House of Representatives Proposal Aims To Regulate Car Privacy

itwbennett writes: Even though, as reported today on Slashdot, 'experts from government, industry, and academia say they have no confidence they'll develop a secure system that can protect users from tracking and privacy breaches,' a subcommittee of the U.S. House of Representatives have 'proposed that the National Highway Traffic Safety Administration set up an Automotive Cybersecurity Advisory Council to develop cybersecurity best-practice.' The draft proposal would require vehicle manufacturers to 'develop and implement' a privacy policy outlining their information-gathering practices, and would make vehicle data hacking illegal and subject to a $100,000 penalty for each violation.

Gof forbid we make manufacturers...

[Anonymous Coward]

... liable for the security of their products. A weasel-worded "policy" will suffice. Caveat emptor - you were told! Steep penalties in computer hacking related cases has worked so well, with no chilling effects whatsoever!

A PCI-like standard developed by an independent body setting basic standards for encryption, segregation and/or clean, well checked APIs between control and entertainment systems will do nicely. Mandating standards has worked well for safety systems.

Re:

[KGIII]

I am not sure that I agree. I'll give it more thought but your post don't give much logic behind it - not really. It just seems to make a bunch of assumptions based on your opinion.

In short, and I could do the long version, I'm not sure that the solution to bad governance is to increase the amount of governance. The assumption that this will improve things actually seems counterintuitive. The only thing that I can think of that it might improve is the speed that things get through - it may slow it down a li

Re:

[Mikkeles]

Just make manufacturers strictly liable for all and any costs, direct or incidental, for any breach whatsoever. And throw in a hefty fine plus punitive damages for each incident.

umm

[superwiz]

Any vehicle "data hacking"? Or a vehicle in motion? Otherwise, accessing data of a car's computer while the car is stationary would be a crime. So this would have made the VW investigators criminals. It would also make anyone creating a 3rd device reading on-board computer data illegal without a license from the manufacturer. If you can't introspect a car without putting in jeopardy anyone's safety, then this is just another DMCA.

Re:

[swb]

If you can't introspect a car without putting in jeopardy anyone's safety, then this is just another DMCA.

I imagine this is just another wolf in sheep's clothing.

Define any access to vehicle systems that doesn't take place in a dealership as criminal hacking. This kills several birds with one stone -- the pedantic security researchers, the third part parts and maintenance people, the automotive performance guys -- all are now locked out.

And that privacy policy will be just another 10 page list of legalistic gibberish that amounts to "We will fuck you in the ass, but only after telling you we will fuck you in t

Re:

[burtosis]

That's exactly what this looks like. Retribution for the whole VW scandal.

Re:

[jrumney]

Maybe you are looking at things from the wrong perspective.

Re:

[KGIII]

"We will fuck you in the ass, but only after telling you we will fuck you in the ass. And when we say fuck you in the ass, this is not limited to putting our dick in your ass. We may put it in your ass and then in your mouth or we may ram a dildo in your ass as well. And when we say we, we might mean us, or any of our friends, or really anyone who will give us anything of value. And if we should ejaculate during this process, we will expect you to swallow and tell us how much you liked it."

Go on...

Re:

[Vairon]

The draft of this bill states, "PROHIBITION.—It shall be unlawful for any person to access, without authorization, an electronic control unit or critical system of a motor vehicle, or other system containing driving data for such motor vehicle, either wirelessly or through a wired connection."

Reference http://docs.house.gov/meetings/IF/IF17/20151021/104070/BILLS-114pih-DiscussionDraftonVehicleandRoadwaySafety.pdf [house.gov]

IANAL and this is not legal advice. My reading of this makes me believe that if I own a v

Re:

[superwiz]

What if the manufacturer deems vehicle electronics to be its trade secret and explicitly prohibits anyone from disassembling it without prior written authorization? It doesn't say whose authorization. The provision should only cover vehicles in motion or in operation. Or manufacturers' lawyers will find the language to lock everyone but the licensed parties out of the process. Congress has the power to establish IP regimes. It's not limited to trade marks, patents and copyrights. The mode of the regim

I'm guessing they're more worried about

[rsilvergun]

a vehicle showing where a driver has been. E.g. if you're a politician and somebody hacks your car to show you've been frequently gay bars and brothels.

Re:

[jrumney]

You sound surprised, as if you could not see that coming.

Already Illegal

[Etherwalk]

Any vehicle "data hacking"? Or a vehicle in motion? Otherwise, accessing data of a car's computer while the car is stationary would be a crime. So this would have made the VW investigators criminals. It would also make anyone creating a 3rd device reading on-board computer data illegal without a license from the manufacturer. If you can't introspect a car without putting in jeopardy anyone's safety, then this is just another DMCA.

It's already a *felony* to "hack" a vehicle. Hacking in the vernacular implies access not authorized by the owner. This law is about Congress cowtowing to industry to assist them in creating a structural monopoly. Note how the thing Congress can use to argue that they're not doing that is creating a *best practices* standard to *create a privacy policy*. Yeah, It's this great compromise that asks companies to say they're good companies!

'develop and implement'

[turkeydance]

famous last words.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Narcocide]

I'd also like to add to this that I can do without the USB audio jack. A single analog stereo 1/8" input jack is perfectly sufficient. The less unnecessary vulnerabilities the better. I know cars aren't likely to ever be the most secure thing in the world, but I'd at least like mine to be more secure than unencrypted 802.11b.

Re:

[ShanghaiBill]

I'd also like to add to this that I can do without the USB audio jack. A single analog stereo 1/8" input jack is perfectly sufficient.

Also, rubber tires are superfluous, and an obvious point of failure. Wooden chariot wheels worked just fine back when I learned to drive.

Re:

[Narcocide]

Cute, but wrong. Rubber tires are significantly higher durability than wooden chariot wheels, as well as more modular. I challenge you to make it 60,000 miles on a chariot with wooden wheels without having to replace both of them entirely.

Re:

[KGIII]

As a fellow graybeard - that's +1 Grumpy.

Re:

[Jack Griffin]

Like most of us here, I work in Technology, but am becoming increasingly disillusioned with this industry. Technology for technology's sake is my pet peeve.
Yes I like electric windows, but no I can't stand the auto wiper thing that gets it wrong most of the time. I like ABS, but hate auto lane assist. Who is that retarded that they need this?
Where are the people drawing a line in the sand to say, not all technology is good for us. Sure pick the good bits, but don't simply include everything just because i

Re:

[CrimsonAvenger]

Where are the people drawing a line in the sand to say, not all technology is good for us.

Well, they used to be called "Luddites". Perhaps if you use Google, you can find where they gather today.

Re:

[Jack Griffin]

A "Luddite" tends to mean someone who avoids all technology, not someone who is smart enough to avoid the gimmicky ones.

Re:

[theshowmecanuck]

this

Re:

[KGIII]

I own an absurd number of automobiles that kind of span the ages. It's not really all that expensive to take an older car and get it professionally restored to factory condition. If you're starting with a fairly decent specimen then it's not even that expensive to ship it back to the factory for a complete restoration. My collection is picky - certain models of cars in certain years and only cars that I've either already owned or wanted to own but couldn't at the time. It's expensive when you're talking abo

Re:

[gnupun]

These politicians want to fool the public into thinking they care about privacy, when all they really care about is spying on you. You want to give us privacy? Fine, then disconnect/eliminate all tech in the car that talks to the internet. Bet that won't happen.

Public: we have concerns re: hacked car controls

[rsborg]

Politicians: Done. Now even reading your OBD data is illegal. Happy?

Re:

[jrumney]

Why is it just the hackers that get fined and not the car manufacturers?

Perhaps you would find a study of how political funding works in this country enlightening.

Yep illegal to even look at your obd

[burtosis]

They are making it a $100,000 fine to even access your own vehicle computer. Per vehicle per offense. Yet in the same document it's a 5,000 dollar per day 1m maximum fine for any non-compliance by the manufacturer.
Fcuk this nonsense. This is what happens when you let lobbying get out of control.

In Order to Protect the Public...

[IonOtter]

...we have made it illegal to hack motor vehicle control systems.

But won't that make it illegal for independent researchers to find vulnerabilities?

A most unfortunate side-effect, yes, but the Public Must Be Protected!

Re:

[moonlandingchap]

Protected from who? The Gov' are not going to abide by any laws and will find easier and faster ways to hack/track or spy on cars with or without this kind of law. There is a huge car modding scene in the US and this will massivly impact many car fans but also a whole sub industry that has been built on modifying cars. Does this now mean that soon it won't be possible to drive down the road with a laptop plugged into the car to fine tune the fueling map? I do this all the time in my crappy little car. Tuni

Do You Know Why I Pulled You Over?...

[atouk]

...Because your computer told my computer to. Any data logged and stored can be used against you in a court of law. You have no grounds to dispute it or testify against it for your defense. By the time they're done, the computer in the car will have more privacy and rights than the driver.

Legislating every circumstance is untenable

[Mr.CRC]

Does anyone see that there is something fundamentally wrong with legislating about every highly specific scenario?

We are a species with a technological civilization complete with nuclear bombs, and we can't even figure out how to define right and wrong as it pertains to the human condition in general terms. There's something really fucked up about us. There should really only be about 2 pages of laws for people, 5-10 for small businesses, and maybe up to about a hundred for corps., not including standard

Self-Regulation

[ashpool7]

So the manufacturers will required to make up what they think is "fair" for handling your data. They could make up anything and as long as they had a "policy," you're ok! How is that even "regulation?"

Oh, and it's now a crime to twiddle with your own car.