Tech

New Transportation Bill Makes Cars Safer By Punishing Security Researchers

Daily Caller News Foundation logo
Steve Ambrose Contributor
Font Size:

Tucked away in a draft version of a bill before a congressional committee is a provision that has vast consequences for both good and bad hackers.

The House Energy and Commerce Committee convened Oct. 21 to discuss efforts to improve highway safety by prohibiting all data hacking on vehicles, irrespective of whether the hacker was attempting to protect consumers and improve safety. (RELATED: Almost Half A Million Chrysler Cars Can Be Hacked From Miles Away)

Terrell McSweeney, a commissioner for the Federal Trade Commission, wrote in an Oct. 21 Wired post that the bill “would make it illegal for security researchers to examine the code written into today’s cars and identify security vulnerabilities or manipulations designed to thwart environmental regulations.”

Section 302 of the National Highway Traffic Safety Administration reform bill, explicitly states:

It shall be unlawful for any person to access, without authorization, an [electrical system interface or software that can impact the movement, functioning, or operation of any component of a vehicle] or [software, firmware, or hardware] of a motor vehicle, or other system containing driving data for such motor vehicle, either wirelessly or through a wired connection.

The penalty for violating the law? A civil fine of $100,000 for each violation.

Yet, the provision is significant for the breadth of its reach, not the cost of the fine.

Vehicles that are manufactured now are essentially mobile computers. The brakes, navigation systems, Bluetooth, air conditioning, and a host of other functions that are commonplace in most cars now, are controlled by the car’s computer system. (RELATED: Computer Researchers Demonstrate How Cars Can By Hacked Via Laptop.)

Unfortunately, because computers have become the significant component in vehicles, it also means cars are just as vulnerable to hacking or other infiltration attempts. (RELATED: DARPA Hacked A Car To Prove Automakers Aren’t Securing Them [VIDEO])

Car manufacturers must now attend to potential vulnerabilities in the computer system, in addition to ensuring the vehicle meets basic operational safety standards.

White hat hackers are security researchers who look for vulnerabilities in computer systems in an effort to warn manufacturers of a product defect. They are the “ethical hackers” who often act as a gang of unofficial consumer protection agents. Black hat hackers, as one could imagine, are only interested in the more criminal elements of cyber exploitation. What’s more, many “white hats” own research firms that make money from rewards tech companies give for finding errors in code.

So in other words, the law would only deter law abiding researchers from finding and identifying vulnerabilities, while the criminals continue on as usual.

While McSweeney praised the congressional effort, she offered her own suggestion for improving highway and vehicle safety.

“The auto industry would be better served by following the lead of information technology industry which has developed ways to work with responsible security researchers instead of against them,” she said.

She stated that “many firms have established bounty programs and conferences where researchers are invited to find and report flaws in programs and products. They recognize that bringing researchers to the table and crowd sourcing solutions can be effective in staying ahead of cyber threats. Stopping research before it can start sets a terrible precedent.”

Follow Steve Ambrose on Twitter

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.