Slashdot Mirror
Toyota Black Box Data Is More Closed Than Others'
wjr writes "Many cars these days contain black boxes that record information (speed, accelerator position, etc) and can preserve information in the case of an accident. Ford and Chrysler say that they use 'open systems' so anyone can read out the data; General Motors has licensed Bosch to produce a device capable of reading its cars' black boxes. On the other hand, Toyota has only a single laptop in the US capable of reading its cars' black boxes, and generally won't allow the data to be read without a court order. Honda seems to have a similar policy. This is emerging as an issue in the investigation into unintended acceleration."
Wouldn't it be grand if the guys who hacked Ubisoft's latest game took on this challenge instead?
And it would be covered in extra-special awesomesauce to see the code posted to SourceForge.
John
The Japanese are protecting our privacy!!! What are you, thick?!
Hehehe.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
I knew that and is MAIN reason I bought Toyota.
Toyota still has to comply with inserting RFID radio emitting 128 bit GUIDs from devices hidden in passenger and truck tires sold on cars in USA though, and these are used forensically when recorded on major interstates using wires grooved into the pavement by the FBI. The T.R.E.A.D. act.
The usa does enforce police , insurance company and EMS (any authority really) blackboxes on trucks, even toyota trucks, so this article is misleading. Passenger fleet is immune from big brother chips that record and only stop recording if airbag deployed.
Corvettes have 4 backup snitch chips, with 2 embedded DEEP in foam of dashboard, impossible to cut out with a knife and if wires snipped nothing runs.
We can all blame Audi cars in the 1980s. They lurched into intersections from females who drive with TWO feet, one on brake, one on accelerator. This female habit reuslted in many intersection lurch accidents. Drivers blames the car engines. Ironically no audis lurched forward into traffic when at rest when driven by males. Nevertheless, that is motivation when spy blackbox chips started getting inserted.
My last car was SPECIFICALLY selected as toyota because of their privacy rules on recording recent top speed, and max speed to chip for accident investigation or criminal charges.
This is proving to be an ongoing public relations disaster for Toyota. If they don't take meaningful action, vastly exceeding the expectations of the public, a well-respected brand name's reputation for safety/reliability is going to end up in the trash. Releasing the interface to read the black boxes contents (in read only mode) would be a good start. I don't say this as a geek who has a fetish for tabulating acceleration data, but as a nervous driver.
Yes, Toyota could be sued, but it's going to be sued anyway. Evasion won't change the outcome of the law suits, but it will go a long way to restoring their brand's reputation.
Lol @ the recent mysterious deluge against Toyota.
I prefer having breaks, steering, and not having an accelerator stick to the floor.
It seems like it was only yesterday when people were complaining that the black box data was there in the first place. Then came along the complaints on how it was being used against people in courts and in accident investigations. Then the complaint was that only certain people could get the information and you couldn't get it to clear your name or anything- even in one case where I believe the prosecutor got the information and decided it was worthless and tossed it (may be wrong on that).
Now, it seems that everything happening that would have caused a complaint is good and those not allowing it to happen is bad. Go figure.
Toyota sees only loss potentials in making an open access EDR, since more data provided in crashes means more potential liability. Therefore, they encrypt it and make it only available by court order.
Pure business (you know, excluding the human factor as usual).
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Absolutely *no* car manufacturer has your best interest at heart. Not Toyota, not Ford, not GM, not a single one of them.
Who made the SUVs that literally jumped off their tires and turtled at so much as a harsh look? Who made trucks and thought it was a brilliant idea to mount the gas tanks *outside* of the frame? Who made cars that exploded when they were nudged at the backend? Which car manufacturer computes the costs of killing some of their customers vs. spending a bit more to make each vehicle safe?
It's not just Toyota. But, today, with the US government being the largest shareholder in GM, I would bet that life for Toyota is going to get really bad.
Toyota ... generally won't allow the data to be read without a court order.
All it takes is a court order. So essentially the only thing slowing the investigations would be an unwilling Federal government.
'Political power grows out of the barrel of a gun.' - Mao Tse-tung
is their new jingle..
For justice, we must go to Don Corleone
Chill out, they only need a court order and seems the USA Federal Government is always good at giving these ones away.
No need to "hack" the box or anything like it.
kyuteSetebbeJiobs-san, Ohayoo Gozaimasu.
It's just "toyota-san," not "Mr. Toyota-san." Saying "Mr. Toyota-san" is like saying "Mr. Mr. Toyota." Of course, we might have a lot to learn from Toyota-san, so we might want to call him/her/it Toyota-sensee.
Arigato,
Nihongo no grammer nazi
P.S. this is intended as a joke and not designed to offend.
Responsibility is an addiction
Virtue is a temptation
Community is a cartel
You would not need to hack the black box if Toyota -- and, for that matter, Japanese society -- put more value on openness and humanity. Though Japan is mostly a Western nation, the Japanese still retain some distinctly Asian features. They include secrecy, devaluing human life, etc.
So, the Japanese engineers at both Toyota and Honda naturally created a closed black box that only their engineers can read and decode. So, naturally, given the same kinds of defects, the Japanese government is less likely to demand a recall than the American government. So, naturally, Toyota works their engineers to death: "death by overwork" killed numerous engineers and salesmen during the 1980s and 1990s.
Yet, unlike other Asians, the Japanese do try to be Western. So, Tokyo -- following the lead of Washington -- has now toughened its language against Toyota. Tokyo, like Washington, is investigating the problems in both the braking system and the throttle system.
Closer to home for most of the techies on Slashdot is the initiative for the Restriction of Hazardous Substances (RoHS). RoHS is an idea that was first promoted and enforced by the European Union. RoHS is a requirement that electronics manufacturers must minimize or eliminate use of some dangerous substances like lead.
The EU did the courageous step of enhancing the value of human life. Japan followed the lead of the Europeans and now also abides by RoHS rules.
Japan is Western but still must learn from the rest of the West.
Hah. In most cases "voluntary" means doing something with a gun to your head.
Want insurance (which you're required to have)? Better "voluntarily" open up that black box data.
Want to not be arrested? Better "voluntarily" open up that black box data.
Want to get your emissions checked? Better "voluntarily" open up that black box data.
Want to get a license for that car? Better "voluntarily" open up that black box data and let us connect it to an auto-ticketing device.
And so on....
The problem is a lot of "voluntary" things quickly become non-voluntary (i.e. forcibly waived) if you are to get standard services.
Your car is in a fender bender, or maybe you just bring it in for an oil change. Unless the police and courts are involved, you don't want the repair shop or garage downloading the data and notifying the DMV/insurance companies/performance-parts vendors if they detect that you've been driving over the speed limit. It's just like you want all the data on your hard drive encrypted, in case you have to ever get your computer repaired, since the repair shops always scan the hard drives for pr0n and anything else interesting they can find.
MOD PARENT UP. Thanks for saying that.
I was talking to an acquaintance at Daimler who heads a programming project for Daimler trucks. The number of processors and lines of code in a Toyota is wildly exaggerated. The actual figure is somewhat the same as in Mercedes-Benz automobiles.
Another thought: I'm guessing that this one Slashdot story will cost Toyota at least $10,000,000.
Multiply that by the hundreds of stories in other publications.
Here's how it could work:
1. Using an Ethernet jack provided by the car, you use HTTP to grab an encrypted blob. This contains the data, including a timestamp and the VIN.
2. Upload the blob to Toyota's web site. They decrypt it and store it forever.
3. Download the decrypted blob.
Download can be limited to the uploader by default, with other people only able to see that it exists. If you want a copy and you didn't perform the upload, simply get a court order.
I'm guessing that Flight Data Recorders are mandated by law for commercial aircraft. I would say that the information that they have provided over the years has been very helpful in improving the safety of air travel.
How many people were killed last year in aircraft accidents? Hundreds would be my guesstimate. How many in car accidents? Tens of thousands would be my guess. If there are a lot of people being injured in car accidents then it would seem very useful (from an economic retrun on investment perspective) to start making data recorders both mandatory and have them record specific information in a published standard format, with the goal being to better understand accident causes and improve auto safety.
Can we stop with the boring Toyota FUD articles and get back to being Slashdot? This is getting annoying. Thanks!
...namely that million-dollar reward for finding the cause of unwanted acceleration is probably fairly safe if nobody will reveal their source code.
It would be interesting if this flushed a few Real Programmers out of the woodwork, but most of them are in retirement, fly-fishing for salmon by now.
got a crashed Prius to hack? If we can break DRM in a day.....
Will Toyota stop at nothing?!
Man blir trött av att gå och göra ingenting.
So now Toyoa is being "accused" for using propietary software. It wasn't a long time ago when I read about some US association to declare open software "communism" and "hazardous to capitalism".
I would love to see a court case where Toyota will sue National Highway Traffic Safety Administration due violating DMCA when trying to pry the data out from the Toyota black boxes.
That'd be irony.
BTW: My sympathies are on victims' and their families' side. I am sorry for their loss.
BTW2: And in my opinion there should be an international law for making black boxes both obligatory and open format (not even tied to single company solutions like Bosch).
Actually, the Toyota data is not encrypted at all. It is simply saved in plain text Hiragana...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
It's a recording device in the car intended for accident diagnosis, nothing else. Like the cockpit voice recorder in an airplane. If the car was equipped with a required-by-law voice recorder, and my spouse or teenager drives the car, I wouldn't be entitled to listen to their recorded conversations after the fact. This telemetry recording thing doesn't record conversations but it's still considered private data. It's accessible through a court order if necessary, and that's good enough.
All it takes is a court order. So essentially the only thing slowing the investigations would be an unwilling Federal government.
You're obviously new to how a "court order" works. If I'm in a lawsuit involving my Toyota, and I want data from my Toyota, I can get a court order for my Toyota. However, if in that same lawsuit I try to get a court order for every Toyota, Toyota the corporation is going to appeal any discovery order that it turn over all of the data from all of its cars, or even all of one model from one model year. It will appeal, and it will win. If you disagree with me on this, go sue your insurance company for a denied claim and then try to get access for all of its records of similar claims. It's simply not going to happen. As a practical matter, assuming that you could get an order for all of the EDR data, that doesn't mean much. If Toyota only has had only one laptop in the U.S.A. capable of reading the data and Toyota will only read the data with a court order, then for all practical purposes the data from most Toyota crashes is never recorded. It's just gone because there has been no physical way to record all of that data.
"There's only one laptop in the entire U.S.A. capable of reading the data" sounds like some very good lawyering to me. Toyota should have a company-wide "Hug Your Lawyer Day."
Make love, not reality television.
I can see how this is a GOOD thing to some people, though. Thinking of the privacy concerns, obviously. If you were at fault in an accident and you had a ford/gm/etc the insurance companies would own you in a day of reviews. Now if you had a Toyota / Honda, have fun ... delaying the game for as loooong as possible. Nice for the criminals, not for the general public in cases such as this, though.
That's interesting. Perhaps openness is related to quality... When Toyota's quality was high (back in the '90's, they used industry standard computer interfaces). Back then, Ford and GM were both pretty shoddy and they used proprietary software. Now, Toyota's quality definitely has dropped off (I saw it back in 2002 when a friend bought a new Celica and my decade older MR2 was higher quality) and they've gone proprietary. Ford and GM quality has definitely improved, and they've gone open... Hmmm. Coincedence, perhaps...
I'm happy that Toyota is taking data security and privacy seriously.
I believe that Toyota's obstinence to providing such information to the concerned parties in the light of such serious safety issues is the result of a serious language barrier between Japanese and American English. Someone should provide the Japs with an accurate explaination of the following important sayings and terminology:
1) "We will screw you to the wall in a court of law",
2) "Gorilla Lawyer assrape",
3) "Pound me in the ass prison",
4) "Contempt Of Court",
5) "There is another nuke headed your way, in the form of a lawsuit",
6) "You don't have a choice",
7) "We're not in Japan",
8) "Supoena",
9) "De-listing"
and last, but certainly not least,
10) "North Korean Menace".
I believe that the clarification and explanation of the aforementioned terms would lead to the speedy resolution of the problems that are currently occurring with the Toyota Motor Corporation and it's products.
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
Back in the old days, pretty much everything was mechanical, so you could feasibly dissect your car and see how everything worked. Now with computers, machine code, and embedded systems handling so many critical operations in your car, this has changed. Computers are much harder and practically impossible for engineers (who don't have huge budgets and laboratories) to dissect and reverse engineer. If the code were exposed, then it would be orders of magnitude easier for people who don't work at Toyota to figure out what is going on with unintended acceleration. It should be clear to lawmakers that:
1) All the code used in an automobiles or other system that can potentially threaten public safety should be required to be open source. All companies need to be subject to this law, not just Toyota. That way the code can be reviewed and studied by anyone who is interested in knowing how the systems work that they trust their lives with work. The law should apply to software driven (or hardware like microcontrollers and FPGAs that is flashed with software) medical devices or any code whose development is funded by taxpayer dollars. There should be some exceptions, such as software used in military applications. Don't want the enemy to have that. Bottom line in this case: we need to pass laws to force all automakers to publish all their code online so it can be peer reviewed by the people who use it.
2) The interface to automobile computers should be a widely used standard such as USB, not some proprietary interface that only 1 laptop in the USA can use. I should be able to just insert a USB stick in my car, wait for my car to download all the black box data, engine diagnostic codes, etc onto my USB stick in CSV (or other easily readable) files. Then once a light on my dashboard turns off, I'll know its safe to remove my USB stick so I can open up the files on my computer.
I'm sure Toyota merely doesn't want people to find out that when their software crashes, it is designed to do so as thoroughly as possible.
See this old CNET story Rocky road for car 'black boxes'.
Toyota's lack of openess about data that imperils individual privacy is no skin off of my back. If Government Motors wants to penalize Toyota for it, perhaps it should be mentioned that mandating car electronics more accessible is a bad idea. Look at how Google got hacked by China.
#-#
Ad Astra Per Aspera
A rough road leads to the stars
How much is really being saved by not having linkages to the throttle body? How many more models and manufacturers are going to be affected by funky electronic throttle controllers? What the hell happens when the pots get dirty?
--- Do you believe in the day?
It will soon be mandated by law that *ALL* parameters logged must be stored in a standardized, openly readable format.
It will also be mandated that in all "drive by wire" automobiles, that if something goes haywire with the ECU system that an override kill switch must be on the dashboard in plain view and easy access of the driver that will force the transmission to go into neutral and the engine to go to idle no matter what any computer onboard the car is telling the engine and transmission to do. The kill switch will have to be designed that it is not merely an input to a computer, but is an actual hardwired physical control not dependent on any computer or computer-like circuitry to perform its function.
Look for similar kill-switch function to also be mandated so that the police can remote-shutdown any vehicle they wish.
Look for further future laws that outlaws operating any older cars that don't have remote-kill capability.
I think he meant worldwide, in which case he would be an order of magnitude off.
However, if it is on I want to be able to read the data.
The only reason I should not be allowed to turn it off is if:
1) if I'm not the owner
2) if my insurance company has offered me a choice: Pay $FAIRANDREASONABLE and turn it off or pay $SOMEWHATLESS but leave it on and I take the discount. This is similar to my choice to use an anti-theft device.
I would also make an exception that I could not legally defeat any tamper-evident technology - if I have it on, it should be tamper-evident to prevent fraud. I could turn it off, I could tamper with it, I could load my own software, etc. but if I did, it would no longer be "certified" or usable in court.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Maybe I am confused. Hasn't this already been done by the after market chip makers?
http://www.performancechipsdirect.com/ Just one of many makers I found.
Car nuts have been hacking cars much longer then hackers have been hacking software.
Is he strong? Listen bud, He's got radioactive blood.
On board diagnostics or OBD II is what every car (AFAIK) uses for it's control system. It's CANBUS at it's heart and it's an open standard that is easily downloaded from the internet. Even if black-box data is not part of the OBD spec, certainly everything that goes on the wire is. I would think an enterprising hacker could make good use of the OBD spec.
Regards,
Jason C. Wells
I think both opposite opinions are true.
Vehicle computer systems are complex, yes.
However, the systems are sensibly divided. There are maybe 15 in a top-of-the-line vehicle, each with its own processors, sensors, devices, and code. Raising or lowering the windows can have no effect on the fuel delivery system.
Each system is kept as simple as possible. It's not difficult to understand the needs. It's not difficult to write vehicle code that is easy to understand.
1) Learn to drive "Stick" / "Manual Clutch"
:D
2) Toyota starts a free "Kamikaze" exchange program
3) Bring in your faulty Automatic Gearbox car for a nice new Stick-shift one.
4) No more runaway cards with sticking Gas peddles!!!
5) ???
6) Profit (Well live till you get home anyway)
Problem solved
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
Initially, these automobile black boxes weren't even intended for use as "accident scene reconstruction aids". They started out as equipment the auto makers installed for their own internal use. (It makes a useful tool for their engineers and quality people to examine post-crash data. EG. The speed a car was traveling at time of impact, to see if their "5MPH bumper" was really holding up as intended at the rated speed.) Like most things though, as soon as people figured out they were able to collect and store this data, their eyes lit up and they all wanted a piece of it for their own purposes (government, lawyers, car insurance companies, etc.).
Now, I'm pretty sure this will pan out in the end with a federal govt. mandated "standard" for black boxes for ALL cars and trucks sold in the country, with a list of required data they must keep and a length of time they must snapshot all of it. (And given today's government, I think it's safe to say they'll throw in a new law, for good measure, that makes it a serious crime to tamper with the box or disable it.)
To be honest, yes, I think Toyota was hiding some information in some of these past court cases. They've said too many inconsistent things about the data they supposedly do or don't collect for me to believe their black boxes were changed around that often, or failed to collect obviously relevant data they claimed they weren't collecting at that time.) But like the O.P. said, all of this is just "smoke and mirrors" over the REAL issue of consumer privacy.
Reality is, folks: No matter WHAT some hidden recorder box captures in your vehicle as you drive, if the car has a serious design flaw and something goes wrong, people get injured or DIE. No black box in a car has EVER saved a person's life in an accident.
> But, today, with the US government being the largest shareholder in GM, I would bet that life for Toyota is going to get really bad.
Let's be honest. The elephant in the room during the GM buyout was the production capacity. The United States cannot afford to lose the production capacity of GM, because in the event of a full scale sustained conventional war we would need its production capacity. The government buyout wasn't only about keeping money in Detroit or helping other GM stockholders or even the fact that the government often buys GM--it was absolutely necessary from the standpoint of defense. That it was done without bringing GM into the military-industrial complex is a good thing.
On a related issue, we should be treating Detroit like it got hit with Katrina. It's probably in worse shape than New Orleans at this point.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
They'll make it open as soon as we properly regulate it and require them to. And we should properly regulate it and require them to--a certain set of black box information should be publicly available for every car crash in the United States, and possibly the world, in order to identify common factors and trends. Yes, it's giving up a little privacy in exchange for an increased level of safety that there is even a black box in the car. But (1) the black box isn't going away any time soon short of a finding of a violation of Constitutional Law, and (2) the public interest in preventing accidents is more important than my interest in hiding my reckless driving. The only particularly bad thing is that insurance companies might use it to deny claims on illegal but safe driving, if the government lets them.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
The wiki reckons you are off by an order of magnitude. There's been over 40,000 auto deaths every year for the past decade. About 115 per day. And that's only in the United States.
Given only a small fraction of motor accidents are fatal, I'd guess the overall number of accidents is well into the millions. More quick googling suggests about 6.5 million auto accidents in the US each year and almost 3 million injuries as a result.
So 40,000 is now an order of magnitude off from 'tens of thousands'? It seems like 4 'tens of thousands' which seems like he was pretty damn accurate.
You realize, I hope, that your car will testify against you in court.
Don't piss it off - it WILL Rick-roll your ass.
See: On Star
http://www.onstar.com/us_english/jsp/equip_vehicles/current_vehicles.jsp
Y'all like that commercial where On Star shuts your motor off and allow the Police to have their way with the driver?
(it's in the context of a stolen car)
Can't wait for the first person mistakenly tazed to death for blowing by a cruiser.
Misuse of this will soon be news.
~hylas
Yes, they could appeal, and yes, it could take a long time-- but that's how our legal system works. Long, heated debates ending in a hopefully lawful verdict. Are you trying to tell me the Federal government can't order Toyota to reveal the data on all the cars they are investigating?
'Political power grows out of the barrel of a gun.' - Mao Tse-tung
"Bottom line in this case: we need to pass laws to force all automakers to publish all their code online so it can be peer reviewed by the people who use it."
No, because (to paraphrase Clarkson) you'll end up with some guy named Keith who watches Eastenders who will decide that he knows what he's looking at and will say something is completely wrong, wasting the community's collective time.
"The interface to automobile computers should be a widely used standard such as USB"
Ask yourself this question: "Do I trust my life to a USB cable?" We have CAN, it is a fault tolerant, safety critical bus. Connecting and disconnecting devices from a CAN bus is more complicated than USB. Safety critical systems do not touch non-critical systems, you're suggesting violating one of the fundamental rules of control theory.
Blah. My sons insulin pump has a USB cable. That pump could easily kill him if it decided to pump too much insulin in him. Lots of life support systems have USB ports. Nothing new about that. Cars should too. If it is designed properly, then no signal on the USB port would put the driver in danger. The car's computer wouldn't read files off the USB drive, it would only write some plain text files onto it. They could even electrically isolate the circuitry that talks to the thumb drive with an optical link. That way if you put 10000V on the usb thumb drive, the main car computer is unharmed.
It's more likely retrievable through the OBD-II connector, which is required to be fitted in all new vehicles sold in the US.
I don't think so. With just one laptop (and likely its operator) covering the the US (North America?), it would take a day or two to bring the laptop to the vehicle. Multiply by the (likely increasing) number of court orders, and now you're dealing with delays just getting the data read out. This assumes the the data was even stored for later retrieval (and I suspect it wasn't).
The way the story initially broke, I think they've been aware of their unintended acceleration problems for a while, and was trying to resolve them quietly. They were successful until one of their executives blundered by admitting that they had a problem, then it blew up in their face. Now they're being forced into allocating more resources to deal with existing engineering problems, and additional public relations issues.
I think Toyota just didn't see the potential need for greater post-development support, or they would have been better prepared.
The OBD-II is a horrible thing. There is no reason that cars can't use common computing interfaces.
If not Ethernet, it had better be USB mass storage.
_must_ be publicly reviewable, allowing many eyeballs to easily (& legally;-) discover errors.
i remember when any s/w installed on classified systems _had_ to have a source code walkthru...now they've succumbed to microserfdum:-( and i understand that most cars' lans run an industrial (n/c) version on windoze:-P
the open source concept is the solution to nhtsa's problem: http://yro.slashdot.org/story/10/02/23/2022204/NHTSA-Has-No-Software-Engineers-To-Analyze-Toyota
now is the time for hackers to assume their civic duty & demand access to all s/w that operates in public;-)
Wanna talk about spinning out of control Toyota is Dropping the ball in a huge way. ...
Another very public runaway car related to the pedal recall http://www.carpedalrecall.com check if your car is affected
but then recalling all Tundra trucks from 2000 - 2003 so many they don't even release a number of affected vehicles .
I Can't see it getting any better for them any time soon , just worse