Should Car Hacking Be Punishable By Life in Prison?

Groundbreaking automotive cyber-security legislation carries possibility of a life sentence. 

byMax Prince| PUBLISHED Apr 30, 2016 4:21 PM
Should Car Hacking Be Punishable By Life in Prison?

Last summer, one of our colleagues at Wired had his Jeep Cherokee accessed remotely by hackers. They turned on the windshield wipers, cranked the stereo and air conditioning. Nothing too dangerous, since the hackers had actually been hired by the Jeep’s owner. The entire thing was a planned demonstration, a stunt to prove a point: some vehicles are susceptible to hacking, full takeover of dashboard functions, steering, brakes, and transmission, a “zero-day exploit.” The story blew up. Fiat-Chrysler recalled over a million cars.

Now, we’re seeing more fallout from the embarrassing (and expensive) ordeal: Lawmakers in Michigan have proposed new legislation against car hacking, and it’s severe. Backed by Republicans Mike Kowall and Ken Horn, Senate bill 927 amends existing laws regarding unauthorized computer access to include automobiles. The new bill states a person "shall not intentionally access or cause access to be made to an electronic system of a motor vehicle to willfully destroy, damage, impair, alter or gain unauthorized control of the motor vehicle." This makes car hacking a felony and punishable by a maximum sentence of life in prison.

Charlie Miller, one of the men who hacked a Jeep Cherokee for Wired., Bill O'Leary/The Washington Post via Getty

The problem is that the bill’s wording is vague. There’s no differentiation between criminals and, say, product developers or tech fiddlers. As the legislation sits now, a contracted white hat or cyber-security firm could be committing a crime by simply doing their job. It’d make the hackers who volunteered for the Wired story felons, in the state’s eyes, and our colleague an accessory. Which feels weird and sort of wrong, considering they brought the issue to attention in the first place. Strong also legislation protects carmaker’s interests; no surprise that Michigan, where the auto lobby reigns, wants it one step short of the guillotine.

Senate bill 927 probably isn’t worth getting too riled up about. The U.S. Senate might soon force privacy and security standards for the auto industry; some kind of overarching federal criminal law seems inevitable. For now, though, it’s up to the states. The Michigan legislation has been sent to the Senate judiciary committee.