The recent scandal at Volkswagen presents a fascinating story about the insidious use of software.
In
case you missed it, the story is this: it was recently discovered that Volkswagen
had installed software inside at least 11 million vehicles that was designed to
fake out the US emissions control test. Supposedly the cars, when running
normally, would fail this test, but the software could detect when it was being
tested and would essentially force the car into compliance only for the duration
of the test. (The technical term for falsifying test results is “cheating”.) Volkswagen
has of course been publically humiliated by the revelation and the CEO has
resigned in disgrace (though he might not have personally know about the
software). All the cars are being recalled to have this fixed.
We
all know that today’s autos are heavily loaded with control and diagnostic
software, and this makes them susceptible to both design flaws and failures on
the one hand, and external intrusion and hacking on the other. That cars can be
hacked by a determined attacker has been well known and talked about for a long
time. Google “automobile hacking” and you’ll see what I mean. From cars to air
traffic control to pacemakers, the rule is this: if it has software and can be
accessed externally, it’s vulnerable to a hack. The prospects of someone
hacking into a pacemaker (yes it’s possible and you can find out how on the
internet) are dismaying in the extreme – but that’s not the subject of this
blog.
What’s
disturbing about the Volkswagen story is that a major corporation deliberately used
software to deceive its customers and its oversight bodies (US regulators who
set emissions standards). The Volkswagen story is less akin to automobile
hacking and more like Bernie Madoff’s doctored computer output that he used to
hoodwink his clients.
Except
that Bernie Madoff was just a sleazy Ponzi operator in a $3000 suit, abetted by
two software developers who slid down a slippery slope from corporate cubicles to
prison cells. VW on the other hand, is a $220 billion a year multinational corporation.
Whatever they did was done on a massive scale, by a large number of people and
with far-reaching results – including both increased pollution from VW autos,
and an immeasurable amount of brand damage to a major company.
The
story also tells us something about the increasing complexity of systems, and
the difficulty that customers and regulators face in understanding or policing
them. With systems like this routinely running to millions of lines of compiled
code, who can tell what is happening under the hood? (The NY Times estimates
that high-end cars today contain over 100 million lines of code.) Flaws and deceptions
have likewise been discovered – sometimes tragically – in medical systems and
factory control systems. Many more may be lurking undetected, whether introduced
by mistake or malicious intent. It almost doesn’t matter (although of course it
does).
One
proposed solution to this challenge has been the idea of forcing auto makers
(for example) to make all their code open source. Although this would devalue
or destroy what they undoubtedly consider a competitive advantage, it would
have the benefit of transparency: public scrutiny brings a lot of eyeballs of
oversight to the game.
The
term “black box” has long been used in the computer industry to describe a
piece of hardware or software that performs an important function, but the
inner workings of which are unknown and impenetrable. We are today surrounded
by countless black boxes. We don’t know how they work, but we have no choice
but to rely on them. The software under the hood of the Volkswagen was just one
more in which we had to place our trust. When that trust is betrayed, we’re all
at risk.
The VW scandal was well-covered by the NY Times, particularly here.
1 comment:
Great topic but it is so big it's almost impossible to grasp all the implications. I believe the biggest one is a warning about an unfettered free market. It is trendy these days to espouse the evils of big government and over regulation. Well here is a consequence of those two policies. The U.S. has the most stringent vehicle emission requirements in the world. In order to meet those requirements, Volkswagon had two choices. They could either invest in research to discover innovative ways to meet the requirements, or they could spend their intellectual capital on how to get around the requirements. A company invested in society monitors itself and chooses the former. A company invested only in profit over society chooses the latter. Volkswagon chose the latter.
One can also ask why this wasn't caught by the EPA for over 6 years. This is the single most frequent question asked of Quality organizations in most every business on the planet. I know I've been asked this more times than I care to remember. Well my answer was the same as the EPA's answer. After year on year of budget cuts in the name of small government and deregulation, there was not enough resource available to actually test the cars in the real world, on the road. In fact there wasn't enough resource to test the cars at all! The EPA relies on the auto manufacturers to conduct the tests and then simply reviews the results.
My conclusion is that I hope both government and business get back to thinking first about the citizen/customer and second about how much they can increase already obscene top management pay. And I know, I'm living in a dream world.
Sigh!
Post a Comment