is wrong. Just like how people's fears of Google Glass killed the product, people's fears of self driving cars will kill that as well. Seriously, how many people will be willing to get a self driving car if they're worried about other people assaulting them out of fear?

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 May 2016 @ 10:21am

          Re: Re: Re:

          Arbitrary code execution is a problem when external files or data used by a program running on a computer triggers a bug that let it execute arbitrary code, and should never ever be a problem for safety critical control systems. If it is a problem for cars, like enabling the entertainment system to modify the safety critical system, then the manufacturers should be held liable for building an unsafe system.
          An owner, or someone they ask to, should be allowed to modify the control system software of a car, so long as they accept responsibility for any errors, and anybody who gains access to the vehicle and modifies the software should be prosecuted under existing criminal laws, with intent and outcome determining their punishment.
          Blanket prohibition and draconian punishment like these proposals are simply a way that corporations can reduce people to serfdom, by taking control of things that they need in order to live in a modern society.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2016 @ 9:11am

      Re:

      On the one hand, yes, exemptions are necessary for legitimate access. On the other, I can totally see why such a high penalty would be appropriate for actual malicious hacking.


      I disagree. The only way life in prison is appropriate is if the person actually murders someone with this method. And if that happens, we already have murder and/or manslaughter charges that can be brought. If they hack and destroy the car, we have laws about destroying other people's property too.

      This law doesn't even require maliciousness. But even in cases where there IS maliciousness, I fail to see why hacking the car's electronics to disable the brakes is worse than cutting the brakes, or putting a small explosive charge with a timer on the brakes, or ramming the car with a cement truck, or just pulling out a gun and shooting the driver.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2016 @ 9:12am

      Re:

      Wow, I'm just blown away by your technical insight - NOT!

      Just because your so myopic you can only see two legal options doesn't actually mean there are only two.

      How about these:

      - Legally mandate that any programmable control system must be easily and cheaply replace.
      - Legally mandate that any programmable control system must be wholly reprogrammable, so that any installed malware is wiped (if you think this is not possible, go read up on JTAG and then come back to the discussion when you actually know something).
      - Legally mandate that programmable control systems be isolated from remote communications, so that malware can only be installed by someone physically adjacent to the target vehicle.

      You know, require the technology developers to do what decent, conscientious engineers should be doing anyway, but aren't.

      There are many, many legal options. Freaking out and passing a totally disproportionate, draconian law that will only decrease the already falling respect for the rule of law is not even a good one, never mind the best. No legal change would be better than this one.

      reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 4 May 2016 @ 10:04am

        Re: Re:

        - Legally mandate that any programmable control system must be easily and cheaply replace.

        There are two meanings of the word "cheap." One is "low price", and the other is "low quality." They're attached to the same word due to their high tendency to be correlated. This "option" would effectively require that one of the most critical components of a car be selected based on low price rather than high quality.
        - Legally mandate that any programmable control system must be wholly reprogrammable, so that any installed malware is wiped

        Which is great in theory, right up until you miss something. Problem is, the fact that malware got in in the first place is prima facie evidence that they missed something, which tends to diminish confidence in the idea that they wouldn't have missed anything else.
        - Legally mandate that programmable control systems be isolated from remote communications, so that malware can only be installed by someone physically adjacent to the target vehicle.

        Congratulations, you just shut down Tesla's incredibly effective and efficient system of fixing car software bugs by deploying remote updates!

        Got any more brilliant ideas?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 May 2016 @ 10:28am

          Re: Re: Re:

          Congratulations, you just shut down Tesla's incredibly effective and efficient system of fixing car software bugs by deploying remote updates!

          I do not want any system on which my life depend connected to the Internet. Direct access, which can be as simple as an SD card reader, is a much safer way of updating such system, and a visit to a dealer, or downloading and copying to a card to plug in to the car. This ia a small price to play to reduce the chances of bad guys gaining remote access or control of a car.

          reply to this | link to this | view in chronology ]

        • icon
          RedBeard (profile), 4 May 2016 @ 10:33am

          Re: Re: Re:

          "Congratulations, you just shut down Tesla's incredibly effective and efficient system of fixing car software bugs by deploying remote updates!"

          Efficiency and security often do not go together. It is inefficient for me to have to enter my password 27 time a day to use my computer . . . should we get rid of passwords?

          This efficient system increases the potential for a security breach to impact large numbers of vehicles by orders of magnitude.

          reply to this | link to this | view in chronology ]

          • icon
            Mason Wheeler (profile), 5 May 2016 @ 8:41am

            Re: Re: Re: Re:

            This efficient system increases the potential for a security breach to impact large numbers of vehicles by orders of magnitude.

            Good point! That would explain why Tesla's cars are getting remote-hacked left and right... oh wait, no, they aren't. In fact, security researchers trying to hack Teslas are saying the same thing about them that physical crash testers are saying: they're the safest cars on the road. This is probably because Tesla is not "a car company" as commonly understood, but rather a high-tech company whose product is cars. It's run by tech-savvy people who understand computers and computer security, and that makes a huge difference.

            I'm not privy to any details, but I can only assume that people aren't spreading malware to Tesla systems over their remote update protocol for the same reason we haven't seen malware pushed en masse to billions of computers worldwide over Windows Update: because the updates are cryptographically signed to prevent such attacks.

            reply to this | link to this | view in chronology ]

            • icon
              RedBeard (profile), 5 May 2016 @ 12:21pm

              Re: Re: Re: Re: Re: Ok then

              "Good point! That would explain why Tesla's cars are getting remote-hacked left and right... oh wait, no, they aren't."

              So, since no one has found a way in yet, that means it will never happen. OK, I guess you are right history has shown that time and time again, right... right... oh wait, no history has not shown that. Ever. If there is a door someone will find a way to open it.

              LOL You are a very optimistic chap or maybe you have stock in Tesla . . . .

              reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 May 2016 @ 12:10pm

          Re: Re: Re:

          If the bulk of the auto industry puts economics (and a hell of a lot of other things) ahead of good engineering, letting politicians write their own ham-fisted kluge that gives the government more power to punish arbitrarily and selectively probably isn't a fix that's going to lead to better, longer-term solutions.

          Implement legislation like this, and the government has a powerful, exploitable weapon at its disposal and no reason to trade down by writing better laws and sensible regulations. Corporations bear even less responsibility for the damage enabled by their own crappy, dangerous, recklessly half-assed designs and quality controls. And, of course, consumers watch as the idea of 'owning what you buy' fades into the distance.

          I'm less worried about the car-hackers than I'm worried about handing corporations and governments another exploit.

          reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 5 May 2016 @ 12:52pm

          Re: Re: Re:

          "Congratulations, you just shut down Tesla's incredibly effective and efficient system of fixing car software bugs by deploying remote updates!"

          There's nothing wrong with having to plug a memory stick into a slot to do a software upgrade, and there's a whole lot right with it in terms of safety and security.

          The advantage of OTA updates is convenience. That's a huge advantage for sure, but nearly all of the systems implemented so far have presented huge disadvantages as well.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 6 May 2016 @ 3:51am

            Re: Re: Re: Re:

            Yeah, security isn't always convenient. It might be convenient to leave your car unlocked with the keys in the ignition, but it may not be very secure.

            reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2016 @ 9:19am

      Re:

      The potential for malware hiding out in some obscure spot in a car does not justify this sort of attempt at draconian deterrence. Your car gets infected with malware, forcing you to replace it for fear it can't be cleaned? Treat it the same as the car being stolen. Malware disables the brakes resulting in a fatal accident? Treat it the same as cutting the brake lines resulting in an accident. There's nothing that malware can do that isn't comparable to some existing tampering with a car. Malware simply potentially makes tampering easier. That does not suddenly make it worthy of much more stringent punishments.

      reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 4 May 2016 @ 10:07am

        Re: Re:

        There's nothing that malware can do that isn't comparable to some existing tampering with a car.

        I beg to differ. Read up on the Jeep hack: the hackers were able to take control of the vehicle remotely, with the driver inside. That's something new that you can't get without a computer. What if the next malware is being run by someone less benevolent than a couple of security researchers, and they decide to play demolition derby on a highway--or in a residential neighborhood?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 May 2016 @ 10:31am

          Re: Re: Re:

          What if the next malware is being run by someone less benevolent than a couple of security researchers, and they decide to play demolition derby on a highway--or in a residential neighborhood?


          What if they do? Do you think this law will deter them and existing laws won't?

          I think we can find something to charge them with. Even assuming it wasn't murder, manslaughter is 15 years. If nobody dies, "Assault with intent to do great bodily harm less than murder" or "Assault with intent to commit felony not otherwise punished" is 10 years, and the demolition of the cars could be that felony, if nothing else. Multiply that by the number of people in the cars, then tack on the destruction of the cars - "willful and malicious destruction of property" is 10 years if the property is over $20,000, or 5 years if it's over $1000. Do you really think they're getting out anytime soon?

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 May 2016 @ 10:52am

          Re: Re: Re:

          Read up on the Jeep hack: the hackers were able to take control of the vehicle remotely

          Which show exactly why safety critical systems should NOT be connected to the Internet, or phone Network. A law that made such practice illegal would make much more sense than a law that criminals will ignore.

          reply to this | link to this | view in chronology ]

        • identicon
          s2lim, 4 May 2016 @ 11:11am

          Re: Re: Re:

          You sort of invalidated any argument you thought you might've had. 1) There are laws to punish people when bad things happen. Our jeep scenario, or others like it, invariably make those with control culpable for their actions. 2) Security researchers (e.g. hackers) are what keeps bad things from happening in the tech world by proactively investigating anything they can get into. This bill is a protectionist bill in the worst sense. When a law prevents progress it's bad law. We have a lot of bad laws and, as a result, we have a lot of good people in prison. This bill is uninformed, fear-based nonsense.

          Thumbs down.

          reply to this | link to this | view in chronology ]

        • icon
          btr1701 (profile), 4 May 2016 @ 4:17pm

          Re: Re: Re:

          > Read up on the Jeep hack: the hackers were able to take
          > control of the vehicle remotely, with the driver inside.

          Which is just one more reason I'm perfectly happy with my old 4Runner. Still runs like a dream, never had any mechanical issues with it, and it has none of this "connected to the internet, GPS monitoring, black box" crap that turns my own vehicle against me as an Orwellian wet dream.

          reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 5 May 2016 @ 12:57pm

          Re: Re: Re:

          What possible impact would the law being discussed have on things like the Jeep hack?

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2016 @ 9:52am

      Re: Not a reasonable option

      This is not a reasonable option.

      What are you in for?

      I hacked my car.

      reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 4 May 2016 @ 10:08am

        Re: Re: Not a reasonable option

        Not what I was saying at all. Please don't twist my words.

        More appropriate:

        "What are you in for?"

        "I hacked someone else's car."

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 May 2016 @ 11:39am

          Re: Re: Re: Not a reasonable option

          No the first ones correct. Indication was ANY UNAUTHORIZED HACKING would mean jail time. You or I do not own the software so any hacking even if I own the car is unauthorized. I imagine it is one of the real reasons for the bill, to make sure you have to take all vhicles to an authorized facility who in turn send money to the manufacturer to maintain their certification.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 4 May 2016 @ 12:00pm

            Re: Re: Re: Re: Not a reasonable option

            No, it doesn't say unauthorized hacking.

            A PERSON SHALL NOT INTENTIONALLY ACCESS... AN ELECTRONIC SYSTEM OF A MOTOR VEHICLE TO WILLFULLY DESTROY, DAMAGE, IMPAIR, ALTER, OR GAIN UNAUTHORIZED CONTROL OF THE MOTOR VEHICLE.

            Under the letter of this stupidly worded law, it's a crime to access the electronic system to alter the vehicle. "unauthorized" only modifies "control", as I noted before. It doesn't matter whether you're a Ford employee; it's still life in prison.

            reply to this | link to this | view in chronology ]

            • icon
              Mason Wheeler (profile), 4 May 2016 @ 12:04pm

              Re: Re: Re: Re: Re: Not a reasonable option

              ...which is why I specifically said that exemptions for legitimate use are necessary to make this reasonable. It was literally the first thing I wrote in my original post. Why are you acting as if I was supporting the entire proposed law exactly as written, when I specifically said the opposite?

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 4 May 2016 @ 4:08pm

                Re: Re: Re: Re: Re: Re: Not a reasonable option

                It was literally the first thing I wrote in my original post.


                I didn't realize we were on that thread, since the title changed.

                But it still isn't reasonable to give life in prison for hacking. If the hacking results in a murder, then charge them with murder. If it recklessly endangers 157 people, then charge 157 counts of recklessly endangering safety. If it renders the car undrivable, charge them with willful and malicious destruction of property. If they just turned the heater on full blast in summer, then that should still be a crime, but one with an appropriate punishment.

                If someone breaks into your property while you are away, they could, for all you know, have poisoned your well, put nitroglycerin in your lawn mower tank, or done all sorts of other things that might trigger later and kill you. But we don't make trespassing carry a maximum sentence of life in prison because of what might have been done, and we don't claim a house is unlivable if it has been burgled while the owners were away and you don't know what the person did, unless there's some actual reason to think they planted something.

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 4 May 2016 @ 8:54pm

                  Re: Re: Re: Re: Re: Re: Re: Not a reasonable option

                  But we don't make trespassing carry a maximum sentence of life in prison because of what might have been done,

                  Stop giving them ideas!

                  reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 4 May 2016 @ 12:24pm

              Re: Re: Re: Re: Re: Not a reasonable option

              Also, as worded, the law includes modifying an electronic ignition on a non computerised car, and could be read to include the modifying the radio.

              reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2016 @ 10:43am

      Re:

      its reasonable to lock a person up for life for rickrolling your car stereo?

      reply to this | link to this | view in chronology ]

    • identicon
      Andy, 4 May 2016 @ 10:44am

      Re:

      Also car manufacturers should have no problem protecting there cars from hackers, damn if they cannot they are doing things wrong. Just disable the ability to update until the car is in a safe place and only allow updates via a physical cable simple solution to the whole problem without having to spend millions creating a new law.

      reply to this | link to this | view in chronology ]

    • icon
      RedBeard (profile), 4 May 2016 @ 11:00am

      Re:

      If car manufacture’s need the ability to "nuke it from orbit” to address an attack on their systems, it is incumbent on them to design their system(s) with this ability in mind. They also need to separate critical systems from non-critical systems within the vehicle.

      Neither open-source software nor draconian-grade deterrence will solve the problem. Linux is open-source software, but it is not now or will it ever be completely secure. Draconian-grade deterrence has yet to end murder. In addition, draconian-grade deterrence rarely deter people with adequate resources, people that believe they are smarter than everyone else or governments.

      The only reasonable options are to require auto manufacturers to implement reasonable security system for critical auto systems; ensure that failure to do so results in punishment that are harsh enough to force compliance; and subject people that cause harm punishment that fits the crime. We have plenty of laws that deal with punishment for harm caused by a person’s actions. Doing it on a computer does not make one a super villain that should be imprisoned for life.

      reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 4 May 2016 @ 11:38am

      Re:

      Hmmm, no. Even if I agreed with the law, the punishments are disproportionate.

      Besides, one person said above, there are plenty of legal alternatives to this bullshit such as vandalism or other less destructive methods. Prisons should act as a deterrent but also as channels to rehabilitate those who get thrown there. With very, very specific exceptions the punishment should be both proportional and should give the opportunity to reintroduce the person into society. Life imprisonment for some hack is completely insane.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 May 2016 @ 7:33am

      Re:

      Killing people is already fucking illegal.

      reply to this | link to this | view in chronology ]

  • icon
    lars626 (profile), 4 May 2016 @ 8:42am

    Fair is fair

    They should pass a law that will make automotive executives that value cost savings over rigorous engineering criminally liable for the failures designed into their vehicles.

    Maybe life in prison when a child is killed will wake them up.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2016 @ 8:44am

    So, in 2035, who is going to drive the car hackers to the prison? Johnny Cab?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2016 @ 8:44am

    This is an awfully written law.

    The law says:

    A PERSON SHALL NOT INTENTIONALLY ACCESS OR CAUSE ACCESS TO BE MADE TO AN ELECTRONIC SYSTEM OF A MOTOR VEHICLE TO WILLFULLY DESTROY, DAMAGE, IMPAIR, ALTER, OR GAIN UNAUTHORIZED CONTROL OF THE MOTOR VEHICLE.


    This article says:

    Repairs to on-board computers by "non-certified" mechanics could net them charges, especially if something malfunctions down the road.


    But "authorized" mechanics would fall under the umbrella of this law just as much.

    First of all, "authorized" must be read to mean "authorized by the owner of the car", not "authorized by the manufacturer".

    Secondly, regardless of the preceding, "unauthorized" only modifies "control". It doesn't modify "alter". There is nothing in this law that allows authorized mechanics or anyone else (including the owner!) to alter the car. Altering by accessing the electronic system is made illegal, punishable by life in prison.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2016 @ 8:48am

    Amicus Brief coming from...

    FTFY - I propose we substitute all politicians by chimps. I think they'll do a better job

    reply to this | link to this | view in chronology ]

  • identicon
    dui is no different, 4 May 2016 @ 8:54am

    What if someone hacks their own body with malware like alchohol or perccocette? As far as the "potential harms done by hackers" they are affraid of I cannot see any difference between those and drunk driving. How is dui a misdemenor or minor felony still in that state?

    reply to this | link to this | view in chronology ]

    • icon
      Dave Cortright (profile), 4 May 2016 @ 11:16am

      Re: DUI

      I concur. DUI is far more dangerous than what is proposed in this bill. As is driving a vehicle with serious safety issues (bad brakes, bald tires, a sticky throttle, etc) How about actually looking at the numbers when it comes to how motor vehicles are hurting our citizens, and legislating commensurately?

      reply to this | link to this | view in chronology ]

  • icon
    Jeremy2020 (profile), 4 May 2016 @ 8:55am

    Where's the law for auto makers who use sub-standard security to save money? How many auto execs are going to jail for being irresponsible about the security they use in cars?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2016 @ 8:56am

    The problem is that politicians like to write laws. Danger in this instance is already covered. You tamper with a cars system and the person dies because of it, you could be charged with murder today. Why the need for a new law? A guy was dragged behind a pickup truck in Texas and they pass a hate crime law. Seems to me that dragging someone behind your truck and killing them was already against the law. Immigration? Why do we need new laws? Seems to me it is against the law to enter or stay in the country illegally is already against the fucking law. We don't have a law problem, we have an enforcement problem, or at least the will to enforce laws.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2016 @ 9:10am

      Re:

      When police can just really, really, really believe that the law says X, regardless of that being true, and still be found to have adequately applied it based on the belief alone, I don't know if all you have is an "enforcement of the law" problem against a more general "enforcement problem".

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2016 @ 9:00am

    I'm sure the legislators are contemplating worst-case scenarios where someone electronically hijacks a vehicle and causes someone's death, but that sort of thing should be punishable under other laws more commensurate with the end result of the hacking.
    This is Rube Goldberg legislating, where you go through all the steps after the initial act you were legislating on and punish that act according to the worst outcome possible that you can think of, no matter how removed it was from that initial cause.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2016 @ 9:19am

    Why should they go after automakers for refusing to install less security than a calculator when they can kiss their asses for campaign donations instead and try to make a horrendous law trying to just scare people to not even look at what's in their cars.

    reply to this | link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 4 May 2016 @ 9:30am

    This isn't about safety in the least

    It's about CYA for car makers, who are already shipping vehicles with non-existent security.

    If legislators were actually interested in security, then they would mandate that all vehicle control systems be completely over-source (hardware and software) and they'd require a fully-public process whereby issues can be reported and tracked, so that we can all see what they are, how they're resolved, and when they're resolved.

    But this piece of legislation...well, it pretty much guarantees that people will die in vehicles that were hacked because their systems were never subjected to independent peer review.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 4 May 2016 @ 9:54am

      Re: This isn't about safety in the least

      Car makers to politicians: Now, we could spend a lot of money developing robust and strong security for our cars, or we could spend a more modest amount on your campaign funding, which would you rather we pursue?

      *Five minutes later*

      Politicians to reporters: ... and that is why we are focused on making it absolutely positively illegal to so much as access the system on-board vehicles, with penalties harsher than deliberate murder whether or not a death results from the access, because tech is advancing and we need to stay ahead of it.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2016 @ 9:34am

    Witch hunt is pretty accurate.

    Politician/leader: "There are some people out there who can do things we do not understand how is done. Let us destroy their life for doing those things."

    Granted, it is not a burning at the stake, but it is destroying the rest of someones life based on ignorance.
    Many socalled witches were healers or just people that made others unconfortable. I see this law being used in much the same way. To make the smallest crime a life sentence, just throw in that he did something with a computer.

    Repeating the past always works out so well.

    reply to this | link to this | view in chronology ]

  • identicon
    Dingledore the Flabberghaster, 4 May 2016 @ 9:45am

    ...on a computer

    If you aren't supposed to be able to patent an idea simply by adding "on a computer" onto a known process, why on earth would they allow it on laws?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2016 @ 9:53am

    Who do we let go?

    I can see it now. Violent murderers and rapists are getting their terms commuted to make room for all of the "violent" car hackers being sentenced to life in prison.

    reply to this | link to this | view in chronology ]

  • identicon
    Andy, 4 May 2016 @ 10:33am

    laws are irrelevent if stupid!!!

    My cousin was warned by a police officer for travelling the speed limit. She was told to drive at the average speed of those other drivers on the road as she was causing a backup and a chance of accidents happening. On a road she was previously fined on for travelling at 5 miles over the limit.

    So what happens when a google car drives the speed limit and causes massive tailbacks and causes accidents due to said backups.

    There is a reason people drive faster than the law allows and on roads that allow it, damn i have been on a duel carriageway on a straight stretch of over 2 miles where there the speed limit was the same as the speed limit driving through a densely populated city road. That is just stupid and makes no sense other than the fact that the road had multiple speed cameras that made the taxman happy.

    Self driving cars could end up causing a lot of problems and accident by doing nothing but obeying the law.

    reply to this | link to this | view in chronology ]

    • icon
      Nick (profile), 4 May 2016 @ 11:28am

      Re: laws are irrelevent if stupid!!!

      I don't care what a cop says and I will fight in court, but I will NOT break a speed limit law just because everyone else is doing so.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 May 2016 @ 7:47am

        Re: Re: laws are irrelevent if stupid!!!

        A while back in Ontario there was a truck driver protest over something (I don't recall what). One act of protest was a couple of truck driving side-by-side at the speed limit on a four lane divided highway at the speed limit. As I recall it, they were successfully prosecuted for causing an obstruction. (They were definitely arrested and charged.)

        reply to this | link to this | view in chronology ]

  • icon
    streetlight (profile), 4 May 2016 @ 11:06am

    Are these guys from Flint?

    Maybe they've been drinking too much water from the Flint, MI, water system.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2016 @ 11:11am

    got to keep making laws for the prison plantations cheap slave labour otherwise those kickbacks dry up. Better 100 innocent people becomes slaves than 1 dollar less is given in bribes

    reply to this | link to this | view in chronology ]

  • icon
    Nick (profile), 4 May 2016 @ 11:26am

    Automotive News quoted Kowall as saying, “I hope that we never have to use it. That's why the penalties are what they are. The potential for severe injury and death are pretty high. Some of these people are pretty clever. As opposed to waiting for something bad to happen, we're going to be proactive on this and try to keep up with technology.”

    -

    Which is why they promptly went on to passing the following laws:
    Anyone who is caught driving over the legal alcohol limit is sentenced to life in prison.
    Anyone who texts while driving (or otherwise doesn't stare unblinkingly at the road 100% of the time)is sentenced to prison.
    Anyone who talks to drivers is sentenced to life in prison.
    Anyone who doesn't perform a legal lane change is sentenced to life in prison.
    Anyone who drives even a fraction of an MPH over the legal speed limit is sentenced to life in prison.
    And lastly... Anyone who buys firearms is sentenced to life in prison.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2016 @ 12:22pm

    on a computer

    Well, we'll probably never be able to charge a politician with a crime for proposing a stupid law. But maybe, if they propose the law while using a computer...

    reply to this | link to this | view in chronology ]

  • identicon
    Loki, 4 May 2016 @ 12:44pm

    I fail to see why this is an issue. Now that pot is becoming increasingly decriminalized we need some way for the increasingly privatized prison industry to remain profitable (as well as finding ways to remove large swatches of commoners from being able to vote). We can't rely on just copyright infringement alone.

    Think of the children, dammit, or the terrorists will win.

    reply to this | link to this | view in chronology ]

  • icon
    btr1701 (profile), 4 May 2016 @ 4:03pm

    Speeding

    > But when you go out and drive the speed limit on the
    > highway, pretty much everybody on the road is just
    > zipping past you. And I would be one of those people."

    That's because speed limits on most roads are set artificially low, for various reasons. I spent some time years ago as a city attorney and was privy to many closed-door discussions by city council members about speed limits. They take the recommended speed provided by the highway engineers which is based on science, and drop it by about 10 mph or so. Why? Everything from nanny-state safety mavens who constantly fret about the possibility someone somewhere might get hurt by something, to officials who figure that setting the limit artificially low will result in more speeders, and hence more revenue.

    reply to this | link to this | view in chronology ]

  • identicon
    Ed, 4 May 2016 @ 4:08pm

    Just needs a slight mod

    If the bill could be rewritten so that hacking a politician would result in a life sentence, then we might all support it.

    Would be nice to see all the lobbyists locked up.

    reply to this | link to this | view in chronology ]

  • icon
    btr1701 (profile), 4 May 2016 @ 4:10pm

    Law

    > "...OR GAIN UNAUTHORIZED CONTROL OF THE MOTOR VEHICLE."

    Since this bill applies to the owner of the vehicle as well as anyone else, how can the owner of a vehicle be charged with unauthorized control of his own car?

    I'm the only one who determines access to my own car, so how can it ever be unauthorized for me to do it?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2016 @ 4:22pm

      Re: Law

      I'm the only one who determines access to my own car, so how can it ever be unauthorized for me to do it?


      Your own access indeed isn't unauthorized. But it's a big "or" statement; you only have to do one thing on the list for it to be a crime. So if you altered your car via the electronics (or had someone else do it), that would be a crime under this law, because there's no "unauthorized" modifier on "alter" like there is on "control".

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 May 2016 @ 9:01pm

      Re: Law

      I'm the only one who determines access to my own car, so how can it ever be unauthorized for me to do it?

      You don't own the control software in it, you only license it to be used as they intend. So if the software owner didn't give you permission to alter it, then the resulting control is unauthorized.

      reply to this | link to this | view in chronology ]

  • icon
    frank87 (profile), 5 May 2016 @ 2:41am

    private ownership?

    And the fight against private ownership continues...
    A corporate souvereign needs serfs in stead of customers.

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 5 May 2016 @ 5:56am

    This kind of nonsense

    This kind of nonsense is one of the reasons why I am unlikely to ever buy a new car.

    reply to this | link to this | view in chronology ]

  • identicon
    Agent76, 5 May 2016 @ 6:23am

    DARPA Talks About Hacking Cars

    DARPA Talks About Hacking Cars

    http://www.youtube.com/watch?v=6OfcgJ-pl7Q


    Jul 24, 2013 A couple of hackers show off a series of nasty new attacks on cars—with Forbes' Andy Greenberg behind the wheel.

    https://www.youtube.com/watch?v=oqe6S6m73Zw

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 May 2016 @ 12:04pm

    Pun intended?

    "The senators claim this is necessary because they want to stay out in front of any technological developments."

    Yeah, I think somebody just got added to a watch list.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 May 2016 @ 12:15pm

      Re: Pun intended?

      "The senators claim this is necessary because they want to stay out in front of any technological developments."


      Maybe they should stand out in front of them. Blindfolds optional.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 May 2016 @ 10:07am

    Problem is that clueless people associate "hack" with "criminal", and that clueless people are politicians.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.