The 'defeat device' used by Volkswagen to cheat emissions testing in its diesel vehicles may be history’s most costly software-related blunder.
Robert Merkel, Monash University
But why did nobody in the German car giant speak out when questions were raised over how it intended to use the engine management software in some of its engines?
As the Notice of Violation from the the United States Environmental Protection Agency (EPA) explains, the software in Volkswagen’s EA189 diesel engines detected the precise conditions that indicated when a government emissions test was being run. Then, and only then, did the control software fully enable the anti-pollution devices fitted to the vehicle.
At all other times, the “road calibration” resulted in nitrogen oxide emissions up to 35 times higher than permitted by the US standard.
Attempts to mislead testers are unfortunately all too common in the IT industry.
Benchmarks are standardised ways of measuring the performance of IT systems but they are regularly gamed by manufacturers seeking a marketing edge.
In 2013 the technology enthusiast website AnandTech reported that many major smartphone manufacturers had written firmware that compared the name of the app currently running with a list of known benchmarks.
Normally, a smartphone’s Central Processing Unit (CPU) is heavily self-monitored. It only runs at full speed for short bursts to avoid damage from overheating and to increase battery life.
But if a benchmark was detected, the CPU ran at full speed continuously. This slightly improved benchmark scores, but in a way that would result in flat batteries and burned pockets were it to be replicated for everything a smartphone does.
Volkswagen’s public statements to date have not attributed blame to specific individuals.
Bernd Osterloh, chairman of Volkswagen’s work council and a member of the executive committee, said:
A small group has done damage to our company. We need a climate where mistakes are not hidden.
The idea that a small group of relatively junior engineers would have done this on their own is not consistent with how engineers build complex, safety-critical systems.
The basic engine management software was written by component supplier Bosch. The responsibility for configuring the software for the EA189 engine would have involved a substantial, multi-disciplinary team of engineers at Volkswagen, working with engineers at the supplier Bosch.
Before the engines could have gone into production, those engineers and their managers would have reviewed and approved the design and calibration of the engine management systems.
They would have also agreed upon, and employed, a systematic testing schedule. This would have involved testing on an engine-only rig, road testing on private grounds as well as testing on public roads.
The anti-pollution engineers would have been responsible for ensuring that the engine management system was sending appropriate commands to their components, and that their hardware was responding appropriately.
This kind of exhaustive testing is one of the reasons why developing new vehicle models costs billions of dollars and takes several years.
One possibility is that a large group of Volkswagen engineers conspired to falsify the written records of of this testing.
An alternative scenario is that accurate written testing records were made, showing that the pollution controls were inoperative in normal driving. These accurate records were reported through normal channels, and the engines went into production anyway.
It is very hard to imagine how either event could have occurred without the influence of senior managers.
German newspaper reports indicate Bosch may have informed Volkswagen about the illegality of its plans in 2007, and that senior management were informed about the issue in 2011.
The responsibility for the decision to deceive the emissions testers will ultimately rest some way up Volkswagen’s management chain. But as well as the senior decision-makers, there is very likely to have been a much larger group of engineers who knew of the illegal deception, understood the consequences and chose not to reveal it to authorities or the media. The lack of whistleblowers from this larger group is striking.
The ethical duties of software engineers in these circumstances are, theoretically, quite clear. The Software Engineering Code of Ethics, agreed jointly by the Association for Computing Machinery (ACM) Institute of Electrical and Electronics Engineers (IEEE), states that a software engineer should:
Disclose to appropriate persons or authorities any actual or potential danger to the user, the public, or the environment, that they reasonably believe to be associated with software or related documents.
While the code also addresses responsibilities to employers, including confidentiality, it makes clear the primacy of the public interest in cases where these ethical duties conflict:
[…] in all these judgments concern for the health, safety and welfare of the public is primary; that is, the “Public Interest” is central to this Code.
Acting on this professional obligation, when it involves revealing an employer’s unethical practices to regulators or the media, usually imposes a tremendous personal cost. As a consequence, examples of engineers blowing the whistle are very rare.
Engineer Salvador Castro informed the US Food and Drug Administration (FDA) about a potentially life-threatening flaw in his employer’s infant incubators, after his employer did not fix the issue. He was fired and was unable to regain regular employment, despite the flaw being confirmed and a recall notice issued by the FDA.
As this example illustrates, the incentives for working engineers reward keeping quiet, not speaking out.
As time goes on, there will be much interest in whether the more senior decision-makers responsible for the deception at Volkswagen are punished appropriately, given the consequences of their actions.
But to concentrate only on decision-makers lets the much larger group who knew something and did nothing off the hook.
It’s time to look at the incentives for all engineers to disclose flawed systems that put the public at severe risk to the appropriate authorities (or the media).
Firstly, we need to find better ways to protect those whistleblowers who do come forward. But we should go further. We should seriously consider whether those who could, but do not, disclose dangerously flawed systems should, in some circumstances, face some kind of sanction.
Robert Merkel, Lecturer in Software Engineering, Monash University
This article was originally published on The Conversation. Read the original article.
We are a voice to you; you have been a support to us. Together we build journalism that is independent, credible and fearless. You can further help us by making a donation. This will mean a lot for our ability to bring you news, perspectives and analysis from the ground so that we can make change together.
Comments are moderated and will be published only after the site moderator’s approval. Please use a genuine email ID and provide your name. Selected comments may also be used in the ‘Letters’ section of the Down To Earth print edition.