A new cybersecurity bill pushed by Michigan Senators Ken Horn and Mike Kowall will send car hackers to jail for life, if it manages to pass through the Senate.
Senate Bill 927 and 928 detail the type of crime, punishment, and felony. Near the bottom, the bill states that “a person shall not intentionally access an electronic system of a motor vehicle to willfully destroy, damage, impair, alter, or gain unauthorized control of the vehicle” and the penalty for violating the law is “guilty of a felony punishable by imprisonment for life or any term of years.”
See Also: Hackers drive huge global IoT security market growth
That is on the very extreme end of the law and puts ethical hackers in an awkward legal grey area. While the bill does not say if controlled environment hacks are illegal, we doubt hackers are going to test to see if the word of the law is wrong.
“I hope that we never have to use it,” said Kowall to Automotive News. “That’s why the penalties are what they are. The potential for severe injury and death are pretty high. Some of these people are pretty clever. As opposed to waiting for something bad to happen, we’re going to be proactive on this and try to keep up with technology.”
https://mobile.twitter.com/0xcharlie/status/726153558958034944
Computer security researcher Charlie Miller, who has a keynote on car hacking at SecureWorld scheduled, took issue with the wording of the bill on Twitter. He suggests that turning a steering wheel could be considered “accessing the electronic system to alter the vehicle”, which would make it illegal to commandeer the vehicle.
Michigan is home to quite a few self-driving projects, so it is odd to see lawmakers from the state push a bill so fervently opposed by hackers and self-driving manufacturers alike.
Ethical hacking is useful for all types of electronic products and most tech companies pay out huge sums of money for reports on zero day exploits. Without this, hackers with criminal ambitions might be able to find the exploit before the company, leading to huge security risks.