According to their claim, the plaintiffs argued that the three automakers had knowledge of an electronic security threat that they were hiding from consumers. They cited the possibility that hackers could control cars remotely, which allegedly caused the plaintiffs to purchase their cars under false pretenses.
Judge William H. Orrick dismissed the speculative claims, pointing out that all cars after 2008 have electronic components and that the plaintiffs lacked any proof of manifested damages.
While the case lacked evidentiary support, it dealt with an issue that is spreading across industries. Due to the rise in breaches, cybersecurity is becoming a more prevalent matter across the nation and now in the auto industry.
Director of communications at the Washington, D.C.–based Alliance of Automobile Manufacturers, Wade Newton, while unable to speak directly to this case, was able to shed some light on how the automobile industry is dealing with electronic security threats.
“Cybersecurity is an issue many industries take seriously – and that includes ours," Newton said.
Automakers are adopting a multi-dimensional approach to security and work to keep pace with the dynamic nature of cyber threats by incorporating security by design, developing internal expertise, and cultivating partnerships – both procedural and operational – with organizations specializing in cyber defense. By addressing potential future challenges of cyber threats, the industry can continue producing safe vehicles that incorporate modern and robust security protections."
In Cahen, et al. v. Toyota Motor Corp., et al., the plaintiffs alleged that these types of precautions were not enough. In addition to the hacking accusations, they claimed that the automakers failed to specify a credible risk to future harm from the collection and tracking of vehicle data through electronic systems to their customers.
Again, Orrick deemed this to be a speculative accusation, despite their claim of economic hardship for purchasing vehicles whose technology they did not fully understand.
According to Newton, the security technology is evolving with the industry. Though not specifically related to this case, the improvements are intended to prevent any cybersecurity threats from being actualized.
“In 2015, automakers established an Automotive Information Sharing and Analysis Center (Auto-ISAC) to facilitate the exchange of important threat information -- and countermeasures -- in real time," he said.
"The ISAC is another essential layer of cyber protections in addition to what individual automakers are already doing. It serves as a central hub for gathering intelligence that allows automakers to analyze, share and track cyber threats and spot potential weaknesses in vehicle electronics.”
On top of the defense of speculation and lack of evidence, the court found that the plaintiffs were not even eligible to sue Ford in California because none of them bought or leased Ford models in California and the Ford headquarters are located in Michigan.
If the plaintiffs wish to file an amended complaint, they will have until Friday.