Tuesday, November 17, 2015

Volkswagen and the Era of Cheating Software

For the past six years, Volkswagen has been advertising a lie: “top-notch clean diesel” cars — fuel efficient, powerful and compliant with emissions standards for pollutants. It turns out the cars weren’t so clean. They were cheating.

The vehicles used software that cleverly put a lid on emissions during testing, but only then. The rest of the time, the cars spewed up to 40 times the legal limit of nitrogen oxide emissions. The federal government even paid up to $51 million in tax subsidies to some car owners on the false assumption of environmental friendliness.

In a world where more and more objects are run by software, we need to have better ways to catch such cheaters. As the Volkswagen case demonstrates, a smart object can lie and cheat. It can tell when it’s being tested, and it can beat the test.

The good news is that there are well-understood methods to safeguard the integrity of software systems. The bad news is that there is as yet little funding for creating the appropriate regulatory framework for smart objects, or even an understanding of the urgent need for it. We are rightly incensed with Volkswagen, but we should also consider how we have ceded a lot of power to software that runs everything from our devices to our cars, and have not persisted in keeping tabs on it. We correctly worry about hackers and data leaks, but we are largely ignoring the ramifications of introducing software, a form of intelligence, to so many realms — sometimes called the Internet of Things.

Corporate cheating is not novel: that’s why we have regulations to oversee the quality of many objects, ranging from lead in paint to pesticide residue in food. If similar precautions are not extended to the emergent realm of computer-enhanced objects, especially when the software is proprietary and thus completely controlled by the corporation that has huge incentives to exaggerate performance or hide faults during tests for regulatory benchmarks, Volkswagen will be neither the first nor the last scandal of the Internet of Cheating Things. (...)

Computational devices that are vulnerable to cheating are not limited to cars. Consider, for example, voting machines. Just a few months ago, the Virginia State Board of Elections finally decertified the use of a touch-screen voting machine called “AVS WinVote.” It turned out that the password was hard-wired to “admin” — a default password so common that it would be among the first three terms any hacker would try. There were no controls on changes that could be made to the database tallying the votes. If the software fraudulently altered election results, there would be virtually no way of detecting the fraud since everything, including the evidence of the tampering, could be erased.

If software is so smart and its traces of tampering are possible to erase, does this mean that we have no hope of catching cheaters? Not at all. We simply need to adopt and apply well-known methods for testing computing devices.

by Zeynep Tufekci, NY Times | Read more:
Image: Matt Chase; photograph by Fotosearch, via Getty Images