Software Freedom Doesn't Kill People, Your Security Through Obscurity Kills People

Bradley M. Kuhn at 2016-08-13T13:55:18Z

URL: http://ebb.org/bkuhn/blog/2016/08/13/does-not-kill.html


The time has come that I must speak out against the inappropriate rhetoric used by those who (ostensibly) advocate for FLOSS usage in automotive applications.

There was a catalyst that convinced me to finally speak up. I heard a talk today from a company representative of a software supplier for the automotive industry. He said during his talk: "putting GPLv3 software in cars will kill people" and "opening up the source code to cars will cause more harm than good". These statements are completely disingenuous. Most importantly, it ignores the fact that proprietary software in cars is at least equally, if not more, dangerous. At least one person has already been killed in a crash while using a proprietary software auto-control system. Volkswagen decided to take a different route; they decided to kill us all slowly (rather than quickly) by using proprietary software to lie about their emissions and illegally polluting our air.

Meanwhile, there has been not a single example yet about use of GPLv3 software that has harmed anyone. If you have such an example, email it to me and I promise to add it right here to this blog post.

So, to the auto industry folks and vendors who market to/for them: until you can prove that proprietary software assures safety in a way that FLOSS cannot, I will continue to tell you this: in the long and sad tradition of the Therac 25, your proprietary software has killed people, both quickly and slowly, and your attacks on GPLv3 and software freedom are not only unwarranted, they are clearly part of a political strategy to divert attention from your own industry's bad behavior and graft unfair blame onto FLOSS.

As a side note, during the talk's Q&A session, I asked this company's representatives how they assure compliance with the GPLv2 — particularly their compliance with provision of scripts used to control compilation and installation of the executable, which are so often missing for many products, including vehicles. The official answer was: Oh, I don't know. Not only does this company publicly claim security through obscurity is a viable solution, accuse copyleft advocates of endangering the public safety, they also seem to have not fully learned the lessons of making FLOSS license compliance a clear part of their workflow.

This is, unfortunately, my general impression of the status of the automotive industry.

gnubrunswick, Claes Wallin (韋嘉誠), roy, Dan Scott and 14 others likes this.

der.hans, Benjamin Cook, Benjamin Cook, Douglas Perkins and 13 others shared this.

Show all 13 replies

@MikeLinksvayer, I do think license politics matter. I can't get past the fact that the bifrication of "non-copyleft good", 'copyleft bad" has won and been a great part of the cooption by Open Source of software freedom. But you and I should talk more about how I can modify advocacy to avoid it better so as to succeed in reaching those who are annoyed by such -- I suspect there is a way that I just don't see yet. I've been meaning to call anyway so I will after my current trip. :)


@Richard Fontana, I decided not to call out the specific name of the person who gave the talk. The statements were typical of those made by many different automotive industry representatives and their providers over a period of years. The fact that this particular individual wasn't any better or worse than others I've heard, so there was no reason to single him out. The problem is the general auto-industry rhetoric and talking points, not one person's version of it.

Bradley M. Kuhn at 2016-08-16T10:32:10Z

@bkuhn While I agree with most of your post, I don't know if it's fair to say that the Tesla crash was due to proprietary software.

The Tesla self-driving system, I'm almost certain, relies on machine learning and a neural network. I suspect that even if their algorithms were free software, accidents would occur at the same rate, at least in the short term. The way I understand it, the source code isn't all that important, it's the training data gathered during all the millions of miles driven on the road. Without the data, you're not able to run the program yourself in any useful way other than what you already do by just driving the car. Even if you had access to the data, the volume is so gigantic that you probably wouldn't be able to train the program without expensive infrastructure. Neither would you be able to study the program in a meaningful way, since the neural network isn't "source code" comprehensible to a human.

I do think self-driving cars would eventually be safer if their training data were open; the more training data, the better, and self-driving car manufacturers would be able to make self-driving cars safer for everyone if they would make their accumulated training data interoperable, so we would benefit in the long term. But for this particular accident I don't believe the blame rests with proprietary software.

I'm curious what you think. I tend to think that many machine learning applications don't fit within the traditional separation between free versus proprietary software, because even if they are open, they don't afford a user the four freedoms. This is something I've been musing about recently, which is why I reacted to that particular portion of your post, but I don't know the answer.

Philip Chimento at 2016-09-02T03:49:32Z

Sarah Elkins, Bd Sn, Claes Wallin (韋嘉誠) likes this.

The Tesla system would make the world even better if it were Free Software, but according to the data that Tesla themselves have gathered (duly noted), their system has killed fewer people, proportionally, than humans driving cars have.

Claes Wallin (韋嘉誠) at 2016-09-06T17:49:27Z

@bkuhn the key word in my comment is 'retreat'. Apparently this person said "putting GPLv3 software in cars will kill people". Instead of extracting the substance from the license politics and making the case that safety is compatible with (or even requires) that car owners be able to install modified versions of software running on computers in cars, you took the license politics hook line and sinker, making facile claims about GPLv3 software never harming people (for what definition of harm? but nevermind, uninteresting) worthy of a TV soundbite but unworthy of any other form of discourse.

Mike Linksvayer at 2016-09-07T01:43:44Z