Lawmakers move to study car hacking

Lawmakers move to study car hacking
© Greg Nash

Two congressmen want to study vehicle cybersecurity after several high-profile car hacking incidents thrust the issue into the limelight.


The so-called SPY Car Study Act, set to be introduced Thursday by Reps. Joe WilsonAddison (Joe) Graves WilsonTrump campaign launches new fundraising program with House Republicans The myth about Puerto Rican statehood that won't go away Overnight Defense: Republicans sound alarm on Taliban deal | Trump speaks with Taliban leader | 19 states sue over border wall funding | Pentagon pushes back on NY Times report about coronavirus response MORE (R-S.C.) and Ted Lieu (D-Calif.), would require a cross-sector study to examine detection protocols, deterrence techniques and privacy best practices.

The bill is much less ambitious than similar legislation in the Senate, introduced in July by Sens. Ed MarkeyEdward (Ed) John MarkeyBipartisan senators call for investigation of TikTok's child privacy policies OVERNIGHT ENERGY: New documents show EPA rolled back mileage standards despite staff, WH concerns | Land management bureau grants 75 royalty rate cuts for oil and gas | EPA employees allege leadership interference with science in watchdog survey EPA's Wheeler grilled by Democrats over environmental rollbacks amid COVID-19 MORE (Mass.) and Richard Blumenthal (Conn.).

That bill would require the Federal Trade Commission (FTC) and the National Highway Traffic Safety Administration (NHTSA) to develop standards to protect drivers' privacy and to guard against a potentially deadly hack of a vehicle.

Wilson urged a more cautious approach to vehicle cybersecurity.

“I am proposing the SPY Car Study Act because it is irresponsible to mandate changes in a developing field before accurately assessing the situation,” Wilson said in a statement.

Concerns about the dangers of Internet-connected cars came to a head this summer when “white hat hackers” exploited a vulnerability and took control of a Jeep's steering, brakes and transmission and brought it to a halt on the highway.

That hack was widely criticized by auto manufacturers who suggested that by going public with their findings, the researchers recklessly exposed vulnerabilities and gave manufacturers no time to resolve concerns.

“Under no circumstances does [Fiat Chrysler of America] condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems,” the company, which makes the hacked Jeep, said in a statement.

The dispute is part of a larger debate around what legal standing security researchers have to explore and expose vulnerabilities in proprietary technology. 

Wilson and Lieu both emphasized the need for partnership across the auto industry and with government partners, which under the provisions of the bill include the NHTSA, the FTC, the Defense Department, the National Institute of Standards and Technology and others.

“Without adequate protections, a hacker could turn a car into a weapon,” Lieu said in a statement. “The SPY CAR Study Act is a first step in bringing industry, advocates and government together to strike a balance between innovation and consumer protection.”