"Rushing to roll out the next big thing, automakers have left cars unlocked to hackers and data-trackers," said Blumenthal. "This common-sense legislation protects the public against cybercriminals who exploit exciting advances in technology."
The bill, called the SPY Car Act, would require certain commitments from car manufacturers who want to build driverless or connected cars. For example, under the legislation the Federal Trade Commission would force automakers to use "reasonable measures" to protect the increasingly complex software that helps our cars run smoothly. Together with highway authorities, the FTC would also develop a window sticker that rates a new car's vulnerability to digital attack, in the same way consumers use fuel economy stickers to evaluate a car's potential gas mileage.
Hackers who figure out how to take control of a car's brakes, engine or other systems not only pose a danger to those inside the affected vehicle but also to others around it. And that danger magnifies substantially when you're talking about a whole highway full of such vulnerable cars. That's why this week British officials released a set of guidelines for companies that are testing self-driving cars. While it isn't legally binding, the 14-page document highlights how little regulators think the public is prepared for driverless vehicles.
For the most part, the guidelines require driverless cars to behave just like cars with real drivers. Test pilots shouldn't use cellphones behind the wheel, they say, and they will have to obey all traffic laws. All that sounds obvious. But buried on page 13 are a few paragraphs that hint at some of the same concerns that U.S. authorities have about next-generation autos.
Car makers should outfit test vehicles with a data recording device that tracks the vehicle's speed, braking and steering, according to the guidelines. The tracker should even monitor when the driver honks the horn. But the playbook seems conflicted over the need for collecting data and the need for keeping that data out of the wrong hands. All the guide can offer is a suggestion that auto manufacturers comply with British privacy laws and to "ensure" that the car has an "appropriate level of security" to defeat hackers.
Despite the vague language, British attempts to get a handle on new car technology are likely to put even greater pressure on U.S. regulators to fast-track their own rules. The National Highway Traffic Safety Administration says it's considering measures that would apply to the autopilot systems being developed by American manufacturers.
"The first time a self-driving car hits somebody, and someone gets hurt or is fatally injured, we're going to get the phone call," NHTSA administrator Mark Rosekind said, according to Reuters.
Adding sophisticated new sensors and more automation in our cars promises to make getting around more efficient and, with any luck, a lot less deadly. But today's latest prototypes are far from ready for the mass market. Even though some higher-end cars come with limited autonomous capabilities, such as lane and brake assist, it will be a while before most of us have cars sitting in our driveways that can talk to other cars and drive themselves.
It's clear that authorities plan to use that time to set up some rules of the road.