Skip to navigationSkip to content

It will soon be legal to hack your Tesla (and every other car) in the US

A man walks past cars at an assembly line producing electronic cars at a factory of Beijing Electric Vehicle, funded by BAIC Group, in Beijing, China, January 18, 2016.REUTERS/Kim Kyung-Hoon - RTX22VIN
Kim Kyung-Hoon / Reuters
You can do this with cars’ code soon too.
  • Michael J. Coren
By Michael J. Coren

Climate and emerging industries editor

Published Last updated This article is more than 2 years old.

The modern automobile, say cybersecurity experts, is not a car with a computer in it. It’s a computer with four wheels and a motor. To prove the point, hackers have been breaking into cars’ software, remotely shutting off enginestracking riders, and disabling brakes.

Yet lifting the digital hood of your own vehicle to see the car’s source code, make modifications, or build better diagnostic tools is a potential crime today. Under an industry-driven interpretation of The Digital Millennium Copyright Act, it’s illegal to touch (or even look at) virtually anything in your cars’ software. Car companies, and federal agencies, have threatened legal action against anyone, even security researchers who disclose vulnerabilities to automakers, from examining or modifying a car’s software.

“The DMCA has given companies a legal hammer to prevent transparency in the way those devices work,” said Kit Walsh, a staff attorney the Electronic Frontier Foundation (EFF). That’s led to a chilling effect on people who want to improve, customize or better secure modern vehicles (it’s unclear how much it has deterred malicious hackers).

Now the federal government has granted a petition, over industry objections, giving car owners clear legal protection to fiddle with their own cars. On Oct. 28, exemptions to Section 1201 of the DMC will explicitly protect the right to examine your vehicle’s code, reprogram its computer, and make repairs or modifications. The exemptions “allow the diagnosis, repair or lawful modification of a vehicle function” (p 39, pdf) as well as “good-faith security research” (p 44, pdf) so long as it doesn’t interfere with the entertainment and wireless communication systems–to avoid illegal media downloading.

There are some caveats. The exception is temporary. Proponents such as EFF will need to convince federal regulators to renew the exemption every three years. Vehicle owners must also make modifications themselves, rather than use a third-party, so you’re on the hook for rogue vehicles or changes that lead to accidents.

Most automobile companies came out swinging against the provisions in their public comments (pdf), but Tesla didn’t oppose the law. The company gives security researchers up to $10,000 as a bug bounty to uncover (and discreetly disclose) security flaws. When a team from the security firm Lookout commandeered software in a Tesla Model S to open windows, unlock doors, and cut power to the car, Tesla rolled out a software patch wirelessly, reports Wired. After Tesla owner Jason Hughes hacked his Tesla’s operating system and the company initially blocked his attempts, CEO Elon Musk reversed the decision and offered praise.

The EFF is now in a long-term battle to repeal the DMCA. “We’re suing the government [to establish] that the law is a violation of the First Amendment because of its infringement on fair use, as well as security research,” said Walsh. “If that’s a success, then the landscape will change significantly.”

For now, the organization is fending off companies’ efforts to strip vehicle owners of newfound hacking rights in the fine print of user agreements, a common practice in other industries. ”We haven’t had that battle yet,” said Walsh. “That’s a fight I’m eager to have, and it’s coming.”

📬 Kick off each morning with coffee and the Daily Brief (BYO coffee).

By providing your email, you agree to the Quartz Privacy Policy.