House of Representatives Proposal Aims To Regulate Car Privacy (itworld.com)

← Back to Stories (view on slashdot.org)

House of Representatives Proposal Aims To Regulate Car Privacy (itworld.com)

Posted by timothy on Friday October 16, 2015 @11:32AM from the do-what-they-say dept.

itwbennett writes: Even though, as reported today on Slashdot, 'experts from government, industry, and academia say they have no confidence they'll develop a secure system that can protect users from tracking and privacy breaches,' a subcommittee of the U.S. House of Representatives have 'proposed that the National Highway Traffic Safety Administration set up an Automotive Cybersecurity Advisory Council to develop cybersecurity best-practice.' The draft proposal would require vehicle manufacturers to 'develop and implement' a privacy policy outlining their information-gathering practices, and would make vehicle data hacking illegal and subject to a $100,000 penalty for each violation.

33 of 58 comments (clear)

Min score:

Reason:

Sort:

Gof forbid we make manufacturers... by Anonymous Coward · 2015-10-16 11:43 · Score: 1

... liable for the security of their products. A weasel-worded "policy" will suffice. Caveat emptor - you were told! Steep penalties in computer hacking related cases has worked so well, with no chilling effects whatsoever!
A PCI-like standard developed by an independent body setting basic standards for encryption, segregation and/or clean, well checked APIs between control and entertainment systems will do nicely. Mandating standards has worked well for safety systems.
1. Re:Gof forbid we make manufacturers... by Mikkeles · 2015-10-17 08:43 · Score: 1
  
  Just make manufacturers strictly liable for all and any costs, direct or incidental, for any breach whatsoever. And throw in a hefty fine plus punitive damages for each incident.
  
  --
  Great minds think alike; fools seldom differ.
umm by superwiz · 2015-10-16 11:44 · Score: 4, Interesting

Any vehicle "data hacking"? Or a vehicle in motion? Otherwise, accessing data of a car's computer while the car is stationary would be a crime. So this would have made the VW investigators criminals. It would also make anyone creating a 3rd device reading on-board computer data illegal without a license from the manufacturer. If you can't introspect a car without putting in jeopardy anyone's safety, then this is just another DMCA.

--
Any guest worker system is indistinguishable from indentured servitude.
1. Re:umm by swb · 2015-10-16 11:57 · Score: 1
  
  If you can't introspect a car without putting in jeopardy anyone's safety, then this is just another DMCA.
  I imagine this is just another wolf in sheep's clothing.
  Define any access to vehicle systems that doesn't take place in a dealership as criminal hacking. This kills several birds with one stone -- the pedantic security researchers, the third part parts and maintenance people, the automotive performance guys -- all are now locked out.
  And that privacy policy will be just another 10 page list of legalistic gibberish that amounts to "We will fuck you in the ass, but only after telling you we will fuck you in the ass. And when we say fuck you in the ass, this is not limited to putting our dick in your ass. We may put it in your ass and then in your mouth or we may ram a dildo in your ass as well. And when we say we, we might mean us, or any of our friends, or really anyone who will give us anything of value. And if we should ejaculate during this process, we will expect you to swallow and tell us how much you liked it."
2. Re:umm by burtosis · 2015-10-16 12:10 · Score: 1
  
  That's exactly what this looks like. Retribution for the whole VW scandal.
3. Re:umm by Vairon · 2015-10-16 14:14 · Score: 1
  
  The draft of this bill states, "PROHIBITION.—It shall be unlawful for any person to access, without authorization, an electronic control unit or critical system of a motor vehicle, or other system containing driving data for such motor vehicle, either wirelessly or through a wired connection."
  Reference http://docs.house.gov/meetings/IF/IF17/20151021/104070/BILLS-114pih-DiscussionDraftonVehicleandRoadwaySafety.pdf
  IANAL and this is not legal advice. My reading of this makes me believe that if I own a vehicle and am not legally precluded from accessing data due to another law such as DMCA then this law would not preclude me from accessing the data. As the owner I would be the one whom authorizes accessing the data. If I buy a computer from Dell running Windows I don't have to get authorization from Dell or Microsoft to access data on or created by that computer.
4. Re:umm by superwiz · 2015-10-16 14:23 · Score: 1
  
  What if the manufacturer deems vehicle electronics to be its trade secret and explicitly prohibits anyone from disassembling it without prior written authorization? It doesn't say whose authorization. The provision should only cover vehicles in motion or in operation. Or manufacturers' lawyers will find the language to lock everyone but the licensed parties out of the process. Congress has the power to establish IP regimes. It's not limited to trade marks, patents and copyrights. The mode of the regime can be of Congress' choosing. Making the working this general would most likely survive any court challenges.
  
  --
  Any guest worker system is indistinguishable from indentured servitude.
5. Re:umm by jrumney · 2015-10-16 16:03 · Score: 1
  
  You sound surprised, as if you could not see that coming.
6. Re:umm by jrumney · 2015-10-16 16:12 · Score: 1
  
  Maybe you are looking at things from the wrong perspective.
7. Re:umm by KGIII · 2015-10-17 03:01 · Score: 1
  
  "We will fuck you in the ass, but only after telling you we will fuck you in the ass. And when we say fuck you in the ass, this is not limited to putting our dick in your ass. We may put it in your ass and then in your mouth or we may ram a dildo in your ass as well. And when we say we, we might mean us, or any of our friends, or really anyone who will give us anything of value. And if we should ejaculate during this process, we will expect you to swallow and tell us how much you liked it."
  Go on...
  
  --
  "So long and thanks for all the fish."
'develop and implement' by turkeydance · 2015-10-16 11:46 · Score: 1

famous last words.
greybeard here, so watch it. by nimbius · 2015-10-16 11:49 · Score: 1

Ill haul out the soapbox for a bit of offtopic...but how many people are sick of these cars with the all-you-can-eat infotainment systems in them? Im not talking about parents with kids that need raffi or barney on loop in the 3rd row of their urban assault vehicle. im talking about anything more than a convenient display and a USB audio jack. handsfree? never needed it. ill call back when and if im available. I dont need lane change assist, i dont need auto parking, i dont need some computer to stop my car before i crash because im face down in the dashboard tweeting my latest achievement behind the wheel. I grew up with a mustang foxbody, a manual, and if i wanted better sound i read a book and learned how to install a car stereo. I dont need the car to sync my contacts, text my friends, or google search. I just need it to be a car. Most importantly I need it to be a car thats fun to drive, reasonable to work on, and not a tin can. I get that its 2015, and we can have this stuff but there doesnt seem to be any option for people who just want to drive to just have a car. no ass-warmers, cup warmers, or weird wipers that wipe the rain and your ass by turning on when it starts raining for you. I dont need onstar, and I dont need navigation.

--
Good people go to bed earlier.
1. Re:greybeard here, so watch it. by Narcocide · 2015-10-16 11:59 · Score: 1
  
  I'd also like to add to this that I can do without the USB audio jack. A single analog stereo 1/8" input jack is perfectly sufficient. The less unnecessary vulnerabilities the better. I know cars aren't likely to ever be the most secure thing in the world, but I'd at least like mine to be more secure than unencrypted 802.11b.
2. Re:greybeard here, so watch it. by ShanghaiBill · 2015-10-16 13:31 · Score: 1
  
  I'd also like to add to this that I can do without the USB audio jack. A single analog stereo 1/8" input jack is perfectly sufficient.
  Also, rubber tires are superfluous, and an obvious point of failure. Wooden chariot wheels worked just fine back when I learned to drive.
3. Re:greybeard here, so watch it. by Narcocide · 2015-10-16 13:58 · Score: 1
  
  Cute, but wrong. Rubber tires are significantly higher durability than wooden chariot wheels, as well as more modular. I challenge you to make it 60,000 miles on a chariot with wooden wheels without having to replace both of them entirely.
4. Re:greybeard here, so watch it. by Jack+Griffin · 2015-10-16 16:42 · Score: 1
  
  Like most of us here, I work in Technology, but am becoming increasingly disillusioned with this industry. Technology for technology's sake is my pet peeve.
  Yes I like electric windows, but no I can't stand the auto wiper thing that gets it wrong most of the time. I like ABS, but hate auto lane assist. Who is that retarded that they need this?
  Where are the people drawing a line in the sand to say, not all technology is good for us. Sure pick the good bits, but don't simply include everything just because it's there. My car has GPS but it won't let me use it while driving. Awesome.
  I have bluetooth hands free which is handy, but everytime I receive an SMS the car can't deal with it and throws out an error. So now I don't use that at all either.
  Technology is good, complexity is bad, and not being able to disbale featrue we don't like/want is evil.
5. Re:greybeard here, so watch it. by theshowmecanuck · 2015-10-16 20:59 · Score: 1
  
  this
  
  --
  -- I ignore anonymous replies to my comments and postings.
6. Re:greybeard here, so watch it. by CrimsonAvenger · 2015-10-17 01:50 · Score: 1
  
  Where are the people drawing a line in the sand to say, not all technology is good for us.
  Well, they used to be called "Luddites". Perhaps if you use Google, you can find where they gather today.
  
  --
  
  "I do not agree with what you say, but I will defend to the death your right to say it"
7. Re:greybeard here, so watch it. by KGIII · 2015-10-17 03:09 · Score: 1
  
  I own an absurd number of automobiles that kind of span the ages. It's not really all that expensive to take an older car and get it professionally restored to factory condition. If you're starting with a fairly decent specimen then it's not even that expensive to ship it back to the factory for a complete restoration. My collection is picky - certain models of cars in certain years and only cars that I've either already owned or wanted to own but couldn't at the time. It's expensive when you're talking about 36 cars, all trailer queens, or the likes but if you're just doing one or two then it's not that bad at all - usually less than any car I'd buy new.
  
  --
  "So long and thanks for all the fish."
8. Re:greybeard here, so watch it. by KGIII · 2015-10-17 03:10 · Score: 1
  
  As a fellow graybeard - that's +1 Grumpy.
  
  --
  "So long and thanks for all the fish."
9. Re:greybeard here, so watch it. by Jack+Griffin · 2015-10-19 15:54 · Score: 1
  
  A "Luddite" tends to mean someone who avoids all technology, not someone who is smart enough to avoid the gimmicky ones.
Public: we have concerns re: hacked car controls by rsborg · 2015-10-16 12:02 · Score: 1

Politicians: Done. Now even reading your OBD data is illegal. Happy?

--
Make sure everyone's vote counts: Verified Voting
Yep illegal to even look at your obd by burtosis · 2015-10-16 12:07 · Score: 2

They are making it a $100,000 fine to even access your own vehicle computer. Per vehicle per offense. Yet in the same document it's a 5,000 dollar per day 1m maximum fine for any non-compliance by the manufacturer.
Fcuk this nonsense. This is what happens when you let lobbying get out of control.
In Order to Protect the Public... by IonOtter · 2015-10-16 12:09 · Score: 1

...we have made it illegal to hack motor vehicle control systems.
But won't that make it illegal for independent researchers to find vulnerabilities?
A most unfortunate side-effect, yes, but the Public Must Be Protected!

--
[End Of Line]
1. Re:In Order to Protect the Public... by moonlandingchap · 2015-10-16 22:30 · Score: 1
  
  Protected from who? The Gov' are not going to abide by any laws and will find easier and faster ways to hack/track or spy on cars with or without this kind of law. There is a huge car modding scene in the US and this will massivly impact many car fans but also a whole sub industry that has been built on modifying cars. Does this now mean that soon it won't be possible to drive down the road with a laptop plugged into the car to fine tune the fueling map? I do this all the time in my crappy little car. Tuning my car could cost $100,000 if some gun ho 5o spotted me at the lights. Well more than likely he'd think I was some kind of terrorist for wanting to use a laptop in a car and shoot me dead before proclaiming aloud "stop or I'll shoot", my lead filled corpse would prob slump forward in the seat, causing the officer to shoot a few more times, you know just to protect the children and keep the streets safe for all. America, land of the free... ROFL
I'm guessing they're more worried about by rsilvergun · 2015-10-16 15:41 · Score: 1

a vehicle showing where a driver has been. E.g. if you're a politician and somebody hacks your car to show you've been frequently gay bars and brothels.

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Re:What about fines for flaws from car manufacture by jrumney · 2015-10-16 16:11 · Score: 1

Why is it just the hackers that get fined and not the car manufacturers?
Perhaps you would find a study of how political funding works in this country enlightening.
Already Illegal by Etherwalk · 2015-10-16 16:43 · Score: 1

Any vehicle "data hacking"? Or a vehicle in motion? Otherwise, accessing data of a car's computer while the car is stationary would be a crime. So this would have made the VW investigators criminals. It would also make anyone creating a 3rd device reading on-board computer data illegal without a license from the manufacturer. If you can't introspect a car without putting in jeopardy anyone's safety, then this is just another DMCA.
It's already a *felony* to "hack" a vehicle. Hacking in the vernacular implies access not authorized by the owner. This law is about Congress cowtowing to industry to assist them in creating a structural monopoly. Note how the thing Congress can use to argue that they're not doing that is creating a *best practices* standard to *create a privacy policy*. Yeah, It's this great compromise that asks companies to say they're good companies!
Re:How about... by gnupun · 2015-10-16 20:52 · Score: 1

These politicians want to fool the public into thinking they care about privacy, when all they really care about is spying on you. You want to give us privacy? Fine, then disconnect/eliminate all tech in the car that talks to the internet. Bet that won't happen.
Re:Enlarge the House by KGIII · 2015-10-17 03:00 · Score: 1

I am not sure that I agree. I'll give it more thought but your post don't give much logic behind it - not really. It just seems to make a bunch of assumptions based on your opinion.
In short, and I could do the long version, I'm not sure that the solution to bad governance is to increase the amount of governance. The assumption that this will improve things actually seems counterintuitive. The only thing that I can think of that it might improve is the speed that things get through - it may slow it down a little but not enough to actually result in meaningful change.
So, convince me. I won't use your hashtags regardless but convince me using reasoning and facts. Having to buy more politicians just means those with wealth get to do more than those with lesser amounts of wealth but they've generally got the same interests in mind. This is just going to put more money in politics instead of making an actually change.

--
"So long and thanks for all the fish."
Do You Know Why I Pulled You Over?... by atouk · 2015-10-17 10:32 · Score: 1

...Because your computer told my computer to. Any data logged and stored can be used against you in a court of law. You have no grounds to dispute it or testify against it for your defense. By the time they're done, the computer in the car will have more privacy and rights than the driver.
Legislating every circumstance is untenable by Mr.CRC · 2015-10-17 11:46 · Score: 1

Does anyone see that there is something fundamentally wrong with legislating about every highly specific scenario?
We are a species with a technological civilization complete with nuclear bombs, and we can't even figure out how to define right and wrong as it pertains to the human condition in general terms. There's something really fucked up about us. There should really only be about 2 pages of laws for people, 5-10 for small businesses, and maybe up to about a hundred for corps., not including standards.
Self-Regulation by ashpool7 · 2015-10-17 15:26 · Score: 1

So the manufacturers will required to make up what they think is "fair" for handling your data. They could make up anything and as long as they had a "policy," you're ok! How is that even "regulation?"
Oh, and it's now a crime to twiddle with your own car.