Chrome & Punishment
In the New York Times, Farhad Manjoo argues that Kia and Hyundai ought to be held liable for the fact that their cars keep getting stolen:
Why are so many cars getting stolen? Police departments and city officials point to this: Millions of Kias and Hyundais are ridiculously easy to steal.
For years now, most automakers have equipped most of the cars they sell in the United States with electronic immobilizers, devices that prevent cars from starting unless they detect a radio ID code associated with the car’s rightful key. But Hyundai and Kia, which come under the same South Korean conglomerate, did not install this basic device in somewhere around nine million cars sold between 2011 and 2022. A couple of years ago, videos showing how to hotwire the vulnerable cars began to pop up online. I won’t go into details but I will say that it doesn’t require much more than a USB plug.
The Economist has a similar article behind a paywall, that includes this amazing graph:
I honestly agree with a number of the criticisms lobbed at Hyundai/Kia (hereafter “Hyundai”).
Kia screwed up. Immobilizers became standard on cars for a reason. The case that they acted recklessly here is kind of strong. To be honest, I have a little egg on my face here because some years ago I thought immobilizers were kind of a scam. Apparently not! However, automakers should know more about this stuff than I do. They deserve the bad publicity they’re getting. They should be taking great pains to make sure this never happens again. All automakers should take note of what happens when you don’t secure their cars. They deserve blame.
The problem with “Blame the thieves!” is that thieves have no special responsibility to the owners of Hyundais and/or consumers more generally. They have an obligation to follow the law and should be held accountable for breaking it. But I don’t have the same expectation from criminals as I do vendors. It’s like locking your cars, in a way. We wouldn’t leave our car unlocked because if a thief steals something from it that’s the thief’s responsibility. If we don’t lock our cars it’s because we’re lazy or because we fear a locked car just results in your window getting smashed it or whatever other reason. It’s our own risk analysis that we do for ourselves. In this case, Hyundai made security decisions that negatively impacted the people that trusted them and their brand enough to buy their vehicle. Not cool.
When it comes to lawsuits from the city, however, I tend to be pretty skeptical. Hyundai does not have a real responsibility to cities to make their cars hard to steal. There are regulations (usually federal) that they have to meet, but that’s pretty much it. (More on that later.) Similarly, I should not have a responsibility to take unspecified security measures to make my car harder to steal. If a city writes a law stating that I must lock my car or I cannot leave the keys in the ignition, then so be it. Make the argument, lobby the legislators, make it happen.
That is the biggest weakness here: The government could have passed laws requiring immobilizers but never did. Cities can point out that it would need to be a federal or state law, but the absence of such a law suggests that a regular old key is sufficient security or that auto security is not worth regulating. It’s not as though governments are shy about putting requirements on new vehicles. They just didn’t require this. So I’m skeptical of the idea that Chicago can hold Hyundai to a security standard that was never actually set by any regulatory agency. If Chicago wants to lobby congress or the Illiois legislature, they’re welcome to do so. (Honestly, I would probably support it.)
While I am skeptical that cities do or should have a case, I am more open to the idea that consumers might. I can’t say definitively one way or the others because there are a lot of specifics I am not familiar with. If Hyundai misrepresented the security of their car, I’d assume that would give them liability. Maybe there is some sort of “reasonable standard” that Hyundai failed to meet that lawyers could apply. It would, however, be more applicable to the people who purchased their cars without a clear understanding of what they were purchasing.
Manjoo argues that it might be difficult to prove that the lack of security is the reason for the increase in carjacking, but I don’t think that’s really the case. Some of the boost can be attributed to something else as rates went up during the pandemic, but when the two started to diverge it becomes pretty clear in my view. You can argue that it would have gone up by a similar amount just with different cars if Hyundai had done their job, but I don’t find that convincing.
Rather, the difficulty is in explaining what the obligation was that the automaker failed to meet here. If there is a general unspecified standard of security that wasn’t met here, then we would need to start holding owners of cars without the immobilizers accountable, which could include not just Hyundai owners but also owners of old cars. I don’t think anyone really wants that, though, so I don’t think we should do that to automakers themselves. I would instead just keep banging that drum until Hyundai is willing to figure out how to fix it just to make the drumbeat go away.
Just an editorial quibble:
I honestly agree with a number of the criticisms lobbed at Hyundai/Kia (hereafter “Hyundai”).
Kia screwed up.Report
When I saw the post title, I assumed this was going to be about browsers.
Anyway, absent any misrepresentation and any violation of documented standards, this seems like a bad area for legal action. The appropriate punishment for Hyundai and Kia is that their sales suffer (at least in America — I’ve read that this so far has not been an issue in other countries. Hooray for American ingenuity!). There are all sorts of unintended consequences that could arise from setting an implicit legal obligation that all car companies have to match what most of their competitors do in any arbitrary area outside of public safety (obviously even in that domain there are plenty of unintended consequences, but the justification there is a little stronger).Report
This is going to be controversial, but I think it was pretty irresponsible of Hyundai and Kia to embed screens that run web browsers in their steering wheels.Report
Reminds me of an old Letterman top ten list:
Top 10 Ways American Cars Would be Different if Ralph Nader Had Never Been Born
10. Dashboard hibachis
9. Seat belts made of piano wire
8. Windshield replaced with ant farm for kids
7. Strobe headlights make oncoming traffic look like old time movie
6. 50-foot antennas allow you to broadcast while driving
5. Optional front-seat hammocks
4. Wiper fluid reservoir routinely filled with thousand island dressing
3. New York City taxis would be exactly the same
2. The paper Buick
1. Speedometer replaced with electronic voice chanting “Punch it! Punch it!”Report
Ten percent of Kia’s in Chicago were stolen last year, so in about ten years the problem will be resolved.
As to the lawsuits, they appear to be typical class action lawsuits. I have problems with some of the abuses in class actions, but they might benefit from the government pursuing them on behalf of the public. The proposed settlement gives consumers up to $300 for a wheal lock or anti-theft system. Individuals can’t sue for that kind of relief, and Illinois isn’t joining because that won’t be effective for all vehicles, so it could be more, but still probably sorely insufficient for individual actions.Report
Looks like plaintiffs are relying on Federal Motor Vehicle Safety Standard No. 114, which requires all vehicles to “have a starting system which, whenever the key is removed… prevents the normal activation of the vehicle’s engine or motor.” Manufacturers self-certify compliance with this requirement, so I would expect the lawsuit to focus on what the companies knew or should have known when certifying.Report
It seems like the argument against that is in “normal activation”. Pulling and replacing the lock cylinder is not normal activation. Plugging in a USB thumb drive is not normal activation. Actual hot-wiring is not normal activation. The complaint seems to be that abnormal activation is not sufficiently difficult.Report
I think that’s a good argument, and interpreting the standard will be a significant issue. It looks to me like there is a regulation, but it’s not written as a specification (identifying specific widget(s) or measurable standards), but a fairly general principle. The benefit of not having a specification is that it allows innovation in areas of technological change; the downside is it can lead to judicial interpretation.
I omitted that part of the standard that states it’s purpose is “to decrease the likelihood that a vehicle is stolen, or accidentally set in motion.” So the plaintiffs will focus on the more general purpose of “theft prevention” (which is also in the title), and then focus on theft prevention systems that were common in vehicles at the time of certification.Report
I hope they go after necklace makers next.Report
If this was a problem in the cars they’ve been making since 2011, I wonder why thefts didn’t really start until last year. Apparently the technique was popularized on TikTok, but we had social media before. I thought maybe a cryptographic key had been leaked or something, but apparently the USB cable is used in a purely mechanical manner, like a screwdriver, not to transmit data to the car.
So why did it take thieves a over a decade to figure this out?Report
Start making sticks. No one can steal much less drive those.Report
A thousand times yes. I miss my stick shifts.Report
The car theft rings would hire older Boomers. There are enough of us that can still drive sticks.Report
Apparently Tesla is testing out gear-shifting via a touchscreen scroll.
Nightmare-fuel.
https://twitter.com/JeffTutorials/status/1699184082230636820
Report