You’ve probably heard in the news that some 11 million Volkswagon cars were loaded with software specifically designed to “cheat” emissions tests. The car would recognise when it was being tested, and switch to a special mode that would drop emissions to the bare minimum. So the cars would pass emissions tests with numbers that were much lower than what the car actually produces when driven on the road.
On October 8th VW’s US CEO was pulled before congress and was asked what knowledge/decisions were there at a corporate level for this. To which he replied that an investigation is still “on-going” and continued with:
“This was a couple of software engineers, who put this in for whatever reasons”
– Michael Horn CEO Volkswagon America
Watch the video here: Volkswagen Congress Hearing: Emissions scandal – watch live – YouTube
What the hell? From the perspective of a professional Software Engineer, that response raises so many questions:
- Which two software engineers exactly?
- How do we not know at least something about the reasons?
- Did the Software Engineers know what they were coding?
- How many people knew?
- Is the company or the employee legally liable/accountable for the software created?
Which two software engineers exactly?
How is this so vague? Most professional software shops use some sort of Version Control Software (VCS). If it were me sitting there in congress, I would sign into github on my phone, pull up some of the code in question and look at the version history. They should know everyone who has ever touched that file, when, and maaaaybe they might even have a tie-in to some feature/bug tracking software. Michael should have at least been able to say, “we know exactly when the code was created and modified, and by whom”
How do we not know at least something about the reasons?
If their VCS was tied to a project tracking tool, we should know exactly what instructions the developers were presented with. Lets assume that isn’t the case, then there may still be some commit messages associated with code changes.
>git commit -m “adding routine to cheat emissions tests”
Even without all of that, did we at least go talk to those developers? Worst case, I would have like to have heard “we’ve talked to the developers who wrote some of this code, and it appears at least some of them knew/didn’t know what was going on”.
Did the Software Engineers know what they were coding?
Now we’re getting into some meaty discussions. The people writing the code either knew what they were doing, or didn’t. But that’s not the same as to say they’re either guilty or innocent. If the developers working on this were intending to circumvent emissions laws, then they obviously did something unethical. Not only unethical but also illegal. What if they didn’t know what they were doing? Maybe they had no idea what the code would be used for. I would argue that this is unlikely. First, how can you code something correctly without knowing about it’s use. And second, when writing code it’s part of our job as a professional to know (within reason) if we’re complying with laws and regulations in the area and how our code may be used. If you don’t know, you find out, or you don’t write the code. Admittedly, when writing libraries or tools, something for the open-source community for example, we could never know all the possible uses for our code. However, “dieselgate” doesn’t seem to fit into that box. Could it be that they were just “doing what they were told”? As if that would make it okay to break the law; “because you were told to.” Any way you slice it, these Software Engineers did something wrong; the question is “HOW wrong?”.
How many people knew?
Developers don’t often code in a bubble. Especially at larger companies that work with critical software. If some bad code gets into our cars, it could ruin the engine or damage property or even kill someone. There was likely an architect involved somewhere. The code probably went through some testers hands, to make sure it fulfilled whatever specs or requirements they had been given. In the best case scenario, these were a couple of rogue programmers who were willing to risk their jobs and futures to sneak in some code so VWs could pass their emissions tests. That’s possible, but very unlikely. The most likely case is that there were a few more eyes on this than just coders. Maybe they thought they were being clever, and the ethics or legality never crossed anyone’s mind.
Is the company or the employee legally liable/accountable for the software created?
Is Michael Horn throwing some people under the bus, or is Volkswagon to blame? Can a company use a couple of software engineers as scape goats? As for “legal accountability”, any individual OR company involved in something illegal should be held accountable. If we find out our company is doing something wrong, we have to speak up, report it, or quit if that’s the only option. Conspiring to break a law is definitely, at least in some way, the individuals choice. But financial accountability, is another question. Because how a company chooses to develop software has such a profound impact on the quality of the software, it would be unreasonable to blame most individuals. Put another way, a company may choose to move very fast, and get a product out quickly, but in doing so they would assume the risk of what those additional bugs may result in. The company is the one who “moves the slider” between safe code and risky code, based on the business needs. If the company controls the risk, they shoulder the burden. As a Software Engineer, if I found out I were financially responsible for what happens if there’s a bug in my code.. my productivity would slow to a crawl, no bug would ever get by me, and also very little code. This would continue until I found someone willing to insure me, b/c that type of risk could bankrupt an individual.
This scandal with VW has raised all sorts of questions. But it is clear that the company is absolutely accountable (at least financially), and those involved in creating that code probably share some of the legal accountability.
Let’s keep this conversation going. What did I get wrong? What other questions does this raise?