Extracted from Corporate Counsel
The National Highway Traffic Safety Administration (NHTSA) has proposed rules that will require new cars to have a special communication system that links them with other vehicles (V2V) or to infrastructure such as traffic lights (V2I). Collectively, the technology is known as V2X. Using a short-range wireless network, cars will be able to tell each other where they are and (more important) where they are going. Each car on the V2X network will broadcast its speed, heading and brake status up to 10 times per second and will receive similar broadcasts from the vehicles around it. This will allow vehicles to "see" around corners. Or around the large trucks and campers that always seem to be parked at the corner of residential intersections. With V2X, instead of slowly easing into the intersection until you can see whether a car is approaching, your car will already know. And so will the approaching vehicle. Each driver will be warned of the possible collision.
V2X is an important step toward autonomous vehicles. It has a greater range than the cameras and radar systems that semiautonomous vehicles currently use and is not limited to line of sight. V2X will help to supplement the existing and future technologies that will be used by fully autonomous vehicles. Even standing alone, V2X is predicted to prevent thousands of accidents per year.
However, there is also a downside. While this technology promises to reduce the risk of harm to drivers, it can also increase the legal risks to auto manufacturers.
V2X Could Open a Door for Hackers
Like any other network, V2X presents a potential attack surface—another way for hackers to get into your car. Because V2X lets vehicles communicate directly with each other, that network creates another point for remote entry. For example, a hacker could study and eventually compromise a single vehicle from the comfort of his garage, drive out to a major road and then use the V2X to access other vehicles. This presents the possibility of a hacked vehicle sitting in rush hour traffic "going viral"—infecting other vehicles around it, which in turn pass the virus on to others.
V2X also presents another sort of risk: accidental interference. Years ago, the FCC allocated a specific band of the spectrum for the V2X network. Recently, other companies have wanted this bandwidth for other (nonvehicle) purposes such as Wi-Fi hotspots. This has sparked a debate over whether it is possible to share V2X's part of the spectrum, or whether interference and crossover would impair the safety functions of that network. The very existence of this debate raises a question about just how secure the V2X network can ever be. This is a critical question, because any breaches of the V2X system could put auto manufacturers in an impossible position.
Hacking Could Create Absolute Liability for Auto Manufacturers
Most of the cyberattacks to date have involved the theft of personal information from retailers and hospitals. In the class action lawsuits that inevitably followed, the companies had a strong defense against tort liability: A defendant can only be liable in tort for acts that injure people or property ("the economic loss rule"). This defense will not be available to automakers when a hacker takes control of a car and causes an accident. In that scenario, auto manufacturers could be the first ones to face strict liability for the (criminal) act of being hacked.
In the context of hacking cars, strict liability would effectively be absolute liability. Any networked system can be hacked. And any hack can be Monday morning-quarterbacked by saying that it would have cost nothing to write the code differently. Which means that lawyers can argue that any hacked system is "defectively designed" for purposes of strict liability. For example, several researchers (i.e., "white hat" hackers) have demonstrated that it is possible to remotely access some vehicles through their cellphone or GPS interfaces.
Of course, finding a way in is only the first step in a hacker's journey to control a vehicle. Next they must find a way to inject messages that could compromise the vehicle (e.g., take control of the steering or brakes). This has caused a number of people to argue that there should be no way for messages to get from a possible point of entry—such as the onboard computers that run the cellphone system—to the computers that control the steering, acceleration or brakes ("domain separation"). And this illustrates the impossible position that automakers would find themselves in.
Complete domain separation is not possible. On current vehicles there are potential points of entry that are actually required to communicate directly with safety-critical systems such as steering and brakes. For example, federal law requires cars to have a special port for emissions testing and diagnostic purposes (the OBD-II port). This is a point of entry that cannot be separated from the safety-critical systems of the car because its sole purpose is to communicate with those systems.
V2X will soon be another example. As autonomous vehicles evolve from their current state (e.g., automatic braking and adaptive cruise control) to complete self-driving, V2X will become more directly integrated with these safety-critical systems. The warning messages transmitted over the V2X will need to be shared with steering and braking functions in order to avoid accidents; otherwise, those warnings would serve no purpose. Which is to say that V2X will become a remote point of access that cannot be separated from the systems that control the vehicle.
Even worse, as vulnerabilities are identified, it could take at least five years to fix them. That's because cars are already so thoroughly regulated—the cycle for designing, validating and producing cars is necessarily a long one. Yet five years is a lifetime in the world of computers; there is no way for automakers to stay five years ahead of the best current technology. Which means that when vulnerabilities that cannot be fixed with a simple patch are identified, automakers will be put in the impossible situation of not being able to change their product fast enough. Yet the law is not supposed to require the impossible—strict liability was never meant to be absolute. Unfortunately, it's easy to see different judges in different jurisdictions coming to different conclusions on that point. And that is exactly why Congress and the NHTSA need to step in.
Right now the two are not moving in this direction. In its recently released policy guidelines for automated vehicles, the NHTSA indicated that the states will write their own liability laws for "highly autonomous" vehicles. This means that strict liability remains a threat. That is a problem. As the NHTSA convincingly demonstrates, V2X and autonomous vehicle technologies will save lives. Hundreds of thousands of lives, if not millions. But they present risks for which strict liability is not a good fit. This problem could slow the development of both technologies, and this delay could cost countless lives. Nobody wants that.
Congress should pre-empt automakers from strict liability for V2X and autonomous vehicles, just as it did for vaccine makers back when that industry faced similar challenges. This would leave negligence available as a theory of liability, which in turn raises concerns about the auto industry protecting itself by intentionally setting a low bar that every member can easily clear. Congress can address this concern through legislation that allows the NHTSA to define the standard that all automakers must meet for purposes of negligence liability. That way, automakers would have a clear goal set by an independent agency that has been studying this technology for years, and consumers would have recourse in appropriate situations, rather than in all of them.
Todd Benoff is a partner in Alston & Bird's product liability group, where he defends automotive original equipment manufacturers and component manufacturers in large-scale product liability and consumer class actions. He can be reached at todd.benoff@alston.com.