But Volkswagen earns greater attention here at this site because:
1) A critical mass of emptywheel readers are not familiar with the automotive industry, let alone manufacturing; they do not regularly follow automotive news. Quite a number are familiar with enterprise information security, but not car manufacturing or with passenger vehicle security. Many of the readers here are also in policy making, law enforcement, judiciary — persons who may influence outcomes at the very beginning or very end of the product manufacturing life cycle.
2) This is the first identified* multi-year incidence in which an automotive industry manufacturer using computer programming of a street-ready vehicle to defraud consumers and willfully violate multiple U.S. laws. This willfulness wholly separates the nature of this risk from other passenger vehicle vulnerabilities, ex: Fiat Chrysler’s hackable Uconnect dashboard computers or Nissan’s unprotected APIs for keyless remotes. (These latter events arose from inadequate info security awareness though responsiveness of vehicle manufacturers after notification may be in question.)
3) Volkswagen Group is the single largest passenger vehicle manufacturer in Europe. This isn’t a little deal considering half of all passenger vehicles in Europe are diesel-powered. Health and environmental damage in the U.S. from 600,000 passenger diesels has been bad enough; it’s taking lives in the tens of thousands across Europe. 75,000 premature deaths in 2012 alone were attributed to urban NO2 exposures, the source of which is diesel engines. It was testing in the U.S. against U.S. emissions standards which brought VW’s ‘cheating’ to light making it impossible for the EU to ignore any longer. The environmental damage from all Volkswagen passenger diesels combined isn’t localized; these additional non-compliant emissions exacerbate global climate change.
These are the reasons why Dieselgate deserved heightened scrutiny here to date — but the reasons why this scandal merits continued awareness have everything to do with an as-yet unrealized future.
We are on the cusp of a dramatic paradigm shift in transportation, driven in no small part by the need for reduced emissions. Development and implementation of battery-powered powertrains are tightly entwined with artificial intelligence development for self-driving cars. Pittsburgh PA is already a testing ground for a fleet of self-driving Uber vehicles; Michigan’s state senate seeks changes to the state’s vehicle code to permit self-driving cars to operate without a human driver to intervene.
All of this represents a paradigm shift in threats to the public on U.S. highways. Self-driving car makers and their AI partners claim self-driving vehicles will be safer than human-driven cars. We won’t know what the truth is for some time, whether AI will make better decisions than humans.
But new risks arise:
- An entire line of vehicles can pose a threat if they are programmed to evade laws, ex: VW’s electronic control unit using proprietary code which could be manipulated before installation. (Intentional ‘defect’.)
- An entire line of vehicles can be compromised if they have inherent vulnerabilities built into them, ex: Fiat Chrysler’s Uconnect dashboard computers. (Unintentional ‘defect’.)
Let’s ‘pick on’ another manufacturer for a moment: imagine every single Fiat Chrysler/Dodge/Jeep vehicle on the road in 5-10 years programmed to evade state and federal laws on emissions and diagnostic tests for road-worthiness. Imagine that same programming exploit used by criminals for other means. We’re no longer looking at a mere hundred thousand vehicles a year but millions, and the number of people at risk even greater.
The fear of robots is all hype, until one realizes some robots are on the road now, and in the very near future all vehicles will be robots. Robots are only as perfect as their makers.
An additional challenge posed by Volkswagen is its corporate culture and the deliberate use of a language barrier to frustrate fact-finding and obscure responsibility. Imagine now foreign transportation manufacturers not only using cultural barriers to hide their deliberate violation of laws, but masking the problems in their programming using the same techniques. Because of GM’s labyrinthine corporate bureaucracy, identifying the problems which contributed to the ignition switch scandal was difficult. Imagine how much more cumbersome it would be to tease out the roots if the entire corporate culture deliberately hid the source using culture, even into the coding language itself? Don’t take my word for how culture is used to this end — listen to a former VW employee who explains how VW’s management prevaricates on its ‘involvement’ in Dieselgate (video at 14:15-19:46).
Should we really wait for another five to 10 years to ‘pick on’ manufacturers of artificially intelligent vehicles — cars with the ability lie to us as much as their makers will? Or should we look very closely now at the nexus of transportation and programming where problems already occur, and create effective policy and enforcement for the road ahead?
* A recent additional study suggests that Volkswagen Group is not the only passenger diesel manufacturer using emissions controls defeats.