How the Car Industry Has Hidden Its Software Behind the DMCA

Lucas123 writes: The DCMA has allowed carmakers to keep third parties from looking at the code in their electronic control modules. The effect has been that independent researchers are wary of probing vehicle code, which may have lead companies like Volkswagen to get away with cheating emissions tests far longer than necessary. In a July letter to the U.S. Copyright Office, the Environmental Protection Agency expressed its own concern of the protection provided by the DMCA to carmakers, saying it's "difficult for anyone other than the vehicle manufacturer to obtain access to the software." Kit Walsh, an attorney with the Electronic Frontier Foundation, said the legal uncertainly created by the DMCA "makes it easier for manufacturers to conceal intentional wrongdoing. The EFF has petitioned the U.S. Copyright Office for an exemption to the DMCA for embedded vehicle code so that independent research can be performed on electronic control modules (ECMs), which run a myriad of systems, including emissions. Eben Moglen was right.

Eben Moglen is always right

Eben Moglen is always right. Now take some time and watch some of his lectures on internet freedom, privacy and open source software

The Volkswagen scandal is a good thing

[Applehu+Akbar]

It may push even Congress to allow us access to our own cars' ECM and diagnostic systems.

Re:The Volkswagen scandal is a good thing

[Locke2005]

Not going to happen. Honda wouldn't even let me replace the battery in my hybrid. That's right, they refuse to sell you a new hybrid battery, you can only get one by having the Honda dealer install it! They didn't even listen to my argument that I had a degree in Electronics Engineering and had worked as an Electronics technician, so I probably understood the fact that batteries are dangerous.

Re:The Volkswagen scandal is a good thing

[Dutch+Gun]

For every person like you who may be qualified to do the job safely, there are probably many dozens that would still attempt this themselves simply for the cost savings, and risk injuring / electrocuting themselves, after which their families would sue the bejezus out of Honda.

While there certainly may be a profit motive here, I wouldn't discount a fear of lawsuits.

Re:The Volkswagen scandal is a good thing

[Dutch+Gun]

In other words it's all about the profit motive.

Isn't it pretty much a tautology to accuse a corporation of wanting to make a profit? That's sort of like accusing the Pope of wanting to promote Catholicism.

Re:The Volkswagen scandal is a good thing

[adolf]

So let me get this straight: Because big batteries are dangerous, they shant be sold to mere mortals.

But a mere mortal can go up to the counter and order a set of brake pads, lines, and calipers. A mere mortal can buy a replacement seatbelt. A mere mortal can buy a set of ball joints, suspension bushings, tie rods, and/or control arms.

A bad installation of any of things things can result in death.

What makes batteries so special?

(And before anyone says something about "potential energy," let me remind you that in most states folks are also allowed to pump their own gasoline into their own cars.)

(And nevermind the fact that big/dangerous batteries are widely available ell over the place. Just not, apparently, at the Honda parts counter.)

Re:The Volkswagen scandal is a good thing

[thegarbz]

They didn't even listen to my argument that I had a degree in Electronics Engineering and had worked as an Electronics technician, so I probably understood the fact that batteries are dangerous.

Then as an engineer and a technician you should be well aware that you pretty much can't do any specific work without certification for that piece of work. Understanding and doing are not the same thing, just like being an engineer doesn't mean you can go and wire up your own house in much of the world.

Mind you I agree that it's licensing gone mad, but people aren't trusted to kill themselves anymore without transferring liability onto someone else, and as such we don't get to play with toys anymore.

Re:The Volkswagen scandal is a good thing

[KGIII]

After I designed my place, including the various sub-drawings thanks, I actually helped the various contractors build my house. I even helped the electricians. In my area you can fun your own initial wiring but it has to be inspected before they'll hook you up to the mains. I did not help the roofers. That looked like work and it was August.

As for my drafting work, that was all checked by a real licensed architect. I was told that I did, "much better than expected." I suspect they say that to everyone but they really didn't change much of anything and liked my idea of running plenty of conduit. As I have an envelope house, I do wish I'd thought ahead and run a BUS line and drop channel through it though I've not needed it yet. I could add it on but I'm unlikely to bother doing so. It would be nice to have, however.

Open source ECM?

[sims+2]

Wouldn't it be nice to be able to make your own ecm with a arduino or raspberry pi? Last one I had to replace was $700.
That kind of money will buy a lot of add on boards.

Re:Open source ECM?

[0123456]

Wouldn't it be nice to be able to make your own ecm with a arduino or raspberry pi? Last one I had to replace was $700.

That would be great. Until it broke after about two miles.

Cars are generally considered to one of the toughest environments for electronics. For example, there's so much electrical noise that you really, really, really don't want to be using RAM without error correction.

Re:Open source ECM?

[JBMcB]

It takes multiple years to type-approve an ECM for a single application. That's on top of the years-to-decades of development on the engine itself.

But if you think you can hack together one with a consumer grade ARM, go right ahead.

Re:Open source ECM?

Here you go:
http://rusefi.com/wiki/index.php?title=Main_Page

Re:Open source ECM?

[0123456]

Again, read the court documents on the Toyota ECU in the 'unintended acceleration' cases. The people who examined the software showed that a single bit flip could cause the ECU to stop reading the throttle, because there was no ECC to correct it.

Re:Open source ECM?

[drinkypoo]

While I agree it is not feasible to home-brew an internal combustion ECM for a modern automobile,

You guys are all sitting around arguing if it can be done, when it has already been done. Megasquirt is a homebrewed ECU which can be twiddled in build for different injector drivers etc. You can use it as a replacement PCM for tuning or you can use it for adding EFI to a carbureted vehicle.

You guys think that ECMs are rocket surgery or something, but they frankly are not. Yes, there's a lot of noise underhood, but the ECM is located in a metal box. Yes, there's a lot of vibration in a car, but the metal box of the ECM is normally shock-mounted. And you think it's hard to do better than the real guys, but they screw it up too, and they don't try particularly hard.

Remember, companies were throwing together working ECMs back in the eighties out of discrete components and one dinky microcontroller. Hitachi used a 3 MHz 6800-series chip in the computers that ran the Impreza, 240SX and some of its other contemporaries.

Who Exactly Gets To View a Company's Code?

Why should "researchers" get to view the code? Here in Silicon Valley I cannot think of any instances where any outsiders routinely get access to a company's code.

Re:Who Exactly Gets To View a Company's Code?

[Locke2005]

Because they are not selling software, and having the emissions control firmware for a Volkswagen doesn't really help anyone insane enough to try to create their own Volkswagen. Whereas with most software, once you've got the code, that's all you need to recreate your competitor's product.

Re:Who Exactly Gets To View a Company's Code?

[0123456]

Why should "researchers" get to view the code? Here in Silicon Valley I cannot think of any instances where any outsiders routinely get access to a company's code.

Because people die when the programmers screw up.

Read the court documents on Toyota's ECU software sometime, to see what 'researchers' found when they were allowed to look at it.

Re:Who Exactly Gets To View a Company's Code?

[Aighearach]

While I do think the code should be available for third-party review for safety reasons, I want to disagree with the claim that they don't sell software. They do not sell the hardware without the software, and the products always have the software. To put it another way, they distribute software, and the only way to receive it is to buy the controller with it. Saying they're not selling the software makes as little sense as saying they're not selling the hardware, they just give it away free when they sell the software. But no, they sell the software and hardware together.

The funny part of this whole story is that the linked PDF letter from EPA counsels against a DMCA exception for automobile enthusiasts specifically because they're concerned the main purpose it would be used for would be to reduce emission controls. And they're probably right about that point. The speculation here that this VW cheating will cause things to open up is exactly backwards. It will just create pressure to have the testing and validation process include a code review. But that won't actually happen, because road tests already solves the whole problem more cheaply.

Re:Who Exactly Gets To View a Company's Code?

[Aighearach]

As a software guy I generally agree, but the idea that the software code and the configuration code are different is rather hair-splitting here, though obvious and important from system design and implementation perspectives.

That the code doesn't change just means that the formulas needed to manage that type of machine don't change from model to model. But the constants do. While it is normal and good for a software guy to think about data and code as being different, in this case it really doesn't matter. If they compile the constants into the code, or store them in some sort of separate memory, that doesn't actually change what they're building or how it interacts with the users. I know for a fact that some are using Harvard Architecture with physically separate storage for code and data, and in that case it is just the data portion that most people want access to. But still, both are probably stored on a single chip. So for the purposes of the DMCA, where it is the protection device rule that is at issue, they are the same. You can't access any of it without defeating the protections. If we had the exception for auto electronics, then the exact architecture used would affect the details of the Fair Use evaluation, but not by very much; once you get past the anti-access provision, whatever you need to interoperate is already Fair Use.

That said, I also know for a fact many ECUs do not use Harvard Architecture, do mix the code and data in the same storage, and people modify them by flipping bits in the binary to change the stored values. In that case the original value is literally compiled in. Sure, if you actually have access to the code it is just a different header file with those values. But just because software engineering practices encourage thinking about code and data as being different, in the actual implementation that is often an arbitrary distinction.

The real fear of the auto makers is that third-party ECUs could start to displace the vehicle brand, and people might start treating the body and engine as generic, and the ECU as the part that gives the vehicle its identity and performance tradeoffs. Instead of a "Ford Foo," maybe somebody is buying an aftermarket "Joe's FreedomCar (custom Foo model)" and then for their next car, they might get a "Joe's FeedomCar (custom Bar model)" based on a Honda. If they are also replacing driver instrumentation, they might really manage to change the driving experience enough to hijack the consumer association.

It is going to get much, much harder to stop all this when things go electric, because an electric ECU (MCU?) doesn't even need to be designed for a similar model motor; each feature can controlled entirely by sensor feedback, and the differences between ideal and actual parts can be detected by sensing voltage and current in different places. Existing third-party controllers already work easily with fairly random collections of home-brew parts. There is no complicated emissions technology to manage or worry about. If they want to lock us out, fine, in that case you can replace the whole controller.

Spelling pet peeve

may have lead companies

The past tense of "lead" is "led".

Captcha: mislead

Re:Spelling pet peeve

[Locke2005]

Oh, so it's "Led Zeppelin" because nobody's leading them anymore? Now I understand...

We need software engineers

[reg]

Professional engineers, not self proclaimed ones. Ones that sign on the dotted line taking personal responsibility for the code they write. With self driving cars, robots, drones, etc. we need to be able to hold coders responsible, the same way we hold held civil and mechanical engineers responsible.

Re:We need software engineers

[thegarbz]

Morning coffee hasn't kicked in, but I just re-read what you said. Ignore me and mod me to oblivion. You're right in some cases there's no harm or impact so there should be no need to sign off on something. In many ways that's consistent with the other industries though. Technically I can't type a V=IR equation into a calculator without potentially being liable if I'm not a registered engineer or working directly under one. In practice it doesn't work that way.

Typically it works more like certain professional jobs require certified engineers. Certain jobs imply certification is required. The ones that imply it are typically the ones where if someone goes wrong and someone is badly affected they go back and see if the engineer was a registered professional engineer and competent to do the job. The example in this month's Engineering newsletter was of someone who designed house footings incorrectly . No one batted an eye until someone said it didn't look right and another engineer said it was all wrong, then they went back and checked on the original guy.

There's black and shades of grey, no white. Does someone playing with your GPS mobile phone app suddenly die if GPS is lost due to a bug in the code? If so, even if unforeseen, you should be held accountable.

Not just cars

[Tokolosh]

A myriad of consumer goods now depend on code. And if that code has problems there may be safety, environmental or cost consequences. I'm talking about all kinds of computer and networking devices of course, but also phones, industrial control systems, medical devices, smart meters, aircraft, ships and household appliances.

If the code cannot be scrutinized, there is no way to check its quality. Plus, as others have noted, no way to maintain or improve it. The only exceptions I can think of offhand are some routers (FCC is trying to plug that), and PCs (Microsoft is trying to plug that). But these exceptions entail a complete replacement, as the original code is secret.

Re:Not so

[SirAudioMan]

Actually, in some countries/states/provinces, there are laws that protect AND also can prosecute engineers who are guilty of such offenses. For example, here in Canada, to use the term engineer, means a professional engineer (a P. Eng). It's a protected professional designation bound by various laws and regulations. A large portion of the profession is ethics and the legal requirement to whistle-blow, REGARDLESS of who pays your salary. If you want proof of this, and why this is a good thing, here is an example:

In Ontario, Canada, there was a mechanical or structural engineer (can't remember which) who signed off that a mall parking garage (was built on the roof of the mall, oddly), was in fact structurally safe. Even though there was numerous concerns by tenants and visitors about the safety of the structure, weeks after the engineers last 'pass' inspection, the roof collapsed killing two people. (see story: http://www.cbc.ca/news/canada/...).

The gist is, the engineer knew there was deficiencies and signed off on it anyway. Needless to say, he is facing criminal charges, and likely has had his licence revoked, and his career is over! If you are an engineer in Canada, you can't pull the 'my boss told me to' excuse. I know this because my father worked 35+ years as a licensed electrical engineer in Canada. You tend to pick up on things like this growing up. However, I can't speak about engineering in other countries but I would hope this is the case in the US.

But... it's less important than gambling

[dbc]

Whenever the topic of allowing government or public access to review source code comes up (like with, oh, say, voting machines) I always think of these guys:
http://gaming.nv.gov/index.asp...
and I realize that not of this is as important as gambling (and the collection of taxes thereon).

At least if you judge by how seriously we take access to the code. Just try to deploy a slot machine in Reno without letting someone at the Nevada State Gaming Control Board review your code. Won't happen.

Sloppy work ... need to protect the data too

[golodh]

Yes, the Volkswagen affair starkly highlights the fact that data from consumer products is insufficiently protected, leaving a window of vulnerability.

Protecting e.g. the code of the motor management system is a good first step. Leaving it at that however is sloppy work, as evidenced by the Volkswagen affair.

A more comprehensive protection would entail protecting the actual data with copyright safeguards too. Especially emission data. This data is, after all, proprietary and commercially sensitive data. Such data merits a high level of protection.

With adequate legal protection on the data itself, irresponsible and needlessly alarmist publication of unconfirmed, undigested and potentially misleading data can be prevented.

Of course there would be adequate means of raising questions and concerns with the manufacturer, on a full disclosure basis of course.

Let this be a warning for all of us: with the coming "Internet of Things" we must have DMCA protection for the data produced by devices too or risk a deluge of unauthorised, unconfirmed, and possibly alarmist data publication. We need legislative action today! Vote pro-business!

Re:VW opened up pandora box

[ledow]

In the EU, the controls you are saying will ruin cars/drivers are already in place.

Although things are being looked at in light of the VW scandal, the tests here are much stricter and all this will do is make them stricter still. The problem is not that the manufacturers NEED to break emission levels in order to achieve what the driver wants, it's that drivers are all expecting unnecessary road performance that wasn't present even 30-40 years ago. We're ALL driving cars that could bear Formula-One cars from certain eras. Do we need to be? No.

That emission control also gives fuel economy for the sacrifice of raw speed is not a bad thing. Every car in your country can do the speed limit - and more. They can all do 0-60 in under 12-15 seconds - and more. They don't need to be able to do that.

Suggesting that VW can't sell a car just because it doesn't go much faster than the speed limit misses out entire sections of the population (those that don't want that, those that have kids, etc.) in an era when people are voluntarily speed-limiting their vehicles (e.g. company cars), having the insurance companies track them, and the most road surveillance there's ever been (I contest that if you're learning to drive today, you're a prick to think that getting into the habit of speeding as a matter of course will serve you well in the future).

In the EU the limits are stricter, the testing more rigorous and - well, who cares? My 15-year-old car can still do 0-60 in under 10, can provably do 130-140 mph without any special preparation, etc. We don't need that. We need fuel economy and to stop them churning out crap.

"Being found out" will lead to the same speeds of cars, the same looks of cars, the same desirability of cars, but without all the crap in the air. The ENTIRE PURPOSE of car ECUs is to conform to emissions controls. They now - and always have - only slow the potential of the engine to stop it getting into bad burning that pollutes unnecessarily. Eliminating that does not destroy the market, the EU prove that - but being found to cheat the tests and maybe having all your customers cars recalled? That fucks you up big-time.

Nobody will care. The stricter standards already in the EU will come in. Old polluters will die out almost entirely within 10 years or so. And nobody will know any different because ALL the cars will have to pass the same tests. Diesel won't go away, cars will still be able to speed, pricks will still burn off at the lights, but we won't be giving kids asthma for the next 60 years either.