Volkswagen and Cheating Software

Some programmer - or team of programmers - implemented this software. Sure, it may have been a PHB who came up with the idea and told them to code this into the algorithm - but it was programmers like you or I who actually cranked out the code that made this possible.<p>Can you imagine this happening with, say, an architect? When unsafe buildings fall down, it makes international news. By and large, professionals have a code of conduct which they must follow or there is a very real chance that they will lose their livelihood.<p>I&#x27;m a Member of the British Computing Society - it has a fairly simple code of conduct for members. <a href="http:&#x2F;&#x2F;www.bcs.org&#x2F;category&#x2F;6030" rel="nofollow">http:&#x2F;&#x2F;www.bcs.org&#x2F;category&#x2F;6030</a><p>I can certainly see adding this functionality would probably be a breach of ...<p>&gt; 1 a) have due regard for public health, privacy, security and wellbeing of others and the environment.<p>&gt; 2 d) ensure that you have the knowledge and understanding of Legislation* and that you comply with such Legislation, in carrying out your professional responsibilities.<p>&gt; 2 f) avoid injuring others, their property, reputation, or employment by false or malicious or negligent action or inaction.<p>&gt; 3 e) NOT misrepresent or withhold information on the performance of products, systems or services (unless lawfully bound by a duty of confidentiality not to disclose such information), or take advantage of the lack of relevant knowledge or inexperience of others.<p>But, here&#x27;s the kicker - if I were kicked out of the BCS for adding this code, nothing would happen to me. Employers don&#x27;t care about professional bodies - except in terms of certification and, possibly, indemnity.<p>I&#x27;m quite happy being a member of a Trade Union, because I believe it offers me the best protection against a malicious employer - I wonder how long before more codes start joining professional bodies to help protect themselves from being asked to act counter to their best interests?

Here&#x27;s the far more interesting question about this situation: What if nobody at Volkswagen really even knew this was happening? In other words: systems are complex, and it is not beyond the realm of possibility that this cheating* could have arisen purely as an emergent property of a set of otherwise innocuous changes, and then stuck around through something like environmental fitness, as it was functionally useful for the organization as a whole.<p>If the Volkswagen case seems too clear cut for that, then think about PageRank, or Facebook&#x27;s software that decides what to show to whom. Are we all so sure that every engineer who works with this code really knows, ex ante, <i>all</i> of the effects their changes might have down the line?<p>There are a lot of demands for criminal liability in this thread, but I&#x27;d suggest we proceed carefully. While it certainly looks suspicious, there are a lot of ways that weird behavior can creep into software that don&#x27;t involve malicious intent.<p>Look at it this way: could Volkswagen engineers conceivably have written code that caused the system to fail all emissions tests all the time? (Yes.) Could they have done so without realizing that they&#x27;d made an error? (Sure.) Would we all assume that that bad code was deliberately introduced? I&#x27;m not so sure.<p>edit: See also a related discussion in the thread about the OPM data leak: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=10303950" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=10303950</a><p>===<p>* Or maybe some other, hypothetical cheating. Sure, in this particular case, maybe a particular software engineer or set of engineers knew exactly what they were doing when they wrote the code that enabled the cheating. But the thing I&#x27;m interested in is what happens when that&#x27;s not the case, and how close that day is.

&gt; Voting machines could appear to work perfectly -- except during the first Tuesday of November, when it undetectably switches a few percent of votes from one party&#x27;s candidates to another&#x27;s.<p>Apart from difficulties having manufacturers publish their code I think another problem will be proving that some (open source) software is actually loaded in some piece of hardware <i>and nothing else or extra</i>. Most products on the market can be taken, teared down and tested for as long as needed. With voting machines the time to proof some software was active during elections and nothing else is the time you have before you officially publish the results. This is an extremely short window and impossible for a large part of the public to verify.

Forcing VW to release source code would not have prevented this. They could have simply released a different set code from what is actually running on the cars.<p>This is an extremely hard problem to work around. They could let you dump the binaries of the software running on an individual car, and then you could compile the source code and compare the resulting binaries, but how do you know the car isn&#x27;t feeding you a fake binary dump? It seems like a catch-22: I can&#x27;t think of any way around this problem short of tearing the car apart, cutting all the chips open, and physically verifying them under electron microscopes.<p>On the other hand, if emissions testing would actually test what&#x27;s coming out of the tailpipe under normal driving conditions, then that would seem pretty foolproof.

Here is an opposite viewpoint:<p>What if increasing government requirements are just not achievable? The laws are written by politicians, not engineers. If car companies are being asked to meet unreasonable performance metrics, what other choice do they have?<p>Cars have gotten a lot more efficient, I can get a 1.5L engine that puts out over 150hp. A 2L 4 cylinder engine can put out over 200hp!<p>These are huge savings compared to what used to just a decade ago, but they are still apparently not good enough to meet government requirements.<p>I understand that part of VW&#x27;s cheating was a cost saving measure, but with all the talk about every car manufacturer doing it, one has to one, if 10 different people all independently come up with the same solution, maybe there is a problem?

The problem with making it look like an accident is that, to really do that, the testing mode would sometimes have to be &quot;accidentally&quot; enabled while really driving. Which to a customer would just seem like the car occasionally and unpredictably performs very poorly, which is not exactly going to inspire confidence in the brand.<p>And if the testing mode never comes on during normal driving, well, that&#x27;s not going to look very much like an accident, is it.

Worth knowing that this attitude is a bit of an about-face for Schneier (albeit one that happened many years ago). For instance, this is what Schneier had to say about full disclosure software security in the early 90s:<p><a href="https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2005&#x2F;08&#x2F;new_windows_vul.html" rel="nofollow">https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2005&#x2F;08&#x2F;new_windows_v...</a>

&quot;Both transparency and oversight are being threatened in the software world. Companies routinely fight making their code public and attempt to muzzle security researchers who find problems, citing the proprietary nature of the software. It&#x27;s a fair complaint, but the public interests of accuracy and safety need to trump business interests.&quot;<p>No one, I hope, thinks it&#x27;s that simple. Businesses cannot be expected to put all their source code on github. Instead, this needs to follow the route that all other regulation goes. Instituting private but 3rd party review of the source code and testing, for which the manufacturer needs to pay a fee to support. I&#x27;m not saying this will catch 100% of the issues, but it&#x27;s a lot better then what we have now and much more likely to work for businesses.

this practice (of determining that the software is being tested, and thus altering its behaviour in favourable ways) has been present, off and on, in the anti-virus industry, for years.<p>Here&#x27;s one of the latest occurrences:<p><a href="http:&#x2F;&#x2F;www.theregister.co.uk&#x2F;2015&#x2F;05&#x2F;06&#x2F;antivirus_testers_strip_tencent_of_rankings_after_tweaks_put_users_at_risk&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.theregister.co.uk&#x2F;2015&#x2F;05&#x2F;06&#x2F;antivirus_testers_st...</a>

<i>&gt; But transparency doesn&#x27;t magically reduce cheating or improve software quality, as anyone who uses open-source software knows. It&#x27;s only the first step. The code must be analyzed. And because software is so complicated, that analysis can&#x27;t be limited to a once-every-few-years government test. We need private analysis as well.</i><p>I&#x27;m skeptical of whether VW would have been caught any sooner, or would have changed their behavior, if they were forced to release source code; &quot;and then analyze&quot; is far easier said than done, especially with generated code (which is common in the automobile industry). I fear that if anything, forcing VW to release source code would have simply resulted in uselessly obfuscated &quot;generated&quot; code.<p>I&#x27;m skeptical of the proposition that taxpayers should take on the cost of analyzing reams of generated code without any context or documentation.<p>And finally, I&#x27;m skeptical that these calls for public access to source code are politically feasible, fair, or wise. The amout of intellectual capital that&#x27;s spent on ECU design is absolutely massive. I don&#x27;t see anyone in the tech industry calling on Congress to force Google or Microsoft to open source core components or reveal their software to regulators, even though vulnerabilities in their software could easily ruin or end lives.<p>It might make more sense to mandate that comapnies provide verifiable evidence that their safety-critical or regulation-relevant systems are properly designed, with a variety of avenues to compliance.<p>Releasing source code to the public and paying for at least one private analysis (to be selected by government regulators) would be one way of achieving this. This would probably be the easiest option for IoT companies (e.g. run-of-the-mill smart lightbulb manufacturers) whose source code doesn&#x27;t contain any particularly valuable IP. And this would also force companies to pay up when they release hopelessly obfuscated code.<p>But this also opens the opportunity for other paths to compliance which, if designed properly, could address the safety concerns of the public as well as the fairness&#x2F;property rights concerns of private entities. For example, one alternative path for companies whose IP concerns are legitimate could be use of formal methods. The regulation&#x2F;safety specifications could be open to the public for criticism, and would be far more readable than a dump of generated code. And a few regualtors could double check that a trusted formal methods tool verifies that the specifications hold for the software running on the car, at minimal cost to both the car company or the general public.

The audacity of claiming to &quot;search those who are responsible&quot;, the sheer hypocrisy of pretending that not every little requirement is fully traced in multiple tools and databases alongside the information who in the chain are the stakeholders and who has written the test specification and who has released the component shows that this group of confirmed whore mongers [0] will get away with everything here in Germany.<p>[0] <a href="http:&#x2F;&#x2F;www.welt.de&#x2F;wirtschaft&#x2F;article1708914&#x2F;Ex-VW-Betriebsrat-Volkert-muss-hinter-Gitter.html" rel="nofollow">http:&#x2F;&#x2F;www.welt.de&#x2F;wirtschaft&#x2F;article1708914&#x2F;Ex-VW-Betriebsr...</a>

&gt; Computer-security experts believe that intelligence agencies have been doing this sort of thing for years, both with the consent of the software developers and surreptitiously.<p>What ever happened with that thing a few years back where some in the OpenBSD community were claiming the FBI was attempting to insert a backdoor?[1][2] I was always surprised with how little media attention that seemed to get.<p>1: <a href="http:&#x2F;&#x2F;www.linuxjournal.com&#x2F;content&#x2F;allegations-openbsd-backdoors-may-be-true" rel="nofollow">http:&#x2F;&#x2F;www.linuxjournal.com&#x2F;content&#x2F;allegations-openbsd-back...</a><p>2: <a href="https:&#x2F;&#x2F;cryptome.org&#x2F;2012&#x2F;01&#x2F;0032.htm" rel="nofollow">https:&#x2F;&#x2F;cryptome.org&#x2F;2012&#x2F;01&#x2F;0032.htm</a>