OPINION:
With more than 250 million vehicles clogging the American road, the joy of that open road is quickly giving way to the anguish of the gridlocked highway. The driverless car is supposed to unsnarl the backups and prevent thousands of traffic deaths caused by human error. The cyberspace in which interconnected vehicles are guided, though, is the playground of hackers. Before settling into a vehicle on autopilot, Americans should demand safeguards of privacy and security against the prospect of unbidden hands driving them into harm’s way.
It’s not an idle thought. Uber this month opened its driverless car pilot test in Pittsburgh. The firm has fielded a fleet of Volvo luxury SUVs equipped with self-driving capability offering free rides around the city. A human technician sits in the driver’s seat as a backup, ready to reach for the wheel if danger is imminent. Other companies, including Google, Ford, GM and Tesla, are preparing to test their own technology, all vying for a piece of the driverless car/truck/SUV market, with all promising to smooth the flow of traffic.
Keeping thousands of cars, buses and trucks on city streets accelerating and braking in unison is only possible with advanced wireless connectivity that allows vehicles to move in synchronized union, and safeguards against disruption are critical. The security of personal financial information is essential, yet millions of consumers have learned the hard way that promises of privacy are routinely broken. Lots of vehicle data is stored online, such as codes for keyless entry, and are not beyond the reach of high-tech thieves. Already they’re plucking the low-hanging fruit. Earlier this month, Houston police charged two men with stealing more than 100 vehicles by using a laptop to signal the cars to open their doors and start their engines keylessly. A technology writer for Wired magazine last year described how cybersecurity experts brought his Jeep Cherokee to a halt on a busy interstate to demonstrate the vulnerability of connected vehicles.
Today’s smart cars transmit information wirelessly about their operation, such as speed, acceleration and braking. The data is so detailed that driver privacy is threatened. Researchers in a blind test have been able to correctly identify drivers by simply comparing data sent by their vehicles with their known driving habits. Security is vulnerable. Vehicle functions like the engine management system, control gauge cluster, airbags, and sound and communications systems are interconnected, and if unencrypted, provide channels through which hackers can take command of a vehicle.
The lack of safeguards protecting privacy and preventing hacking has prompted the Electronic Privacy Information Center to ask the 9th U.S. Circuit Court of Appeals in San Francisco to allow Toyota owners to sue the manufacturer over the danger posed by interconnected cars that lack encryption. Helene Cahen et al. v. Toyota Motor Corp. highlights the widespread vulnerability of smart vehicles and the need to improve cybersecurity before putting the nation’s transportation fleet on autopilot. Encryption has its drawbacks, as demonstrated in the massacre by radical Islamic terrorists in San Bernardino, whose password-locked cellphone frustrated FBI investigators looking for information on whether the terrorists had accomplices.
With 38,300 U.S. highway deaths last year, the value of eliminating human driver error is clear. But the possibility of vehicles sent hurtling into oncoming traffic by invisible hands is cause for deep concern. Americans need to have assurance that when they turn over the steering wheel to unseen powers their cars and trucks won’t be commandeered by a teenage prankster or an ISIS hacker. Until leaders of the driverless revolution can guarantee that, the only place for American drivers is in the driver’s seat.
Please read our comment policy before commenting.