Consumer Rights

It Should Not Be Illegal to Hack Your Car’s Computer

I spent last weekend elbow-deep in engine grease, hands tangled in the steel guts of my wife’s Mazda 3. It’s a good little car, but lately its bellyachings have sent me out to the driveway to tinker under the hood.

I regularly hurl invectives at the internal combustion engine—but the truth is, I live for this kind of stuff. I come away from each bout caked in engine crud and sated by the sound of a purring engine. For me, tinkering and repairing are primal human instincts: part of the drive to explore the materials at hand, to make them better, and to make them whole again.

Car in hand showing that car hacking is illegal
Image by Meriel Jane Waissman, via Wired

Cars, especially, have a profound legacy of tinkering. Hobbyists have always modded them, rearranged their guts, and reframed their exteriors. Which is why it’s mind-boggling to me that the Electronic Frontier Foundation (EFF) just had to ask permission from the Copyright Office for tinkerers to modify and repair their own cars.

“Two of EFF’s requests this year are on behalf of people who need to access the software in cars so they can do basic things like repair, modify, and test the security of their vehicles,” says Kit Walsh of the EFF. “Because Section 1201 of the DMCA prohibits unlocking ‘access controls’—also known as digital rights management (DRM)—on the software, car companies can threaten anyone who needs to get around those restrictions, no matter how legitimate the reason.”

The DMCA, more formally known as the Digital Millennium Copyright Act, is a copyright law that governs (very imperfectly) what the public can do with creative content—things like music, movies, and software.

So, what does copyright have to do with cars? Quite a lot, actually.

Modern cars aren’t merely mechanical creatures; there’s more to them than engines and gearboxes. They house incredibly complex, high-functioning computers: a labyrinthine network of sensors and wires and software that is constantly measuring, communicating, and making adjustments to the engine, drivetrain, and suspension. A single car contains as many as 50 different ECUs—computer units that govern functions like acceleration and braking.

You can buy a car, but you don’t own the software in its computers. That’s proprietary; it’s copyrighted; and it belongs to its manufacturers.

But if you’re tech-savvy and code-literate, it’s possible to crawl into that ECU and take control of it. To twist the programming into new shapes and make the engine perform to a set of parameters not authorized by the manufacturer. To make the car faster. Or more fuel efficient. Or more powerful.

Welcome to the new age of digital tinkering, where you can “hack” your car better.

“Manufacturers frown on the practice, of course—it will void your warranty—but not everyone can resist the urge to reverse-engineer code and make a few changes,” writes Ben Wojdyla of Popular Mechanics.

They can’t resist, and they don’t. The internet is rife with tutorials and forums dedicated to car hacking. Most are relatively simple Arduino-based projects that add another layer of functionality to the car. But look a little harder, and you’ll find the hardcore hobbyists thrusting both hands into the brains of the beast. There are modders, like the creators of RomRaider and OpenECU, who have built their own open-source software to tweak settings in their cars’ ECUs. And there are hobbyists, like the folks behind CanBusHack, who have figured out ways to reverse engineer their cars’ communication network and raid it for data. There are even people reverse engineering Mazdas—in case I should ever get curious about the ones and zeroes zooming around in the secret, inner-architecture of my car.

“The automotive industry has churned out some amazing vehicles, but has released little information on what makes them work,” writes Craig Smith, a security researcher at Theia Labs and a proponent of hacking your own car.

Craig’s literally written the book on DIY car hacking. “As vehicles have evolved, they have become less mechanical and more electronic,” Craig explains in the Car Hacker’s Handbook. “Unfortunately these systems are typically closed off to mechanics. While dealerships have access to more information than you can typically get, the auto manufacturers themselves outsource parts and require proprietary tools to diagnose problems. Learning how your vehicle’s electronics work can help you bypass this barrier”—something that could be incredibly helpful if, say, the ECU itself breaks down.

Of course, if meddling with code isn’t for you, take heart: people do this professionally. There’s a new breed of automotive garages that aren’t staffed by traditional gearheads. Instead, they’re full of software engineers and developers, adept tech nerds that find their way into a car’s proprietary nervous system. Then they modify the engine specs for better performance: more speed, better fuel efficiency—whatever the car owner wants.

Carmakers do not like this. A few years ago, they started putting up roadblocks—protection measures, like encryption—over the ECU. Locks, in short, to keep the over-curious out.

But any lock can be unlocked; you just need to find the right key. And that’s exactly what chip tuners do.

In 2008, Cobb Tuning made a splash when they were the first to crack encryption on the Nissan GT-R. In 2010, Audi started integrating anti-tuning measures into many ECUs; tuning companies figured a way around them. More recently, BMW deployed encryption so robust on the M5’s ECU that (for the first time ever) Dinan—a tuning company—couldn’t break it. That didn’t stop them, though: Dinan just designed its own chip to soup up the M5, replacing the stock one.

Eventually, though, someone will find a way though the M5’s defenses. Someone will crack encryption. Because that’s what people do—especially tinkerers obsessed with building the perfect car. Here’s where copyright law rears its head again: Because the programming on a car is copyrighted, breaking encryption could be construed as a violation of the DMCA. It doesn’t matter that no one is pirating the car’s software. The act of breaking the lock is enough to land tinkerers, hobbyists, hackers, tuners, and even security researchers in a contested, legal gray-zone.

No one has yet been prosecuted for hacking their own car, but they could. And as locks become more prevalent, the EFF and iFixit are willing to bet that, eventually, some carmaker will bring the DMCA hammer down on a hobbyist’s head. So we’re are taking a stand now.

“Without an exemption, we could also lose out on the insights and inventions of the millions of Americans who enjoy tinkering with and improving their cars,” Kit Walsh explains. “… Not all ECU code is copyrightable, and not all ECUs are locked down in a way that triggers DMCA liability, but people shouldn’t have to hire a copyright lawyer before repairing their cars.”

I certainly hope the Copyright Office agrees, because I’d hate to see a future where tinkering under the hood of my Mazda makes me a criminal.

Want to speak out in support of this DMCA exemption? Tell the Copyright Office that car owners should be able to repair and modify their own automobiles. You’ve got until February 6 to make your voice heard.

Editors’ note: This story, which originally ran on Wired, is part of our series looking at the DMCA Exemptions period.