Making connected cars’ data numbers add up to consumer protection
Cars today rely on millions of lines of software code that control the function of a growing number of electronic control units (ECUs). As we head up the path toward autonomous vehicles and a fully networked world requires even more code.
The linkage between conditions external to the vehicle and steering, breaking and acceleration will be built on software systems piggybacked on each other and designed by multiple suppliers. The capabilities of the systems will be highly specific and customisable – at the very least by carmakers and their OEM suppliers, and probably others. Moreover, software-enabled features will continually evolve, especially as an increasingly networked environment with the IoT becomes part of every vehicle’s scope. Cars will have the ability to perform very differently from each other. How will we regulate features and characteristics that we cannot yet even anticipate? Who will set the standards for what types of performance?
In the Volkswagen emissions cheating debacle, a third party consisting of an non-governmental organisation and an academic partner ultimately uncovered regulatory deception by the brand dominant in the fleet vehicle sector after looking at software code. Maybe it happened to yield results this time but reviewing vehicles’ software code will not be a reliable approach to protecting the public. The code is too complex to make analysing it practical, and it’s also proprietary. Eric Noble, founder and president of the automotive planning and design consulting firm The CarLab thinks those who will understand it and have control over it will be on the inside.
He said: “The software will remain secret and algorithms will be proprietary, and it’s not even clear who will own what data. For example, does data from on-board diagnostics of real-time vehicle performance belong to the OEMs or the consumer? Is there some data that is only shared with insurers? Results need to be tested and regulated but how do you test for the entire range of possible results, from the entire range of behaviours, in a real world setting?”
Beyond the data itself, the data produces patterns. This introduces yet another level of complexity. Noble suggests that, maybe, a third party, for example the Auto Club in Southern California, a part of the American Automobile Association (AAA), could be in charge of examining patterns of data that is made anonymous and isn’t tied back to an individual vehicle. Noble also mentions the Auto Club because he thinks government regulators simply cannot be reasonably expected to handle the evolving, and unpredictable, challenges of keeping tabs on the automakers’ electronics alone. This is an especially big challenge because, as Noble explains, the auto industry does not have a great record with ethics.
He added: “Sometimes carmakers’ internal metrics don’t align with societal goals, creating an organisational culture that results in various types, and degrees of, ethical mistakes, and suppliers naturally face the same problem.”
Bryant Walker Smith, assistant professor in the School of Law at the University of South Carolina, like Noble, thinks that in the US, the National Highway Traffic Safety Administration (NHTSA) is too small an agency to meet the challenge for verification posed by industry conditions that are only becoming more dynamic, with the complexity of software and electronics increasing. Noble suggests that, possibly, the world’s auto clubs have a role to play in helping with this. John Nielsen, AAA’s managing director of automotive engineering and repair agrees that third party oversight could be helpful. He refers to the Volkswagen diesel episode to underscore the importance of third party oversight and argues for more transparency.
He said: “This underscores the need to leverage the expertise and impartiality of outside groups and experts to supplement and validate government testing. Efforts to restrict or prevent outside validation – such as recent efforts to oppose an exemption to the Digital Millennium Copyright Act for accessing vehicle systems – should be discouraged and viewed as efforts to prevent consumers from, ultimately, having complete education and necessary protections.”
Nielsen also suggests a move toward verification encompassing vehicle design and development, instead of just performance of individual components. Traditionally, regulators track results. Parts like catalytic converters are analysed by the emissions they produce. Assessing the functioning of software underscores the ever-present question of how to design the tests. How can we know we are testing for the right thing, and in a way that can’t simply be falsified? Because of electronic controls, any aspect of performance is subject to so many fine-grained variations, and these are constantly subject to revision over time, or intermittently, by carmakers or others.
Smith agrees that a completely new “process-based verification” approach may be required. He suggests that a developer could publicly document its approach to, and provide evidence for, long-term safety over the lifetime of its vehicle.
Smith describes this as a kind of ‘environmental impact statement’ for cars (in California, the Environmental Impact Report is a study of the consequences of potential land development projects). Regulatory checks could be embedded higher up, and earlier, in the decision chain. Verification should be integrated into the process by which the vehicle and its performance goals are developed, ensuring checks in the predesign, design and development process. The line between the design phase, the verification phase and ownership needs to be blurred since carmakers or suppliers will be able to correct, add or modify new features during the whole lifecycle of the vehicle. Safety and fairness for the consumer, and the need for protecting the public at large, demands this shift.
Smith added: “In an era of increasing reliance on software, a new model for regulation and testing more deeply embedded in the design and development process is best for public safety and, ultimately, for moving the industry closer to the widely held societal goal of Vision Zero [zero fatalities and serious injuries].”
