Innovative Cyber Crime by Volkswagen and a potential $18 billion hit

In a strange corporate offence committed by Volkswagen, 11 million cars are set to be recalled and the Company is set to face a penalty of around $37500 per car for failing the emission norms. The CEO obviously has resigned. Company shares are down by over 40% and the entire Stock markets across Europe and even India has dipped causing heavy losses to millions of investors. The Company is reported to have set aside US $6.5 billion for recall of cars but may fall well short of meeting the total liability estimated to be over $18 billion.

Unless some compromise is worked out, the company may go into liquidation inflicting losses to many lenders and equity investors.

It is interesting to analyse the cause of this catastrophic incident and whether it fits into a definition of a Cyber Crime. (Based on news paer reports)

The issue involves a software that the Company has installed in the Car. This software recognizes when the Car is put through an “Emission Test”. If it recognizes the emission test, it tweaks the emissions so that it falls within the permitted levels. In other times, the emission levels are at normal levels which is said to be 40 times beyond the permitted limits.

It is stated that if the Company has to bring down the emission levels to acceptable levels, there could be a need for more investment and it may also reduce the mileage. So the Company thought of this innovative method by which it could save on manufacturing cost, keep the mileage at required levels and also cheat the emission testing process. A truly innovative strategy in which the entire Company must have been involved.

However this is nothing but cheating of the customers and the regulatory requirements. Since it is done with the malicious intention of increasing the profit of the Company, it is a “Fraud” by definition. Since a “Software” is used in commission of the crime, we can term this as a Cyber Crime. In fact, the behaviour of this software is like a typical Trojan set for a “Man in the Middle Attack” under some specific conditions.

The nature of the offence is a little complicated and while it may contravene the emission regulations and also be a fraudulent misrepresentation to the customers, it would be interesting to debate if it is a Cyber Crime under the Indian laws.

The behaviour of the software that detects an emission test and modifies the normal behaviour of the vehicle so that the testing computer gets a “manipulated data” qualifies it to be called a “Computer Contaminant” under section 43 (c) of ITA 2008 since the owner of the vehicle is not aware of this deceptive behaviour and has not authorized it. . The modification of data is also an offence under Section 43(i) separately. Being a contravention of Section 43, it is also an offence under Section 66 involving criminal prosecution. With Section 85, the CEO and other officials in charge of the business as well as the Directors will also be criminally liable.

Related Articles:

abc.net

The Telegraph

home.bt.com

It is regrettable that a reputed company like Volkswagen should have indulged in such an unethical practice which is also a Cyber Crime. If the case is pursued to its logical end, it is not only the CEO but also several of the Board members and other executives who may find themselves cooling their heels in prison.

This should be a wakeup call to Indian Auto manufacturers like Maruti who are also incorporating several electronic circuitry into the management of the car and each such component would be like a “Computer”. They can be hacked by outsiders or mis used by the company itself if it does not realize the impact of the relatively less known law called Information Technology Act 2000/8.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

2 Responses to Innovative Cyber Crime by Volkswagen and a potential $18 billion hit

  1. Kapaleeswaran says:

    Nice, crisp narrative of the case and clear thoughts on the nature of the crime. Thanks

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.