A few words from Apple CEO Tim Cook and a warning from the Electronic Frontier Foundation this week illustrate clearly the dangers that poorly crafted legislation from Congress could pose for the future of automobile safety.
Apple’s growing interest in joining the car industry has been well chronicled, and Cook did nothing to dispel the notion when speaking at The Wall Street Journal's WSJD Live conference in San Francisco.
"When I look at the automobile, what I see is that software becomes an increasingly important part of the car of the future," he said. "You see that autonomous driving becomes much more important."
There’s nothing either revelatory or debatable about Cook’s comment, which makes all the more important an alert from EFF regarding proposed legislation that could seriously curtail the ability of independent researchers to do their critically important work.
From an EFF blog post:
Today's cars are computers with wheels. And the provisions of this bill would effectively shut down the incredibly young area of automobile computer security research. The first provision allows the government to fine users $100,000 every time they gain access to the car's data and computer code "without authorization." The "without authorization" language begs the question of whose authorization is required. Similar language is in the Computer Fraud and Abuse Act and three different Circuit courts have struggled with what the term exactly means. Do car owners ever exceed authorized access on their own cars? Under the CFAA the answer is almost certainly “no,” but a recent filing in the DMCA rulemaking process by car companies says "yes," under copyright law.
It would be bad policy to prohibit vehicle owners from studying and tinkering with their own vehicle computers. Many innovations and repairs require access to the Electronic Control Unit (ECU) code. Errors in ECU code can cause braking systems to malfunction, create security vulnerabilities, and—as seen in the Volkswagen scandal—can also increase pollution. The provision’s vague language about authorization might implicate all of these activities. We would certainly argue that the language shouldn’t be read so expansively, but people shouldn't have to hire a lawyer before repairing their cars or inspecting code to make sure they are safe. And they certainly shouldn't have to fear a $100,000 penalty.
In short, they shouldn’t need permission from an automaker, be it a traditional one or the likes of Apple and Google.