(Credit: Lily Yeh/PCMag; Urbazon/Getty Images)
The day before Halloween 2024, a hacker and two lawyers met at a Starbucks in Florida to search for a critical piece of evidence on a high-profile case against Tesla. The automaker insisted that data didn't exist, but the lawyers felt certain it was out there. After a yearslong struggle to prove it, they hoped the hacker could.
The hacker, a US-based supercomputer software engineer, prefers to remain pseudoanonymous—but not out of fear of retribution, as the Washington Post reported. It's more that if his real name gets out, "you cannot take it back," he tells me, adding, "I don't think I'm doing anything wrong." Tesla knows his real identity because he's a frequent participant in the company's bug bounty program. We'll call him Green, after his X handle @greentheonly.
Green, who says he is under 50 years old, had suggested they go to a Starbucks near the airport since his flight was in a few hours. He sat down at a table while the attorneys, Todd Poses and Adam Boumel of the Poses & Boumel Law firm, went to order Green a Venti hot chocolate with whipped cream and peppermint. "Not everyone knows this, but the peppermint is available all year if you ask, not just Christmastime," Green says.
The lawyers were representing the victims of an April 2019 crash in which the driver, George McGee, dropped his phone and was looking for it when his nearly new Model S slammed into a parked Chevrolet Tahoe in Key Largo, Florida. The crash killed 22-year-old Naibel Benavides Leon and severely injured her boyfriend, Dillon Angulo, 33, both of whom were standing nearby.
McGee, now 48, had purchased the $5,000 partial self-driving software upgrade, Enhanced Autopilot. At trial, McGee said he "trusted the technology too much." The jury found Tesla one-third responsible for the crash—the remaining two-thirds falls on McGee—and ordered the company to pay $242.5 million in damages. (Tesla is now appealing the verdict, seeking to overturn it or reduce its penalties.)
The outcome is significant because, although 59 people so far have been killed in accidents involving Tesla's Autopilot, the company usually is not held responsible, given its policy that drivers using the system must always be ready to intervene. "There’s no way we could’ve done it without [Green]," Boumel says of the courtroom win. "Zero chance. He was truly irreplaceable."
'We Knew We Had 'Em'
When the lawyers first told Green about the case, he suspected that Tesla had the crash data at some point. The videos the company provided the police after the crash "could only be sourced from the Autopilot snapshot" on the computer inside the vehicle, he says. "That alone tells you immediately that they had it," he says, and rendered Tesla's claims "very surprising."
At the Starbucks, the lawyers looked over Green's shoulder as he scanned through lines of code, astounded that he "saw anything but numbers and letters," Poses says. Within 15 minutes, Green found the data, including videos the car took before the crash and the "transmission ID," a unique database identifier generated after the vehicle sent Tesla the crash data, showing that it went through and that the company may have been hiding something it did not want released.
"We were hugging and high-fiving," Poses recalls. "Right then and there, we knew we had 'em."
How to Hack a Tesla
Boumel and Poses contacted Green after seeing him featured in a Wall Street Journal video about hacking Autopilot data, which he's been doing as a hobby since 2017. Tinkering with Tesla's computers keeps him "grounded," he says, "because when you work with super-fast [supercomputers], it’s easy to forget slow computers exist."
After agreeing on payment, the lawyers flew Green to Florida, where the police were holding the car's computer. In a lab, Green dismantled the hardware through a process called "desoldering," which involves heating the circuit board to just the right temperature so that high-heat tweezers can be used to extract the memory chip.
Tesla's legal team was there in the lab watching Green do his thing. With gloved hands, he washed the chip and then inserted it into a computer drive he had custom-built. Once he was done, a forensic data expert the legal team hired, Dr. Jason Lewis, cloned the data on the chip, putting it on five USB drives: one for Tesla's lawyers, one for Poses and Boumel, one for Green, and two extra for storage.
Poses and Boumel left the lab happy that the chip removal had gone as planned, but uncertain about what was on the drives and whether it would catch Tesla in a lie.
On November 1, two days after the Starbucks meeting, Green told the lawyers he had stitched together a crash video in his basement, where he has a laboratory-like setup with "dozens of computer screens, thousands of wires, and lots of Tesla motherboards sent to him from all over the world," Poses says.
The lawyers contacted Tesla's team to see how its progress was going. On November 11, they received a letter from Tesla "that the data was corrupted and that they weren't able to generate any information" from it, as Lewis testified at trial.
"That was their last chance to come clean," Poses says.
Taking Tesla to Trial
Green told Poses and Boumel from the start that he did not want to be present at the trial, so the lawyers presented the video on his behalf. "With it, we showed the jury in explicit detail that the [Autopilot] system saw the end of the road, registered a parked vehicle and pedestrian, recognized the stop sign and blinking red light—and yet did nothing," the lawyers tell us.
The Model S did not activate two features that Tesla advertises: Forward Collision Warning and Automatic Emergency Braking. According to Poses and Boumel, the system only shut down once the crash was unavoidable. Another issue was that Tesla designed Autopilot for highway driving and had not restricted its use on smaller roads like the one where the crash happened, CNBC reports.
It remains unclear why Tesla lost the data and couldn't recover it, while an independent hacker could. The company said it had produced similar data for other cases, according to the Washington Post. Tesla's attorney, Joel Smith, told the Post that the company was "clumsy" with how it handled this particular record and attributed its loss to "the most ridiculous perfect storm you’ve ever heard."
A Rare Statement From Tesla
Tesla has filed a motion to appeal the decision. "We’ll be front and center defending the judge’s rulings and jury verdict," Poses says. "We expect more of the same from Tesla on appeal. Nothing new."
Tesla maintains that McGee was a reckless driver. At one point on his drive that day, he was going 92 mph and doing things like "pressing the accelerator to override the Model S’s cruise control," as the company writes in post-trial motion to appeal. Tesla's internal data suggests Autopilot greatly reduces accidents overall.
"This is an important case because unfounded and unconstitutional verdicts like this one against Tesla pose real dangers to safety innovation and technological advancement, creating perverse incentives for manufacturers by discouraging new safety enhancements," Theodore J. Boutrous Jr. of Gibson Dunn, appellate counsel for Tesla, tells us in a rare statement. (The company usually is not quick to reply to press requests for comment.)
"And the Supreme Court has repeatedly warned about the due-process dangers of arbitrary and grossly excessive punitive-damage awards," he continues. "This verdict is a true outlier given the facts and law, and we look forward to setting things right.”
Green says that Tesla has not contacted him since the decision, though he remains in its bug bounty program. He still hacks Tesla computers for fun on the side, but notes that the method he used to extract the data for this case will not work on newer models. In mid-2023, Tesla introduced stricter security protocols, which delete the copy of the data in the circuit board.