>there is the problem of people modifying the software of their car, which should not. One should not just tinker with the algorithms used to control the engine, breaking and stability control.

Why is that a problem that has to be solved? In purely mechanical cars, people already can and do tinker with the engine and breaks. But only a tiny fraction of people do, and those usually take care not to risk their lives. In the limited cases where modifications cause problems for other people, regulations are enforced through scheduled inspections and random stops of suspicious vehicles. This system has worked quite well for the last hundred years or so.

If software really is different and shouldn't be modifiable, I think this needs a little more justification.

First of all, I trust a somewhat skilled mechanic more to get his car modifications reasonably safe, than a random software modification. Then, there is the problem, that mechanic parts are easy to inspect - many improper modifications can be seen at a glance in a traffic control - software modifications are pretty impossible to detect. Short of checksumming the whole car software, it cannot be done.

> I trust a somewhat skilled mechanic more to get his car modifications reasonably safe, than a random software modification

Those are not comparable things. The correct comparison is between a mechanic and a programmer (after all, anyone who modifies his software is a programmer, perhaps an unskilled one), or between an automotive part and a piece of code. Using the correct comparison, we see that we already permit anyone to work on his own vehicle, and that he can put anything in it he wishes. Software should be no different.

> Then, there is the problem, that mechanic parts are easy to inspect

Some of them are. Some look just like the correct parts, but were manufactured to incorrect tolerances. These parts wouldn't be obvious in a visual inspection.

> software modifications are pretty impossible to detect. Short of checksumming the whole car software, it cannot be done.

Software hashes aren't rocket science: your post & mine were both hashed at least one. Indeed, software hashes make detecting changed software easier than detecting swapped physical parts.

You need to have a basic set of mechanic skills to take a car apart and put it back together at all. Also, most mechanical work is not rocket science.

Software is an entirely different beast. It might be quite trivial to modify parameters, but verifying that the software still works reliably might require a whole testing department.

Yes, software can be checked for modifications via hash codes, but how do you expect a cop to run a hash sum on the vehicle software? You would have to read out the memory itself, because how could you trust any possible self-test of the software?

So, a car could only allow signed software to be loaded, but that again seems to be incompatible with the GPL 3

> It might be quite trivial to modify parameters, but verifying that the software still works reliably might require a whole testing department.

That responsibility (for running full tests, or being responsible for damages caused by not running full tests) lies squarely on the modifier/owner. We don't need to erect a whole new set of laws because somebody could make his engine run poorly.

> Yes, software can be checked for modifications via hash codes, but how do you expect a cop to run a hash sum on the vehicle software?

I don't. Why should a cop care what software I'm running, any more than he cares what brand of brake light I buy?

It's the owner's car. If he modifies it to be unsafe, then he's responsible for the damages he causes. If he doesn't, he's not. Checksumming may be useful in a court case to prove modifications (although diffing would work just as well).

A malfunctioning car might endanger its passengers and other people. For that reason, car makers have to get certification for any new model they want to bring to the market and later modifications have to be done with either parts certified for that car or new certification has to be obtained. (At least here in Europe). Finally, it has to made sure, that after the modifications, it still complies to the emission standards.

So there are already popular modifications done to cars by their owners, which do get checked by cops for their certification, and often enough people do not have the necessary paperwork. Simple example: some people install custom wheels which are the wrong size for that car. This poses a danger as the drivability might suffer.

If you are modifying any software required for the safe operation of the car, there is quite a potential causing harm to others, and there is where the officials have to take notion of it.

> how do you expect a cop to run a hash sum on the vehicle software

Any flash chip that holds vehicle software gets a tiny hardware component that once a minute hashes the entire memory and broadcasts the checksum over the car's message bus. Somewhere in the car there's a read-only hardware interface to the message bus that cops and mechanics can use.

If you don't trust the message bus you need a bit more silicon to provide a signed challenge-response protocol, but then we're still talking about cents per flash chip.

Ok, that would be possible, having an independent system checking the car for modifications. Though, this system then again could not be open for the user to modify.

And of course, this all would basically ban all cars with modified software from the roads. So you can modify your cars software, but not use the car in public traffic.

Having the checksumming system unmodifiable would be similar to disallowing modification of speedometer and odometer. Important measurement instruments were always kind of a special case.

You could use this to limit modification of some crucial systems (ABS, airbags, etc. Those will always be one septate microcontrollers anyways because of their hard real time requirements).

Or as you said you could keep all modified cars out of public traffic, while still allowing experimentation on private roads. Both variations are more heavy-handed than I would prefer, but a lot better than the status quo.

By far not everyone modifying a car is a skilled mechanic. Many are, but by the same logic most people modifying car software will be skilled programmers.

>software modifications are pretty impossible to detect

I think there are two classes of software modifications: those that negatively impact the environment or other people and those that don't. The first is by its nature easy to detect from the behavior of the car, and I see no reason to regulate the second class.

Some people will introduce bugs, but I'm not convinced that's a problem that needs to be solved; self-preservation will make people careful not to introduce bugs in the break system, serious problems should be few and far in between

> I think there are two classes of software modifications: those that negatively impact the environment or other people and those that don't. The first is by its nature easy to detect from the behavior of the car, and I see no reason to regulate the second class.

Assuming they manifest themselves before a crash happens. When the software modification only impacts the ESP or ABS system in an emergency situation, it is too late. Only extreme thorough testing can make software fit for this kind of purpose. And experience shows, even then bugs stay unnoticed.