Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883


Hacking insurance

Dealing with injury or loss stemming from electronic intrusion, or hacking, is already a concern by entities from small businesses to giant corporations.  And they can get insurance for such damage.

A growing reality, though rare now, is that auto insurers will be sorting out potential blame when hacking happens to cars and trucks — especially autonomous ones.  According to a reminder from Rand, a research and analysis agency, in the future, when cars can drive themselves, grand theft auto might involve a few keystrokes and a well-placed patch of bad computer code.  They also reiterate that assigning blame to the resulting loss may get complicated.

The topic reminded me of writing in 2015 that some expert hackers had scared the daylights out of a reporter riding in a Jeep they hacked.  They invaded the vehicle’s entertainment system remotely and fooled around with the air conditioning, radio, and wipers.  All the while, an image of the two schemers, Charlie Miller and Chris Valasek, showed on the digital screen.  They could control any competitor-monitored system on the vehicle, but did nothing too dangerous, finally cutting the transmission which rendered the Jeep powerless as the reporter steered to the highway’s shoulder.

Without a doubt, the hack points out that this can happen.  According to James Anderson, the director of the RAND Institute for Civil Justice and a coauthor of the study, “These are not likely events, and there are lots of engineers working to make them even less likely. But they’re not impossible. They will occur.”

Cars are becoming artificial intelligences on wheels, making them increasingly vulnerable to hack attacks, per a recent RAND report.  Potentially, billions of dollars ride on the question of who has the legal responsibility to keep hackers from grabbing the wheel or cutting the brakes.

Yes, who will be liable for the damages caused by a hacker with remote control of a two-ton vehicle?  Was it stolen due to manufacturer shortcomings?  Did the private or fleet owner fail to secure it in locked mode?  These are just a couple of the quandaries arising from both the loss by theft and the subsequent liability caused by misuse, crashing and death.

Anderson’s research looks at how courts might assign blame if a hacker taps into an autonomous vehicle and causes trouble.  In a nightmare scenario, a hacker might disable the brakes, commandeer the wheel, and steer the car into a collision.  But he or she could also steal personal information from a car’s driver logs or threaten to disable a car’s electronics if its owner doesn't pay a ransom.

“Think about the car of the future as, essentially, a laptop with an engine, wheels, and windshield wipers,” said Nahom Beyene, an engineer at RAND and coauthor of the study. “It’s going to be continually redesigned, revised, and updated.  It opens up a whole new dimension of vulnerability when the final product is almost to-be-determined.”

Federal, state and city governments might even be brought into a liability lawsuit for authorizing autonomous use. Not even half of the states have any laws on the books governing autonomous vehicles and the technology is too new for courts to have experience with it.

While we have no way of predicting the likelihood of such hacking attacks, indications are that the chance is not zero, and insurers will be monitoring the topic.

 Readers may contact Bill Love via e-mail at