Calls to criminalise cyber-attacks on automated passenger vehicles

Automated transport risks cyber-attacks and passenger safety, and new criminal offences should be introduced, Kennedys has said.

In its response to the Law Commission’s proposals on Highly Automated Road Passenger Services (HARPs), the international law firm warned of a range of associated cyber-risks including data theft and malware/ransomware attacks.

It even warned of possible state-sponsored attacks blocking Wi-Fi and other communications channels such as GPS to halt a HARPS public transport network in a large city.

The firm said new criminal offences and regulatory regimes will be necessary to deal with cyber-attacks on autonomous public transport vehicles.

Kennedys’ head of corporate and public affairs Deborah Newberry said: ““The fact is that the world is on the cusp of a transport revolution: one in which machines will increasingly take control from humans.

“That shift raises fundamental concerns around public safety and where the liability rests when accidents occur.

“It also means a major shift in the amount of data that is collected by vehicles, and how that data is stored and used.”

She said in the face of such challenges, we need both criminal and civil measures but added that “decision-makers cannot forget that the views of end-users will be integral to deciding the scale and speed at which markets choose to adopt autonomous vehicle technology”.

The consultation paper, published by the Law Commission of England and Wales and the Scottish Law Commission, only considers criminal offences which could, for example, be committed by a driver or where someone physically interferes with or obstructs a HARP.

In it response, Kennedys said: “Given the potential harm that could be suffered by passengers if HARPS vehicles became compromised, it is likely that criminal regulation will need to evolve to create new offences to catch this type of danger/disruption.”

It commented that the compromising of route data and tracking data could have “serious implications” on the safety and security of the UK’s infrastructure.

“There is not adequate criminal regulation to prosecute individuals who compromise such systems; this is also a problem that arises in respect of drone technology,” the firm stated.

It also called for the operators of driverless public transport to take personal responsibility for their safety to build consumer confidence.

The consultation on HARPs began last year setting out a number of proposed regulatory measures in relation to highly automated driverless vehicles in preparation for their introduction on UK roads.

While acknowledging the opportunities and benefits presented by them, the firm expressed concern that there will be many challenge in implementing passenger-only transport services, “not least ensuring safety, accessibility for all, and data privacy to name a few”.

Achieving a transport system that works better for disabled and older people must, it said, underpin the regulatory framework.

It added that the regulatory regime must balance strict requirements focused on passenger safety while being able to accommodate innovative change and development; for example, an operator could be required to demonstrate it has taken and will continue proactive to take substantive action to ensure passenger safety.

Newberry added: “Research we have done shows that, alongside the regulatory review, the views of a large cross-section of society in the UK must be monitored.

“Government-led education of the public is required to avoid the very real possibility that the public will take a negative view of autonomous vehicle technology, and thereby inhibit rollout and public uptake and trust.”

According to UK Research and Innovation, the UK is a world-leader in technology enabling self-driving cars.