Cars are part of the “Internet of Things.” They run not just on gas, which you’re free to analyze, but on computer code, which you aren’t. If this sounds worrisome, it is. Internal computers can greatly improve a car’s performance and safety, but they can have problems that show no symptoms under normal circumstances.
A couple of hackers, with a knowing volunteer at the wheel, took remote control of a Jeep Cherokee over the Internet and could have wrecked it at high speed if they hadn’t stopped when asked to. More recently, Volkswagen was caught rigging its emissions-control software to cheat during EPA testing, letting them publish false information about millions of cars.
Car computers are formally called “electronic control units” (ECUs). One car may have over a hundred of them, running millions of lines of code, networked together. Figuring out what they do takes determination; it’s necessary to pull out their memory chips, read them, and work backwards from machine code to the design logic.
But the biggest barrier may not be technical but legal; copyright laws make it illegal to do this kind of reverse engineering, and the EPA itself has helped automakers to keep their emissions-testing code secret.
The Digital Millennium Copyright Act puts restrictions on extracting copyrighted information from computers, even for legitimate diagnostic purposes. Car makers like this; it puts serious limits on independently created diagnostic tools and gives the advantage to shops that pay for licenses.
The EPA has formally opposed a DMCA exception for car systems, arguing that it would let people modify the code to circumvent limitations on emissions. It said that “the majority of modifications to engine software are being performed to increase power and/or boost fuel economy.” That’s just what Volkswagen did, and it was harder to catch them precisely because of those prohibitions.
The Alliance of Auto Manufacturers, which includes Volkswagen, has taken the same stand. Ironically, their statement declares:
Many of the ECUs embodied in today’s motor vehicles are carefully calibrated to satisfy federal or state regulatory requirements with respect to emissions control, fuel economy, or vehicle safety.
Allowing vehicle owners to add and remove programs at whim is highly likely to take vehicles out of compliance with these requirements, rendering the operation or re-sale of the vehicle legally problematic.
John Deere explicitly opposes a free market in car software:
In contrast to the seemingly benign stated purpose of the proposed exemption, the practical effect of circumventing the TPMs [Technical Protection Measures] at issue will stifle creativity and innovation for vehicle software. Third-party software developers, pirates, and competing vehicle manufacturers will be encouraged to free-ride off the creativity and significant investment in research and development of innovative and leading vehicle manufacturers, suppliers, and authors of vehicle software.
The way to promote creativity and innovation is, apparently, to make it illegal for anyone but themselves.
ECUs can be subject to external attacks as well as internal cheatware. Some devices are connected to the Internet for purposes like traffic alerts and entertainment. If they’re part of the car’s internal network, attackers might be able to subvert the whole car, as the Cherokee hackers did. Good design requires firewalls against such attacks, but developers struggling with requirements and hardware limits may neglect security. With no other eyes on their code, it’s easy to be sloppy.
People have tinkered with cars ever since they were first made. They swap in their own parts, making their cars faster, powerful, and sometimes a lot more annoying. This tradition has helped people to learn how the original parts work and catch problems with them. Spotting flaws and cheats in computer code isn’t as easy as catching bad brakes, but it’s easier when the only barriers are technical. When the government and car manufacturers combine to keep the software secret, the rest of us are stuck in the breakdown lane.
Gary McGath is a freelance software engineer living in Nashua, New Hampshire.