LFCS: GPLv3 and automobiles [LWN.net]

By Jonathan Corbet
April 24, 2013

Given that Linux is finding its way into almost every embedded computing setting imaginable, it is not surprising that it can increasingly be found in automobiles. But the automotive setting has some unique challenges of its own. How does automotive computing mix with the requirements of free software licensing, and of version 3 of the GPL in particular? A panel discussion at the 2013 Linux Foundation Collaboration Summit examined this question.

The panel was moderated by Karen Sandler, the director of the GNOME Foundation; the participants were Matthew Garrett (a developer with Nebula), Greg Olson (a senior partner at Black Duck's Olliance Consulting), Bryant Walker Smith (Stanford Law School) and Richard Fontana (Red Hat's licensing counsel). Together, they brought a wide variety of perspectives to the discussion.

The first question — does the GPL make sense in vehicles — was quickly redirected to a similar question: do the anti-tivoization provisions in GPLv3 apply to vehicles? If those provisions do apply, then the owner of a car with GPLv3-licensed software would have not just the right to the source, but also the right to replace the running software in the vehicle. This question is relevant because those provisions do not apply to every distribution of GPLv3-licensed code; they are, instead, restricted to "user products", defined in the license text as:

A “User Product” is either (1) a “consumer product”, which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage.

Richard thought that whether a vehicle was a "user product" depended on the specific vehicle in question. An army tank probably would not qualify, but a non-commercial vehicle sold to an individual probably would. So, for the purposes of this discussion, chances are that distributors of GPLv3-licensed code in vehicles would be required to allow the recipient to replace that software.

None of the panelists was 100% convinced that it made sense to apply the anti-tivoization provision to cars, though. Matthew stated that he did not want software that he had written to be in charge of any vehicle in which he was a passenger; he felt even worse about software written by most others. Richard said that concerns about safety and product liability were discussed during the drafting of GPLv3. He could imagine an exception to the requirements for safety-critical products, but that exception does not exist now. That said, it makes sense, he thought, for the owner of an automobile to be able to modify the software inside it, just like that owner is able to modify the hardware.

Matthew agreed that a lot of innovation can come from letting people play with automotive software. University students on closed courses, for example, should be able to play at will. He also noted that, under GPLv3, a device with replaced software need not operate in exactly the same way as it did before. The classic example is a media player that loses the ability to decrypt DRM-protected content if it is not running an officially-blessed software build. Perhaps a car with owner-supplied software could illuminate an indicator to show that it is operating in a non-certified mode.

Greg stepped back a bit to say that there have been many discussions around GPLv3 in his dealings with the GENIVI consortium. Automobile makers, he said, are "dead set against it." The problem is that automobile manufacturers are already pursued by an army of lawyers filing lawsuits in response to accidents. So manufacturers have adopted a highly defensive position; they maintain tight control over their supply chains and know exactly what they are building into their cars. Anything that threatens to compromise that control seems quite scary; the instinctive reaction is to say "no." He would like to see the door opened to GPLv3-licensed software, he said, because it is a better license. But that requires a much higher degree of clarity around the anti-tivoization provisions in this setting.

One possible mechanism that automakers could employ is some variant of the secure boot idea, whereby a car would simply refuse to operate with modified software. When asked if this would be consistent with GPLv3, Richard demurred, saying that he would have to study the issue. An alternative would be to detect modified software and put up some sort of visible indication that the car was no longer certified (or under warranty). In addition, there may eventually be legal rules about driving such a car on the public roads. Rules along these lines, Richard said, would be entirely consistent with GPLv3.

A member of the audience raised the question of experimental aircraft, which are surprisingly easy to fly in the US (until one wants to start carrying passengers). Could a similar legal regime apply to automobiles? Richard responded that there is a problem with the GPL, in that it doesn't say clearly how its requirements interact with local regulatory regimes. He expressed hope that, perhaps, this issue could be clarified in a future update to the license. Bryant added that the situation is a bit different, in that there are no real standards around automotive software; it is all a matter of self-certification by the manufacturers. The big problem is that there is no clarity currently; a better understanding of what the rules are, he said, is more important than any specific resolution.

Greg pointed out that automotive software modifications already exist: replacement engine control ROMs are available for a wide variety of automobiles if one knows where to look. Does it make sense to forbid other software modifications? Matthew added that one of the best ways to get people to do something is to attempt to prohibit it. A prohibition on automotive software modifications will just drive that activity underground, away from all regulation and with no framework to determine the liability for any resulting accidents. Controlled modification, he said, might lead to a better situation for everybody involved.

Somebody else asked: might the aversion to the GPLv3 just be a means by which automakers are trying to maintain tight control over their supply lines? Bryant responded that it is more a matter of acceptance of the status quo. Driving is actually an extremely dangerous activity, but most of us accept that most of the time. But we are less accepting of deaths resulting from drunk driving; the situation may be similar for deaths resulting from software modifications.

Greg pointed out that the nature of the industry is such that manufacturers will always control their supply lines in a fairly strict manner. It is the manufacturers who specify the tests and acceptance criteria for components, and they are the ones on the line if something goes wrong in the end product. Manufacturers are not averse to innovation in the supply chain, he said, and they want to have "compelling electronics" that will help them to sell cars. Their only real concern is civil liability.

What about systems where "infotainment" is separated from control? Perhaps user-modifiable software could get telemetry data and control the sound system, but it would be isolated from the systems responsible for operating the car. Greg brought up scenarios like the sound system suddenly raising the volume to 120dB, causing a crash; GPS misdirection was also mentioned. One need not get into the control system to incur civil liability, he said.

As the session wound down, Richard observed that the whole discussion was, from his point of view, a little strange. Adoption of GPLv3 has been limited so far, he said, and alternatives to most GPLv3-licensed projects exist. It would be a different discussion if GPLv3 were dominant, but it's not. He also claimed that there is not much demand from consumers to be able to make modifications. When demand is low, the industry will not take it seriously. So, he said, GPLv3 can be ignored in the automotive industry for now.

(Log in to post comments)

LFCS: GPLv3 and automobiles

Posted Apr 25, 2013 16:39 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

I don't know where you get your insurance, but I've never heard of insurance refusing coverage for a modification of the car. At renewal time, they may raise the cost of the insurance somewhat, but mostly that's around the cost of the vehicle.

It's the government that has requirements over what is required to legally drive on the road. And these tend to be very broad requirements.

You can make MAJOR changes to a car without any oversight and without making it illegal to drive.

People even build cars from scratch (both from kits, and literally from scratch) and the results are legal to drive. They don't even require inspection other than at the time they are first registered (and that inspection typically takes less than 10 minutes)

I've had accidents that were caused by faulty mechanical work. The worst that happens is that the mechanic (or their insurance) _may_ be liable for the resulting costs.

LFCS: GPLv3 and automobiles

Posted Apr 25, 2013 18:48 UTC (Thu) by rahvin (subscriber, #16953) [Link]

Though you can make broad modifications to a car there are no-touch areas with broad and severe legal consequences for tampering or modification. Structural modifications that affects the center of mass or structural frame of the car can often be illegal and will get an statements added to the title that basically destroy all value and often make the vehicle uninsurable. Raising or lowering the clearance has very strict limits that will get a vehicle declared undrivable on public roads.

Automobiles are actually one of the most heavily regulated areas of general commerce. Kit-cars, though self assembled are put through the same tests and certifications as regular cars including EPA and safety tests. And even though the "chipping" scene can be big, many of those chip modifications if installed are actually illegal (though enforcement is close to impossible) because they often alter the emission control systems in illegal ways.

I like the idea of free software in cars but even if you have the software rights to install new software you may not have the legal right to do so. From odometers to emission control systems cars have many systems that are simply illegal to tamper with, and that means in any way. IIRC California bars any tampering with the California mandated emissions system (a popular target of chip modifications because of the power that can be provided).

This doesn't even address the liability of such modifications. Toyota has been dealing with lawsuits regarding it's new drive-by-wire throttle control systems (they are electronic control, the throttle is controlled by a computer that reads peddle input and applies throttle based on the input but the driver has no direct control) and claims of uncontrollable acceleration. What happens if someone reprograms their computer and ends up causing an accident that kills several innocent people? (will the state require that the computer system be certified as unmodified in the event of an accident?) Then you have the question where if as the OP asserts and you rely on insurance to vet the system they simply don't have the resources or authority to be investigating if people are reprogramming their car computers.

I have no doubt that if they provided source and allowed drivers to reprogram the computers there would be legislation passed immediately afterwards to bar owners from doing exactly that. And even if they didn't make it illegal you'd likely be brought up on criminal charges if you did program the car and got in an accident (whether or not the reprogramming caused the accident, you'd like be forced to prove in court that your modification didn't cause the accident).

This is not a simple area. I personally don't want people modifying their cars in ways that will affect the safety, otherwise there isn't any point at all in the regulations we already have that mandate all these safety controls. I can see all sorts of situations that result in terrible consequences, and even things that are unlikely like someone reprogramming someones car to cause it to crash and kill them. Especially considering newer cars are almost entirely drive by wire (no direct control over throttle, braking or steering).

LFCS: GPLv3 and automobiles

Posted Apr 25, 2013 21:19 UTC (Thu) by pboddie (guest, #50784) [Link]

Your comment was very informative, but the original comment in this thread focused on the use of a car on a public road, which is where the legality of a vehicle is most likely to be assessed. Already, at least in the country where I learned to drive, it is possible to do all sorts of things with vehicles on private property that would simply not be allowed on public roads, and I don't see why modifying the software wouldn't be yet another one of those things.

LFCS: GPLv3 and automobiles

Posted Apr 25, 2013 23:15 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

you can already modify the software in your car, including the drive-by-wire components (like the throttle)

In fact, there are companies that sell plug-in devices that you plug in between your existing components to alter the values output from one component before they are processed by the next component in order to change how the vehicle behaves.

When you investigate, the items that are fixed by law on a vehicle are actually very few. Far fewer than most people think.

If you want to manufacture and sell vehicles as a business, you have to do the crash testing, meet mileage requirements, etc. But building and selling one-off vehicles do not have the limits.

The items I know of that are regulated on a car are:

bumper must be within a given height range

headlights must be DOT approved and mounted withing a range of heights with specific aiming

wheels and tires must be DOT approved (which still allows a wide range of custom wheel designs and manufacturing, but bead-lock wheels are not DOT approved), but wheel laws are almost never enforced.

Even Odometers can be changed. It's only illegal if you don't reveal that it's been changed and that it's readings do not reflect the real milage of the vehicle. I.E. don't tamper with it for deceptive purposes and you don't have a problem.

LFCS: GPLv3 and automobiles

Posted Apr 26, 2013 8:50 UTC (Fri) by spaetz (subscriber, #32870) [Link]

> The items I know of that are regulated on a car are:

You must be living in the US :-). Try to change a few pieces of a car that somehow could relate to safety in Germany and you'll have to present your car to the safety agency to get it certified.

LFCS: GPLv3 and automobiles

Posted Apr 26, 2013 16:27 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]

what parts of the car can't be somehow related to safety (especially if changed badly?)

I started to say that you could paint the car, but if you painted it a mirror-finish silver, the reflections and glare from it could be a safety issue for other drivers.

I'm glad I don't live there

LFCS: GPLv3 and automobiles

Posted Apr 30, 2013 13:26 UTC (Tue) by wookey (subscriber, #5501) [Link]

The rules do indeed vary enormously from country to country to country. Germany is particularly strict (which makes life difficult for Camper-van builders there for example) with, in general, only pre-authorised components allowed to be used. If dlang is right then the US is probably laxer than most 1st-world countries.

The UK lies somewhere in between. You can pretty-much do what you like mechanically to a car - replace any parts, with upgraded ones if you like, change the engine, fit a nitrous kit, convert to a different fuel, rebuild a van into a camper-van, add body kits, fix the doors closed so you have to get out of the window. And of course most commonly-replaced parts are not supplied by the manufacturers, but by other cheaper suppliers (there presumably are some controls over what can be deemed a suitable 'replacement part' but I'm not exactly sure who checks whom - manufacturers don't get a veto).

You do have to tell your insurance company if you change almost anything - this requirement has got much stricter over the last 20 years. I don't know how often they say 'no' rather than just charge you extra. I've had no increased cost from replacing my non-turbo engine with a turbo-(diesel) one, and rebuilding a van into a self-build camper van actually made the insurance cheaper. I also entirely re-shelled a car once and that was not even deemed a modification (as it was a manufacturer's original shell). I replaced the batteries and charger on an EV (lead acid to lithium http://wookware.org/pics/moped/lithbatts/) and there was no problem with the insurance.

Build your own vehicle from scratch (or a kit) and you will have to get it inspected to get it registered. The rules are not arduous though - correct sorts of lights in correct positions, seatbelts and some limits on sharp sticky-out bits for pedestrian safety (largely the same set of things that is checked in the annual fit-for-use-on-the-public-road (MOT) test). The test does cost ~£250.

Given this very extensive ability to mess with the car's mechanicals, I really can't see why anyone should worry unduly about software. It's no better or worse than bleeding the brake system, chipping the ECU, or painting fake fire down the side. (The latter is the one that will have the largest effect on your insurance premium, amusingly)

The OP hit the nail on the head IMHO.

One last point. I'm surprised that Matthew doesn't want his own software in a car he drives. I'm pretty damn sure it'll be at least as good as the stuff the car came with. We all know how ropey commercial code can be. Automotive code may be somewhat above average but the idea that only big corporations can get this right, whilst free-software people can't, has been shown to be wrong so many times, and it's no different in this case.

LFCS: GPLv3 and automobiles

Posted May 6, 2013 16:21 UTC (Mon) by ortalo (subscriber, #4654) [Link]

"One last point. I'm surprised that Matthew doesn't want his own software in a car he drives. I'm pretty damn sure it'll be at least as good as the stuff the car came with. We all know how ropey commercial code can be. Automotive code may be somewhat above average but the idea that only big corporations can get this right, whilst free-software people can't, has been shown to be wrong so many times, and it's no different in this case."

I have the same general observation about security properties. Open source code may have its weaknesses, but hell, we do not even talk about the security of some other commercial (and expensive!) piece of software.

In the critical systems field, we currently think things may be better than for those systems, but I am still pretty undecided as to the respective merits of serious critical industrial software with respect to open source software...

Some call me over optimistic, others over pessimistic, but in the end, I am just... curious.

LFCS: GPLv3 and automobiles

Posted Apr 27, 2013 0:20 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

The items I know of that are regulated on a car are:

The California vehicle code has thousands of words of equipment requirements (it's a whole chapter). Like many statutes, the vehicle code is written in the passive voice so you can't tell who is criminally liable when the mandated state does not exist, but from what I've seen, the operator of a vehicle usually is.

For example, there are detailed requirements for all of the lights on the car and no lights not specifically described are allowed.

On the other hand, you could write many times as many words describing things one can change on a car. But some of that is just because it hasn't been a problem yet. The legislature is clearly of a mind that restricting one's ability to modify one's car is good public policy.

LFCS: GPLv3 and automobiles

Posted Apr 27, 2013 4:10 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]

I forgot about the lights (which is silly since I used to be state certified in that), but other than checking that the required lights exist, enforement of the 'no additional lighs' policy is non-existant.

In fact, for most of the things in the code, if you get a ticket on them, you found a cop who was bored or out to get you for other reasons.

LFCS: GPLv3 and automobiles

Posted Apr 25, 2013 22:09 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

> Though you can make broad modifications to a car there are no-touch areas with broad and severe legal consequences for tampering or modification. Structural modifications that affects the center of mass or structural frame of the car can often be illegal and will get an statements added to the title that basically destroy all value and often make the vehicle uninsurable. Raising or lowering the clearance has very strict limits that will get a vehicle declared undrivable on public roads.

I don't know where you live, but it's nothing like that in the US.

clearance limits exist, but they are rather wide.

have you not seen all the jacked-up 4x4 trucks running around? or lowered boom-boxes?

those are examples of major changes being made to the suspension and clearance of the cars.

You can cut and weld your frame, significantly change it's CoG, etc with not only no problems, but with nobody even looking to measure the affected area.

There are companies that exist for the sole purpose of providing new exhaust or intake systems. These are part of the emissions systems and can change it significantly (there are parts that you need to keep, but even for things like catalytic converters you can change them out to different ones, the law just says that a vehicle after a given year must have one)

For what it's worth, I live in California and have been trained in Auto Emissions testing and the laws related to that.

take a look at some of the weekend car TV shows (spike and speed networks especially), they show some of the drastic modifications that people do to vehicles.

But also look at some of the custom car magazines, they can show you the fantastic extremes that car modifications can reach.

In many cases, the work can be described as "jacking up the VIN plate and putting a new vehicle under it"

People already modify the brakes, steering, engines, body, frame, etc what else is there?

LFCS: GPLv3 and automobiles

Posted May 2, 2013 7:43 UTC (Thu) by farnz (guest, #17727) [Link]

In the UK, it's not unknown for insurers to refuse insurance on modified vehicles, where the drivers are going to be younger drivers (typically under 25s). So, an unmodified Ford Focus ST might cost a 21 year old on the order of £6,000 per year to insure. A modified Ford Focus that's been brought up to similar spec to the ST may be impossible for that self-same 21 year old to insure, because it's a modified vehicle.

There exist specialised insurance brokers (search the web for "specialised modified car insurance" and they'll show up) who will find you insurance for a modified vehicle regardless of age, but they're even more expensive than the normal insurers; I suspect that the "mainstream" insurers simply refuse to quote if their risk model comes up with a huge premium, but that the specialised are able to get insurers to quote despite the high premium.