Feds Nab VW Smog Hack
The news broke on September 18th, 2015: Volkswagen (Volkswagen AG, Audi AG, and Volkswagen Group of America) was being given a Notice of Violation by the United States Environmental Protection Agency for Clear Air Act transgressions, specifically, designing an emissions control system that bypassed the intent of the law. Using Twitter, I found out details, then conversed with peers around the world on the intent, implications, and more. This post contains my personal view of the “Corporate Social Responsibility and Sustainability” of this scandal, as others have named it.
Why here, you might ask? One, because the hack, as I call it, is a software design decision. Two, because VW (and parts supplier Bosch) run SAP software. And Three, this is against the principles of both CSR and Sustainability, if the charges are valid (VW’s CEO has said this publicly, so not much doubt remains).
I’ve worked in environmental compliance, and am aware ways companies might decide how to comply with published governmental regulations. Some might choose to go through the legislative process and get the rules changed in their favor. Some might spend money on pollution control equipment then pass those costs onto customers. Others might look for loopholes, or even violate the laws when they think they won’t be caught. We didn’t always catch them, but as my law enforcement colleagues said once “we’re going to run them out of town, too.”
So where’s the software? It’s not in ABAP on premise, or in the cloud. It’s in an embedded device, maybe written in C, maybe something newer. Could someone reverse engineer the code and find out more? Maybe. What the EPA is calling the “defeat device” is an algorithm, coded to skirt the anti-pollution laws. I would not call this part of the internet of things, but close enough.
There was an interesting thread on Twitter about the ethics of coding in this manner. According to one source, this is a common practice in Germany (“all are faking and it’s legal here“). Apparently the US EPA was not in that loop, and it took some dedicated emission testers to capture the scofflaws.
One of the phrases which I ran through Google translate on a VW ad says, “The values given were calculated using the legally prescribed measuring process.” In other words, here are the test results, not the measured car pollutants.
When I helped do emission testing for stationary sources (“smokestacks”) in the 1980s, people would look at our equipment and say “what are the emissions?”, and we’d have to tell them that gear just collected samples and we’d need to take them to a lab for analysis. It’s expensive, and not every test gives valid measurements. So to hear about mobile gear that analyzes tail pipe emissions “on the road”, I must say I’m impressed.
“What it [sic] increasingly apparent to me is software needs to be inspected“, one commenter posted on the NPR page. This leads into the morass of software certification, but really, the question is, how did this hack (see below) happen? While it seems like a deliberate attempt to bypass US regulations, was it created with a benign intent of allowing better software development, or was it a skunk works project that was created in secret by a small group authorized for such subterfuge (kinda like the mythical IMF)? I would be interesting in seeing the comments in the code, not to mention the change control “chain of command” that pushed this code into production.
Were software quality control inspectors aware of the hack?
There are plenty of news stories, and opinions about this hack. As a software developer, or as a manager, what is your responsibility if you find a situation that goes against public claims of social responsibility? In this case, it looks like only the threat of withholding 2016 US car sales pushed the incident into the spotlight.
There’s a glossy story about Volkswagen, Shell, and SAP linked below. My take is, there’s a lot of stuff below the surface. It’s not all happy stuff either. I’d be more interested in seeing my vehicle emissions on a real-time basis than on being steered to a specific petroleum vendor.
Update: 23-Sep-2015 – added link to the WVU report
- EPA NOV: http://www3.epa.gov/otaq/cert/documents/vw-nov-caa-09-18-15.pdf
- Consumers Reports bulletin on VW auto ratings: http://www.consumerreports.org/cro/cars/volkswagen-emissions-cheat-exploited-test-mode
- US National Public Radio: Volkswagen Stock Plummets As CEO Apologizes For Emissions Cheat : The Two-Way : NPR
- VW ad with fine print (in German): Highlights &lt; Golf GTD &lt; Volkswagen Modelle – alle VW Modelle auf einen Blick
- David Payne, on Facebook, “VW Bug” [link on request]
- Shell, Volkswagen, and SAP… Co-Innovation at its Finest
- Definition of hack, in my world: hack