The upshot: New technologies can help to protect the integrity of components in safety-critical systems (and others). Those same technologies could threaten free markets.
Our literature racks are full of stories about well-meaning technologies with a dark side. Those technologies make it into the light because of the benefits they provide. That dark side… well, somehow it never enters the marketing message makeup. And the dark-side horror stories we can read are often fictional, leveraging bits of truth, so why worry?
On the other hand, it’s also easy to rail at the moon constantly, finding fault in everything and decrying all new developments as Trojan horses. And to wish that those horses would get off o’ my lawn!
Usually, as the cliché goes, the truth lies somewhere in the middle.
We have examples of this in the offing more and more as new technical capabilities allow companies ever-greater control over their supply and maintenance chains. And none speaks volumes more than the makers of the cherished automobile, which is undergoing an unprecedented revolution.
If you’ve watched the news, you’re probably aware of the older issue of software and copyrights in vehicles. With the increasing amount of software content, automakers have claimed copyrights on it and have tried to deny others the right to do repairs because it might involve violation of that copyright. This argument leverages the Digital Millennium Copyright Act, or DMCA, to which exemptions can be added (or removed or modified) every three years. You can see a flurry of activity in 2015, and then, in 2018, it was made clear that owners of automobiles – and even tractors – could legally modify their own vehicles.
That was about software and the law. A new angle involves hardware, and it’s about technological, not legal, enforcement. There are two different approaches to this, both of which have some clear benefits – at least on paper. Maybe even in practice, if they’re used only for those promised benefits. (Think about grocery-store club cards: on paper, the benefit was that the whole computerizing of everything would make inventory management a snap – no more empty shelves. The downside – massive data collection – could happen, but, oh, don’t worry about that. Today, in practice, it’s all about that data. Inventory is still a mess in many stores.)
Single-Source Enforcement
We’ll start with the simpler approach, and it comes from a discussion I had with Maxim on a new automotive security authentication capability. And let me start by saying that I am not here to decry Maxim on this; the technology itself isn’t evil. It’s a question of what happens with the technology, and that’s in our hands, not theirs.
When replacing components in a car, whether due to wear-out or a collision, we have a choice of hardware maker. It could be the original OEM, selling through the dealer, or it could be an after-market brand. And we’ve heard the exhortations for years: per the dealers and OEMs, only parts offered by the dealer should be trusted, since the OEMs control the quality. Everything else is suspect.
And yes, some after-market gear is schlock. But not all of it. The argument goes, however, that, especially as safety considerations escalate with autonomous vehicles, you can’t be too careful about what goes into the car. And so OEMs will have a new way to ensure that the components that go into their cars remain, in their eyes, legitimate. It’s a component authentication system.
Much like the way we authenticate an internet session, a car would initiate component authorization sequences every time the vehicle starts up. Components would have credentials (Maxim would be the certificate authority), and an unauthorized component would fail authentication.
The “on paper” part is that this would ensure that shifty mechanics wouldn’t replace good components with substandard ones – a benefit that’s hard to gainsay. The question is then about the “in practice” part: will OEMs use this as a way to eliminate component competition? Unlike the software situation, it’s not that they’re claiming that people would be breaking the law by putting in after-market parts. They could simply refuse to let the car start. Heck, the system even allows for random interrogations while the car is operating, although exactly what the OEMs would do in the event of a rolling failure is unclear. (And, again, how this is used is not something Maxim controls.)
Digital Twinges
The second new technological notion is that of the digital twin. It’s a simulation model, but it’s unlike the kind of model we’re used to when designing chips or other devices. With design models, you’ve got a model of an ideal version of what you’re going to build, and you can tweak that model to ensure that what you create is robust in the face of manufacturing and environmental variations. Once the device hits the market, that model could well disappear.
A digital twin is different. It’s a model of a specific unit, and it’s used to track that unit throughout its lifetime by gathering masses of sensor data from the real unit. That sensor data lets the model remain in synch with the actual unit – and it lets the model simulate possible future situations, like wear-out. The great thing about it is that you can schedule replacement of parts not based on some generic schedule (which may cause replacement far sooner than physically necessary), but only when truly needed.
I first heard about this in the context of high-value, high-safety equipment like airplane engines. It’s pretty hard to find a dark side of this application, since supply and maintenance chains are so tightly controlled – for obvious good reasons.
More recently, however, I’ve heard it referenced even for automobiles. The idea here is the same: the dealership can schedule service when actually needed, not based on some schedule. And that should make for better efficiency, less wasted effort, and fewer wasted components.
But this is a situation very different from the airplane engine. The first concern, of course, is that this can be used as yet another surveillance technology. While we’re already surrounded by that, we’re often reassured that much of the data is anonymized before being fed into the “how can we improve the product?” process. But with digital twins, by definition, it’s not anonymous. Yeah, it might not be able to tell who’s driving (yet, anyway), but it can say who owns the car. And so that owner will be personally tracked.
But we also have a free-market challenge here. If car manufacturers cease to put out maintenance schedules, and if they service only when indicated by the data, and if only they have the data, then you pretty much can’t go for much servicing to an independent shop. Yeah, there are things like oil changes, which you can do based on mileage, or brakes, where you can see the remaining pad (or will that change?), so some things might still be possible. But those 30,000-mile services, where a bunch of stuff is replaced – needed or not – could go away. And only the dealer would know when they’re needed – and exactly what needs replacing.
One big question here is, who owns the data? If it’s our car, is it our data? As illustrated by the software issue, auto makers have been trying to abandon the pure ownership model and maintain some control even after we pay the ownership price, and they’re likely to claim that it’s their data, since it’s their car. Or at least one they’re responsible for. If we own the data, then, in theory, a third party could create an appliance that we could use to figure out what needs servicing ourselves. But that would require an open interface – and, even tougher, releasing what would likely be AI models performing the service predictions. So that could easily be thwarted by the OEMs.
Of course, while a disappearing independent shop market is one risk, with the resulting jump in component and service prices from monopoly dealers, there’s another one. Let’s say you get a notice that you need to come in for a service. How do you know you really need the service? How do you know that the dealership wasn’t running low on revenue for the quarter and sent out a bunch of service notices to boost the top and bottom lines?
Sound paranoid? Yeah, probably. But, to be fair, the auto industry – especially dealerships – haven’t always done a good job of convincing us that they have our best interests in mind. Through these technologies, OEMs could be handing their dealers exclusive rights to the repair and maintenance of vehicles.
Now, you could argue that my worries represent me being stuck in the past – with the old ways of doing things. (Where we buy a car and then can do what we want with it – tinkering, changing parts, improving performance, taking it out onto the track, choosing who repairs it – all that free-market/ownership stuff). If we go to a future autonomous vehicle model where individuals no longer own cars, but rather summon them when needed, this all changes – maybe. It depends on how that business model evolves. If it does so in a way that lets the OEMs maintain full control of every aspect of the vehicle for the lifetime of the vehicle, then that still represents a free-market issue.
The R-Word Raises its Head
So how do we address this? It’s not clear to me that there’s a technological way to do so. If an OEM designs a car that refuses to start unless it has supplied all of the components itself, even after a repair, then there’s no easy way to thwart that. Which raises the specter of the other solution – the one that’s worked for the software copyright issue: regulation.
We usually hear about regulation as the enemy of the free market, and, done badly, it can be. But, in cases like this, where the goal of the free market is to eliminate the free market, then regulation can try to maintain something of a fair playing field. I wouldn’t suggest anything like making component-authentication illegal; that’s too heavy a hand. But some approaches that might help could include:
- Requiring that third-party component manufacturers, after passing some sort of quality test administered by an independent body, be allowed to acquire certificates that would allow their components to pass muster during authentication. The “independent” part of this ensures that OEMs can’t control who gets the certs.
- Establishing by statute that digital-twin data from privately owned automobiles belongs to the owner (but perhaps can’t be withheld from the dealer? What if the car was privately purchased used?).
- Requiring that auto makers open the interfaces to the data, enabling a market for service-prediction utilities. That would give owners a choice: use the dealers’ summonses or do it yourself. Even if most people go with the dealer, the existence of this option would encourage better dealer self-policing.
- The tough one involves the AI prediction models. On the one hand, you could say that those models need to be opened up by the OEMs. On the other, you could let model quality be a differentiator, letting third-party providers compete on who does the best job predicting service needs. If the latter is practical (that is, if there were a way to generate models without the financial heft of a big OEM), then let the battle begin!
It seems to me that we’re still a ways away from having to worry about this. I have found zero discussion of these specific issues online. But, based on the software experience, I’d say there’s a good chance that, eventually, we will have to have this little talk. My hope is that having it earlier, before there’s a problem, would allow the “on-paper” benefits of these technologies to be realized in practice as well.
More info:
Maxim Deep Cover Automotive I²C Authenticator
Sourcing credit:
Michael Haight, Director of Business Management for the Micros, Security and Software business unit, Maxim
What do you think about how these technologies might tighten automotive OEM control?