At the heart of Volkswagen’s ‘defeat device scandal’ is not a mechanical device, as such, but rather computer code and if we, ultimately and collectively take away anything from this still unfolding discouraging tale, it will likely be a heightened awareness of the challenges presented by the modern car as a computer on four wheels.
A recent article in The New York Times put it this way, “New high-end cars are among the most sophisticated machines on the planet, containing 100 million or more lines of code. Compare that with about 60 million lines of code in all of Facebook or 50 million in the Large Hadron Collider.”
Chris Gerdes, a professor of mechanical engineering at Stanford University agrees. He says cars have now reached, “biological levels of complexity” bringing numerous benefits, but also new risks and “new opportunities for malevolence.”
Volkswagen has admittedly taken advantage of this complexity to flout emissions control regulations. While it is currently blaming “a couple of software engineers,” other insiders and US investigators have been quoted as saying the number of different models of diesel engines involved, and of different versions of the software developed both for different emissions control systems and differing the US and European regulatory standards point to a “complex deception” involving a range of employees—“software technicians [who] would have needed regular funding and knowledge of engine programs.”
How many actors have involved in matters. The more people involved and the ‘higher-up’ they were, the tougher the fines and penalties and the greater extent of management change that will be required.
We are also learning about the developing debate over access to this complex code. Volkswagen, like other automakers citing security concerns, has opposed copyright exemptions that would allow independent researchers to look at a car’s source code, said Kit Walsh, of the Electronic Frontier Foundation, a non-profit advocacy group. Mr. Walsh notes that “if copyright law were not an impediment … independent researchers [could] look at the code and find this kind of intentional wrongdoing, just as we have independent watchdogs that check vehicle safety with crash-test dummies.”
And Professor Koopman of the department of electrical and computer engineering at Carnegie Mellon has said, “Keeping source code secret does not prevent attacks. Either the code is vulnerable or it’s not.” Currently, the US National Highway Traffic Safety Administration is studying the model used by the Federal Aviation Administration to oversee the software design process for critical systems controlling flying. “They go in periodically, and say, ‘Show me what you’re doing and convince me that you’re doing a good job — or else I’m not signing off, and it’s not going in an airplane.”
Of course, computer code oversight requires skilled inspectors. Currently, the NHTSA says it has 0.3 staff members for every 100 car crash fatalities compared to the over 10,000 FAA staff members for every 100 commercial aircraft fatalities. The challenge of regulating complex software has even prompted some experts to call for automakers to put their source code in the public domain which could mean even more watchdogs, even the self-appointed.