Early thoughts on the framework that leaves spooks driving the car.

March 11, 2017 - Scott Hewitt


With the recent WikiLeaks publication of Vault7 we, as the public, have again achieved a glimpse of the ambitions and capabilities of the security services, to keep us safe. If the future of mass automation and the self driving car is to be soon realised how does this future technology integrate with the ambitions of those who seek to keep us safe?

Unless a wild west like experience is to be embraced, law makers will soon need to consider the appropriate regulatory framework of future automated systems. Part of this regulatory framework perhaps will be the fundamental design of software automation systems, architectures and topology that are declared as safe and fit for use. The establishment of these frameworks will provide the fundamental under pinnings of society in the future and will need to be informed by a vast number of multi role stake holders.

Consider for moment the security services within this framework, the automated vehicle poses both a substantial risk and enticing opportunity.

I will choose not to detail the possibilities but opportunities and risks manifest simultaneously as a consequence of the same entry vectors. Essentially it is a matter of appropriate use vs misuse of features. Many suggest that this square can be rounded through the use of stringent security, combined with controlled and intentionally designed back door points of access. However, such an compromise illustrates a decision process that leads to a framework with inherent vulnerabilities.

The near future into which these automated vehicles enter is one likely to be populated by a variety of actors who will seek to exploit such systems for there own nefarious purposes. Consequently, the regulatory framework required will need to be robust enough to secure these system in a hostile space.

Therefore a fundamental requirement of the automated vehicles of the future, regardless of any consequential impediment to other desirable features, must be an impossible to compromise and hack platform. This should be the starting point of the regulatory framework.