Through a combination of recklessness, negligence, and belligerence, car drivers in America kill more than 40,000 people a year, according to the National Safety Council. Advocates of autonomous and connected cars say they will save lives, but computer security experts know that they also come with their own set of risks.
Those risks became front-page news in a 2015 Wired report that demonstrated a hacker disabling control of a Jeep Cherokee hurtling down the freeway at 70 mph. Nobody was hurt in the demo, but it adroitly underscored the promise and risks of connecting cars to the Internet and one another.
The complicated future of vehicles is the focus of the second Enigma Interviews, a fireside chat I will moderate between Deirdre Mulligan, co-director of the University of California at Berkeley Center for Law and Technology and professor at UC Berkeley School of Information, and Stefan Savage, a 2017 MacArthur Foundation “Genius” grant recipient and a professor at University of California at San Diego. The Parallax is co-hosting the event with Usenix, New Context, Javelin Strategy and Research, and Avast (which also sponsors this site) at 7 p.m. PST on Wednesday, November 29, in San Francisco.
Connected cars are at the forefront of the cyberphysical dilemma. To develop them, experts in computer security, privacy, law, government, design, robotics and, of course, automotive engineering are collaborating in brand-new ways.
Few of the questions pertaining to securing either connected or autonomous cars have been answered to Mulligan’s satisfaction. She says Tesla’s update to fix an unintentional “deadman’s switch,” which allowed a connected car to drive down the street without a driver, demonstrated just one of many potential areas a hacker could exploit. Other areas include transitions in vehicle control from humans to computers, sensors that “see through” road obstacles, and smartphone apps that lock or unlock cars.
“We haven’t really thought through the risk models,” she says.
Savage also worries whether enough funding is available for securing the software running the vehicles of tomorrow. Traditional car manufacturers, following innovators in Silicon Valley, are heavily investing in connected technologies “because if they don’t, they lose the future market,” he says. “But the budget for security is modest.”
Mulligan and Savage both worry about the dangers that faulty car software updates might pose. Mulligan notes anecdotal situations where a car’s handling felt worse to the driver after an update. The implications for security aren’t hard to imagine.
There can be “very serious consequences,” Mulligan says.
I’ll dig deeper into these topics in person on Wednesday. Here are the types of questions I’m planning to ask:
- What’s the difference between the various connected-car initiatives today? Who leads on security? Who lags? How should various players in the game catch up?
- Should consumers trust self-driving and connected cars? If not, what needs to change? And what are the most effective approaches to securing them?
- What role should government agencies play in advancing or regulating car automation? How might its position conflict with its history of mandating safety features?
- Are regulations strong enough to ensure that connected-car security is a priority, while being flexible enough to accommodate technological improvements?
- How far away are connected cars from eliminating Philippa Foot’s “trolley problem”?
- What role does America’s culture and history of car ownership play in the development of connected cars?
- When we combine the gig economy with self-driving cars, are we developing a robot economy? Is Uber paving the way for public acceptance of one?
I’ll also be asking questions from the live audience and people watching the livestream. You can start submitting questions today to Enigma on Twitter or The Parallax on Facebook using the hashtag #EnigmaIntvw. Thank you!