Today, America’s House Energy and Commerce Committee began safety hearings with a proposed bill to reform the National Highway Traffic Safety Administration. That bill contains a provision which completely outlaws car owners from hacking their own cars. Which a giant mistake.
The draft of the bill is here, and the current language is a threat to a form of modification that is a net good for drivers. It prohibits “any person” from accessing any system “either wirelessly or through a wired connection.” The ban would be far too broad, and would ban helpful research as well as malicious hacking.
And it’s not one that’s supported by the Federal Trade Commission. The FTC’s prepared statement to the committee had this to say:
We support the goal of deterring criminals from accessing vehicle data. Security researchers have, however, uncovered security vulnerabilities in connected cars by accessing such systems. Responsible researchers often contact companies to inform them of these vulnerabilities so that the companies can voluntarily make their cars safer. By prohibiting such access even for research purposes, this provision would likely disincentivize such research, to the detriment of consumers’ privacy, security, and safety.
The FTC is absolutely correct. Researchers have hacked systems to find real threats to safety and security, and it’s wrongheaded of Congress and the automobile industry to try to stop it. Terrell McSweeney points out a number of examples over at Wired, telling car manufacturers that they’d be better off cooperating with hackers the way the tech industry has — with bounties for finding vulnerabilities and the like — in order to improve security.
Earlier this year, Gizmodo’s own Adam Clark Estes watched security experts hack cars without ever touching them and reported on the car industry’s surprisingly lacklustre response to the exploits in their systems. It seems like Congress has finally woken up to the problem, but is listening to exactly the wrong way to fix it. Making car hacking illegal won’t stop people from doing it, but it could prevent responsible research.
This isn’t even the first time this year car manufacturers have opposed measures that would increase independent research into car safety. They also opposed an exemption to the Digital Millennium Copyright Act which would allow people into the systems of their cars.
Hopefully Congress listens to the FTC and, at the very least, adds some exceptions to the proposed law.
Photo credit: kurhan/Shutterstock