cross-posted from: https://feddit.org/post/3121891

Archived link

The Commerce Department said Monday it’s seeking a ban on the sale of connected and autonomous vehicles in the U.S. that are equipped with Chinese and Russian software and hardware with the stated goal of protecting national security and U.S. drivers.

[…]

The measure announced Monday is proactive but critical, the agency said, given that all the bells and whistles in cars like microphones, cameras, GPS tracking and Bluetooth technology could make Americans more vulnerable to bad actors and potentially expose personal information, from the home address of drivers, to where their children go to school.

In extreme situations, a foreign adversary could shut down or take simultaneous control of multiple vehicles operating in the United States, causing crashes and blocking roads, U.S. Secretary of Commerce Gina Raimondo told reporters on a call Sunday.

“This is not about trade or economic advantage,” Raimondo said. “This is a strictly national security action. The good news is right now, we don’t have many Chinese or Russian cars on our road.”

But Raimondo said Europe and other regions in the world where Chinese vehicles have become commonplace very quickly should serve as “a cautionary tale” for the U.S.

Security concerns around the extensive software-driven functions in Chinese vehicles have arisen in Europe, where Chinese electric cars have rapidly gained market share.

“Who controls these data flows and software updates is a far from trivial question, the answers to which encroach on matters of national security, cybersecurity, and individual privacy,” Janka Oertel, director of the Asia program at the European Council on Foreign Relations, wrote on the council’s website.

[…]

A senior administration official said that it is clear from terms of service contracts included with the technology that data from vehicles ends up in China.

Raimondo said that the U.S. won’t wait until its roads are populated with Chinese or Russian cars.

[…]

The proposed rule would prohibit the import and sale of vehicles with Russia and China-manufactured software and hardware that would allow the vehicle to communicate externally through Bluetooth, cellular, satellite or Wi-Fi modules. It would also prohibit the sale or import of software components made in Russia or the People’s Republic of China that collectively allow a highly autonomous vehicle to operate without a driver behind the wheel. The ban would include vehicles made in the U.S. using Chinese and Russian technology.

[…]

The new rule follows steps taken earlier this month by the Biden administration to crack down on cheap products sold out of China, including electric vehicles, expanding a push to reduce U.S. dependence on Beijing and bolster homegrown industry.

  • NeoNachtwaechter@lemmy.world
    link
    fedilink
    English
    arrow-up
    56
    arrow-down
    1
    ·
    2 months ago

    Who controls these data flows and software updates is a far from trivial question, the answers to which encroach on matters of national security, cybersecurity, and individual privacy,”

    But the solution would be very easy if it was the owner of the car who can control all these data flows.

    That’s what you should write into a law!

  • cmeu@lemmy.world
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    1
    ·
    2 months ago

    Here in this country we only support domestically based driver surveillance tech 🇺🇲

  • JohnnyCanuck@lemmy.ca
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    2
    ·
    2 months ago

    I wonder if this could be a step in the direction of forcing manufacturers to allow custom/open source/audited software in all vehicles. If it can be done in some foreign-made vehicles, it can be done in domestically made ones too.

    Also note that it says “connected and autonomous vehicles”. If that means two categories, “connected vehicles” and “autonomous vehicles”, it could be quite broadly applied to vehicles that download updates over the air. If it means “autonomous vehicles that are connected” it could be somewhat narrow and an easy work around is to leave the autonomous vehicles disconnected from the internet. I’m not sure how much self-driving abilities are run on servers?

    • mosiacmango@lemm.ee
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      2 months ago

      They may also mean “connected” in the sense of cars connected to each other. Having autonomous cars updating each other in real time to the positions and destinations would be a huge leap forward for automation, but is also a dangerous attack vector if a foreign actor poisoned that data.

      • JohnnyCanuck@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        Good point! If vehicles are communicating like that, which I’ve always thought would be the ultimate for efficiency, you’d have to protect against poison pills. That would be even more difficult with disparate systems cooperating.

        Reminds me of the car “chase” scene in I, Robot.

        • LifeInMultipleChoice@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          When a light turns green every car should start accelerating at the same time, it doesn’t happen with people driving. Traffic jams will plummet with cars communicating eventually. It’s far off but it would be nice.

    • chakan2@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 months ago

      It’s not…it’s a step in the direction of making sure the government knows everything about you at all times.

  • exanime@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    Well, all domestic car makers will be in trouble as well. Does any body else make these components other than China?

  • absquatulate@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    3
    ·
    2 months ago

    What are you going to do with billionaires CEOs that are basically chinese/russian puppets? What about security elements that are “american software” but have leaked to the highest chinese bidder?

    How the hell are you going to enforce that no “chinese and russian software and hardware” make it into the cars? Its hilariously difficult to enforce it because its vague, and its vague because its not about national security but trade.

    We do need laws to prevent the inevitable abuse that comes with chinese cars but this particular ban reeks of bullshit.