A Blocked Car Hacking Report Has Reignited the Debate over Suppressing Research

Two years ago, a controversy arose after news broke that scientific journals planned to publish details of biomedical experiments regarding the H5N1 virus, commonly known as bird flu. The virus had an extremely high death rate, pushing the National Science Advisory Board for Biosecurity, overseen by the National Institutes of Health, to ask the journals not to publish certain details of their research. They feared that people could use the information to duplicate the work to create more deadly viruses or epidemics.

It was a landmark situation that Dr. Bruce Alberts, the editor of Science, described as a "precedent-setting moment" that led the government to consider drafting new guidelines for dangerous research.

Similar debates are emerging again as the University of Birmingham received an injunction from a high court to not publish details from a paper titled Dismantling Megamos Crypto: Wirelessly Lockpicking A Vehicle Immobiliser, that details codes to hack expensive cars, including Porsches and Bentleys.

The research, led by computer science lecturer Flavio Garcia in association with Roel Verdult and Baris Ege of the Dutch Radboud University, discusses various methods for defeating cars' security systems, such as an algorithm that allows cars to recognize the ignition key.

The controversy arose when the Volkswagen Auto Group, the parent company of some of the luxury brands, asked Garcia and his team to publish an edited version without the codes. When the researchers declined, Volkswagen decided to go to court.

The cryptology researchers wanted to depict how the Megamos chip (designed in the mid-90s) has weak security and is outdated. They claimed to not have engaged in any type of irresponsible research, and a spokesperson at Radboud University said the research is based on publicly available information, and that it "by no means reveals how to easily steal a car." Regardless, Volkswagen did not believe it was receiving a helpful advice from academia.

After receiving the injunction, the University of Birmingham agreed to delay the publish date until "more technical and legal advice is obtained given the continuing litigation," said a spokeswoman. Garcia said "the public have a right to see weaknesses in security on which they rely exposed," sparking the question if the British court is engaging in academic censoring.

When conversations about publishing the H5N1 research began, the situation was not about winning or losing. Academics were genuinely afraid that the information was too risky to be easily accessible. The advisory board was not attempting to censor information, as it simply asked the virus researchers to remove certain information from their paper. If they said no, it is unsure if anyone would have gone to court. Still, it was a highly charged event, as a government board was asking an academic institution to bury some of its research.

The situation at hand between Garcia and the car companies is a bit different, as the autom anufacturers are set to lose if the research is available to the public. This debate is about a trade secret getting out to the public, not about information being in the wrong hands. In other words, this appears to be a gag order from a powerful car company that doesn't want to lose profit if its products look defective.

I spoke to Ivan Oransky, co-founder of Embargo Watch and Retraction Watch, as well as the VP and global editorial director of MedPage Today, who often writes about retractions in academic research. He told me that while the H5N1 situation was one of the more press-focused situations including a group asking researchers to redact information from their work, it is a act that happens quite infrequently in academia.

He did note, however, that a case more similar to the car hacking research was when a pharmaceutical company tried to surpress a study that depicted that its expensive thyroid drug was no more effective than generic versions of the same medication in a debate that academics called an "unfortunate chapter in the annals of university-industry relations."

When asked if the English court's injunction against Garcia was an example of censorship, Oransky told me that "you have to be very careful with the word censorship. People throw around the term a lot, but I'm not sure that they all know what it means." He did say that this is a very unusual case, especially because it involves a product, rather than medical research.

During the H5N1 research conflict, Dr. Anthony Fauci, the director of the National Institute for Allergy and Infectious Diseases, said in a Science news conference that "being in the free and open literature makes it easier to get a lot of the good guys involved than the risk of getting the rare bad guy involved."

But that sentiment isn't one shared by companies who have their products' reputations to protect. That the Volkswagen Group would sue to keep potential security problems out of the public eye isn't a shock; it's in the company's best business interest after all. Still, for researchers who say that their work is harmless, the injunction surely came as a shock.