Remember that 2700-page, $1 trillion dollar infrastructure bill that the US government passed back in August? Well, have you read it? Of course we're joking -- we know you haven't read it. Most of the legislators who voted on it probably haven't either. Some folks have, though, and they're finding some pretty alarming things buried in that bill.
One of the most concerning things we've heard so far is the revelation that this "infrastructure" bill includes a measure mandating vehicle
backdoorkill-switches in every car by 2026. The clause is intended to increase vehicle safety by "passively monitoring the performance of a driver of a motor vehicle to accurately identify whether that driver may be impaired," and if that sentence doesn't make your hair stand on end, you're not thinking about the implications.
Let us spell it out for you: by 2026, vehicles sold in the US will be required to automatically and silently record various metrics of driver performance, and then make a decision, absent any human oversight, whether the owner will be allowed to use their own vehicle. Even worse, the measure goes on to require that the system be "open" to remote access by "authorized" third parties at any time.
The passage in the bill was unearthed by former Georgia Representative Bob Barr, writing over at the
Daily Caller. Barr notes correctly that this is a privacy disaster in the making. Not only does it make every vehicle a potential tattletale (possibly reporting minor traffic infractions, like slight speeding or forgetting your seat-belt, to authorities or insurance companies), but tracking that data also makes it possible for bad actors to retrieve it.
More pressing than the
privacyconcerns, though, are the safety issues. Including an automatic kill switch of this sort in a machine with internet access presents the obvious scenario that a malicious agent could disable your vehicle remotely with no warning. Outside that possible-but-admittedly-unlikely idea, there are all kinds of other reasons that someone might need to drive or use their vehicle while "impaired", such as in the case of emergency, or while injured.
Even if the remote access part of the mandate doesn't come to pass, the measure is still astonishingly short-sighted. As Barr says, "the choice as to whether a vehicle can or cannot be driven ... will rest in the hands of an algorithm over which the car's owner or driver have neither knowledge or control." Barr, a lawyer himself, points out that there are legal issues with this whole concept, too. He anticipates challenges to the measure on both 5th Amendment (right to not self-incriminate) and 6th Amendment (right to face one's accuser) grounds. He also goes on to comment on the vagueness of the legislation. What exactly is "impaired driving"? Every state and many municipalities have differing definitions of "driving while intoxicated."
Furthermore, there's also no detail in the legislation about who should have access to the data collected by the system. Would police need a warrant to access the recorded data? Would it be available to insurance companies or medical professionals? If someone is late on their car payment, can the lender remotely disable the vehicle? Certainly beyond concerns of who would be allowed official access, there's also once again the ever-present fear of hackers gaining access to the data—which security professionals well know, absolutely will happen, sooner or later. As Barr says, the collected data would be a treasure trove of data to "all manner of entities ... none of which have our best interests at heart."
from Hacker News https://ift.tt/3Ehljoz
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.