Hackers Remotely Kill a Jeep on the Highway

Lodewijk andré de la porte l at odewijk.nl
Fri Jul 24 13:26:53 PDT 2015


Anyone care for a law that will:

1. Ban unhackable vehicles and other life-critical devices (meaning:
life-critical software must be rewritable)
2. Require all life-critical software to be released in source format, for
the purpose of public auditing, improving it's safety features and
employing the software on the devices it is intended for.
3. Any tools used to translate the source to writable code must also be
provided in the manner of 2.

These laws should still allow manufacturers to:
1. Spy on their users without that being changed
2. Lock down their code so competitors may not use it (proprietary open
source)
3. Have software in the machines that is not opened; so long as it is
properly (verifiably) isolated from essential systems
4. Legally own the entire machine
5. Drop guarantees when non-security-related modifications have been made
etc

This law should be as precise and immutable as possible. This is not a
matter of "I want to hack things" or "competition would be better if it
were open" or "I want to own what I have/use", etc, etc. Being precise with
the law allows it to pass more readily.

Personally I think if everything were required open source and
self-compiled; that would objectively be better for humanity as a whole.
For protecting innovation there's patents, closing the source is excess.
Etc. etc.

But this is not about fun. This is about extremely basic safety. It is
about national security; if 500,000 cars go haywire at the same time a lot
of deaths, directly and indirectly, can be expected. And it's not just the
cars; it's also the industrial machines, medical equipment, the metro's and
trains, the automated cars and busses and trucks and aircraft, medium sized
hobbyist drones, heaters, stoves and ovens, automated doors, elevators,
fire, smoke and other emergency alarms, etc.

Should a foreign country cyberattack whilst doing any other kind of large
scale attack; the effects could be devastating. Should a person be marked
for assassination, no one would be the wiser.

I'd argue for similar protection for fridges, televisions, smartphones,
etc, etc, as more and more items are expected to become networked and
essential for upholding basic freedoms and ways of life. And I'd argue to
have it for privacy; not just essential safety.


Simply put; the simple version of the law above is imperative for personal
and national security. And it doesn't exist.

(note: all countries should be more worried about cybersecurity. I cannot
trust my government to act as it should if every public servant can be
blackmailed or thoroughly spied upon. It's not hard to improve security;
but it's much harder now that nobody's doing it, and now that it's given no
priority)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3643 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150725/073f4e10/attachment-0002.txt>


More information about the cypherpunks mailing list