Sen. Blumenthal Introduces Bill To Protect Connected Cars From Hackers
ROBERT SIEGEL, HOST:
Here's the sound of a driver losing control of a Jeep Cherokee at 70 miles an hour.
UNIDENTIFIED MAN #1: The air conditioning is blasting.
(SOUNDBITE OF SONG)
UNIDENTIFIED SINGER: (Singing) (Unintelligible).
UNIDENTIFIED MAN #1: The music is blasting. And I can't see anything because of the (expletive) windshield wiper fluid.
UNIDENTIFIED MAN #2: OK, do it. Do it. Kill the engine.
MELISSA BLOCK, HOST:
The last voice we heard was from a hacker who had remotely accessed the car's air-conditioning, stereo, wipers and ultimately cut the car's engine. It was part of a planned hack described in a pretty terrifying account in Wired Magazine today. Well, Senator Richard Blumenthal is among those concerned about the vulnerability of connected cars, and today introduced legislation to address it. He joins us now from Capitol Hill. Senator Blumenthal, welcome to the program.
RICHARD BLUMENTHAL: Thanks so much, Melissa. Good to be with you.
BLOCK: And why did you start thinking about this? What's your big fear?
BLUMENTHAL: Both Senator Ed Markey of Massachusetts and I are concerned about protecting drivers from both security and privacy threats that are raised by the new advances in technology that are occurring. They're great in connecting drivers and their automobiles to the cyber world, but at the same time, they raise threats of security, such as you've just heard.
Hackers can literally take control of your car. People intending to do you harm - domestic abusers, for example - could exploit these vulnerabilities to conduct surveillance. And automakers and technology companies they partner with will have incentives to sell information, violate your privacy. And that information can be sold to marketers, to others, shared, exchanged. This kind of the wild west of connecting the drivers without protecting them is what concerns us.
BLOCK: And are all cars vulnerable in the way you're describing? How many are we talking about?
BLUMENTHAL: All cars that are wireless-connected could be vulnerable, unless - and here's where our legislation is important - unless there are standards imposed by the National Highway Traffic Safety Administration, also known as NHTSA, and the Federal Trade Commission, the FTC, to establish basic criteria - minimum kind of rules of the road, so to speak, that the automakers have to meet to protect consumers.
BLOCK: And what kinds of costs to consumers do you think we're talking about if those standards that you want to see put in place are, in fact, enacted?
BLUMENTHAL: The costs are minimal, and auto safety has been a priority of mine and others as we battle cybersecurity threats. Across many sectors of our economy, we're dealing with the costs in many different contexts. And we need to protect safety because when hackers take control of cars, people are directly and immediately in danger. Nothing could be more dangerous than, in effect, losing control of a car. And also, private information about where one shops or visits or drops off children or goes to the movies - that kind of basic information all also ought to be protected. The costs are well worth it, but they're minimal.
BLOCK: One last thing before I let you go. We know that Chrysler has released a software update - a patch - to improve electronic security. The idea is it would prevent an attack like the one that the hackers carried out on that Jeep for Wired Magazine. Isn't it in carmakers' interests to improve security on their own, to be competitive without legislative intervention?
BLUMENTHAL: Better security is a good selling point for the carmakers, but so is auto safety. We require minimal standards for auto safety, whether it's brakes or steering, and so we should also with wireless connections. And that fix by Chrysler, by the way, is a manual fix. We know from other safety defects that recall rates hover about 70 percent.
It's much better to require cars to be secure before they leave the lot, rather than asking consumers to fix them after the fact. And I welcome Chrysler's recognition of this problem, but many of these car manufacturers are rolling out the next big thing - Wi-Fi in your car - and they have overlooked safety. What we need is standards, and they ought to be flexible standards in the law enforced federally by NHTSA.
BLOCK: OK. Senator Richard Blumenthal, Democrat of Connecticut, thanks for talking with us.
BLUMENTHAL: Thank you.