The DMCA, Programmers And VWGate
Written by Mike James   
Thursday, 24 September 2015

The news is full of how VW cheated on emissions test, but it isn't focused on our, that is the programmer's, role in the entire affair and it isn't highlighting the way the Digital Millennium Copyright Act makes it difficult to detect such illegal action.

vwicon

 

The VW case has been well publicized but in case you've missed the news, the basic facts are that VW diesel-engined vehicles emit more Nitrogen oxides (NOx) than allowed by the legal limits. This was discovered not by standard testing but by taking two VW cars, a Jetta and a Passat, on the road complete with large exhaust analysis equipment in the back.

Why didn't stationary testing detect the problem?

For the simple reason that the engine management software had code to detect that a test was in progress and could change the way the engine operated to reduce emissions.  It isn't clear exactly how the software worked, but it has been suggested that it recognized a situation where the engine was run for a time without the steering wheel being turned as a sign that it was under static test conditions. Having detected this it switched into an emissions reducing profile. As soon as the car was back on the road a standard profile was restored to give better perceived performance. 

The cars passed the static test, but when on the road the emissions were 20 times higher than the legal limit - this is not a small difference. The Guardian estimates that the higher emissions in the US contributed between 10,000 and 41,500 tonnes of NOx, instead of the 1,039 tonnes permitted at the legal limit. If the same trick is being used world wide, which VW says is possible, then just short of 1 million tonnes of NOx would have been emitted. 

 

vwtesting

The testing setup for one of the cars (West Virginia University)

 

It is only relatively recently the NOx has become a concern. Earlier it was thought that very fine particles were the big problem and car manufacturers solved the problem with filters. Nitrogen Dioxide is the biggest problem because it causes inflammation of the airways and can combine with other pollutants such as ozone to cause other health problems.

Once cars and engines were a matter of hardware but today engine management computers are the norm and control is all about software. By writing a good engine management program, a coder can improve fuel efficiency, reduce emissions and generally improve the driving experience.

Now imagine that your job is to write such software and your manager asks you to modify your code so that it detects when the car is being static tested for emissions and suggests that in such a situation a lower figure would be good. Such a request is clearly unethical and it is also probably illegal - but do you agree to do it or do you lose your job? Clearly some programmers at VW decided that the game was worth playing. In fact, there are now suspicions that programmers in the automobile industry have been fixing the results of all manner of tests, including fuel efficiency, in all makes of cars. 

Could this be the single biggest incident of malware?

So how can the auto malware be detected?

By independent scrutiny, but this is where the Digital Millennium Copyright Act (DMCA) interferes, effectively banning any scrutiny. 

Section 1201 of the DMCA makes it a felony to tamper with DRM punishable by up to five years in prison and a fine of $500,000. This is designed to stop people from even examining the code that manufacturers create.

As we have discussed before, this also stops mechanics from modifying or in some cases fixing faults and detecting bugs. In the case of the VW emissions malware, the Electronic Frontier Foundation (EFF) for one has suggested the DMCA stopped the legal access to the code and hence stopped researchers finding the cheat earlier. It also reports that the Environmental Protection Agency opposed the exemption of engine management code from the DMCA because it opened the possibility that hackers could modify the code and break the environmental regulations that they enforce.

To quote the EFF blog post:

"When you entrust your health, safety, or privacy to a device, the law shouldn’t punish you for trying to understand how that device works and whether it is trustworthy. We hope the Copyright Office and the Librarian of Congress agree when they rule on our exemptions next month."

Software has changed many things for the better - cars and engines in particular - but it has also made them less transparent. When a gas pedal connects via a wire you can inspect it all you want. When it has a sensor and connects via a CAN bus to an engine management unit, inspection is not so easy - and is currently illegal under the DMCA. 

 vwicon

Banner


Visual Studio 17.12 Released Along With Aspire
25/11/2024

Visual Studio 2022 v17.12 is now available. The release can be used for .NET 9 projects and has a range of other improvements.



Edera Releases Open Source Container Benchmark And Scanner
07/11/2024

Edera has released Am I Isolated, an open source container security benchmark that probes users runtime environments and tests for container isolation.


More News

 

espbook

 

Comments




or email your comment to: comments@i-programmer.info

 

Last Updated ( Thursday, 24 September 2015 )