VW's car DRM let it get away with cheating on its diesel emissions testing

The EPA has accused Volkswagen of rigging its software to cheat the agency's diesel emissions standards so that its cars could be on the road while spewing 40 times the legal limit for diesel emissions.

Volkswagen, like most auto manufacturers, uses digital rights management in its informatic systems. Under section 1201 of the Digital Millennium Copyright Act, it is a felony to tamper with that DRM, punishable by five years in prison and a $500,000 fine for a first offense. The company uses this legal regime to limit which mechanics can service its cars, ensuring that only "official" mechanics, who are bound by nondisclosure agreements -- and covenants to only buy their parts from VW and not an aftermarket competitor -- can effectively service their cars.

This year, the US Copyright Office held its triennial hearings into possible exceptions to this rule, and one petition asked it to grant an exemption for jailbreaking cars. The car manufacturers intervened to oppose this, but so did the EPA, fearing that drivers would modify their firmware in ways that increased emissions.

But by banning independent scrutiny of cars, the EPA and the Copyright Office have made possible for terrible, criminal frauds like this one to go undetected for long periods, turning cars into long-lived reservoirs of dirty secrets that can't be reported without risking criminal sanction.

But two months ago, the EPA opposed some proposed measures that would help potentially expose subversive code like the so-called “defeat device” software VW allegedly used by allowing consumers and researchers to legally reverse-engineer the code used in vehicles. EPA opposed this, ironically, because the agency felt that allowing people to examine the software code in vehicles would potentially allow car owners to alter the software in ways that would produce more emissions in violation of the Clean Air Act.

The issue involves the 1998 Digital Millennium Copyright Act (DCMA), which prohibits anyone from working around “technological protection measures” that limit access to copyrighted works. The Library of Congress, which oversees copyrights, can issue exemptions to those prohibitions that would make it legal, for example, for researchers to examine the code to uncover security vulnerabilities.

The EPA Opposes Rules That Could’ve Exposed VW’s Cheating [Alex Davies/Wired]

(Image: Delaware and Franklin Streets, Berkeley, Cary Bass-Deschenes, CC-BY-SA)