Auto-Hacking Class Action Likely to Die

     SAN FRANCISCO (CN) – A federal judge Tuesday indicated he will dismiss with leave to amend a class action claiming Ford, Toyota and General Motors made their cars vulnerable to hackers.
     Lead plaintiff Helene Cahen sued the three automakers in March, claiming they knew of the vulnerabilities for years but failed to protect consumers.
     But during a Tuesday hearing, U.S. District Judge William Orrick said the plaintiffs failed to allege a concrete injury or explain how tracking a driver’s geographic location rises to the level of a constitutionally protected privacy interest.
     Nor did the judge seem impressed by the argument that the lack of an electronic firewall exposes drivers to dangers comparable to unprotected sex.
     “The lack of injury in fact makes this claim speculative,” Orrick said.
     The plaintiffs say hackers can send digital messages to vehicles that contain control area networks, or CAN bus networks, allowing hackers to wrest control away from drivers and remotely command the cars’ brakes, steering and acceleration.
     “It appears the court has bought into this theory that we’re waiting for the hacker to do something before we can show injury,” plaintiffs’ attorney Marc Stanley told the judge. “I hope it’s not your car or the senator’s car.”
     But Toyota attorney Christopher Chorba said the plaintiffs failed to show even one example of an actual car hacking, just evidence of “a lot of experiments.”
     Chorba said adopting such a “broad and limitless” view of standing would allow every consumer to sue computer manufacturers simply because computers can be infected by computer viruses.
     Stanley rejected Chorba’s claim that no cars have been hacked. He said that though no “malicious hacks” have taken place, hackers have infiltrated a number of vehicles.
     Stanley compared the lack of a firewall protecting drivers from hacking attacks to the dangers of unprotected sex.
     “It’s almost like unprotected sex,” Stanley said. “There’s no firewall whatsoever. There’s nothing stopping people from getting into your car or my car.”
      Ford attorney Michael Mallow said the CAM bus networks installed in the allegedly vulnerable vehicles are required by regulators, and the question of whether the networks are susceptible to hacking should be addressed by regulators.
     “That’s something relegated to the regulators,” Mallow said. “Perhaps the decisions are not being made as quickly as counsel would like them to be made.”
     Stanley replied that regulators have not banned automakers from installing firewalls in the cars to protect drivers from hacking.
     The plaintiffs also accuse the automakers of tracking their driving patterns and selling the information to private companies and data analysis firms.
     “They have data analytics that tell them what kind of cars drive by Wal-Mart on certain days,” Stanley said. “Ford and GM are keeping this information, just like the NSA did with our phone calls.”
     Orrick said that though the privacy claim has merit, the allegation was not adequately pleaded in the first amended complaint.
     Stanley responded that without conducting discovery, the plaintiffs cannot know for certain how the automakers are using their private driving data.
     Beyond the arguments over standing, Ford attorney Livia Kiser said the court lacks personal jurisdiction over Ford because its cars are not made in California and it has only about 320 employees in the state.
     Stanley responded that if Ford can sue other businesses and defendants in California as a plaintiff, it can also be sued in the state.
     After about 30 minutes of debate, Orrick ended the hearing and appeared unpersuaded by Stanley’s efforts to change his mind about dismissing the complaint with leave to amend.

%d bloggers like this: