Math can’t solve everything,

Math Can’t Solve Everything: Questions We Need To Be Asking Before Deciding an Algorithm is the Answer

Across the globe, algorithms are quietly but increasingly being relied upon to make important decisions that impact our lives. This includes determining the number of hours of in-home medical care patients will receive, whether a child is so at risk that child protective services should investigate…

The $37,000 Rental.

Hi truck!!

This is my new truck, a 2017 Chevy Colorado. This year marks my 13th year as a Colorado owner, you see back in 2004 I bought a brand new 04 Colorado. It was my first new vehicle purchase ever and all in all it was a OK choice, I doubt I would have bought a second one if I didn’t think so. I paid $27,000 for it and it held up for me for the most part for 165,000 miles. Now there were a few notable exceptions to this, about 3 years into my ownership and right after the warranty expired my 4×4 transfer case blew up and was irreparable. It was a costly boo-boo and I was stuck with the tab. Then roughly 9 years into my ownership the 4×4 failed because of a broken solenoid thought I never found out for certain because I never actually fixed that issue. Fast forward to today, You may have noticed I paid another 10k for the same truck.. I know, I know.. I wasn’t thrilled about that part either. But there are some legitimate reasons for the increase. For one my new truck has a larger cab and more options. But more so because in the time between my two purchases the truck was totally redesigned. The Toyota Tacoma was crushing the Colorado on the market. It had more options and unfortunately was getting the reputation of being more reliable. Don’t forget we went through the GM bailout fiasco during this period. So GM had to find a way to rebrand itself and the Colorado went with it. Many of the former options became standard and many more were added. Not to mention the new Chevy MyLink entertainment system and thus we come to the point of this article.

Do I own this truck?

No really it is a serious question. I didn’t lease it. I DID partially finance it and you could conceivably say that the bank owns it. But for one they are not the organization I have a issue with here and two I really don’t think the law works that way. I financed the difference between my down payment and the amount owed I then purchased that vehicle myself and put said vehicle up as collateral. Now the bank has the title in their possession. I’m pretty certain my name is on that title while it is in the bank’s possession but really it’s irrelevant to the argument that will soon become clear. Even if their name is on the title in situ I would still argue that I own it as long as I keep up on payments and that the bank owns my remaining debt not the vehicle itself.

Get to the damned point already Jim!

OK, OK next couple sentences I promise. But first a couple questions.. So say for instance I was a mechanic and I was all excited to modify my new truck. I want to lift it, put on roll bars, huge tires, maybe even change the engine.. No. Scratch that, say that the engine is my first priority. I gut it immediately and throw in a V8 350 (assuming it will fit). Say I turn it into a first class rock crawler. I’m legally allowed to do all that right?
So why the hell do the rules change when the word engine is replaced with software? Can you really say that the vehicle’s software plays a more critical role in it’s safety than the engine? At best you could say that it is an irrelevant ‘apples to oranges’ kind of argument but that’s it. If I bought say a 1960’s Chevy I could verify that it is safe through my own checking. I could easily learn how the drive train operates. Take the engine apart. Verify the pistons and crankshaft operate smoothly. Verify that the valves all open and close without obstruction. Ect. Ect. Now please tell me how I verify that the code written on my rolling computer is not going to lock up mid operation? This may seem paranoid in the modern climate but try to understand that the next version of Excel takes years to develop. Fallout 4 took 3 years. 5 years for GTA5. Now think that your car’s software is pushed out the door in under a year… Yea, Seems like a lot pressing of an issue now doesn’t it. Point #1. check.

Secondly this truck operates with an always on 4G cellular connection tied directly into OnStar. I realize that OnStar is a subscription service and that someone could just make a dismissive comment that if you don’t want OnStar don’t pay for it. Simple logic, and I wish I lived in that world but things are just not that simple. The subscription layer of OnStar is the tip of the iceberg. An unsubscribed vehicle still transmits a ton of data. Like what? Well engine data, transmission data, 4×4 data, GPS data, the status of your seat belts, the current occupancy, really every scrap of data is recorded and saved in a database. It may seem extreme to save that all in one go but from a computer science viewpoint it is much easier to record everything and pick through it later. We all need to understand that this is all TEXT data. meaning the data from a few hundred vehicles could be maybe 10Gig? And assuming for a second that it is we are talking 100x that per terabyte drive. Storage is stupid cheap today. Google built Gmail on the assumption that data storage was literally free and it was a massive success. I’m serious, they literally went to their bean counters, told them to delete the storage cost line item and still made billions. Now I don’t necessarily think that GM want’s to do anything malicious with this data. I think they are caught up in the ‘big data’ trend and want to see how much they can improve their product. I respect that. The conflict of interest comes when government subpoena’s that data and GM hand’s it right over. Imagine you are accused of a crime and find out that you have been driving a rolling tracking device for years and the prosecution now had the record of everything you have done with your vehicle for a decade. No I’m not saying I plan on committing any crimes but from my viewpoint this is a violation of my constitutional right protecting me from illegal search and seizure.

I know the dismissive argument to that too. Some would say that if you’re doing nothing wrong you have nothing to hide. But I could write novels on how ridiculous of a concept this. Put simply privacy is a basic human right. Anyone who remembers the previous century will remember there have been volumes written about the dystopian implications of letting government and industry have access to all of your data. Now we are supposed to accept it as commonplace? I don’t remember when we had the public debate about if it is right or not to turn your personal vehicle into a tracking device. I don’t remember when we had the discussion about if it was right or not to have the details of who I spend time with, what I buy, where I go, all collected unbeknownst to me and contrary to my wishes. Try to remember that your ancestors fought wars to get you these rights and if you willingly hand them over you nor your children will ever see them again. This is a massive privacy invasion comparable to having a camera installed in your shower and all done under our noses. We need to make it clear to these companies that our data is our PROPERTY and collecting that data without our permission is THEFT. Unfortunately our technology presses forward and our laws drag from the rear. If we allow the theft of our information to be come commonplace then all is lost. We open the door to a 1984 esque dystopia, and once we hand over a right which has been previously fought for we never get it back. Never.
So that should be take as point #2.. point #3 was going to be about my right to modify my own vehicle and the disturbing trend of automakers to lock out firmware to all but the dealer’s mechanics in an effort to monopolize maintenance, but I’m sure you could extrapolate what I want to say about the topic based on my previous comments.

This post is already turning into a novel so time to wrap up. In summary I find the idea that I am supposed to trust that GM has sold me a product that is safe and unhackable simply unacceptable. Lump onto that my concerns about my data being stolen and.. yea, not cool GM. Don’t get me wrong I love the truck and I wouldn’t have bought it otherwise but it is going to take a lot of reading and work before I am 100% OK with how it’s ECM operates.

Which brings us finally to countermeasures. What can you the concerned reader do if you are in a similar situation? Well as far as the auditing is concerned there is no easy fix. I recommend this book called The Car Hackers Handbook from No Starch Press. Read it twice.

On the other hand if you are concerned about your data exfiltration I do have a semi-easy fix. You see all this communication between GM and the vehicle requires a radio, radio’s require antenna’s, and antenna’s can be cut. Do a little research and find the connecting line between the car’s ECM (on mine it is a separate communications module) and the cellular antenna. It will be a coaxial cable similar to your cable TV but probably a little thinner. Remove the cable at the ECM. Chances are it will screw on with an SMA connector. This will cut communication most of the time but if you park right under the cell tower it will still be able to phone home. To fix this you need to solder a 50 Ohm resistor onto a new SMA connector between the inner signal conductor and the outer ‘shield’ conductor. This will ensure that any radio signal is immediately brought to 0 volts.
With my truck I found out the whole assembly is somewhere behind the glove box so I’m yet to actually implement this but when I do I will be sure to post the details here. Okay that’s it, if you’re still here sorry for the huge post. and remember…

Freedom is only free when you give it away!!