Michigan Lawmakers Want to Give Autonomous Car Hackers Life in Prison: "We Mean Business"
Yet, if it passes, the law could hurt innovation.
Last year, a video of two hackers remotely taking control of a Jeep went viral. Shortly after, researchers from University of California San Diego hacked a Corvette with a phone. No one was put in any danger — the hacks were both done in controlled environments — but it scared both car manufacturers and legislatures.
Now, because of that fear, Michigan lawmakers are proposing laws to keep vehicle hackers from doing something similar to an innocent driver. Two recently proposed bills in the state congress, 927 and 928, would set the punishment for car hackers to the cell-slamming tune of life in prison.
“Life” is an eye-catching limit to put on a prison term. Like giving a $1 million prize or offering free trips to the Bahamas, some things are set as statements solely to make people pay attention. Life in prison is one of those statements.
“We wanted to get something out there stating that we mean business out here in Michigan,” Senator Mike Kowall, a sponsor of the bill, tells Inverse. Michigan is preparing a law that would legalize fully autonomous vehicles on the road, and “there needs to be discussion on this level so that everybody knows the seriousness of disengaging a fully autonomous vehicle when it’s going down the highway at high rates of speed.”
The American auto market depends on Michigan in the kind of way retirees depend on Florida. Ford, Fiat Chrysler, GM, Toyota, and other major car companies center operations in Michigan. Autonomous cars are in the not-so-distant future; [GM and Lyft]((https://www.inverse.com/article/15264-lyft-gm-will-put-self-driving-cars-on-the-road-by-2017) claim they will have consumer autonomous cars on the road by 2017 — as in next year. Since many of the major companies depend on Michigan as a testing ground, car legislation that happens in Michigan affects the entire market.
Kowall tells Inverse that, if someone has permission to work on a vehicle or do research and development, that’s not hacking. Though, non-malicious hacking could become legally murky, even as companies have become more reliant on white hat hackers to find flaws in new products. Flaws found this way are typically detected and shored up faster than if the company had to find each flaw on its own.
Legislators are usually playing catch up to technology, and even though the lawmakers in Michigan are trying to get out in front of autonomous vehicle technology, it might hamper development. Sections 927 and 928 are just small parts of the entire autonomy bill, but they are are small parts with an outsized impact on the market.
“The main emphasis on the bill is to open Michigan up to fully autonomous vehicles,” Kowall says. “We’ve worked with the manufacturers, we’ve worked with upfitters, we’ve worked with R&D people, and we have yet to have anybody really complain about it.”
Car hacking vs. computer hacking
Michigan already has hacking laws in the books. Accessing a computer program, computer, computer system, or computer network to “devise or execute a scheme or artifice” can, at its worst, result in 20 years in prison.
But if this bill goes through as is, hacking a car’s computer will be treated differently from computer hacking. Computer hacking can lead to stolen property and stolen identities, but car hacking affects a physical space and puts people in physical danger. That, Kowall states, is why it carries a statement punishment.
Statement laws, however, are rarely positive. Think Texas and abortion, or Alabama and same-sex marriages.
Google’s Chris Urmson asked Congress to take a “hands off” approach to autonomous legislation back in March. Heavy legislative involvement would stifle innovation and drive industry leaders abroad. But a safety argument must be made, as well. Hacking into, and then remotely controlling, an autonomous car could have deadly consequences. A car can be a deadly weapon.
Yet allowing white hat hackers into the technology could be the only surefire way to keep black hat hackers out of the system.
Either way, whether the bills pass or not, lawmakers in Michigan have already achieved one thing. They’ve made a statement.