Innovation Should Not Ignore Privacy or Security Risks

by Andy Heikkila

Will new laws ignore privacy dangers inherent in self-driving cars?

Even as the country still reels from revelations that almost 2.5 million more people were affected by the recent Equifax than previously thought (bringing the current total up to 145.5 million), the senate has introduced legislation regarding advanced testing and deployment of autonomous vehicles without addressing privacy or security measures.

“The new legislation comes so close to completely ignoring the privacy dangers inherent in self-driving cars that it would be fair to say it ignores it,” writes Brady Dale with The Observer.

The good news is that the US government has finally decided to draft legislation to pave the way for autonomous cars on America’s roadways — the bad news is that this represents another case in which regulation is struggling to keep up with innovation, and fails to protect against the harms that come with new brave new territory. This leaves the onus of privacy and security on the private sector — but we all saw how that turned out with Equifax…

The SELF DRIVE Act

In September, the US House of Representatives passed by unanimous vote the Safety Ensuring Lives Future Deployment and Research in Vehicle Evolution, or SELF DRIVE Act. Rep. Doris Matsui (D – California) is quoted as saying that the law “puts us on a path towards innovation which, up until recently, seemed unimaginable.”

This is because the House bill and its Senate equivalent exist primarily to accelerate the pace at which carmakers can put self-driving cars on the road, the theory being that we need self-driving cars in use before designers, analysts, lawmakers, etc., actually know how well they work. This is a dangerous game, but may be a more ethically ambiguous argument than most will realize.

“Look, no hands!” will soon become the norm.

When we think about the 37,000 people who are killed and additional 2.35 million who are injured or disabled per year in the US due to human-caused accidents, along with the cost of reckless driving and DUI/DUID infractions, and the social and fiscal burdens of court proceedings and incarceration in a system that is already overcrowded, autonomous vehicles seem like a no-brainer. If we can save thousands of lives and billions of dollars at the cost of latent privacy and cybersecurity measures, should we?

As Senator John Thune, the Republican who chairs the Commerce Committee, is reported by Reuters to have said that the bill “underscores the bipartisan desire to move ahead with self-driving vehicle technology… The safety and economic benefits of self-driving vehicles are too critical to delay.”

Privacy and Security in Jeopardy

However critical the safety and economic benefits of self-driving cars may be, the risks inherent in their deployments on our roads, especially without particular legislation governing privacy of information and security of systems, cannot be ignored.

The latest failure of our governments and centralized organizations to protect citizens has been the Equifax hack. It’s not just the sheer number of people affected, but the fact that it was lifetime data that was stolen.

“This is substantial exposure; we have to consider the shelf life of most of this data not in months or years, but in decades,” writes Emily W., the Director of Analysis at Terbium Labs. “Most of the data involved are not things that can be easily changed, and the potential damage here cannot be easily mitigated. Names, birth dates, Social Security numbers—this is lifetime data.”

“Privacy” is fast disappearing…

It’s unfortunate that such a serious breach of information may take years for the public to experience the full scope of. The good news is that driverless cars are not as likely to contain lifetime information, meaning an attack that targets information from an autonomous fleet will likely never be as devastating as the Equifax hack. The bad news is that attacks targeting more than just information could cause destruction and physical harm.

“Autonomous vehicles are at the apex of all the terrible things that can go wrong,” says security expert Charles Miller, in an article with Wired. Miller spent years on the NSA’s Tailored Access Operations team of elite hackers before stints at Twitter and Uber. “Cars are already insecure, and you’re adding a bunch of sensors and computers that are controlling them…If a bad guy gets control of that, it’s going to be even worse.”

Though there hasn’t yet been a case of a vehicle being hacked and/or controlled by a malicious actor, we know that it’s a grave possibility. The only way that we can protect ourselves is to prevent it from happening, however this doesn’t look like a priority in the bills that the House and Senate have proposed. Let us hope that it doesn’t take the deaths of innocents to spur lawmakers into action, and that they finally take responsibility in protecting our lives and information from insecure systems before tragedy strikes.

It’s a fine balance to achieve, resolving the push and pull between innovation and regulation. Nevertheless, this balance is absolutely crucial in a society that wants to remain safe, but also evolve in new and exciting directions. This balance can be achieved, if those in power decide to pursue it — and they should. It’s high time citizens demand more from those in charge, and tell them that we’re done being played with; innovation should not come at the cost of privacy and security anymore.

Wait! Before you go…

Choose how you want the latest innovation content delivered to you:


Andrew HeikkilaAndrew Heikkila, a tech enthusiast, and writer from Boise, Idaho, and a frequent contributor to Innovation Excellence. He also writes for Tech Crunch. You can follow him @AndyO_TheHammer

Leave a Reply