The Toyota Recall and the Case for Open, Auditable Source Code

The Toyota Recall and the Case for Open, Auditable Source Code: "

Blog post by Michael A. Spiegel. Please email any comments on this entry to <mspiegel@softwarefreedom.org>.


Public Safety is not a matter of Private Concern



In a recent article,
Slate's Farhad Manjoo attempts to play down fears of faulty software
in car braking systems as a potential cause of traffic
accidents. Citing numerous studies which conclude that “the
overwhelming reason we get in crashes is driver error,” Manjoo
reasons that “the less driving people do, the fewer people will
die on the roads.”



While it may certainly be true that most crashes occur because of
intoxication, distraction, or driver fatigue, and that computer
controlled cars may decrease driver error, Manjoo doesn't seem to see
the obvious implication of his own assumptions -- “opaque”
and “inherently buggy” software which could endanger
public safety should be subject to review.



If Toyota truly wanted to repair its public image and reputation
for quality, it would make its source code available to anyone
interested, not just a single government regulator. The public is far
more likely to discover bugs and suggest improvements than a
relatively small number of overworked and potentially inexperienced
government employees. As a former patent examiner at the US Patent and
Trademark Office, I have seen the problems that arise when the amount of information and technical
expertise available to the government is far outstripped by that of the private firms
seeking government approval. Currently, the USPTO is attempting to
deal with this imbalance of information by publishing patent
applications before they are granted and by considering various
proposals to incorporate public feedback as a means to improve patent
quality. The National Highway Traffic Safety Administration should
consider similar measures to allow the public to assist in its
work.



Toyota should take their cue from another industry recently wracked
by a loss of confidence in the integrity of their product -- the
voting machine industry. Looking back on the controversies that surrounded voting
irregularities in the past few elections, it seems like the public
cares a great deal about the integrity of the voting process. A
seemingly endless amount of ink was spilled by the press and
blogosphere expressing outrage over the various security flaws found
in Diebold voting machines, especially after the CEO of Diebold
Inc. wrote
that he is “committed to helping Ohio deliver its electoral
votes to the president next year.” The media attention
surrounding this issue culminated in the HBO documentary “Hacking
Democracy”
, in which filmmakers Simon Ardizzone &
Russell Michaels chronicled the efforts of activists who exposed and
attempted to fight the proliferation of insecure voting machines.



Finally, in response to the controversy, Sequoia Voting
Systems announced
last October that their new voting machines would be based on publicly
available source code and open architectures, noting that
“[s]ecurity through obfuscation and secrecy is not
security” and that “[f]ully disclosed source code is the
path to true transparency and confidence in the voting process for all
involved.”



I find it curious how proprietary software became a major concern
to the media as well as various state legislatures when our democratic
process was threatened, but when at
least 37 lives have been lost
due to malfunctioning Toyota
vehicles, there is no similar outcry for greater transparency in the
proprietary braking and accelerating software that is crucial to
keeping people safe on the road.



Given the cost of its 8.5 million car recall and the potentially
irrecoverable damage to its brand, Toyota should seriously reconsider
the value of maintaining a business based on trade secrets and realize
that ensuring public safety should not be purely a matter of private
concern.

"