Slashdot Mirror
House of Representatives Proposal Aims To Regulate Car Privacy (itworld.com)
itwbennett writes: Even though, as reported today on Slashdot, 'experts from government, industry, and academia say they have no confidence they'll develop a secure system that can protect users from tracking and privacy breaches,' a subcommittee of the U.S. House of Representatives have 'proposed that the National Highway Traffic Safety Administration set up an Automotive Cybersecurity Advisory Council to develop cybersecurity best-practice.' The draft proposal would require vehicle manufacturers to 'develop and implement' a privacy policy outlining their information-gathering practices, and would make vehicle data hacking illegal and subject to a $100,000 penalty for each violation.
... liable for the security of their products. A weasel-worded "policy" will suffice. Caveat emptor - you were told! Steep penalties in computer hacking related cases has worked so well, with no chilling effects whatsoever!
A PCI-like standard developed by an independent body setting basic standards for encryption, segregation and/or clean, well checked APIs between control and entertainment systems will do nicely. Mandating standards has worked well for safety systems.
Any vehicle "data hacking"? Or a vehicle in motion? Otherwise, accessing data of a car's computer while the car is stationary would be a crime. So this would have made the VW investigators criminals. It would also make anyone creating a 3rd device reading on-board computer data illegal without a license from the manufacturer. If you can't introspect a car without putting in jeopardy anyone's safety, then this is just another DMCA.
Any guest worker system is indistinguishable from indentured servitude.
famous last words.
Ill haul out the soapbox for a bit of offtopic...but how many people are sick of these cars with the all-you-can-eat infotainment systems in them? Im not talking about parents with kids that need raffi or barney on loop in the 3rd row of their urban assault vehicle. im talking about anything more than a convenient display and a USB audio jack. handsfree? never needed it. ill call back when and if im available. I dont need lane change assist, i dont need auto parking, i dont need some computer to stop my car before i crash because im face down in the dashboard tweeting my latest achievement behind the wheel. I grew up with a mustang foxbody, a manual, and if i wanted better sound i read a book and learned how to install a car stereo. I dont need the car to sync my contacts, text my friends, or google search. I just need it to be a car. Most importantly I need it to be a car thats fun to drive, reasonable to work on, and not a tin can. I get that its 2015, and we can have this stuff but there doesnt seem to be any option for people who just want to drive to just have a car. no ass-warmers, cup warmers, or weird wipers that wipe the rain and your ass by turning on when it starts raining for you. I dont need onstar, and I dont need navigation.
Good people go to bed earlier.
... the very nature of these systems and the laws of nature prevent any such 'privacy'. Anytime you are broadcasting or networking anything you are leaving a trail of information. That doesn't even count external monitoring and communication like sensors/camera's on/near signs and roadways. The world is just going to have to face up to the fact that tech makes our society transparent and there's little we can do.
How about not plugging absolutely everything into the internet? Have we not already established that this is a bad idea? It's like living in a glass house with a webcam outside 24/7.
Personally I have absolutely zero interest in new cars. I don't want what they're selling. My newest car is a 2005 and even that's a bit too new for my taste, with its electronically actuated throttle. And these days, restoring and maintaining an old one is cheaper than buying new anyway.
Politicians: Done. Now even reading your OBD data is illegal. Happy?
Make sure everyone's vote counts: Verified Voting
Why is it just the hackers that get fined and not the car manufacturers?
Afterall, they are the ones producing the defective goods. It should be the car manufacturers that get whacked with a $10,000,000 fine for producing a car with software that can be hacked.
And since the government feels the need to regulate this, there is plenty more it could do such as legislate that car manufacturers need to have vehicles penetration tested, etc, prior to launch.
Yes software is complex, yes it is hard to get right and yes it is hard to make software security bug free.
BUT peoples' lives depend on the software in cars not being buggy.
They are making it a $100,000 fine to even access your own vehicle computer. Per vehicle per offense. Yet in the same document it's a 5,000 dollar per day 1m maximum fine for any non-compliance by the manufacturer.
Fcuk this nonsense. This is what happens when you let lobbying get out of control.
...we have made it illegal to hack motor vehicle control systems.
But won't that make it illegal for independent researchers to find vulnerabilities?
A most unfortunate side-effect, yes, but the Public Must Be Protected!
[End Of Line]
If a car is hacked and data stolen - because the manufacturer of the car did a poor job securing it - shouldn't there be some penalty levied against the car company?
Re: Re: Public: No, not happy. WE want to control the damn security, NOT trust you fucking idiots, who can't comprehend the meaning of "computer security", to do it for us.
P.S. Why don't we trust you? You have a lousy track record. Plus this is the US, we exist BECAUSE of our distrust of government.
For a small fee, I'm sure they'll let advertisers into your vehicles.
Like a CFAA for hobbyist auto mechanics?
Like a DMCA specifically written to protect Volkswagen?
Like a PIPA/COPA intended to outlaw ODB-based diagnostics?
I'm glad that problem is solved. What's next?
Are they making it a crime to track the radio transmitters that track tire pressure (and oh, by the way, transmit a serial number)? Nope? Didn't think so.
There are RFID chips in the tires.
Some places actually scan them to identify people that have prepaid toll-gate access, so they're definitely readable.
All firmware should be open source, and owners should be able to access their own.
Has anyone disassembled the VW code?
Perhaps the GOP will stack VWs to make a great wall with Mexico. The EU could use them as temporary immigrant residences. The ancient VWs could float. Then there's Mars...
I can't believe that government types are still using "Cyber" with a straight face. It doesn't inspire confidence that they have the expertise to protect cars on the InfoSuperhighway from body-modding super-intellegent dolphins trying to hack the Gibson.
I am asking for your help with a little political social experiment.
I ask that if you come across any story regarding any sort of bad Federal Law or any sort of action you disagree with that you see Congress take or not take, or even some abuse of power by the Executive that you believe should be part of Congressional oversight, and you feel the need to comment or repost the story, that you append the hashtag: #enlargethehouse
My assertion is that because of the limited membership in the US House of Representatives, it creates conditions that are perfect for corruption as it causes high priced competition by lobbyists for our leaders. I believe that if we remove the current self-imposed limit of 435 members and make Congress enlarge the United States House, it will force much of the corruption out of our system as there will be more elected officials that will have to be bought to influence legislation and by having more members, it will me than our voices and influence will be greater than those that seek to buy off our government.
The goal of this is not liberal or conservative, Republican or Democrat, it is American Constitutionalism and it is my belief that if we start now, we can force an issue that will become a central focus in the election cyclical and the coming congress.
So once again, I ask that if at any time in the coming weeks you come across any story regarding a Federal Law, overreach by the Executive, you help me to see if we can create a movement that will be picked up by the masses and force real substantial reform of our broken system.
If someone asks you what it means, take a couple of seconds to explain the idea or simply send them a copy of this message.
Join with me and let's see if we can get our government to #enlargethehouse
a vehicle showing where a driver has been. E.g. if you're a politician and somebody hacks your car to show you've been frequently gay bars and brothels.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
If they passed a law requiring privacy then you have privacy.
If they pass a law requiring a POLICY on privacy, then you don't get privacy.
Its the equivalent of saying "give yourselves permission via a 'privacy policy' that nobody reads".
Remember the man who went to the AA meeting and received details about a man he's met there but never exchanged names with? That will be data mining of email data or location data. For example you signed up to Facebook, and it wants to get your email address book to connect to your friends. It grabs the email addresses, decides who you know, and then emails your contacts with lists of other people *you* know to try to lure them to sign up as if these other second hand people want to contact them. Tricks like that are permitted by Privacy Policy EULAs.
For the car, how you drive will be wanted by Insurance companies, car companies, where you drive by hotel booking companies, and tour companies and restaurants. Did you drive to a hospital... did you drive to a sleezy part of town... lots of lovely surve
Google Car Computer wants all this info to send back to Google Surveillance HQ, because it has the potential to be worth a lot of money. Money ultimately you pay for, there's no point in having an informational advantage over you if it can't be turned into a profit from you, or control over your actions.
Perhaps you would find a study of how political funding works in this country enlightening.
No one with common sense will want a car newer than 1970.
Any vehicle "data hacking"? Or a vehicle in motion? Otherwise, accessing data of a car's computer while the car is stationary would be a crime. So this would have made the VW investigators criminals. It would also make anyone creating a 3rd device reading on-board computer data illegal without a license from the manufacturer. If you can't introspect a car without putting in jeopardy anyone's safety, then this is just another DMCA.
It's already a *felony* to "hack" a vehicle. Hacking in the vernacular implies access not authorized by the owner. This law is about Congress cowtowing to industry to assist them in creating a structural monopoly. Note how the thing Congress can use to argue that they're not doing that is creating a *best practices* standard to *create a privacy policy*. Yeah, It's this great compromise that asks companies to say they're good companies!
Ok, you got my attention (not that it matters that much)
In case you're passive aggressive...
the only ones to get data from your car's electronics, sensors, logs, and other equipment is the government **...
**and the insurance companies if they contribute enough to lawmakers' election campaigns.
...Because your computer told my computer to. Any data logged and stored can be used against you in a court of law. You have no grounds to dispute it or testify against it for your defense. By the time they're done, the computer in the car will have more privacy and rights than the driver.
Does anyone see that there is something fundamentally wrong with legislating about every highly specific scenario?
We are a species with a technological civilization complete with nuclear bombs, and we can't even figure out how to define right and wrong as it pertains to the human condition in general terms. There's something really fucked up about us. There should really only be about 2 pages of laws for people, 5-10 for small businesses, and maybe up to about a hundred for corps., not including standards.
So the manufacturers will required to make up what they think is "fair" for handling your data. They could make up anything and as long as they had a "policy," you're ok! How is that even "regulation?"
Oh, and it's now a crime to twiddle with your own car.