
EPA opposed DMCA exemptions that could have revealed Volkswagen fraud - tjr
http://www.fsf.org/blogs/licensing/epa-opposed-dmca-exemptions-that-could-have-revealed-volkswagen-fraud
======
mikeash
This is a good point wrapped in a fairly bad article. It conflates source code
with machine code, calls the rules "totalitarian," refers to the opposition as
"drones," and implies that VW only kept their software secret to hide their
scam, despite the fact that _every_ automaker keeps their software secret.

~~~
the_ancient
>> despite the fact that every automaker keeps their software secret.

And that refutes the point they are hiding their scam how? Just because the
other automakers were not caught (yet) does not mean they are not all doing
dishonest shit with their code

~~~
mikeash
OK, it doesn't refute that point if they're all cheating.

In that case, what refutes the point is simply that businesses usually keep
their code secret by default, and require some motivation to open them. They
may take advantage of closed source to do bad things, but those bad things are
not the _reason_ for closed source.

~~~
ethbro
In my experience, embarrassment is usually a larger motivation for keeping
code closed-source.

------
ChuckMcM
Not sure how much traction this will get but it is a good start. In particular
the 'bad building materials' meme, if it can be pushed, is easy to explain to
regulators. My brother-in-law tells me that, all civil and structural
engineers have to publish their models and analysis that proved to them a
material was "good enough" for the intended structure, we need to convince the
EPA and others that the source code for these integral pieces of our
infrastructure needs just as much transparency.

~~~
cmurf
Or, at a minimum, the ability to poke it with a stick to sufficiently
understand how it works under a wide variety of conditions, to a degree that
it probably constitutes reverse engineering. Right now that's not legal.

------
DannyBee
The worst part of this, IMHO, is that the EPA's motives are just stupid here.

First, they can already regulate and stop projects that _actually_ distribute
ECU changes that are harmful. They do not need the DMCA when they can fine
people heavily. If they fine a few people 100k, it's enough of a deterrent.
Even if everyone just runs these projects out of europe, you make examples of
a few _users_ in the US, and then the number of people who do it in practice
is so low as to be pointless.

Second, The likelihood that anyone has the time and energy to go and build ECU
software and flash it into their car is low.

I may bop around and read the source code and notice cheating, mind you, but
the barrier to entry on actually building anything and getting it into my car
is high (and I have a car where i have near-complete control of flashing
components)

~~~
BorgHunter
> Second, The likihood that anyone has the time and energy to go and build ECU
> software and flash it into their car is low.

I don't think this is true. There are plenty of enthusiasts who already do
exactly this kind of thing. A friend of mine had an aftermarket ECU installed
in his Mustang a few years ago. There's also the (idiotic) phenomenon of
rolling coal[0], which also requires at minimum altering some engine tuning
parameters in real time. Hackers abound in all walks of life, and this
includes auto enthusiasts.

[0]
[https://en.wikipedia.org/wiki/Rolling_coal](https://en.wikipedia.org/wiki/Rolling_coal)

~~~
DannyBee
Altering parameters i can do easily already, with the right cables.

DMCA does nothing to prevent this.

and as mentioned, you can just replace the ECU if you really want.

But i think both of these are significantly easier, and very different, than
_flashing new software onto the ECU_. :)

~~~
BorgHunter
My point was simply never to underestimate the ingenuity of clever people
working on something cool. If something cool is possible, then no matter how
impractical there's probably someone out there interested and dedicated enough
to make it work.

~~~
mikeash
It's a numbers game. There are always going to be some people who do this, but
how many? If 10% of people are hacking their car to violate emissions, that's
a problem. If it's one in ten thousand, that's pretty much ignorable. The
ultimate goal with emissions control is merely to keep the _total_ down. If a
few cars are blowing past the limits it doesn't really affect that.

------
Zigurd
There is little or no proprietary magic in ECU code. Publishing buildable,
verifiable code should be a regulatory requirement for ECUs, and probably many
other devices.

~~~
kaftoy
And you know that how? Magic sense? The code is full of implemented
proprietary strategies. Many technical patents find their implementation in
there. Who's mad to give up the source code for models researched after
investing millions in equipment and engineering, on a such competitive market?

~~~
Zigurd
ECUs are a function that maps sensor inputs to timing and other actuator
outputs. A handful of suppliers make them and provide the framework and tool
chain. Mere mi!!ions will buy you the dev seats and support from the supplier.
There is no scope for making magic with what's left over.

Next you'll tell me it would be theft to require voting machine makers publish
their code.

~~~
kaftoy
How do you know for sure the code you review really runs on the voting machine
on the poll date? How do you really know? You don't. You trust some regulators
who inspect the machine. Then let the regulators check the cars too. I imagine
tons of false alarms coming from the public (run out of fuel? open Safari,
submit bug report "car not runs").

~~~
Zigurd
> _How do you know for sure the code you review really runs on the voting
> machine on the poll date?_

This is exactly what requiring open code would address: Anyone can audit it.
Anyone can build it. Signing the build, you know what build was installed.
Independent observers can verify this, just as they can verify a count of
paper ballots.

------
task_queue
No one wants to publish their code because it is horrifically abysmal and
could open them up to further lawsuits if things go to shit.

Plausible deniability and the ability to say "it was your floor mats" beats
being liable for the deaths and injuries of possibly thousands.

------
Flenser
If the EPA really want to stop users from flashing new firmware onto the ECU,
why not require that code is open source, but must be signed by the
manufacturer.

------
happyscrappy
The article tries to shoehorn its issue onto what is clearly corporate greed
and an absolutely stunning lack of judgement. Would this cheat have been found
through the code? Who knows maybe, but the fact that VW went ahead knowing
their numbers were fake is unforgivable and almost unbelievable. It would
eventually come out.

