Self-driving cars are going to broadcast a lot of information. What if the wrong people are listening?
In just a few years, self-driving cars will be able to “talk” to each other, their manufacturers and their owners.
Whom else might they talk to? Or, more accurately, who else might be able to get them to talk?
The technological strides forward that are capable of putting autonomous vehicles on the road unfortunately also make those same vehicles – and their owners – vulnerable to threats that don’t exist with most traditional occupant-driven cars.
In the podcast “The Legal Impact of Autonomous Vehciles (Part II),” Phil Yannella, a partner in Ballard Spahr’s Privacy & Data Security Group, identified several areas where consumers and lawmakers alike will want to apply careful thought:
Privacy and data security don’t immediately come to mind when thinking about autonomous vehicles. Why is this an area we need to think about?
“Although it might seem to be the stuff of a sci-fi thriller, the fear of criminals accessing and commanding a car remotely is, unfortunately, more than theoretical,” Yannella said. “Several years ago, in fact, there was a series of news reports in Wired magazine and then on 60 Minutes concerning Gray Hat Hackers who had been able to remotely access vehicles and control them. Even before the development of autonomous vehicles, most cars were highly connected, and thus potentially hackable. To date, there haven’t been any reports of hackers maliciously accessing connected cars and causing either physical or personal damage, but again, we know it is theoretically possible.”
Are self-driving cars vulnerable to hacking?
“The development of autonomous driving vehicles will likely increase the risk of hacking,” Yannella said. “These cars will have multiple connection points. There will be connections between the Computer Area Network, which is kind of the brains of the car, as well as its component parts – its brakes, the drive train, etc. There will be connections between the car and the manufacturer. There will be connections between the car and other autonomous vehicles on the road, as well as any wired public infrastructure. All these connections increase the risk of hacking, just because there are many more entry points for hackers to exploit. It will also increase the risk that a coding bug could cause widespread damage, because an issue in one car could involve accidents with other cars that are communicating with that vehicle.”
Are we ready to meet these concerns?
Yes and no.
Twenty states have enacted laws pertaining to self-driving cars, but as Yannella noted, “most of these laws implement fairly ministerial changes, like making it clear under state law that autonomous driving vehicles are permissible on state roads, provided that vehicles comply with other state laws. Some of these laws direct other state agencies to develop regulations.”
“The more detailed work, frankly, is at the federal level,” Yannella said. “Over the summer, the House of Representatives passed a bill, which is now in the Senate, where it’s called The AV START Act Act. This addresses a number of cybersecurity, data access and privacy concerns associated with the development of autonomous vehicles.”
Are these legislative efforts enough? Probably not. It’s the start of what might be a very long voyage.
Listen to The Legal Impact of Autonomous Vehicle Connectivity and The Legal Impact of Autonomous Vehicles (Part II) podcast and explore our full suite of automotive solutions.