Car companies have come in for some well-deserved criticism in recent weeks.
There's the General Motors settlement with the Department of Justice, in which the car company will pay $900 million and enter into a Deferred Prosecution Agreement to close the investigation into GM's negligence in ignoring a safety risk associated with an ignition switch. GM killed at least 124 people as a result of its decision not to fix the problem, yet no one will go to prison for GM's failure to fix the part.
Then there's the news that Volkswagen programmed 11 million of its cars to cheat on emissions tests to show levels of nitrous oxide emissions as much as 40 times lower than vehicles actually released under normal operation. VW's excess emissions must be causing thousands of premature deaths a year in Europe, where diesels are far more common than in the US.
Then there's the news, this summer, that Fiat-Chrysler left numerous of its cars exposed for nine months to a vulnerability that hackers could use to take over the car.
Senator Bill Nelson (D-Fla.) laid into the car manufacturers Tuesday for their faults, naming Volkswagen, GM, and airbag manufacturer Takata. "Has the corporate culture in what is an automobile society shrunk so low that we can’t be up front when our products are defective or when we are trying to gain competitive advantage?" He blamed not just the companies themselves, but also regulators for not tracking safety more closely. "I lay this not only on the corporate culture, I lay it at the feet of the US regulatory agencies who ought to be doing their job, ought to be doing it in a forceful way, and then there ought to be some prosecutions and corporate executives that knew this and have done it ought to be going to jail."
Senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) have been more proactive, seeking to pass new rules for networked cars that might be hacked, as well as trying to implement an early defect warning system at the National Highway Traffic Safety Administration. Those efforts would provide more information to consumers about the vehicles they are buying, as well as (in the cybersecurity and privacy realm) require manufacturers to meet basic standards of safety for this recently recognized threat.
The response hasn't been universal, however. On the same day the Volkswagen scandal was developing, GOP presidential candidate Jeb Bush called to slash regulation, claiming businesses need fewer regulations to be able to succeed, so some people want to make it easier to conduct such fraud. But Markey and Blumenthal are right that more is needed to protect consumers from the complex machines they operate, starting with more information. Markey and Blumenthal -- and to some degree, Nelson -- are right: The companies that make these machines need to do more to make sure they're safe for consumers to use. And, as the GM case makes clear, corporations need to be held liable for the defects they let slide if they go on to kill people.
But while cars offer spectacular lessons in the ways that complexity and opacity can kill -- there's no better reminder than the tragic death of someone whose air bag didn't deploy properly -- it's not just cars. Nelson may imagine only car companies would hide or delay fixes on their complex products, but that happens all the time. While Google responded immediately when it learned of an important bug in its Android operating system, for example, actually getting it into phones proved more difficult, in large part because phone manufacturers have a history of neglecting Android updates. Security researcher Brian Krebs recently showed that Adobe hasn't integrated recent critical fixes to its always-broken Flash software into the current release of its media player; such Adobe bugs are some of the most persistent sources of insecurity on the web. And a recent Politico Pro story showed that, even in spite of a massive 2012 settlement on foreclosure fraud, the finance industry is still pushing homeowners improperly into foreclosure, and doing so because they can't manage the loan servicing process.
The problems presented by these complex machines -- for cars, as much as mobile phones and complex financial products -- are exacerbated as software continues to drive more and more of them. As New York Times columnist Zeynep Tufekci points out, we don't yet have the regulatory structure to ensure the safety of things run by complex software, because it's difficult for regulators to look at the actual code. "[T]here is as yet little funding for creating the appropriate regulatory framework for smart objects, or even an understanding of the urgent need for it." She notes the one exception -- slot machines. "[C]asinos have better scrutiny of their software than the code running our voting machines, cars and many other vital objects, including medical devices and even our infrastructure." To fix the problem, you'd have to have some visibility into the code that corporations often hide behind copyright claims.
Car companies deserve the approbation they're getting. The stupid engineering decisions they made are killing people.
But other industries are hurting consumers because of similar complexity problems. And as we move towards providing regulatory tools necessary to fix the car problem -- automobiles are already a heavily regulated agency so it's easier to do there -- we should consider whether such fixes are necessary more broadly.
Lots of things -- financial crashes, some kinds of software crashes -- can destroy a human life, not just a car crash. We'd do well to remember all of those things as we try to find fixes for the problems created by corporate laziness and complexity.