Driverless cars are coming to Bristol - but are our current security laws ready for them?

This article was first published by TechSPARK UKon 2 December 2014 and can be found online here.

Bristol is a city at the forefront of technology and innovation so there is no surprise that it is hoping to be one of the cities to host a trial of driverless cars which could be on the road by as early as January 2015.

However, while the UK Government is fast tracking the progress of driverless cars to ensure we lead the way in driverless technology, we musn't overlook the vulnerability inherent in any technology that contains sensitive or personal data or in which we place reliance - the risk of the technology being hacked.

Hackers are already able to gather personal information from unauthorised access to our personal computers, webcams or mobile phones but if they hack into the computer system of a driverless car will they now be able to see where we are, what time we start work, how often we go to the gym and when we have been to the doctors? While arguably other devices can currently be used to track our whereabouts we at least have the option of turning off our GPS or switching the device off altogether. As soon as we start up our driverless vehicle it will be incredibly difficult to control what data we are giving up in doing so.

With the announcement of the Anti-Terrorism and Security Bill reigniting the debate around a 'snoopers charter', we have to question what information the computer systems in driverless cars will collect and who will be required to hold that information.

The privacy of data is not the only concern. A potential for the software to allow a car to be controlled remotely by someone other than the owner or 'insured driver' exposes a huge range of risks. Cars being stolen from the privacy of a potentially untraceable cyber-criminal's home or the more ominous threat of driverless cars being used in terrorist attacks are being hotly debated. Delaying the progression of this technology clearly doesn't mean the risks will be avoided - the risks already exist in other forms - but the advance of driverless cars is changing the manner in which the risk presents itself.

We already have a legal framework governing the liability of an individual who gains unauthorised access to computer material or hacks into computer systems but the more pressing concern will be in knowing how these security risks have been addressed to prevent them happening in the first place. Google and other providers will inevitably need to invest heavily in security measures, but what will consumers be in a position to do. Maybe we will want to replace redundant driveway CCTV cameras with security measures to allow us to track car thieves. Or perhaps a solution lies in old technologies such as wheel clamps.

At the moment it is not clear whether drivers will be able to manually override the 'driverless system' and what testing requirements these systems will have to meet to prove that the security of the technology is robust enough to deal with the risk of cyber-attacks will be imperative to the success of driverless cars.

Nonetheless, while these risks must be considered to ensure we stay one step ahead of cybercriminals, the benefits of progressing this technology must be embraced. Human error currently accounts for 90% of accidents and by removing the opportunity for human error the roads will inevitably be much safer, not to mention the promise of a reduction in congestion, pollution and, some have argued, road infrastructure costs!

Send us a message