Tractors, Hackers, and Other Factors: The Necessity of Neutral Third Parties in the AV Realm
When you imagine a farmer going about his workday, you probably envision some sort of bucolic series of tasks: milking cows, tilling soil, sowing seeds.
It’s a pretty safe bet that you wouldn’t imagine that farmer scouring subscription-only internet forums to find someone selling Ukrainian software that will help him hack his tractor. But that’s what’s happening today, according to a recent news report from Motherboard. In fact, the report says, it’s becoming so prevalent that there’s a “thriving black market” dedicated to the creation and sale of hacked tractor firmware. Just as the farmer supports his family based on his yearly crop yield, there are presumably Ukrainian families out there putting food on the table based on how many tractors their breadwinner managed to hack that month.
In the AV industry, there remain big questions about how everything is going to work. Over the past few months, car manufacturers have made big investments in AV tech, and that could be a very good thing: these companies have the money and the expertise needed to run the sort of tests that will get us closer to being able to roll out the next generation of vehicles safely. But some recent history –- the VW emissions scandal comes to mind –- suggests that we need to be careful not to put all our trust into one group.
Which brings us back to the Ukrainian tractor-hack. Farmers are saying they’re forced to go this route for a simple reason: John Deere, a major manufacturer of tractors that supplies the majority of farmers in the U.S., has recently updated their license agreement to stipulate that farmers must have all repairs done by mechanics that work for the manufacturer. According to one farmer, “you want to replace a transmission and you take it to an independent mechanic—he can put in the new transmission but the tractor can’t drive out of the shop. Deere charges $230, plus $130 an hour for a technician to drive out and plug a connector into their USB port to authorize the part.” In other words, without the hacked firmware, farmers are having to pay far more for repairs than their budgets allow.
That’s why the Ukrainian-firmware story is a cautionary tale for those of us interested in the safe rollout of autonomous vehicles. This problem could have been avoided if there were a system with a strong regulatory framework. A neutral third party would obviously have seen a company using its popularity to develop a monopoly on servicing vehicles. Instead, farmers are addressing the Nebraska state legislature, pleading for intervention.
While we surely want to see manufacturers involved and invested in the development of AV tech, and we want to ensure that it’s a profitable business for everyone involved, we cannot trust any single company or conglomerate to handle the specifics of how it all works on its own. There must be a system where neutral third parties vet the process. Otherwise, we risk car companies gaming the system for profit, putting lives and potentially the viability of the industry at risk. This is not a knock on car companies, or companies in general. They are essential to the development of AVs. But because there’s a lot of money to be made in this field, we must ensure that profit motive doesn’t trump safety at any point in the process.
A couple of examples of concerns related to this point. First, there’s security. These tractors can be hacked by a program on a USB stick. This is not a good look for the AV community, when one of our most-predicted downfalls has to do with hackers taking over vehicles at will. The safety and security of the systems will have to be thoroughly vetted. Security flaws in devices have been regularly reported as the tech industry has boomed. That’s partly because a security flaw may never be noticed and breached, and even if so, it’s not going to hurt the sale of a particular piece of technology unless it becomes a problem quickly, as the product is being rolled out.
And then there’s the data that will be collected by AVs as they hit the road. They won’t just be building maps, they’ll also collect data on themselves, their own performance and accuracy. Without a third-party auditor, what’s to stop a manufacturer from editing or just not reporting data that might hurt their brand? We’d like to think they would, on an ethical basis, be fully open and revealing with their data. But the adage “trust but verify” comes to mind. This is why we have regulatory groups all over the country – when there’s a profit motive involved, everything needs independent verification. And even if companies fully divulge all data to DOTs, there would need to be a group that could ensure its quality. If a group specializing in data quality saw that a particular car, or a particular navigation system, was consistently producing below-average data, they could allow the manufacturers to use that information to improve the product — thus heading off potential liability issues down the road.
Businesses moving into the field of independent verification of data quality and security seems like the most logical course of action. It would benefit everyone –- state governments wouldn’t have to spend inordinate amounts of money to hire experts to get it done, insurance companies would know in advance of any issues and could adapt their algorithms accordingly, vehicle and sensor manufacturers could be warned of problems with their equipment.
And Ukrainian hackers would have to hope tractor manufacturers didn’t notice.