back to article Didn't install a safety-critical driverless car patch? Bye, insurance!

Tinkering with your future driverless car's software and failing to install safety-critical updates will invalidate your insurance, under a newly proposed British law. "The Automated and Electric Vehicles Bill 2017 is intended to enable consumers in the United Kingdom to be amongst the first in the world to reap the rewards …

Page:

  1. Pen-y-gors

    Safety-critical updates?

    "The bill defines "safety-critical" as a patch where "it would be unsafe to use the vehicle in question without the updates being installed"."

    So...I have a prang on 1st Jan. On 2nd Jan a safety-critical update is released, which I immediately install.

    But this implies that on 1st Jan the car was already "unsafe to drive" - as it didn't have a not-yet-existent update. So the insurers can opt out, and I should be prosecuted for (unknowingly) driving an unsafe vehicle.

    Logical conclusion - as soon as manufacturer is aware of a flaw that will require a safety-critical patch, they must order all affected vehicles off the road until the patch is available.

    Can't see that going down well.

    1. Anonymous Coward
      Anonymous Coward

      Re: Safety-critical updates?

      "Logical conclusion - as soon as manufacturer is aware of a flaw that will require a safety-critical patch, they must order all affected vehicles off the road until the patch is available."

      Sounds good to me... but then I'm very much in favour of getting human drivers off the road as soon as possible, given that a large number of us could do with a software patch or two for our driving skills and are blissfully unaware of the fact.

      1. Omgwtfbbqtime
        Mushroom

        "... a large number of us could do with a software patch or two"

        Some just need "percussive maintenance".

        Or maybe "wall to wall counselling" as it used to be called.

      2. graeme leggett Silver badge

        Re: Safety-critical updates?

        That would be the equivalent of a recall as practiced by manufacturers of current vehicles.

        Dealer emailing or phoning you. Or worst case, coverage on the 9 o'clock news. But also your responsibility to see your car is fit to drive.

      3. Yet Another Anonymous coward Silver badge

        Re: Safety-critical updates?

        Logical conclusion - as soon as manufacturer is aware of a flaw that will require a safety-critical patch..

        This is exactly the current system with aircraft.

        The manufacturer can order immediate grounding until the fix is applied, or it must be applied within n days or at the next service interval - depending on the severity.

        If there is a recall on your current car it doesn't mean you need to be constantly on the NTSB's webstie and screech to a halt as soon as a safety notice is published.

      4. Goldmember

        Re: Safety-critical updates?

        "Patch released at (for argument's sake) 12 noon. Accident at 2pm. Is that negligent? Or is it a reasonable delay?"

        It would make sense to remove the user from the software update process entirely, especially if the updates are potentially safety critical. Have over the air updates automatically download and install. Then the insurers would have to pay out to the user and to any third parties in the event of an accident. By all means inform the user when an update is ready/ has been applied, but removing the responsibility and putting this on the manufacturer should solve that particular problem for the most part.

        This would then mean insurers can only reasonably wiggle out of paying if the user has purposely modified the ROM to stop updates, or has installed custom updates.

        However if an update fails, although I would hope the car would let the user know about it, it could create a pretty big legal headache and would possibly shift some of the liability back onto the manufacturer/ software publisher.

    2. Cynical Observer
      FAIL

      Re: Safety-critical updates?

      Had similar thought - on slightly different timelines. Patch released at (for argument's sake) 12 noon. Accident at 2pm. Is that negligent? Or is it a reasonable delay?

      If it's the second, what constitutes a "Reasonable Delay?" What if I don't update for 1 day? 2 days? Where exactly is the threshold?

      Do autonomous cars come with a data tariff and 3g connection? What if I'm in the Scottish Highlands or the Welsh Hills where coverage is poor?

      This has shades of being as poorly drafted as the Government's psychoactive substances abuse bill.*

      A recent prosecution for using nitrous oxide was thrown out as it has a legitimate medical use. The accused wasn't using if for that purpose but case dismissed nonetheless.

      1. Pen-y-gors

        Re: Safety-critical updates?

        Poor drafting?

        Let's face it, based on recent laws, whoever drafts them couldn't draft a specification for a paper bag. Writing a law (which needs to be very precise) cannot be done on the basis of a turning a few knee-jerk ministerial comments based on invalid prejudices into legalese.

        1. nijam Silver badge

          Re: Safety-critical updates?

          > Let's face it, based on recent laws, whoever drafts them couldn't draft a specification for a paper bag.

          Missing the point - laws are drafted to provide future employment for lawyers. Anything else is merely a side-effect.

      2. Pen-y-gors

        Re: Safety-critical updates?

        If the law is implemented as suggested there are two issues - the bit of insurer's liability depending on whether or not a patch has been applied, not too tricky providing the points about reasonable delay etc are allowed for, but the more critical bit is the definition of an unsafe vehicle. Unsafe means unsafe (to coin a phrase) regardless of whether patches have been fitted, and driving one is an offence. I suspect that not knowing it was unsafe is not a defence. Think of a car with a valid MOT from 9 months ago, which has since developed problems with the brakes. You crash because of faulty brakes, you're in the doo-doo.

        1. Terry 6 Silver badge

          Re: Safety-critical updates?

          Would you be held responsible for faulty brakes that did not manifest until the point of failure?

          More worrying (to me) is what happens when a software patch does a Microsoft Update, I don't mean the reboot half way up the M6 bit, (but then again...). I mean when the update stalls half way through, and no known method to restart it will ever take effect. Saying this after the Fall Update fell over, partly installed. Restored to previous version And now won't admit there's a newer version to install - no great loss TBH.

      3. Anonymous Coward
        Anonymous Coward

        Re: Safety-critical updates?

        These interesting questions will be thrashed out in the courts. As usual with laws.

        One effect of the law would be for manufacturers to be proactive in

        1) not releasing software until they've been through it multiple times under the most testing conditions

        2) designing with fail-safe in mind,

        3) systems for contacting owners and implementing the patch for minimum disruption

        1. ACZ

          Re: Safety-critical updates?

          Remember - this bill primarily deals with (a) liability of insurers, and (b) EV charging. Current draft is: https://publications.parliament.uk/pa/bills/cbill/2017-2019/0112/cbill_2017-20190112_en_2.htm#pt1-l1g4

          Doesn't mean that it will illegal not to install a CarOS patch or root/install a custom firmware, but it might mean you're not insured.

          Big thing is that this is enabling legislation, and is therefore intentionally broad, so that it works now and decades into the future - fundamental principles are in there to provide stability/certainty, and then it's up to insurers and courts to deal with the real-life scenarios.

          So this will all come down to the insurers, who will in turn force the hand of manufacturers as per AC's comment above. Insurers will also have to come up with some good standard T&Cs, e.g. requiring patch installation within a "reasonable period" which they define e.g. no more than 7 days of public release by the vehicle manufacturer. Manufacturers will presumably have to push delivery of OTA patching on release, and force install within a given time period, e.g. at the end of the period preventing new journeys until the patch is installed. Manufacturers might also have to e.g. provide very clear and prominent notifications about CarOS patch status before commencement of a journey.

          Rooted CarOS - probably wave goodbye to being insured, at least with any conventional insurer. Rooted entertainment system - might still be insured *if* it doesn't have any impact on vehicle safety, but read the fine-print on the insurance contract. Might encourage a truly hard (physical) divide between car-critical systems and entertainment, but that's going to require the manufacturers to go for safety over shiny things, convenience and cost, so odds of that happening?...

          1. This post has been deleted by its author

      4. herman

        Re: Safety-critical updates?

        In law, a 'reasonable time' is commonly taken as 14 days.

      5. Warm Braw

        Re: Safety-critical updates?

        A recent prosecution for using nitrous oxide was thrown out

        Was it laughed out of court?

        Sorry. I now return you to the serious matter at hand...

        I imagine the courts will reasonably quickly interpret any ambiguity in the law as meaning that the person responsible for the maintenance of the vehicle (which might not be the driver at the time) has done nothing wilful (for example, preventing an update taking palce) or negligent (such as ignoring an instruction to update or a recall notice). We're quite likely to see a scenario in which most autonomous vehicles are not owned by the people who use them, but by large fleets who arrange for a vehicle to be outside your door when you want one and returned to a pool (and charged) awaiting the next user, so the driver liability for maintenance is likely to be negligible.

        1. keith_w

          Re: Safety-critical updates?

          That has been my thought about autonomous vehicles since people started talking about them. Why bother going to the expense of buying one when you can use your phone app to get your favourite luxury vehicle waiting at your door, fully charged and ready to go. Even the vomit from the previous nights last user cleaned up and de-odorized.

      6. BongoJoe

        Re: Safety-critical updates?

        What if I'm in the Scottish Highlands or the Welsh Hills where coverage is poor?

        Poor? I would say none at all if anyone were living where I was outside of Aberdaron. So imagine the scenario: it's market day and the ffarmers from all around are all going to Bryncir for the day which has really poor data coverage. But it has data coverage. Of dial-up speeds

        Then all the vehicles start to receive a patch. The download demand will swamp the broadband and nothing will get done that day. Never mind, there's always next week when the farmers all meet again. And they can all download a few more kilobytes of data each.

        But. What's this? Another update? Okay, we'll start again.

        Even if one could plug in the vehicle into the home 'broadband' then that would be next to useless. It wasn't uncommon for me to take three days (yes, DAYS!) to download a PS/4 game over our broadband.

      7. Pat Harkin

        Re: Safety-critical updates?

        Doesn't the same thing apply to product recalls now? If a manufacturer realsies "Whoops the brakes don't work on Tuesday" and issue a recall notice, there must be case precedent for what is a reasonable time and due diligence to respond?

    3. Anonymous Coward
      Anonymous Coward

      Re: Safety-critical updates?

      Common sense says that this shouldn't be implemented materially differently from what we have at the moment for a manually driven car. If a safety critical manufacturing or design defect is discovered (e.g. braking system fault) a recall is issued to all owners of affected cars. You are given a reasonable amount of time to get the car into a garage and fixed free of charge. Sometimes the biggest delay is capacity at the garages if the recall is big. From the moment the car is built to when you get if fixed the manufacturer has a level of liability for the issue. If however you ignore the recalls and don't get it fixed, after a reasonable time the manufacturers liability diminishes to zero.

      1. HereIAmJH

        Re: Safety-critical updates?

        Since the cars are self driving, does that mean you can set parameters for when you don't need your car, and it could drive itself to the dealer for the update? For once the dealership would be able to work around my schedule. That would certainly cut down the delay on getting recalls fixed. Not sure when I'm going to have time to go to the dealer to get the seatbelt retractor recall fixed. Or get the bolts in the steering box replaced for another recall.

    4. nijam Silver badge

      Re: Safety-critical updates?

      > But this implies that on 1st Jan the car was already "unsafe to drive" - as it didn't have a not-yet-existent update.

      And the insurers will promptly - and retroactively - disallow all earlier claims and demand the money back.

      1. JEDIDIAH
        Linux

        Re: Safety-critical updates?

        It sounds like a nice idea at first (if you're a Ferengi) but stuff like this would permanently crater the insurance business. Insurance companies can't be TOTALLY untrustworthy. They can only be somewhat untrustworthy. Otherwise the entire business model falls apart.

        This sounds a bit like the industry trying to slit it's own throats.

        These places quite literally have posters to the effect of "take it but not give it back", but you can't really run the business that way. The product becomes worthless.

    5. macjules

      Re: Safety-critical updates?

      Given that most people do not seem able to update their 'Smart' phones dare I presume that insurers are already rubbing their hands in glee at the promise of yet another get-out clause?

      1. Korev Silver badge

        Re: Safety-critical updates?

        Isn't the problem more that Android phone manufacturers don't bother pushing out the updates?

        I can also see problems with car manufacturers getting bored supporting a model and not releasing updates for older cars (just like phones).

    6. Zippy's Sausage Factory
      Alert

      Re: Safety-critical updates?

      Logical conclusion - as soon as manufacturer is aware of a flaw that will require a safety-critical patch, they must order all affected vehicles off the road until the patch is available insurance companies can rub their hands with glee as they won't have to pay out.

      FTFY.

      But seriously, did anyone else immediately see a loophole there, or am I just paranoid?

    7. Potemkine! Silver badge

      Re: Safety-critical updates?

      Whatever the configuration, you can expect to be screwed by your insurance company anyway.

    8. Thought About IT

      Re: Safety-critical updates?

      "Logical conclusion - as soon as manufacturer is aware of a flaw that will require a safety-critical patch, they must order all affected vehicles off the road until the patch is available."

      Actually, there is precedent for that with aircraft. There are many recorded incidents where flaws have been discovered which result in all affected aircraft being grounded until the problem has been fixed. To rub salt into the wound, the owners have to foot the bill.

    9. Jonathan Richards 1

      Re: Safety-critical updates?

      > order all affected vehicles off the road

      Nah, they'll disable it over the air: small print will call for a park_at_nearest_safe_location+switch_off() routine. They won't be willing to take the risk that the owner/driver has not kept patching up to date.

      Will Plod be able to stop a driver-less car [1] and interrogate its software build ID? Enquiring minds wish to know.

      [1] How?

      1. keith_w

        Re: Safety-critical updates?

        That would certainly be a fun hack for certain types of people.

  2. vilemeister

    So if your car inexplicably fails to install a safety critical update, you get blamed? Because I'll bet that the software vendor will say it works just fine.

    Just today we have had HP stuffing windows PCs because their images were wrong - and the blame was passed on from MS to HP and back and forth all while the users (me, I have one) had to do a workaround every time you rebooted.

    I just don't have faith in this. Call me cynical but both car manufacturers and software vendors have previous in this. God help us when its both combined.

    1. Cynical Observer
      Stop

      @vilemeister

      So if your car inexplicably fails to install a safety critical update, you get blamed? Because I'll bet that the software vendor will say it works just fine.

      Possibly not. One argument used in another jurisdiction to beat escalation in fines due to speeding tickets could work here. There was an issue about proving that the original ticket had been delivered - because they were sent out unrecorded delivery.

      Argument ran - "All my other post has been and is delivered satisfactorily, the ticket cannot have been sent correctly as it was not received." Judgement was that the ticket was not correctly served in accordance with the law and case was thrown out.

      Software vendor/car manufacture could/should be required to prove that the recipient car has successfully installed the patch - checksum or some such calculated from the patch and the VIN might be a start.

      1. Steve the Cynic

        "Argument ran - "All my other post has been and is delivered satisfactorily, the ticket cannot have been sent correctly as it was not received." Judgement was that the ticket was not correctly served in accordance with the law and case was thrown out."

        That's fascinating. In English civil cases, "proof of posting" suffices for "proof of service" for legal documents that are allowed to be served by post. (My experience with the English civil courts involves the small claims court(1), a statutory demand and a creditor's petition for bankruptcy - I was the creditor, thanks, so no comments from the audience please. I had to serve lots of paper.)

        For certain classes of paper (notably the statutory demand itself), postal service doesn't count *at*all*, and the paper must be served in person, although you are allowed to hire a local to do it for you. Private detectives do a roaring trade in this kind of thing Failing that, it is also permissible, in the words of the bloke who explained what was needed, to nail it to the other party's door provided that you swear an affidavit to that effect. He chuckled when I protested that I wasn't Martin Luther...

        (1) This doesn't actually exist as a separate thing. That type of action takes place in the same County Courts as non-small claims. The correct term is "Small Claims Track of the County Court".

        1. Cynical Observer
          Unhappy

          @Steve

          From one Cynic to another....

          The particular instance was in Ireland (I did say other jurisdiction) and looks like it may have been closed by now

          Importantly, they seem to have brought in the "Proof of Postage" counting as "Proof of Delivery"

      2. Eguro

        "Software vendor/car manufacture could/should be required to prove that the recipient car has successfully installed the patch "

        But the issue would be, that the insurance company claims you didn't have Patch 1.0001 installed, you'll say you tried, but the system didn't work, and software vendor will claim that you probably didn't try because see how many other times it did install without trouble.

        It's in the interest of both insurer and software vendor that you didn't try to update - so if you did you best have a video recording of your attempt.

    2. dcluley

      "I just don't have faith in this. Call me cynical but both car manufacturers and software vendors have previous in this. God help us when its both combined."

      That reminds me of a comment someone made to me many years ago along the lines of how accountants were rogues and lawyers were rogues so therefore insurance companies were chief rogues because they employed both accountants and lawyers and still made a profit.

  3. Anonymous Coward
    Coat

    So...

    If your car is old enough to NOT recieve any safety-critical updates anymore

    you're basically screwed ?

    Planned obsolescence indeed...

    1. Anonymous Coward
      Anonymous Coward

      Re: So...

      If it's too old to receive the update, there is no update.

    2. Anonymous Coward
      Anonymous Coward

      Re: So...

      OMG, so only two options

      1. Android on the go. You get patches for two years if you buy a Goggle Car, but if you buy a car from any other manufacturer you get one patch, 6 months after you buy it, and then spend the rest of your life wondering if you can be bothered to root the car to install the latest patch while the manufacturer fobs you off with muttering about 'next quarter' because they need to make sure the patch doesn't effect their overlayed UI with the flashy lights and the scrolling adverts.

      2. IOS Vroom. For this you do get updates, but each round of update makes your car go a little slower, until after about 4 rounds it will only drive you to the nearest white shiny thing store at about 5 mph.

      1. Anonymous Coward
        Anonymous Coward

        Re: So...

        Oops

        I'm bad. I forgot:

        3. Windows whizz. It's actually really good, but no one sells it and anyway it will be dropped by MS about a week after you buy the car.

        4. Linux for cars. This would be a great option, if you could only work out which version to install, and don't mind the fact that while safety critical patches are released really promptly, you have to park up and crawl under the car with a spanner and a command line interface and remember about 20 lines of syntactically fussy code to get the update installed. It also turns out that no-one wrote a driver for the boot opening hardware, so you can' drive the car, but can't carry any luggage.

        1. Baldrickk

          4. Linux for cars.

          Still the best option of the lot.

        2. Anonymous Coward
          Anonymous Coward

          Re: So...

          Widows carz - go through multiple versions that get slight better but only last 6 months before needing to be reinstalled. By the time its OK the market has already been dominated by Android and Apple carz so it gets retired.

          Android carz - used by most of the car manufacturers but with a different interface. Has an app for everything, even opening the boot. Very cheap but filled with adverts for all sorts of cr@p.

          Apple carz - hideously expensive but works OK and only runs on one manufacturers cars. Again has an app for everything. Very popular with brand junkies.

          1. John Brown (no body) Silver badge

            Re: So...

            "Apple carz - hideously expensive but works OK and only runs on one manufacturers cars roads. Again has an app for everything. Very popular with brand junkies."

            FTFY :-)

            1. BongoJoe

              Re: So...

              Apple Carz - sues Samsung Carz for being able to handle corners...

        3. Anonymous Coward
          Anonymous Coward

          Re: So...

          Don't you just use the Boot Loader for that?

      2. Cynical Observer
        FAIL

        Re: So...

        @AC

        ... then spend the rest of your life wondering if you can be bothered to root the car to install the latest patch

        What's the betting that rooting the car for this purpose will fall foul of the law -

        And our survey says you're UNINSURED

        1. Anonymous Coward
          Anonymous Coward

          Re: So...

          "What's the betting that rooting the car for this purpose will fall foul of the law -"

          It says exactly that in the article

    3. ACZ

      Re: So...

      Erm...the bill says that insurers don't have to cover you if there is "a failure to install safety-critical software updates that the insured person knows, or ought reasonably to know, are safety-critical".

      So if there's no "safety-critical software update" then you're still covered by your insurance policy. If the manufacturer EOLs the vehicle and stops supplying patches then the insurer can't dump the liability on you. Then again, it might not be possible (or might be very expensive) to insure vehicles (which drive themselves) when the manufacturer decides that they have gone EOL. Then again, you won't actually own a car anymore will you? Odds are you'll be in an Uber (or suchlike) vehicle.

      :)

      1. Andy The Hat Silver badge

        Re: So...

        "Odds are you'll be in an Uber (or suchlike) vehicle."

        Oh heavens! Order a car with Uber ... just a car, no driver but the car will hopefully know where it's going ... Is that better or worse than having a car with a driver in control who possibly doesn't know where they're going?

        1. keith_w

          Re: So...

          I think that either current taxi companies or auto manufacturers will be the ones renting you the autonomous vehicle. I would be more likely to trust an autonomous vehicle from Ford, GM, Jaguar-Rover, BMW, the VW group, rather than one designed by Uber or Lyft.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like