08 October 2015

Schneier on Security: “Volkswagen and Cheating Software”

My worry is that some corporate executives won’t interpret the VW story as a cautionary tale involving just punishments for a bad mistake but will see it instead as a demonstration that you can get away with something like that for six years.

This problem won’t be solved through computer security as we normally think of it. Conventional computer security is designed to prevent outside hackers from breaking into your computers and networks. The car analog would be security software that prevented an owner from tweaking his own engine to run faster but in the process emit more pollutants. What we need to contend with is a very different threat: malfeasance programmed in at the design stage.

We already know how to protect ourselves against corporate misbehavior. Ronald Reagan once said "trust, but verify" when speaking about the Soviet Union cheating on nuclear treaties. We need to be able to verify the software that controls our lives.

Bruce Schneier

An important aspect of this scandal that hasn’t been discussed as much as it should. While Volkswagen is certainly to blame for cheating, the people designing the tests, those in charge of quality control, are equally to blame because of their poor standards and predictable procedures. For sensitive matters such as pollution and health we need to have independent methods to double-check the approval process; otherwise similar situations will keep happening and faking results will become more widespread and potentially harder to uncover.

Volkswagen and the Era of Cheating Software
Matt Chase; photograph by Fotosearch, via Getty Images

Post a Comment