Thursday, September 22, 2016

Trump - 'The Grand Experiment" (Video)







The Grand Experiment

He said I alone can solve it all: 
The Mexicans will take the fall,
Rapists and murderers one and all.
I'll keep them out with a beautiful wall.

He claimed Muslims on the Jersey Shore
Cheered 9/11 with a roar.
So he proposed to even the score
By turning away refugees from our door.

He picked off his rivals one by one
With insults from his verbal gun.
A playground bully in his roots;
Now some of the vanquished lick his boots.

Party leaders professed surprise;
But said not a word as they saw him rise.
Their fifty-year history brought us here:
Filled with whispered expletives like nigger, and queer.

They acted as if they didn't know
That his campaign was a toxic show
And didn't believe he’d continue to crow
While eager crowds watched, faces aglow.

Now their surprise has turned to dismay,
But the leaders still have little to say.
He's ours, they reason, and so they endorse;
While with their party he rides off on a horse.

Think what he'd do if he brought into play
The FBI and NSA.
Like Nixon he’d create a mess
With the help of the IRS.

He could reshape the Pentagon
And stack the Court
As if in a game
Or perverted sport.

Treaties we rely on now
He might simply disavow;
And let the Russians have their way
If the Baltics didn’t pay.

He seems to love color
But not every hue:
Only white sheets,
Blood red,
Black and blue.
To him that’s our nation,
Through and through.

An original birther,
He’s no mere apprentice.
Yet he speaks without mirth or
Ending a sentence.

He riles up the crowd
By mouthing hatred aloud.
With a trumpet, a tweet
And a wink and a nod,
He’ll grind all his foes
Right into the sod.

Or deport them like cattle,
From Maine to Seattle.

The economy’s up and crime is down
But his constituents are white folks,
Not black and few brown.
A fact that for him
Warrants not even a frown.

He boasts of his billions
Till people get dizzy.
But ask for returns
And he throws a tizzy.

The deleveraged, the macho, the unschooled and enraged:
They lap up his act, his airplanes and gilt;
And won’t even notice
Till the knife’s in to the hilt.

He has but one thing
To say to dissenters:
I beat all the governors,
And even the senators.

But sadly, he says,
What you can’t beat anymore
Is the protesters at rallies –
Hey, is that chick a whore?

He calls women dogs
And his daughter hot.
He’d probably tap that,
If related they were not.

And speaking of dogs:
He’ll wag like a pup
When a strongman like Putin
Feeds him crap to lap up.

He flirts with white power
And dictators abroad;
Talks of conspiracies,
Dark secrets and fraud.

Evidence is absent
And so is the truth;
Dissecting his meaning
Can require a sleuth.

“Believe me” he’ll say,
As facts slip away;
And then walk it back
With an “I don’t know” crack.

He mocks the disabled
And impugns a judge;
It’s as though someone cabled
“Keep sending us sludge!”

They said he would pivot,
But how could he change?
For this is a man
Of limited range.

He says, Crush the press
And ignore all the mess:
Constitution, statutes and all the rest.
As leader, I say, I’m the one who knows best.

It’s kind of ironic
Since the media made him;
And then like a tonic
Farewell they had bade him.

Yet he often stumbles
And then revives.
If this guy wins,
What survives?

Laughing off war crimes
And testing religion;
He might leave some liberties
But perhaps just a smidgen.

And what if he loses?
It’s, I smell a rat!
And now gun owners
Should ready their gats!

E pluribus unum:
But in truth our fates
Likely depend
On random swing states.

By November we’ll spy
On which road we’ll go;
Have we chosen the high
Or selected the low.

And then the world
Will finally know
If they need still be wary.
For this man is quite scary.

To him experts are nothing,
Not even the generals.
He thinks himself wise,
But what kind of owl
Screeches all day
And puts on a scowl?

His hair in a rage,
He’s off on a rant.
His mind thinks thoughts
That most of ours can’t.

“I’m sending the nukes
And feel fresh as a daisy.”
To him this is smart;
To the rest of us, crazy.

A Muslim dad with a book
Is to him just a crook;
“Who wrote that speech?”
Asks the man whose own wife
Mouthed words from another’s life.

And a Gold Star mother
Contorted in grief
Is not even entitled
To simple belief;

POWs are losers –
The insults abound.
Why is someone so tawdry
Even around?

You’ve sacrificed nothing.
Not true, he replies.
I’ve built businesses, buildings.
And told many lies!
What does it take
To open some eyes?

I killed in New York,
He boasts with a bluster;
And could do it for real
Which most cannot muster.

Love trumps hate;
Or so they say.
But darkness is deep
And people, clay.

Fear mixed with rage
Is a potent brew.
Hitler knew it.
Mussolini too.

From bully to bully pulpit;
How bad could it get?
We survived McCarthy.
But this is worse yet.

His name’s now a verb;
“Trump that bitch” is the cry.
I’m sure that he’s heard it;
But he bats not an eye.

Ties, wine and buildings
It’s all just a brand.
Like a bogus university
Built on nothing but sand.

He wants immigrants out,
Except for his wives.
For they alone
Know his true size.

It’s all a disaster,
He says, but wait!
Elect me now
And I’ll make it great.

Friday, November 7, 2014

It’s a Play! It’s Live Internet TV! It’s Both, and it Opens in Los Angeles on Friday

‘The Noir Series’ harkens back to the days of live TV but presents a thoroughly modern challenge to entertainment unions


Bad Medicine,' a segment from 'The Noir Series,' features a chain-smoking doctor and two disconcerting nurses. Credit: Turner Munch.

Somewhat like Shimmer, Saturday Night Live’s mysterious concoction that was both a floor wax and a dessert topping, a production called The Noir Series that runs this weekend in Los Angeles manages to be both a stage play and live Internet TV. You can buy “studio audience tickets” to see the show in person at the Schkapf Theatre or purchase online viewing tickets. The producers – who describe the show as a 90 minute omnibus comprised of “four plays inspired by the dark and pulpy noir of Hollywood’s past, filmed and streamed with an eye towards Hollywood’s future” – will be happy either way.

But will Actors’ Equity, the union that governs live theatre? Produced under the banner of Heretick Theatre Lab, The Noir Series seems to challenge Equity’s long-held determination to disallow recording or streaming of plays in order to preserve the primacy of the live performance.

Seemingly, the solution adopted by Heretick’s artistic director Jennifer Cotteleer is simple: the production went with a SAG-AFTRA new media contract rather than an Equity agreement. But it's not quite that easy: Cotteleer acknowledged that the production “is a play” -- and SAG-AFTRA contracts haven't always saved the day when the experiment was tried in New York.

For more on this innovative production and its challenges, click through to my article in The Hollywood Reporter.

Check out “The New Zealand Hobbit Crisis,” available on Amazon in paperback, Kindle and audiobook. Visit my website (jhandel.com), follow me on Twitter or friend me on Facebook or LinkedIn. If you work in tech, take a look at my book How to Write LOIs and Term Sheets

Friday, October 24, 2014

'Citizenfour' Review: Quiet Moments in a Hong Kong Hotel Room as Edward Snowden, Journalists Fight to Save Democracy



Hong Kong has been ground zero this year in the fight for freedom, with students and Occupy leaders battling police for control of the streets in a desperate campaign to maintain the Chinese territory’s relative autonomy from erosion by the central Beijing government.

But the city hosted much quieter freedom fighters a year earlier, not on the streets but in the confines of an international hotel room. When journalist Glenn Greenwald and documentary film maker / journalist Laura Poitras responded to emails from an intelligence community member who identified himself at first only as “Citizenfour,” little did they how deep the rabbit hole would be and that unraveling history’s largest spying operation – a worldwide mass dragnet by the NSA that targets essentially everyone on earth – would mean traveling to Hong Kong and debriefing Snowden in a hotel room from which none of them would emerge unchanged.

Nor, it seems likely, will the audience of Citizenfour, which takes the viewer inside that hotel room via footage Poitras shot as the interviews with Snowden unfolded. Even though we now know, thank to the courage of Snowden, and of Greenwald, Poitras and their colleagues, that the NS’s warrantless programs hoover up everything from everyone, domestic and foreign, emails, telephone calls, metadata and apparently  contents as well, it’s nonetheless gripping to watch the interplay between source and journalists as the latter learn the details and attempt to figure out what to do about it.

Snowden, young, handsome, sincere, is outwardly calm, willing to give up his comfortable life, family ties, and perhaps his freedom to slow the U.S.’s slide towards a nation of subjects rather than citizens. But his Adam’s Apple betrays him. Take a close look and you can see he’s swallowing hard, even as he insists he’s made his peace with the choice to sacrifice his own comfort for the greater good. Later, when he rearranges his hair to muddle his identity as he prepares to slip underground, his curses at an errant cowlick underscore the anxiety he feels.

As a journalist, I’ve worked with anxious sources, tried to uncover truths, published secret documents and laid bare the backroom dealings of closed-door meetings. I’ve never worked on anything as momentous as Poitras and Greenwald’s brief, nor put my life (cf. war reporters) or freedom at risk, but Citizenfour nonetheless felt eerily familiar in its duet between source and reporter, as documents and thumbdrives change hands and broad contexts and telling details emerge.

As a former math geek and computer scientist, I’ve long been interested in the NSA, and knew that the nascent intelligence community during World War II had monitored every international telephone call and telegram from or to the U.S. As far back as the early 1980’s – when I worked for the military-contractor think tank that created the Internet’s predecessor for the Defense Department – I figured that computerized monitoring of international communications was taking place (though I never worked on such projects), so the Snowden revelations at one level were unsurprising. But they didn’t fail to chill last year, nor when seen again in the film.

Not all of the documentary takes place in the hotel room. Particularly unnerving is footage of earthmovers in the Utah mountains relentlessly clawing at the landscape as they construct a massive NSA data center to store the intercepts that Snowden says the agency in drowning in – so much so, he says, that the intelligence community has lost the ability to find the valuable information in its own hoard. Dogged in their pursuit of bedrock, the steamshovels’ unforgiving appetite for raw earth and their inexorable attack on the landscape become in Poitras’s sure hands visual signifiers of the greed for information – and thus power – that characterizes the security apparatus that has flowered since 9/11 under both Bush and Obama.

The tension between national security and freedom has seldom been tauter, nor the balance harder to strike in a world where every bit, byte and packet is subject not just to interception but also to weaponization. With his actions, Snowden ignited a debate that will long continue, and Citizenfour, the third film of a post-9/11 trilogy – the other films landed Poitras on a secret watch list from which she found no escape and drove her to relocate to Berlin –  will stand as an urgent and gripping record. See it this weekend. The NSA probably already has.



Check out “The New Zealand Hobbit Crisis,” available on Amazon in paperback, Kindle and audiobook. Visit my website (jhandel.com), follow me on Twitter or friend me on Facebook or LinkedIn. If you work in tech, take a look at my book How to Write LOIs and Term Sheets

Thursday, August 14, 2014

An Actor's Cautionary Tale: Cancer Diagnosis and a Drawn-Out Battle Over Residuals


Actors often complain about late residuals checks, although SAG-AFTRA has cut processing delays lately. But few stories compare to the battle waged by Alex Doe (a pseudonym), a voice actor who was diagnosed with cancer in 2012 and endured a 3-1/2-year residuals runaround from Warner Bros. and SAG-AFTRA that ultimately  threatened Doe's health insurance.

(Residuals are royalties that are paid to actors, writers, directors and musicians when movies and TV shows are rerun or are released in other media such as DVD or the Internet. They're not small potatoes: residuals can amount to 40 percent of an actor's income, and total about $2 billion per year.)

How did this happen? Boomerang, an offshoot of Time Warner's Cartoon Network, failed to report thousands of reruns of the actor's show for several years, and the Warner Bros. residuals department resisted the union's contrary data. The actor filed a claim with SAG in February 2011, and the union and studio began arguing about the number of reruns and whether Doe had been overpaid on a DVD release.

Warners repeatedly promised more information -- surprisingly, collective bargaining agreements don't require that any particular data be provided -- and months often passed between emails and phone calls. In 2012, the head of the union's residuals claims department referred the matter to a legal department attorney.

But even with both departments involved, the delays continued. For more details, and the surprising resolution, see The Hollywood Reporter.

Check out “The New Zealand Hobbit Crisis,” available on Amazon in paperback, Kindle and audiobook. Visit my website (jhandel.com), follow me on Twitter or friend me on Facebook or LinkedIn. If you work in tech, take a look at my book How to Write LOIs and Term Sheets

Thursday, August 7, 2014

Review: NudeAudio Super-M and aiia SSSSSpeaker on Kickstarter




Two new Bluetooth speakers offer a great reason to jet on over to Kickstarter.

The NudeAudio Super-M ($99, campaign ending on August 15) offers great sound in a package thin enough to slip in a back jeans pocket. During my recent visit to the company’s South of Market offices, a head-to-head comparison showed that the unit delivered deeper bass and higher volumes without loss of fidelity than the Jambox Mini and was more rugged.


NudeAudio is the same company that offers the delightful Move S, Move M (which I reviewed last year) and Move L speakers and the Studio 5 Lightning Dock with Bluetooth (found in hotel rooms at The W). How does the company manage to deliver attractive products at aggressive prices?

As chief design officer Peter Riering-Czekalla answered that question, I found myself distracted by the highly tactile silicon-sleeved speakers in pleasing yet subdued colors arrayed around his workspace. But in essence, his philosophy, honed by years of experience at design powerhouse IDEO, is to focus on acoustics rather than unnecessary features, keep product construction simple and cost effective, and defer from spending millions on advertising that positions the speakers as costly status symbols.



NudeAudio’s home – San Francisco’s SoMa distract – is an expected place to find innovation, but Kiev is not. Yet Kiev – yes, the one in the Ukraine – is the origin of another interesting speaker on Kickstarter, the SSSSSpeaker ($29, end tomorrow) from aiia. This one looks even more nude than the NudeAudio offerings: it’s literally just a speaker mechanism and a silicon speaker cone. But there’s a twist: the cone is collapsible like a those camping cups you might have had when you were a kid. Bright, collapsible, portable and light, the speaker produces enough volume for a pup tent and weighs very little.

Disclosure: The companies provided product for this review.


Check out “The New Zealand Hobbit Crisis,” available on Amazon in paperback, Kindle and audiobook. Visit my website (jhandel.com), follow me on Twitter or friend me on Facebook or LinkedIn. If you work in tech, take a look at my book How to Write LOIs and Term Sheets

Tuesday, July 1, 2014

How Do We Know Driverless Cars Are Safe? Google Says ‘Trust Us’




Driverless cars are on the road now – Google’s fleet has logged about 700,000 miles of autonomous driving – and the California DMV will be issuing regulations in a matter of weeks allowing self-driving cars to be sold to the public, possibly setting the regulatory pattern for the rest of the country (video). Google has predicted 2017 for first commercial availability, while Nissan and Mercedes say it will be 2020. The cars are highly complex systems whose sheer quantity of software surely exceeds the hundred million lines of source code in today’s non-autonomous vehicles. They weigh thousands of pounds and hurtle down public roads – robots with human payloads. But how will we know they’re safe?
Google’s answer at DMV workshops in March 2014 and May 2013 was, essentially, “trust us” (video, video, video). The company’s representative, Ron Medford, said Google would “self-certify” the car’s roadworthiness and then the DMV could take it for a test drive (video) akin to what a human driver undergoes today (video, video, video, video). “That the company … [is] ready to submit its vehicle for [DMV] testing is kind of the proof that it’s ready,” he said, and argued against any more detailed scrutiny than that (video, video).
This is the same Google that so betrayed customers’ trust that it’s under twenty years of outside privacy monitoring, imposed by a consent decree which it later allegedly violated (leading to a record multi-million dollar settlement). Yet the company’s answer is to supplement “trust us” with nothing more than a simple road test – even though computer experts agree that such testing is no way to verify safety-critical software.
A Chrysler representative, Steve Siko, also endorsed self-certification (video). “It’s not like any manufacturer is trying to skirt around some safety rules,” said another Chrysler rep, Ross Good (video). From VW, Barbara Wendling also sang the self-certification tune (video), and said she had “no worries that anybody in the industry is going to put an unsafe product into California or any other state” (video).
Really?
That comment ignores GM’s defective ignition switch that may have killed 309 people (the company says it’s 13) – almost 15 million vehicles recalled to-date amid criminal probes and possible cover-ups – and Toyota’s deadly accelerator pedals (89 fatalities, according to the National Highway Traffic Safety Administration), to name only two of the unsafe products automakers have in fact put on the market in recent years.
Nevada accepted Google’s “trust us” gambit (pdf, p. 13) but like that state’s slot machines, it’s a bad bet. Google’s approach is not good enough, because the tech company and automakers have already demonstrated they’re not trustworthy and because experts acknowledge that complex software can’t be adequately verified simply by testing it. That’s especially true of safety-critical hard real-time systems. “Hard” means that the system must respond in timely fashion to avoid devastating consequences, like an automobile crash.
Indeed, a mere “road test” is not how validation works in other safety-critical applications like medical device software or avionics hardware and software
The Right Way to Validate Software
As the Food and Drug Administration says, “Typically, testing alone cannot fully verify that software is complete and correct. In addition to testing, other verification techniques and a structured and documented development process should be combined to ensure a comprehensive validation approach. Except for the simplest of programs, software cannot be exhaustively tested. Generally it is not feasible to test a software product with all possible inputs, nor is it possible to test all possible data processing paths that can occur during program execution.”
And who should do the verifying? The FDA addresses this too: “Validation activities should be conducted using the basic quality assurance precept of ‘independence of review.’ Self-validation is extremely difficult. When possible, an independent evaluation is always better, especially for higher risk applications.”
Not surprisingly, the agency requires pre-market submission of very detailed flowcharts, design documents and the like (apparently including source code) for devices that present a risk of death or major injury.
Avionics is even more stringent. In the U.S., knowledgeable reviewers called Designated Engineering Representatives or DERs are certified and appointed by the Federal Aviation Administration. Some DERs (Consultant DERs) are independent contractors while others, although they work for the manufacturers (Company DERs), are part of a culture where they are deemed to owe their loyalty to the FAA rather than their employers; in fact, DERs are appointed to represent the FAA and are legally required to maintain objectivity (pdf, p. 21). Europe uses outside testing labs.
In both jurisdictions, detailed documents govern the certification of in-the-air avionics software and hardware (in particular, custom devices like FPGAs, PLDs and ASICs) as well as ground-based avionics software. Test plans, source code, design documents and more are required to be submitted, and the programming process itself has to meet certain standards. Every line of safety-critical software code has to be justified – traced back to its rationale – and has to be executed during testing.
The difficulty with the avionics approach is that it enormously increases costs and product development time. In the automotive sphere, that would mean people continuing to die from human-caused accidents – which is about 95% of the annual 32,000 fatal accidents today (pdf, see pp. 24-25) – while we waited for (hopefully-safer) driverless cars to emerge from testing. It’s a real issue, but there has to be some compromise between “trust us” and hyper-punctilious verification.
You don’t have to be a high-tech expert to understand the concept. Self-certification is not even the way it works when you want to add a roof deck to your house. At least in urban areas, you have to show your plans to the city or county building department first (and the plans are usually drawn up by an architect or engineer who passed a state licensing exam; not so with software). There’s a physical inspection after the deck is built.
Google wants to skip the first step and jump to the second, but why should we regulate robocars less rigorously than roof decks?
Certification of driverless car software and hardware by an independent testing company, coupled with DMV review and multiple test drives, is the best way to give the public confidence that these cars are as safe as can be. I’m well aware – as a former programmer and as a lawyer who has represented software vendors – that source code is sensitive. But so is public safety. Ultimately, meaningful certification will be good for the driverless car industry as well as for the public.
At the DMV sessions, a Bosch representative named Soeren Kammel endorsed third-party certification and re-certification when a product is updated (video, video). A consumer advocate, John Simpson of Consumer Watchdog, focused on privacy issues (video), which are also critical, but he didn’t explore certification.
Google declined to comment for this article and the DMV told me the issue would be “addressed in the regulations when we release them … later this summer.” They’re writing the regulations now: you can weigh in by clicking here to email the DMV (and cc me).
Bugs are Inevitable
Bear in mind, there will be bugs in the software and flaws in the hardware, as even Google admits (“should it fail .. we want to reduce the impact”; “there will be some failures,” video). That’s the nature of electronic hardware and especially of software: we’ve been designing and building physical structures for thousands of years – bridges, for instance, for 3300 years – whereas even the term “software engineering” is less than 50 years old and the actual discipline of rigorous programming, in any meaningful sense, is younger still.
As the FDA says, “because of its complexity, the development process for software should be even more tightly controlled than for hardware, in order to prevent problems that cannot be easily detected later in the development process.” (They put that in bold, not me.)
Programming is still a dicey business, in other words, as is obvious to anyone with a smartphone that crashes, overheats or drains its battery without reason. (And that’s not to mention the prospect of your phone being hacked.) I have just such a phone, a Samsung Galaxy S4, which initially worked quite well. Now, not so well. It runs on Android software written by Google.
Google engineers and programmers are smart, but they can’t escape humankind’s collective immaturity of knowledge around the task of engineering software that is safe, reliable, error free and resistant to malicious attack. These cars will kill people, albeit hopefully many fewer than the number of people killed today by human drivers.
And sometimes when they do maim or kill, the cars will have to make ethical decisions: if three pedestrians dash across the road one after the other right in front of a car, should the car jam on the brakes knowing it will hit and kill two of them, or should it swerve and kill only the third one instead? In the latter case, fewer lives will be lost but the pedestrian it kills wouldn’t have died had the car not affirmatively decided to swerve. Passively kill two people or deliberately kill a different person? Kill one pedestrian or swerve into another car and perhaps only injure its occupants?
There are many variants of this so-called “trolley problem” and the car’s software will have to make hard choices. These are moral dilemmas that society – government regulators – should at least have input into. They’re not decisions that Google programmers should make alone at their white boards.
Those programmers and their colleagues – engineers, designers, businesspeople and others – are brilliant, and they appear to have the most ambitious goals – and be the furthest along – of any company working on autonomous cars. Google has brought the world some great products, and a commercially available self-driving car, although it will bring enormous dislocations, will bring enormous benefits (pdf) as well, if it’s safe.
Why Google and Automakers Can't be Trusted
Notwithstanding Google’s old “don’t be evil” motto, the  company has overreached and been slapped for it just like any other large company. In 2010, it deployed privacy-busting features in Google Buzz, which resulted in the FTC imposing an astonishing twenty years of outside privacy audits starting in 2011. Yet the following year, Google allegedly violated that already-unprecedented consent decree and ended up paying a record $22.5 million settlement. And in 2008-2010, the company made an allegedly “intentional mistake“ by sniffing personal data from WiFi routers as its cars photographed the streets, and then apparently attempted to conceal this breach of people’s privacy. The FCC fined Google $25,000 for impeding its investigation.
Google is a great company, but it’s a big company, and there isn’t a day since the era of 19th century robber barons that big companies haven’t overstepped and run roughshod, absent determined regulation.
Like most large companies, Google aggressively looks after its own interests even at the consumer’s expense. That makes “self-certify” a pretty thin answer when it comes to Google car safety – or, for that matter, privacy, since driverless cars are “data guzzlers” that will be acquiring 30 to 130 MB of external visual and other sensor data per second when in operation. (Even now, the race to control the dashboard is on.) And that’s not to mention the GPS data associated with the passengers (i.e., Google will know where you go in the physical world, not just on the Internet) and the likely cameras inside the vehicles, at least for those owned by rideshare services such as Uber, in which Google invested over a quarter-billion dollars last year.

That Uber deal is no outlier. As the Internet morphs into the Internet of Things, the company is transforming itself from an Internet giant into an enterprise with access to – and control over – the physical world. In the last seven months, Google has bought both the smart-device maker Nest and seven robotics companies including Boston Dynamics, which makes robots than can gallop at 28 mph or carry heavy payloads. One of them is even in humanoid form. Six feet tall and weighing 330 lbs., it looks like the Terminator, minus the skin. So while Google’s newest driverless cars – which omit steering wheel and pedals – were deliberately designed to look “friendly” and “cute,” this is not your father’s Google.

And Google, of course, is not the only company developing driverless cars. It's an industry-wide project, yet many automakers have an appalling disrespect for public safety: they fought seat belts, set private detectives to harass and intimidate consumer advocate Ralph Nader, and lobbied against air bags for years, delaying a mandate until 1998.
Meanwhile, also in the 1990’s, over 200 people died in crashes linked to failure of Firestone tires, but they weren’t recalled until 2000. Consumer advocates charged that both Firestone and Ford (in whose vehicles a majority of the deaths occurred) covered up the problem and failed to inform NHTSA.
Present-day behavior is no better: In March of this year, Toyota agreed to pay a record $1.2 billion criminal penalty stemming from charges that it intentionally hid information about safety defects from the public and made deceptive statements to protect its brand image. That was in addition to an earlier $48.8 million civil penalty and a litigation settlement of over a billion dollars. All were in connection with unintended acceleration: ultimately, in two separate recalls in 2009 and 2010 totaling nearly 8 million vehicles Toyota acknowledged that its gas pedals could get trapped under floor mats or that the pedals themselves could simply stick, leading to out of control vehicles. Deaths and injury were the result.
Even more ominously for driverless cars, a jury in 2013 found Toyota liable for unintended acceleration stemming from a third cause, alleged software errors. An expert on embedded systems (real-world machinery that incorporates software), Michael Barr, charged that he found 80,000 violations of software reliability programming rules in Toyota’s code (pdf, p. 29), even after an investigation by NASA (on behalf of NHTSA) had found no software cause for unintended acceleration but not ruled out the possibility either (pdf, p. 17; pdf, p. 13); a NASA engineer charged that its team was taken off the investigation prematurely. The jury awarded $3 million in compensation and was set to consider punitive damages when the case settled.
Toyota is not the only automaker with unintended acceleration problems. Just last weekend, NHTSA disclosed that it’s investigating 360,000 Nissan cars for the same problem, in this case allegedly caused by improper design of a trim panel. Last month, Ford recalled 1.4 million vehicles, for defects including loss of power steering and (as with Toyota) floor mats that can interfere with the accelerator.
That followed a recall by Ford of about 700,000 vehicles for software bugs that could cause airbags to delay inflation and – a separate problem on the same vehicles – doors that could come open while the car is moving. Also last month, Chrysler recalled almost 500,000 SUVs because cracks in a circuit board could lead to a faulty signal that caused the transmission to shift by itself from Park into Neutral. Toyota too had a software recall, in 2010, involving anti-lock brake software and another last month, involving airbag electronic control unit software.
Also on the airbag front, chemical and mechanical defects have been disclosed in the last several weeks in airbags from a company called Takata, resulting in recalls or halted sales by eight car companies: Ford, Chrysler, Honda, Mazda, Nissan, Toyota, BMW – and GM, a company which this year has recalled over 28 million cars in about 30 separate recalls.
The most noted of those recalls, of course, have been for an ignition switch problem. In the last five months the company has recalled about 14.8 million vehicles (6.6 million in the last several months plus 8.2 million yesterday) from model years 2003-2011 because the ignition switch can turn off while the car is in motion, disabling the power steering, power brakes and airbags. According to the government, GM knew of the problem since at least November 2009, but didn’t tell NHTSA for almost 4-1/2 years. The New York Times reports that GM’s knowledge goes much further back: a GM engineer approved the faulty design in 2002 before the car was released, even though the part maker said the switch didn’t meet specifications. GM investigated later complaints, but closed the inquiry in 2005 because “none of the solutions represents an acceptable business case.”
Four months later came the first death tied to the ignition switch.
The following year, the same GM engineer allegedly signed off on a redesigned switch intended to be safer, but there was no recall for another eight years. Last year, the engineer claimed under oath in a wrongful death suit that he had not authorized the change (notwithstanding a signed document to the contrary); he told Congressional investigators in May that he didn’t remember.
Also last month, the company paid a record $35 million civil penalty even as the Secretary of Transportation said “what G.M. did was break the law.” According to NHTSA, GM employees were actually trained in how to obscure safety problems. Documents released last week by a Congressional panel reportedly show that a current top GM executive knew of the problem as far back as 2005. Criminal, congressional, SEC and state investigations are ongoing. Hundreds of lawsuits have been filed, and a compensation plan was unveiled yesterday that could cost the company billions.
In addition, a second GM ignition switch problem has emerged: in many of the same cars with switches that could turn off while driving, it was also possible to remove the ignition key while the car wasn’t in Park or while the engine was running. A GM report said that the company knew about this in the early 2000’s but didn’t recall the cars until April of this year. Meanwhile, although NHTSA received the report in April, it wasn’t posted on the agency’s website until a reporter asked for it in June.
These are the sorts of companies that would self-certify their driverless cars.
What About the Regulators?
Not only did NHTSA delay posting the safety report, it seems to have fumbled the GM ignition switch issue from the beginning. The agency received the first complaint in 2003 but didn’t propose an investigation until 2007. Even at that, no recall occurred until 2014. Instead, despite receiving an average of two complaints per month, NHTSA repeatedly responded that “there was not enough evidence of a problem to warrant a safety investigation,” according to the New York Times. Now Congress is investigating NHTSA as well as GM.
NHTSA doesn’t only handle recalls; it’s the federal agency that issues automobile safety rules. Under California’s self-driving car law, any NHTSA regulations on the subject will preempt whatever the DMV is doing now.
Commenting on the agency’s approach to software, embedded systems expert Barr said, “NHTSA … needs to step up on software regulation and oversight. For example, FAA and FDA both have guidelines for safety-critical software design within the systems they oversee. NHTSA has nothing.” (See also pdf, p. 44.) There are techniques to reduce automotive software risks, but NHTSA doesn’t require them.
And the agency is not currently regulating driverless cars at all.
That leaves the field to the less technically-experienced, more resource-poor state DMVs. It’s not hard to play one state off against another, and that looks like what Google did with California. Although a Stanford report says that self-driving cars were “probably legal” already, the company presumably wanted more certainty, so it got Nevada to pass a driverless car law to its liking in 2011, then Florida, and then used those statutes to incite California legislators to act. Sacramento, fearful that Google’s car operation would decamp to the home of legalized gambling, passed legislation requiring the DMV to issue regulations by January 1, 2015, legalizing the cars on California roads. Gov. Jerry Brown signed the bill at Google headquarters in September 2012.
But a section of the law, CVC 38750(d)(2), requires that the regulations include “any testing, equipment, and performance standards ... that the department concludes are necessary to ensure the safe operation of autonomous vehicles on public roads, with or without the presence of a driver inside the vehicle.”
The only way to even have approximate confidence in the safety of a complex embedded system is for a knowledgeable independent third-party certification authority to review (under confidentiality agreement) the software and firmware source code, custom chip (ASIC) designs, hardware specs, design documents, flowcharts, and other technical documentation. 
The Problem with Road Testing
If you’re not a programmer, you may still be wondering why road testing is inadequate for driverless cars. Once again, the FDA explains, “One of the most significant features of software is branching, i.e., the ability to execute alternative series of commands, based on differing inputs. This feature is a major contributing factor for another characteristic of software – its complexity. Even short programs can be very complex and difficult to fully understand.”
It is hard enough to test garden variety software (say, Microsoft Word), whose operation is deterministic and does not require sophisticated judgments, involve real-time sensor inputs or perform safety-critical functions. A word processing program is comparatively straightforward, yet MS Word, for instance, still manages to be buggy.
A robocar’s software is non-deterministic, in that (a) it makes high level decisions (brake? accelerate? swerve? turn? etc.) in real time and (b) it does so in response to huge quantities of extremely complex sensory inputs representing dozens or hundreds of stationary and moving objects that are never the same twice. No matter how precisely you try to replicate a road test, something different will always happen:
● One time the sun will glint off the windshield of an opposing car and blind a sensor, perhaps causing the car the mis-steer – or maybe the sun will be at a slightly different angle that day and the problem will remain latent, ready to affect an unwary consumer.
● Maybe a splash of mud mixed with oil and gravel will fly up past the radar in the front bumper, leading the car to swerve away from an imagined obstacle – or maybe the road will be dry that day, or the mix of oil, mud and gravel just different enough that the software properly processes and ignores it.
● Maybe a journey will be long enough and the number of objects encountered large enough that a heavily-used area of memory referred to as the “stack” will overflow, with potentially catastrophic consequences. Stack overflows can be hard to debug or predict. But perhaps the road test will be too short to trigger the bug, again leaving latent a problem that will only show up when a car crashes in real-world operation.
● Perhaps one day the car will pass by a strong electrical field – say, from a power plant or even a downed wire – that evokes an electric current that modifies memory or triggers a false sensor reading, again leading to a dangerous malfunction not detected during a DMV road test.
● How vulnerable are the car’s sensors to snow, ice and mud? A fair-weather road test won’t answer that question – and we already know from the crash of Air France Flight 447 off the coast of Brazil just how deadly the consequences of sensor malfunction can be.
● Maybe one day the car will hit exactly 32 mph – a binary number that looks like this, 100000 – at precisely the same time a car in the next lane is decelerating and hits 16 mph (10000) and that confluence of zeros and velocity changes triggers some quirky bug that only appears if GPS signal is momentarily lost and a train crosses in front of the car. Of course this is a contrived example (here’s one from the real world), but the point is that software can fail for strange reasons in weird and sometimes catastrophic ways.
As the DMV assistant general counsel conducting the driverless car sessions, Brian Soublet, pointed out, there are a large number of traffic maneuvers – in his words probably too many to test (video). Even worse, there are an unbounded number of driving scenarios – combinations of maneuvers, pedestrians, cars, trucks, motorcycles, cyclists, road geometry, stop signs, traffic lights, weather conditions and more. You can’t road test all of them or even any large fraction because the test space is effectively infinite. The only way to probe them is to examine and audit the source code, and also to run the software through simulators – under the watchful eyes of DMV or third-party experts.
As a teenager, I managed to halt a “crash-proof” computer by directing it to take input from the display screen and send output to the keyboard, both of which were obviously impossible. It was a simple prank that the programmers somehow hadn’t anticipated. What pranks and scenarios will driverless car companies overlook as they turn their machines loose?
Cybersecurity and More
Yesterday’s pranks are today’s cybersecurity threats, of course, and these cars will be vulnerable. Even today, cars are at risk. Yet, John Tillman of Mercedes, Chrysler’s Good and VW’s Wendling all urged the DMV not to regulate driverless car cybersecurity (video). They didn’t feel that DMV was the right agency for the task, but had no alternative proposals.
There will be a lot of pressure for driverless car software upgrades to be transmitted wirelessly over the air (OTA), but this should only be allowed with extraordinary security. OTA mechanisms represent enormous threat vulnerability. Moreover, even under the best of circumstances, software updates are problematic, especially when the initial code is complex. It’s easy to “break something” when you’re in the process of fixing something or adding capabilities. The FDA found that 79 percent of software-related recalls in medical devices were due to defects introduced in updates, not in the original code.
There are also legal issues, because adhering to the Vehicle Code isn’t always straightforward. Soublet highlighted a left turn issue which Google acknowledged ruefully (“I can’t believe you’re bringing that up,” said Medford; video). Soublet also mentioned that obeying the speed limit on a freeway isn’t always the right thing, since it can lead to vehicles traveling too slow for traffic conditions. Here again, the decisions should be made by the DMV, not Google – and certainly not Google alone.
(Other legal issues – who’s liable for accidents, who gets the ticket and the points when a self-driving car breaks a traffic law, how will insurance work – were discussed at the DMV hearings but don’t relate to the point of this article.)
Adding to the seriousness of all of these issues – safety, ethics, privacy, cybersecurity, legal –  is software monoculture, or the presence of the same software in many vehicles. This means that failures will affect numerous people, just like a bug in MS Word affects millions of people.
Can we trust Google or car companies to protect our privacy, ensure our safety, guard against bugs, prevent cars from being weaponized into self-driving human-free suicide bombs, make ethical decisions when crashes are unavoidable, and all the rest? No, not without rigorous oversight and meaningful independent certification. 

Finally, we also have to put these cars in context. They're the first safer-yet-dangerous autonomous robots the public will encounter. There will be more -- eventually Honda's ASIMO robot will be released from the lab, ATLAS will come untethered and BigDog and other Boston Dynamics (i.e., Google) robots will be set loose, whether as helpers, packbots, monitors, security bots or more. Will we get the same answer then -- "this technology is a net good, regulators are self-interested, auditors wouldn't catch the bugs, so let the company self-certify and be done with it"?

Google plays a long game and a large one. They're aware that they may be setting a precedent for the way robots are regulated, or not.
The California DMV regulations – which may set a national and even international template (video) – will be out soon. Hopefully, they’ll be adequate to the task. Click here to tell the DMV what you think (and cc me).
Jonathan Handel (jhandel.com) is an entertainment/technology attorney and journalist in Los Angeles. He does not have clients related to self-driving cars. The opinions expressed here are his own. Images via Wikipedia and do not imply endorsement or affiliation.