
Researchers Could Have Uncovered Volkswagen’s Emissions Cheat If Not for DMCA - panarky
https://www.eff.org/deeplinks/2015/09/researchers-could-have-uncovered-volkswagens-emissions-cheat-if-not-hindered-dmca
======
sandworm101
Examining, reporting, and eventually litigating the ins and outs of emissions
control software is beside the point. This could have been, was, detected by
measuring the junk coming out the tailpipe.

The thing to do is to allow researchers to test cars in realworld situations
and then actually listen to them when they report anomalies.

~~~
tremon
I think you are dangerously wrong on that point. Of course the EFF has an
agenda which colours their argument, but right now the DMCA is being used to
prevent independent scrutiny of devices that are essential to people's lives.

"Testing cars in real-world situations" is only a small part of a vehicle
testing procedure. Remember the Toyota uncontrolled acceleration thingy? That
was tested in real-world situations multiple times, yet still people died
because of it. Toyota had been succesfully dodging liability until they were
forced to open up their source code.

"Listen to researchers" is moot if the researchers are forbidden from
researching parts independently.

~~~
phkahler
>> I think you are dangerously wrong on that point. Of course the EFF has an
agenda which colours their argument, but right now the DMCA is being used to
prevent independent scrutiny of devices that are essential to people's lives.

How so? I think the EFF is going a bit off track here. They seem to imply that
source code is required for independent testing. If we assume that's true, who
gets to see it? How do they get to use it?

Emissions tests are circumvented by knowing the test conditions and/or
sequence and having software behave differently during the test. You can
either try to understand the software, or you can just change your testing
sequence. Which seems more reasonable?

Now what if China wants to see your code to verify compliance? And Germany,
and France, and every country to sell cars in.

~~~
tga_d
>They seem to imply that source code is required for independent testing.

That is most certainly NOT what the EFF is implying. They are asking for an
exemption to the DMCA, not access to anyone's original source code. When they
say "Automakers argue that it’s unlawful for independent researchers to look
at the code that controls vehicles without the manufacturer’s permission,"
they're not talking about "you should have a legal obligation to give us your
human-readable source code," they're talking about "You shouldn't be able to
sue us for copyright infringement when we analyze the firmware on our cars."
Car manufacturers argue that people don't really own cars, and that any
attempt to look at the software that manages them is in violation of the
DMCA.You can read more about it here:

[https://www.eff.org/deeplinks/2015/04/automakers-say-you-
don...](https://www.eff.org/deeplinks/2015/04/automakers-say-you-dont-really-
own-your-car)

The kind of thing the EFF is trying to legally access is already shipped in
every vehicle that goes to China (or anywhere), where they _don 't_ have the
DMCA and probably are already examining it - just not for our benefit.

------
olympus
On a slightly related note, here's a story from back when the EEPROMs for cars
were on DIP chips and slightly more hackable:

The old OBD I GM cars had a feature called "highway mode" which would lean out
your fuel mixture when cruising to give you better gas mileage [1]. The
downside was that your car had worse emissions. This feature was known to (or
discovered by) the EPA, and they forced GM to turn off the feature. GM did so
not by re-writing the fuel maps and cutting out all the highway mode code,
they just created a disable bit that kept the ECU from ever entering highway
mode-- the EPA was satisfied with that fix. People today with an EEPROM writer
(can get a cheap one for under $100), a bit of soldering skill and access to
the internet can remove the disable bit and give their car highway mode.

[1] first thing resembling a source: [http://www.thirdgen.org/forums/diy-
prom/408964-highway-mode....](http://www.thirdgen.org/forums/diy-
prom/408964-highway-mode.html)

~~~
rcthompson
How can you get better mileage but produce more emissions? I would assume that
emissions are proportional to the amount of gas used. If you're using less
gas, wouldn't you produce less emissions?

~~~
tadfisher
The stoichiometric mixture of air and fuel burns exactly all the fuel. You can
run richer than stoich (lower air-fuel ratio), which will produce more power
and run cooler, at the expense of fuel economy. You can also run leaner than
stoich (higher AFR), which will be more economical but combustion temperatures
will be higher and more NOx will be produced.

Throw ignition timing in the mix and you have a complicated balancing act that
engine designers perform in order to produce the ideal combination of power,
fuel efficiency, and emissions.

~~~
friendzis
Throw variable air intake, variable timings and injection patterns into the
mix and you get powerful, clean and efficient engine. Which leads to a
question whether this cheat by VW is intentional or a (possibly intelligently
executed) side effect?

Given the number of moving parts and man-hours of research required to get
everything right I am leaning in favour of the latter.

~~~
scott_karana
> Which leads to a question whether this cheat by VW is intentional or a
> (possibly intelligently executed) side effect?

Volkswagen directly admitted it was intentional. Moot point, at least this
time. :-)

[http://jalopnik.com/volkswagen-u-s-ceo-we-screwed-up-and-
wil...](http://jalopnik.com/volkswagen-u-s-ceo-we-screwed-up-and-will-pay-
what-we-1732165830)

~~~
friendzis
Well, I wanted to question whether they have found out their engines are
rather polluting and have invested extensively into developing such a cheat or
just found out (on two separate instances) that a) it is possible to detect
emissions testing and b) some engine modes have drastically lower emissions;
and simply put the dots on i and went along.

------
bart-is
I'm far from suggesting that companies should publish their code for everyone
to see, but one thing seems a little bit absurd. We require companies to have
their financials audited by independent auditors, but we don't require any
independent audits of their software which has potential to affect people's
lives.

Software will determine more and more aspects of our lives and we probably
should shift our mindsets of what areas should be regulated or audited.

There's lot of audit requirements in several areas which are intended to keep
customers and the environment safe. If you want to manufacture food, you need
to comply with food safety regulations and you will be subject to audits in
this area. If you want to manufacture pharmaceuticals, there's long list of
requirements and checks which are required. Even if you want to manufacture a
simple electronic device with some wireless communication, you need to have it
cleared by FCC. The list goes on. But nobody cares for your software. You can
be as malicious or as incompetent as possible and you're allowed to sell
products with software features or bugs which could take people's lives.
Nobody will care until there's something wrong.

The mindset here stayed in the 80s when software was considered spreadsheets
and similar stuff and not that important for real life. We got our food,
drugs, electronics and other safety regulations. In the age of software eating
the world perhaps it is time to think about software audit regulations.

~~~
rogeryu
> I'm far from suggesting that companies should publish their code for
> everyone to see

This would actually be a good punishment. If you screw up, you could be forced
to open source your code. If VW is serious, they could do such a thing. I
guess that Mercedes wants to keep its Formula 1 code closed, but for it's
normal cars it is a different case. The big car companies share so many of
their technologies and even complete cars, what's keeping them?

~~~
DINKDINK
>> I'm far from suggesting that companies should publish their code for
everyone to see >This would actually be a good punishment

No, it wouldn't. Want to sink you competitor?

1.) Pay a disgruntled competitor employee to deliberately sabotage part of
their code base.

2.) Finger the company to the feds.

3.) Watch as competitor's IP is opened sourced (non consenting open sourced
code) by feds as punishment.

~~~
pavel_lishin
If you're looking to sabotage a competitor where you have a saboteur, why not
just do (1), except at various other parts of their development/manufacturing
process?

Pay them to break their factory automation. Pay them to write code that
randomly increases fuel consumption. Pay them to write code that only allows
you to play Rick Astley songs during March.

~~~
logfromblammo
Because government is your force multiplier. If you have an embedded saboteur
doing direct sabotage, you can only do as much damage as one person can do. If
you have your saboteur conducting false flag crimes against the government,
you can do as much damage as one government can do, at a time that you may be
able to influence via quiet information leaks to the right people.

------
mikeyouse
I support the EFF with regular donations and definitely don't care for DMCA
but this feels like quite a stretch..

Most estimates put the number of lines of code in a new car at near 100
million, it'd be trivial for a company with intent to obfuscate the 'emissions
mode' criteria in a manner that would be completely invisible to researchers.

~~~
vvpan
I wonder what sort of code it is that it's that many lines. Is it lookup
tables, or real-deal code?

~~~
jzwinck
It's probably mostly real code, though cars certainly do use plenty of lookup
tables, starting from one of the earlier uses of computers in cars, the engine
control unit.

Modern cars have tons of things needing code:

    
    
      Power seats with memory
      Drive by wire gas pedal and cruise control
      Keyless entry
      Stereo system (auto volume by speed, etc.)
      GPS/Navigation (perhaps third-party)
      USB outlets for iPods, USB sticks for music
      Reverse-gear proximity sensors
      Emissions controls (oops!)
      OnStar-type services
      Cellular phone integration, e.g. mute on ring
      Lighting (DRL, smart cabin dimming)
      Traction control and ABS
      Variable suspension
      Dashboard diagnostics
      OBD-II
      Self-parking
      Windshield wipers (auto speed, rain sensors)
      Antitheft systems
    

I'm sure I've left out plenty, but even something "simple" like keyless entry
has a lot of features (integration with OnStar, alarm system, reprogramming
support for new remotes, ...). How many LOC do you think that entails? I
imagine at least 100K LOC (keeping in mind it's likely written in C or
similar).

~~~
InclinedPlane
Most of those are not part of the ECU code.

~~~
jzwinck
The E in ECU can mean Engine or Electronic. Which do you intend here?

~~~
InclinedPlane
You tell me. How is the answer not obvious in the current context?

~~~
jzwinck
Well the parent of the comment I first replied to said "Most estimates put the
number of lines of code in a new car at near 100 million." I took that to mean
total LOC in a car, not in an Engine Control Unit. But your comments to me
suggest you are talking about an Engine Control Unit. Forgive me, but it is
not obvious to me what you are on about.

~~~
mikeash
I think the point is that if you're talking about finding malicious engine
control activity, then talking about the number of lines of code for the
entire car is irrelevant, because all that matters is the code for the engine
control unit.

------
PinguTS
To be honest, that is pure populism by the EFF. I am a supporter of EFF and
against the DMCA. But that saying is BS.

There are many different ECUs within a car (about 40 in a current Volkswagen
Golf). Does EFF really thinks that someone would have found that issue, when
everything is OpenSource?

Nobody would have examined such things, because nobody would have been
interested in examining it, if it would be OpenSource. We have seen such
things in lots of OpenSource software, just reminding of the now legendary
Debian bug in the random number generator or Heartbleed and such things. How
long where those bugs present?

To find this wrongdoing by VW you don't need access to the car. Put a
measuring device to the pipe and drive around.

The question: why did the engineers implemented a detection of the test
environment? Because you need to. You just have to apply a little bit of
thinking your self. Such a car is equipped with lots of assistants like
traction control, like crash detection, and so on. In a test environment you
have your car running on a dynamometer or alike. That means the car detects,
that 2 wheels run at 30 mph while 2 wheels are standing still and there is no
acceleration. The car now has to classify that situation. The car has to
decide if the front wheels are just spinning in the mud and traction control
must be applied, or is it a valid situation. So there are lots of those things
you have to consider during development and which are valid use cases. Of
course this should not be misused.

~~~
mkesper
Those tests should also be abolished. We all know cars are relatively economic
if you're able to ride them at 50km/h constantly. This has nothing to do with
real life.

~~~
PinguTS
Yes and no.

Yes, it makes no sense to use them for real world.

No, they provide a comparable environment to compare different models and
different OEMs.

It is the same difference like conformance testing and performance testing. A
piece of software, a device, a system can be conform to a specification, but
can have different performance in different situations.

------
EvanAnderson
Source code for slot machine firmware is open for regulator scrutiny. Human
lives aren't directly at stake, but apparently gambling rises to the level of
importance that such scrutiny is accepted.

How is is acceptable that automotive firmware, an application in which human
lives are directly at stake, doesn't rise to that level of importance?

~~~
GuiA
Slot machine manufacturers don't have anything to hide, as there is nothing
malicious about their software - it's programmed to mathematically make the
players lose money most of the time, but everyone already knows that. Thus
they have no incentive to fight against their firmware being open for
regulator scrutiny.

Automotive manufacturers, on the other hand, have very good incentives for
their firmware not being open for regulator scrutiny, as the recent events
have shown...

~~~
pc86
I mean, yes, but that has nothing to do with the comment to which you're
replying and doesn't come close to answering the actual question posed.

~~~
GuiA
Huh, what? The commenter is asking why one industry is open to regulator
scrutiny and the other isn't.

My reply covers why lobbyists from one industry might have incentives for not
being open to scrutiny, while lobbyists from the other industry might not.

I'm not answering literally the question "why is it acceptable..." because
that's not the real issue at play here.

------
dsuth
I'm surprised that the EFF would suggest going to the level of having
companies publish their code. A huge number of manhours goes into developing
the software that runs a car, and a significant amount of IP is tied up in it.

Forcing vendors to release software would allow competitors to steal it
outright, and open up the entire industry to a massive set of lawsuits. I
don't think that's a very beneficial outcome.

As someone who works in a technical safety auditing role, I strongly doubt
that NDAs would preclude the widespread release of this software. I have a
hard enough time convincing vendors that the lifecycle documentation they are
already mandated by law to provide, should be provided. This is just
unrealistic.

~~~
scrollaway
Force one, force all. The side effect being that if another manufacturer
steals and reuses code under NDA, that'd show up as well.

Calling it "unrealistic" is unrealistic. These companies are not anybody's
pet, to be loved and hugged and cared for. We should ask them to release their
code, at least to regulation agencies under NDA, because otherwise _they harm
the health of millions of people for the sake of passing regulations_ , like
in this very case. Don't know about you but I'm in no mood to give them a free
pass on this and on top of that, worry about "oh but those poor SOBs, what
would they do if their NDA'd code would get leaked"...

Sorry, this is a bit of a hostile answer and it's not meant to be - this
entire ordeal is enraging... and I don't see why we should preemptively defend
their rights to make money off our own health.

~~~
dsuth
Don't worry, I'm just as furious as you are! I want realistic solutions
though, and I don't think forcing vendors to open their source will fly.

For one, you will never force all vendors to comply, as some are completely
outside of the jurisdiction, like China. Secondly, even if you did force
vendors to comply, you've just given any new startup a _massive_ leg-up on
R&D, which the existing vendors discounted for them.

I don't think it's realistic, and there are already methods by which the code
has to be reviewed externally, at least in principle. I want to improve the
existing processes, not move to a new model.

~~~
scrollaway
> Secondly, even if you did force vendors to comply, you've just given any new
> startup a massive leg-up on R&D, which the existing vendors discounted for
> them.

Real talk here: Is that such a bad thing? Why should new companies have to
deal with problems humanity has already solved?

~~~
dsuth
Because this completely dis-incentivises companies to spend money developing
features in the first place, and makes it impossible for them to recoup the
sunk cost of development over car sales, since they're competing against
companies who did not pay those costs.

It's completely unsustainable.

~~~
scrollaway
It seems to me what's unsustainable is relying on a system built on trade
secrets. Something we quickly moved away from in the software world, which has
greatly accelerated development, been mutually beneficial to everybody, and
certainly hasn't been "unsustainable".

I remember someone comparing, on HN, what "closed source" is to science to
what ancient guild secrets were to alchemy. Are guild secrets any more
sustainable than closed source?

------
userbinator
I think that if emissions tests are distinctive enough from normal driving
that they can be detected, they're not representative of realistic driving
conditions. It's like microbenchmarking.

~~~
throwaway2048
its highly likely the firmware is tuned specificly before the test events.

~~~
hliyan
It's a lot worse than that:

"Only then did VW admit it had designed and installed a defeat device" that
purposely lowered emissions while a vehicle was being inspected, the agency
said. During regular driving, emissions would return to as much as 40 times
the level of pollutants allowed under clean air rules.

[http://www.reuters.com/article/2015/09/21/usa-volkswagen-
idI...](http://www.reuters.com/article/2015/09/21/usa-volkswagen-
idINL5N11R0TU20150921)

------
cmurf
The primary code needs to be published, and the publication kept current
(versioning). I don't know what kind of open source license is well suited to
this that also limited reuse and use modification since those things can open
a liability can of worms potentially. But the idea that code applying to the
primary control functions of an automobile cannot be known (is not published
and cannot legally be reverse engineered) is just a bad idea. Consumers are
injured, the environment is damaged, and arguably even a bunch of shareholders
and national pride are damaged because none of the participants had a say in
VW's decision. Well, they get a say if the code is published.

User apps and UI/UX code I'd say can probably be proprietary, closed, and not
published.

~~~
dsuth
> But the idea that code applying to the primary control functions of an
> automobile cannot be known (is not published and cannot legally be reverse
> engineered) is just a bad idea.

Why is it a bad idea? Do we know the code base of airplanes? Critical
infrastructure, like power and water plants? How about military software that
controls missile guidance?

The answer isn't to open source everything and let programmers sort it out. We
have regulatory and safety boards specifically to counter the issues around
public safety that software in critical applications causes. A huge amount of
time and money is spent developing standards, and verifying and monitoring
compliance with them.

Obviously these processes are not always perfect. In this case, it will be
interesting to see how far the corruption necessary to include a pollution-
defeat spreads. But throwing out the whole process and just publishing code in
its place is not a reasonable solution. More stringent black box testing by
experts could have caught this issue far sooner.

~~~
venomsnake
>Why is it a bad idea? Do we know the code base of airplanes? Critical
infrastructure, like power and water plants? How about military software that
controls missile guidance?

I OWN my car. I do not own nukes and powerplants yet. My evil genius lair is
still under construction.

Ownership should come with reversal rights, rooting, reflashing, modifying etc
for this one unit I bought.

~~~
dsuth
By purchasing a car, you purchase an end product, which is designed to be
suitable for your purposes. You don't purchase rights to a million manhours of
software, free to do what you will with. If companies had to amortise the cost
of code development over the cars they sold, you would end up paying a lot
more for 'your' car.

~~~
venomsnake
Actually I do purchase it. I don't purchase the right to redistribute it. But
I totally own the right to modify my car however I see fit as long as it is
road legal. Part of it being mine.

~~~
dsuth
Are you serious? Absolutely not. Unless you can show that you are competent to
modify safety critical software, and have a certified process in place to do
that, it would be illegal for you to modify the code, and you would be
personally liable for any accidents caused by such a modification.

You would also require the full lifecycle documentation to allow you to
understand the impact of any modifications you make, and be required to do a
full impact analysis to prove that any modifications you make do not reduce
the integrity of the existing safety functions.

That's completely ignoring the vendor's configuration management requirements
(which you can't do).

This the whole point - devices run by software systems are too complex to be
modified by a layman. There are very detailed, statutory processes and
requirements around the development and modification of software in safety
critical applications, and you absolutely cannot modify it just because you
bought it.

~~~
hvidgaard
>Unless you can show that you are competent to modify safety critical
software, and have a certified process in place

> require the full lifecycle documentation to allow you to understand the
> impact of any modifications you make, and be required to do a full impact
> analysis to prove that any modifications you make do not reduce the
> integrity of the existing safety functions

Car manufacturers does not use formal verification, even though it exists, and
would be able to give hard guarantees about safety and the like. And given
recent history about analysis of code that resulted in run away bugs, I, as a
professional developer, are completely confident that few if any manufacturers
do the above. They have an extensive testing procedure, surely, but they're
not trying to avoid the bugs earlier in development, nor try to enforce a
coding style that reduce the risk of bugs.

But besides that point, many people are not arguing that they should be
allowed to tinker with safety settings and drive on the road. That would be
illegal, just as it is illegal to remove the lights and drive at night. But I
as an owner of the car, should be able to see and change that code for
auditing purposes, or use on a closed road. If the entire system of the car is
open, it is also trivially easy to compare the running code with the version
supplied from the manufacturer and see if any modifications have been made.

~~~
dsuth
European car manufacturers are required to develop safety critical software
under ISO 26262, which is a derivation of IEC 61508, which absolutely does
require formal verification and validation activities.

If you change the code outside of the development process, you could
unwittingly compromise the safety of the vehicle. The manufacturer is required
to use access controls to prohibit people from changing the software for
exactly this reason.

~~~
hvidgaard
ISO 26262 does not to my knowledge require formal verification, and some
googling around seems to support this. Without access to the actual
specification I cannot find out exactly what it requires.

~~~
dsuth
So you don't know what's in the standard, but you make assertions and continue
to support them? That's a fairly disappointing level of discourse for HN. It
requires a very similar software development process to all other functional
safety standards, in which verification and validation are key steps.

Here is a paper from Mathworks describing verification and validation
according to ISO 26262:

[http://www.mathworks.com/tagteam/71300_1D-4.pdf](http://www.mathworks.com/tagteam/71300_1D-4.pdf)

~~~
hvidgaard
I know how ISO standards are implemented in two unrelated fields, that was
really the basis for my comment. Besides, I am now certain that it does not
require formal verification, as several companies sell products that support
formal verification as a mean to pass the verification part of the ISO.

I'm not going to pay for access to the standard just for a comment on HN.

When you say European manufactures are required to follow this, what about non
European manufactures?

------
lordnacho
Perhaps one could take a page out of financial regulation, where banks need to
calculate risk.

According to this article in the Economist, the Fed runs certain stress tests
without exposing the inner workings to the banks:

[http://www.economist.com/news/finance-and-
economics/21665039...](http://www.economist.com/news/finance-and-
economics/21665039-regulators-are-taking-firmer-stand-how-banks-gauge-risk-
whose-model-it)

If people are afraid of releasing the car's code, the agency doing the
emission testing could make it a bit less obvious when the car is being
tested. That would make it harder to cheat.

~~~
throwaway7767
> If people are afraid of releasing the car's code, the agency doing the
> emission testing could make it a bit less obvious when the car is being
> tested. That would make it harder to cheat.

I'd say requiring the release of all source code involved in or connected to
control circuitry in the car (i.e. anything other than in-vehicle dash systems
that are completely isolated from CAN, etc.) would be reasonable. The safety
concerns outweigh any proprietary benefit to the companies involved.

It would also create a lot of pressure for the manufacturers to actually
isolate the non-critical value-add parts from the critical keep-the-car-
driving parts, which would increase security.

------
natch
Dear Internet, can we have Lawrence Lessig as Librarian of Congress please?

~~~
mlinksva
No but
[http://www.slate.com/blogs/future_tense/2015/09/10/brewster_...](http://www.slate.com/blogs/future_tense/2015/09/10/brewster_kahle_creator_of_the_internet_archive_should_be_the_next_librarian.html)

------
dzhiurgis
More then few times I could smell some distinct smell that some diesel cars
produce, which reminds me something.

When I was a kid I've traded with someone on IRC to get some HNO3 with plans
to make... dynamite. Few weeks later, the lid of mason jar rusted thru and my
room had this distinct smell. I doubt that is NO as I would probably be dead
now, but coupled with all the experiments involving nitrates I probably do
hold more nitrates than usual.

------
doki_pen
Does anyone know how the cheat worked? Did the computer detect it was under
test mode and run worth less emissions?

------
jlebrech
don't they dyno at the same time as testing emissions, wouldn't that have
shown up on the test that the car was in eco mode?

------
shmerl
It's time to axe DMCA-1201 completely.

------
cromwellian
If the DMCA doesn't take care of it, there's always the right to be forgotten.

