A draft bill (embedded below) being prepared in the US House Energy and Commerce Committee would increase the penalties for “hacking” cars, and gift automakers with an easy “out” on emissions control regulations. The bill focuses on reforms at the National Highway Traffic Safety Administration, and while it contains a number of reasonable sounding proposals to improve its data collection and reporting, two aspects stand out as problematic for environmental and climate change mitigation.
One of the issues raised by the Dieselgate scandal is the necessity of 3rd party independent review of on-board computers, but the proposed increased penalty for “hacking” such computers will hamper such review. The proposed law also amends the Clean Air Act to gift automakers with emissions credits if they install certain other safety equipment that maybe kind-of might conceivably in the right circumstances decrease emissions.
Privacy, Hacking Prohibition, and Cyber-security
The future is rapidly becoming reality if only because self-driving cars are just around the corner. Yesterday, Tesla Motors delivered a significant “autopilot” upgrade that’s a big step towards self driving cars, for example. Basically, today’s cars are no longer the dumb boxes of yesteryear, they’re now rolling data centers on wheels. This trend will only continue as on-board electronics grow in capability. Fully autonomously driven cars are just a few years away, thanks to increasingly sophisticated sensors and computer control gizmos.
Advanced technologies have great potential to benefit us all. But there are dangers from both nefarious folk, or even government spy agencies.
A few months ago, Wired Magazine published a piece showing results from independant researchers who’d discovered security vulnerabilities in certain Jeep models allowing remote control of almost every aspect of the car (speed, braking, steering, infotainment system, etc). The researchers found a vulnerability in the remote data access system for certain Jeep models giving access to the CAN BUS. CAN BUS is the standard for on-board data communication. Data and messages sent across the CAN BUS control every aspect of car operation. Having remote access to that data channel gives an attacker the ability to control everything about the car. The article demonstrated capability to control speed, steering, and more.
The Dieselgate scandal has to do with an automaker, Volkswagen, who fraudulently configured the 2.0 liter TDI Diesels to cheat on emissions tests. In the lab the cars gave pristine clean emissions results, so good the EPA (and other agencies around the world) lauded these cars with green car awards and government subsidies. In reality, on the road, the cars emitted NOx pollution at 10-40x the allowable limit. The fraud wasn’t detected by a government agency, but by independent researchers. Researchers whose work might have been helped if they could access data in on-board computers.
The problem with both these cases is anti-hacking provisions also hamper the ability of independent researchers to do valuable research. The existing prohibition is the DMCA, because the software of those on-board systems is deemed to be a protected copyrighted work. The public good is served when independent researchers verify environmental claims, or safety claims, of all kinds of gizmos including automobiles.
The new proposed law make it explicitly illegal to “hack” a car’s on-board computer systems.
(1) PROHIBITION.—It shall be unlawful for any person to access, without authorization, an electronic control unit or critical system of a motor vehicle, or other system containing driving data for such motor vehicle, either wirelessly or through a wired connection.
The penalty? A hefty $100,000 fine for each “motor vehicle or item of motor vehicle” that is hacked.
While there’s a valuable goal here – giving us all a better sense of security in our cars – the proposal does not grant any kind of exemption for research performed for laudable purposes. Instead, it strengthens the shroud of secrecy behind which an automaker could commit grievous harm to us all.
The proposal will mandate creation of an Automotive Cybersecurity Advisory Council whose job will be “to develop cybersecurity best practices for manufacturers of automobiles offered for sale in the United States.” Membership will include the Department of Defense, The National Institute of Standards and Technology, The National Highway Traffic Safety Administration, and the automakers. Additional members will come from organizations representing repair shops, consumer advocates, standards bodies, independent security researchers, and academics.
This council may provide a balance against some of the issues I just raised. On the other hand, the proposal ensures that over 50% of this council will be automaker representatives, which would ensure it will be dominated by automaker needs.
The goals are laudable, and I applaud the stated intent:
- Security controls in on-board software systems
- Design of and interconnection of internal systems
- Security specifications for the automotive industry, suppliers, etc
- Security of any on-board access ports, and on-board operating systems
- Implementation of security controls to protect critical safety systems, etc
- Remediation of cybersecurity vulnerabilities
- Data forensics to explore those vulnerabilities
- Coordination of vulnerability disclosure between manufacturers and researchers
Since the council will include Department of Defense representation, I have to voice a worry. Will this turn into a secret requirement imposed on automakers to ensure the NSA or other spy agency has access to data from cars?
Emissions and Fuel Economy credits for advanced vehicle technology
The proposed law grants both a 3-6 grams of greenhouse gas emissions per mile exemption, and a fuel economy credit, for vehicles with certain advanced technologies. This would obviously undermine the advances in emissions control and fuel economy we all need. The proposed law would do so by amending the Clean Air Act to weaken its impact.
The advanced technologies fall into two groups. One is the driver assist features forming the stepping stones to fully autonomously driven vehicles: (A) Forward collision warning. (B) Adaptive brake assist. (C) Autonomous emergency braking. (D) Adaptive cruise control. (E) Lane departure warnings. (F) Lane keeping assistance. (G) Driver attention monitor. (H) Left turn assist. (I) Intersection movement assist.” The other, “Connected Vehicle Technology”, is short-range vehicle-to-vehicle communication between vehicles.
The credits will begin in the 2018 model year. All a manufacturer has to do is install either three of the advanced driver assist technologies from the first group, or the connected vehicle technology.
All the automakers are already working on technology in the first group, and most are already participating in the Intelligent Transport System trials. This amounts to a gift of lessening emissions and fuel economy standards.
The theory in this section of the proposed law is to promote technologies that reduce traffic congestion, or reduce the number of car accidents. Both are laudable goals, and reducing traffic congestion will act to reduce the negative emissions from gasoline powered vehicles. But, so too would widespread adoption of electric vehicles also reduce the negative emissions.
There is a bit of sound theory behind this proposal. Think about the typical grid-locked commute situation, where the 65+ miles/hr highways turn into parking lots during certain hours. This happens twice a day every weekday, and means engines are running at lower efficiency, are idling more, and there’s higher risk of traffic accidents.
Adaptive cruise control, for example allows for “platooning” of a sort. Drivers can position their car behind another, enable ACC, and their car will automagically maintain a safe following distance while increasing and decreasing speed to match the car ahead. Cars would no longer be jostling with each other, while maintaining an efficient speed, and reducing certain kinds of traffic accidents. In theory.
The proposed law contains a number of positive benefits. But, there are two glaring problems related to environmental issues.
Ratcheting up penalties for “hacking” cars means independent researchers will find it ever harder to validate environmental claims from car makers. The whole Dieselgate scandal was detected by independent researchers.
Giving automakers emissions and fuel economy credits undermines the regulations we need for heading off the climate change and environmental crises.
- We must pressure Biden over climate despite choosing Kerry as climate representative - November 25, 2020
- Tesla Autopilot danger from “passive vigilance” effect - October 24, 2020
- CALFire seizes PG&E equipment investigating cause of Zogg Fire in 2020 wildfire season - October 10, 2020
- Protect yourself from unhealthy air in wildfire zones - September 12, 2020
- 5+ million acres burned, choking smoke, Climate Change accelerated - September 12, 2020
- La Nina develops, promising longer 2020 fire and hurricane season - September 10, 2020
- California wildfires 2020, over 2 million acres burned - September 9, 2020
- Disease risk higher in highly polluted areas – COVID-19 risk greater? - April 1, 2020
- Conservative values failing USA as EPA guts fuel efficiency standards, fails with COVID-19 response - April 1, 2020
- SunSpec aims to help Veterans transition to clean energy jobs - March 31, 2020