What does the VW Scandal mean for Robocars?

Topic: 

Most of you would have heard about the giant scandal where it has been revealed that Volkswagen put software in their cars to deliberately cheat on emissions tests in the USA and possibly other places. It's very bad for VW, but what does it mean for all robocar efforts?

You can read tons about the Volkswagen emissions violations but here's a short summary. All modern cars have computer controlled fuel and combustion systems, and these can be tuned for different levels of performance, fuel economy and emissions. (Of course, ignition in a diesel is not done by an electronic spark.) Cars have to pass emission tests, so most cars have to tune their systems in ways that reduce other things (like engine performance and fuel economy) in order to reduce their pollution. Most cars attempt to detect the style of driving going on, and tune the engine differently for the best results in that situation.

VW went far beyond that. Apparently their system was designed to detect when it was in an emissions test. In these tests, the car is on rollers in a garage, and it follows certain patterns. VW set their diesel cars to look for this, and tune the engine to produce emissions below the permitted numbers. When the car saw it was in more regular driving situations, it switched the tuning to modes that gave it better performance and better mileage but in some cases vastly worse pollution. A commonly reported number is that in some modes 40 times the California limit of Nitrogen Oxides could be emitted, and even over a wide range of driving it was as high as 20 times the California limit (about 5 times the European limit.) NOx are a major smog component and bad for your lungs.

It has not been revealed just who at VW did this, and whether other car companies have done this as well. (All companies do variable tuning, and it's "normal" to have modestly higher emissions in real driving compared to the test, but this was beyond the pale.) The question everybody is asking is "What the hell were they thinking?"

That is indeed the question, because I think the central issue is why VW would do this. After all, having been caught, the cost is going to be immense, possibly even ruining one of the world's great brands. Obviously they did not really believe that they might get caught.

Beyond that, they have seriously reduced the trust that customers and governments will place not just in VW, but in car makers in general, and in their software offerings in particular. VW will lose trust, but this will spread to all German carmakers and possibly all carmakers. This could result in reduced trust in the software in robocars.

What the hell were they thinking?

The motive is the key thing we want to understand. In the broad sense, it's likely they did it because they felt customers would like it, and that would lead to selling more cars. At a secondary level, it's possible that those involved felt they would gain prestige (and compensation) if they pulled off the wizard's trick of making a diesel car which was clean and also high performance, at a level that turns out to be impossible.

Why would customers want this? Well, one answer is there is an underground car-modding culture that already does this. Lots of people wish to hack their cars' systems to boost performance, with little concern about the increased pollution. "Chip Tuning" is not always illegal, but often does increase emissions. They see the emissions laws of just getting in the way of them getting a fun car. This is a classic tragedy of the commons.

Many more customers want performance but would not want to pollute the air. VW gave them a different magic solution -- the better performing car and the illusion that they were not polluting. It's not surprising that people might buy that. Another subset of customers will be genuinely upset that they were lied to and ended up hurting the environment. (Some research suggests that some number of deaths can be attributed to this extra smog.)

Who decided to do this?

We all want to know who decided this. It seems really unlikely that a lone rogue engineer would do it -- what's in it for her or him? Ditto for Bosch, the parts supplier. But engineers had to collude with any managers that decided to do that, and I even wonder what incentive they were given? Promotion? Bonus? Glory for creating an impossibly good engine? How did the managers decide to trust the colluding engineers with the company-risking secret?

How many levels of management knew? It needs somebody high enough up that they win big by doing this. That means somebody who gets serious levels of bonus if they sell more cars or get whatever else this did for VW. That's usually not a low level manager, probably a manager for a large part of the car line. And of course, did the top management plan or know this? It boggles the mind that they might have been so stupid, but it's possible. It's also possible high management could have gotten the engine systems programmers to do this without informing the middle managers on the chain, but how? It seems hard to credit that lots of people would all have conspired to do this, could that many people be that fooled, that convinced they would not be caught. Getting caught means huge penalties, the end of not just your job but your career. Possible jail time. Could the CEO have been involved? The board? It boggles the mind. My best guess is a high level manager (high enough to benefit from increase sales over all the vehicles with this engine) but perhaps not the C-levels, who somehow was able to develop incentives for a key programmer. But we'll find out eventually, I suspect.

Update: New reports suggest that VW had bet heavily on its new 2L diesel engine, but engineers discovered they just could not deliver what had been promised. Without that engine, VW would have suffered greatly, either having to put in a much more expensive engine, or being very late on a promised line of new cars. People would probably have been fired. So that drove some people -- the names not known as yet -- to fake it, to look like they delivered the amazing engine they promised. So the trick goes beyond selling more cars, and was about selling any cars at all, which makes more sense as a motive.

For robocars...

It's not too surprising that companies might cheat to improve the bottom line, especially when they convince themselves they won't get caught. Where does that leave the untrustworthy robocar maker?

My prediction is that robocar vendors will end up self-insuring their vehicle fleets, at least while the software is driving. Conventional insurance in PAYD mode may apply to miles driven with a human at the wheel. The vendors or fleet operators may purchase reinsurance to cover major liabilities, but will do so with a very specific contract with the underwriter which won't protect them in the event of actual fraud.

If they self-insure, they have zero interest in cheating on safety. If they don't make a car safe enough, they will be responsible for the cost of every accident. There will be nobody to cheat but themselves, though the pain of injuries that goes beyond what a court awards still needs to be considered. One reason for self-insurance, in fact, is you will actually feel safer getting in a car, knowing it is the vendor who stands to lose if it is not safe enough.

Of course, in the event of accidents, vendors will work as hard as possible to avoid liability, but this comes at a cost of its own.

Cheats are far more likely if they benefit customers and increase sales. Examples might be ways that cars might break traffic laws in order to get you to places faster. Cars might park (actually "stand") where they should not. Already there are cars with a dial that lets the occupant/controller adjust the speed above the speed limit, and in fact these dials are necessary. There has been lots of recent discussion on other ways it is necessary to not strictly observe the law in order to drive well on US roads.

One can imagine a number of other tricks that are not specific to robocars. Cars might try to cheat you on the bill for a taxi ride (just as cab drivers are known to deliberately take bad routes to get more money sometimes.)

VW/Audi have had some decent robocar projects, and VW's sponsorship of Stanford's VAIL lab has provided a lot of that. Now we must downgrade VW as a vendor that customers will trust. (There is some irony to that of course, since at this point, VW is probably the least likely company to cheat going forward.)

Would suppliers lie?

There may be more risk of suppliers of technology for robocars, such as sensors, being untruthful about their abilities or more likely their reliability. While the integrators will be inherently distrustful, as they will take the liability, one can see smaller vendors telling lies if they see it as the only way to get a big sale necessary for their business. While they would end up liable if caught, they might not have the resources to pay for that liability, and be more interested in making the big time in the hope of not being caught. This risk is why the car industry tends to only buy from huge suppliers known as "tier 1" companies. The smaller suppliers, in tiers 2 and 3, aren't allowed to sell to big auto OEMs, because big auto companies won't bet a car line on a small company. Instead, the small companies have to partner with a tier 1 that takes on that responsibility -- and of course a chunk of the profits.

On the plus side, robocar designs generally expect parts and sensors to all fail from time to time, and so a good car design plans for failure and survives it safely with the ability at the very least to safely pull off the road -- another car will be on the way quickly. Most tools do not plan, however, on how to deal with a sensor that might deliberately provide false information, other than in planning defence against computer intrusion, which might turn a component into a malicious and untrustworthy device. But people are thinking about this, which can give us some comfort on the question of fraud by a supplier.

Self-certification

This scandal will probably raise more questions about the popular (and still probably correct) approach of having vendors self-certify that they have attained functional safety goals for their systems. These are actually unrelated issues. VW was not self-certifying, it was going through a government certification process, and cheating on it. If anything it actually reduces trust in government certification approaches. However, in the public eye, the reduced trust in vendors will extend to everything they do, including self-certification. The reasoning above about motives has been applied to self-certification. Vendors (at least ones of size and reputation) have strong motives not to lie on self-certification, both because they are liable for the safety failures that are their fault, and because they will be extra liable with possible punitive damages if they deliberately lied.

I have a longer article with more debate on the issues around government regulation and certification of robocars.

60 Minutes

Some may want to note that 60 Minutes will do a segment on robocars on Oct 4 at 7pm. I was consulted briefly off-camera for this piece, but from the trailer it looks like a fairly positive piece.

Comments

Brad, a small point, but important. Diesels don't have ignition systems in the conventional sense (where timing is all important to performance and emissions), they have glowplugs as they are CI (compression ignition) engines. The software that VW cheated on is the fuel injection and engine management modules. In a diesel this is complex and involves air/fuel mixtures, particulate filters in the exhaust, and exhaust gas recycling, but there is nothing to do with an ignition systems.

You said "Cheats are far more likely if they benefit customers and increase sales."
I'd posit that cheating has absolutely nothing to do with the customer, it purely a play by the manufacturer to produce the vehicle at lower cost/performance/feature level. The customers don't expect to be buying flawed product in any way. Those customers who bought VW diesels I would assume had every expectation that they were buying a green car that still performed well. There would be no expectation that any form of cheating existed.

The biggest problem here is that all modern vehicles are black box tested....no-one gets to see how the results were achieved. This is exactly how VW got away with this cheat for so long.

Could this happen with automated vehicles....IMO absolutely. As the percentage of the problem represented by software increases, and while software is a secret sauce never revealed we are exposed to this possibility.

You also bring up self-certification. Self certification can be adequate where detailed definition of functionality or processes or quality exist. But where there is no definition to comply with (as is the case for almost all the automated driving functionality) self certification is simply an illusion of compliance.

We have far to go before standards are set for automated driving functionality. It will be years before NHTSA Level 4 vehicles have a set of ISO26262 functional specifications that suppliers can meet. Until then, it's prototypes only I would suggest.

Electric powered vehicles are looking increasingly likely to take over from petrol and diesel vehicles in the future. This process, admittedly from a very small base already seems underway. The relative share price of Telsa to GM, which is out of all proportion to their production, shows where investors think the future lays.

As vehicle emission reductions are becoming politically more important, what this scandal may do is give the growth rate for electric vehicles an extra push early in their growth period. Robocars seem very suited to being powered electrically as the hassle of continually topping up the batteries and calculating the range could happen behind the scenes without much human intervention.

Although the effect may be small, the VW scandal may end up being a long term positive for Robocar.

And while I used to feel that robocars would be the big enabler of electric cars -- and they still will be -- I do think electrics can now make it on their own as well. However, I don't know if this hurts or helps. Electric cars are a bit easier to automate and maintain, so that's a plus.

Understandably, this is a big topic in the German media, even though there are other big topics like 25 years of unification and 1.5 million refugees.

Several engineers have admitted to knowing what was going on, and names from those higher up have been circulating, but it is too early to say who holds most of the blame.

Since the emissions during tests were a few dozen times less than on the road, but this topic, as far as I know, was never mentioned in the press, but would have been if only VW appeared to be this good, I find it hard to believe that VW is the only manufacturer who did this. They were probably just the first to get caught.

Of course, this is fraud. On the other hand, if the software can notice whether it is in a test situation, then this test situation cannot be realistic. Why not just test the cars under realistic circumstances, like many car magazines do? (The usually don't test emissions, but do test fuel consumption, something else which is officially tested under unrealistic conditions.)

I think it will always be possible to detect the test. The test has to be fair, which means the same for everybody, and as such it will have a pattern to it. It's also much easier to do it in a garage on a dyno, and that's super easy to detect -- the wheels are turning but the car is not accelerating, and the car is not steered. But even if you leave the dyno, any company can get a log of what the road test was like. You also have GPS that shows you are on the route or leaving a testing center.

If they could find a way to truly randomize the test and make it fair, that could work. But a better method is to have the uniform test, and also do a non-uniform test to see if it roughly matches, only publishing and grading on the fair, uniform test. But if the random test doesn't match, you know something is up. And that's just what was done here.

Add new comment