Four Key Lessons on Trust & Transparency from Volkswagen

Originally written by Cerys Hearsey on September 28, 2015.

Photo by spatz_2011

Although not strictly an Internet of Things (IoT) issue, the Volkswagen scandal that broke last week, revealing that Volkswagen had used software embedded in over 11 million vehicles to fool EPA testing for nitrogen oxide (NOx), and in the process pumping over a million extra tons of pollutants into the atmosphere, has bought to the surface some key concerns and potential applications for IoT that are worth exploring.

It will not surprise anyone that cars are approaching a complexity only seen in biological organisms – with over 100 million lines of code in new high-end cars (for comparison, the Large Hadron Collider in Cern runs on approximately 50 million). This complexity offers many benefits – automatic emergency braking and forward warning collision warnings to name just two is the arena of safety. These benefits will increase exponentially as we see IoT ramping up more and more in the race between traditional car manufacturers and technology companies. However, the Volkswagen incident has highlighted clearly that the complexity of the software can also be used by manufacturers to flout regulations – and the scale gives an indication of the damage that can be inflicted by simple manipulations.

With regulators lacking the capacity, and some say the skills to comb the extensive levels of code for bugs (anyone who has spent time debugging the simplest code will testify to the fact that it is notoriously difficult), a new solution is needed. If you project forward to a time in the not-to-distant future when devices are not just smart, but also connected, and the challenge of data validity (or veracity as my big data colleagues would insist) becomes crucial. IoT collects, processes and ultimately provides decision-making material (or indeed makes the decision). There needs to be a high-level of trust at all times – in the data collected, in the code that crunches it and the decisions made based on the first two. We need to make sure that we are talking to the right device, that it is operating within accepted parameters, that we believe the things it shows us and that no one has interfered at any point with the data. Establishing this kind of trust in a diverse range of ‘things’ and at such scale is of course a massive challenge in its own right – internet-scale problems require internet-scale solutions.

There have been calls to open up carmakers source code to the public – therefore allowing an extended network of volunteer experts to complete the job more quickly. In the case of VW, it is clear that most of the 11 million owners of affected vehicles would never have looked at a line of code. But chances are someone would have found it much sooner. Unsurprisingly, carmakers are more than a little skeptical of the approach with companies including Fiat Chrysler coming forward strongly against the idea highlighting the additional potential security risks posed by allowing individuals and groups with malicious intent such access.

Until now, although many businesses declare that IoT will revolutionise the products, services and internal ways of working of their businesses, too many have been held up by insufficient IT infrastructure or businesses not organised in a sufficiently agile and flexible way to be able to take advantages of the benefits. Classic, hierarchical, siloed org structures are a distinct disadvantage in a world that requires seamless collaboration and sharing of expertise between teams dealing with hardware, software, data and experience. The general lack of openness and transparency engendered by these kinds of structures are not going to stand the test of the new connected world. The inbuilt transparency that comes with the Internet of Things could come as a shock to many traditional manufacturers – a lot of information that was hidden by default previously, suddenly is revealed when devices become connected. Transparency, trust and the openness required to operate in the Internet of Things is nothing like organisations modus operandi at present. Even the most flexible and agile organisations find transparency tough – start-ups and scale-ups have given us examples of radical transparency, but from this time forward, to build a connected world on the outside, you must be connected on the inside, and to operate with trust and transparency with your customers requires trust and transparency with your employees.

The VW issue may actually have pointed out the false sense of security under which we have been operating for a while when it comes to the networks, hardware and software that we rely on for IoT. In the battle being fought on many fronts to come out top in the race of the connected world (the home, car, factory and communications are just examples), one country which seemed to have an unassailable advantage has always been Germany. With its high involvement in manufacturing, respected privacy and security policies when it comes to data, it seemed a good alternative to the Google’s and Apple’s of the world – brand names already highly trusted in consumer markets, could leverage that trust to significant advantage.

Just how much damage has been done to the ‘Made in Germany’ brand by this one scandal is difficult to quantify, but it is safe to say that the full story has not yet been heard – just yesterday, memos leaked that were sent to VW from OEM partner Bosch warning them against emissions rigging as long ago as eight years. There are also tangental investigations that will need to be explored once the initial recall and legal actions are in full swing – questions on what the value of VW’s R&D spend of €13.1 billion in 2014 is really achieving for the company, the ethical questions around housing a finance arm that gives loans to car buyers of subsidised cars, and the potential run on that financial institution – much as GMAC (the former financial arm of General Motors) experienced during the financial crisis.

As we move further on the journey from smart- to connected-devices, there are clearly some capability gaps in traditional firms that need to be addressed. Here are four areas where lessons can be learned:

  • Cars are not the only products in which software has now become a critical element. But the current generation of management seem ill-equipped to manage a software operation, and leave it to the engineers to make key decisions about how the product works. As more products come to rely heavily on code, non-technical managers will find themselves failing to understand the fundamentals of the products they are managing.
  • We see a clear digital skills and confidence gap in many existing large firms, which must be addressed if they are to avoid these kinds of problem in the future. A lack of digital fluency cannot become a barrier to engaging with key issues inside and outside the organisation.
  • In the IoT world, data is a key currency and firms need to develop a culture, practices, processes and skills for handling data, which many of them have not yet done. Allowing the whole firm to access and analyse data (an open data strategy, within commercial limits) is one way to avoid big surprises, and can build a culture of trust in what the firm is doing.
  • In a culture of traditional top-down management, it is not enough to tell people to meet a target or a goal ‘by any means necessary’ – leaders must be able to engage with the detail about how things are achieved, and where compromises or tough choices are needed, the culture needs to be open enough to allow a debate about consequences.

It’s been a difficult week in the world of IoT. Many analysts are highlighting the potential role of IoT in avoiding another VW-scale scandal – but I think it is safe to say that until organisations have figured out how to be transparent inside and out, and to create trust between employees and leadership, and organisations and consumers, VW will not be the only teacher of lessons.