As medical devices and cars move online, we need to ask: who will be charged with making sure each update is safe and secure?by Ross Anderson / September 13, 2017 / Leave a comment
Published in October 2017 issue of Prospect Magazine
Tesla-CEO Elon Musk arrives at the presentation of the Tesla vehicle Model 3. Photo: PA Cyber-security has disrupted politics, with the row about Russian interference in the US election being just one example. It’s also disrupted policing: most property crime and much hate crime is now online. A third disruption is now at hand. As we start connecting not just our laptops and phones to the internet, but cars, medical devices and other things that can kill us, safety is becoming entangled with security. This will shake up many industries—and change the way they’re regulated. What happens when your car starts getting monthly upgrades like your laptop? This has already started—Tesla rolled out its Autopilot as a software upgrade—and other manufacturers will follow within three years. There will be real benefits; we’ll be able to improve safety as we learn from accidents. It’s unavoidable, as modern cars have dozens of embedded computers and millions of lines of code in which hackers are finding vulnerabilities. We’ll just have to keep fixing them. But who’s going to pay for the software maintenance? The tech industry has much fatter margins than the carmakers, yet Google supports phones for only three years while Microsoft supports laptops for about five. Apply that to cars, and the first problem is sustainability. Carmakers would love you to scrap your car every five years just like your laptop, but the embedded carbon cost of a car is more than its lifetime fuel consumption. So if car lifetimes drop from 15 years to five, road transport CO2 emissions will about double. The second is safety. At present, cars are tested thoroughly before they get type approval; a new model might have 200 prototypes crashed before it is launched. But as we move from pre-market testing to continuous improvement, how exactly will safety regulation work? Cybersecurity is a political question This is serious politics. At present, Europe and America have separate safety regimes, but Europe leads. For example, it requires testing by independent labs. Washington doesn’t; but almost all carmakers get their US models independently tested too, as “industry best practice” really matters in lawsuits. Brussels also enforces a right to repair: carmakers have to publish the specifications for car parts, to support a competitive aftermarket. Finally, Europe is also the world’s privacy regulator, as Washington doesn’t really care about privacy, and nobody else is big enough to matter. Once privacy and technical safety become entangled, this may further increase the regulatory power of Brussels, at Washington’s expense. Against this backdrop, the European Commission asked us to investigate what happens to safety regulation in the “Internet of Things.” We’ve now been allowed to publish what we found. In short, Europe will need to overhaul its whole regulatory ecosystem. If, as we expect, carmakers are required to provide safety support for a minimum lifetime (of say 20 years) then a typical carmaker which offers five models, and upgrades each of them every five years, will end up with about 20 models in support. The big car parts makers who sell to multiple manufacturers, such as Bosch and Magna, will be even worse affected—in 20 years’ time, they could be supporting 300 models. If a car part’s software kills you, how do your heirs settle whose fault it was? With 50,000 fatal accidents in Europe a year and 10 times that many causing serious injuries, we’ll need automated reporting and analysis systems. As well as traffic cops and insurers, the car industry and its regulators will need access to keep on improving safety. But systems that track all cars, second by second, raise thorny questions of privacy and data protection. Some of the security debates familiar from phones will kick in too. Many people might vote for the FBI to have a golden master key to unlock an iPhone and read private messages, but they might be less keen on a master key that would allow them to take over your car. And if millions of cars can be hacked, that might tempt wayward kids, activists and bad governments. A question of competition Competition could be the hottest political potato of all. The parts makers are capturing more and more of the value because their patents give them monopolies over critical components. Their shares have doubled in value relative to the carmakers over the past five years. Could their patents, and software copyrights, defeat the EU’s right to repair directive? Or will competition be undermined by re-applying the IT industry’s playbook to exploit the huge amounts of information that our cars collect on us? Where in the market will the real power end up? That ball is still in play, and it’s being played hard. The stakes are enormous. Will Europe’s car industry continue to be dominated by the German majors, or will the future belong to Google and Uber? One way or another, the regulation of cars and trucks is due an overhaul—like the regulation of medical devices, electrical equipment and perhaps even toys. Libertarians who voted for Brexit will surely be delighted that the British government will no longer be able to get in the way. How it will track Europe’s changing regulatory environment is of course another matter.