Hacked Autonomous Vehicles: Who May Be Liable for Damages? An Initial Investigation into How Civil Liability Systems Can Prepare
Jul 12, 2019
Who might face civil liability if autonomous vehicles (AVs) are hacked to steal data or inflict mayhem, injuries, and damage? How will the civil justice and insurance systems adjust to handle such claims? RAND researchers addressed these questions to help those in the automotive, technology, legal, and insurance industries prepare for the shifting roles and responsibilities that the era of AVs may bring. Using four scenarios (a ransomware attack, a hacked vehicle damaging government property, hacks on a connected roadway that cause damage, and theft of information through hacking of AVs), the authors explored the civil legal theories that may come into play when real-world damages result from AVs being hacked. They also examined how those theories may affect various parties, including car manufacturers, component makers, dealers, and both corporate and individual owners. Existing civil legal structures appear flexible enough to adapt to cases involving hacked AVs except in the case of large-scale cyberattacks, but it may be useful to clarify both liability and insurance coverages.
Introduction — Understanding the Context
Autonomous Vehicles and Future Roadways
How Can Hackers Exploit Autonomous Vehicles?
Hacked Autonomous Vehicles and the Harms They Can Cause
Shifting Roles and Responsibilities for Information Assurance for Autonomous Vehicle Cybersecurity
Civil Liability and Cyberattacks: General Legal Framework
Legal Analysis of Hypothetical Risk Scenarios
Cyber Exploits Against Autonomous Vehicles
The Phases of the National Institute of Standards and Technology Cyber-Physical System Draft Framework