It's not just Volkswagen - cheating software is all around you

The Volkswagen scandal has triggered global discussions over the last couple of weeks.

Few conversations are happening in Kenya however, even though it does have local implications despite our status as a ‘Toyota stronghold’.

In the scandal, Volkswagen engineers developed ‘cheating software’ that was able to rig the emission tests carried out by environmental regulators in its favour. 

The software can sense when the car is running in a typical controlled laboratory environment and then simply degrade the engine’s performance in order to deliver the expected results to the regulators.

So if the car’s engine and wheels are running but the software senses no movement, the software concludes that the car is in test mode – with environmental regulators at work – and regrades the engine performance accordingly.

This is the kind of stuff that evil genius is made of. It is actually difficult to ignore the brilliance behind such a wicked piece of software. 

Building environmentally safe cars is expensive and the benefits are a long-term, public-good type of thing.  CEOs on the other hand want to post huge profits, in order to rake in their corresponding bonuses today, not in 2030.

This is where the Kenyan dimension comes in since we are guilty of seeking short-term, instant gratification at the expense of the long-term public good.

Local variations of the Volkswagen scandal that easily come to mind are easy to highlight, starting with that digital fuel pump that reads Sh110 per litre. How sure are you that it hasn’t been rigged?

When it reports that you have bought 20 litres and therefore owe Sh2200, how sure can you be that it was 20 litres pumped in and not the 19 litres currently sitting in your tank?

What about that weighing machine at your favourite grocery or butchery? How can you really know the weight and amounts digitally displayed are indeed a true reflection of reality?

Those airtime, data and mobile money balances, credit card and bank statements and all other computer-generated reports that have become part and parcel of our digital lives are suddenly suspect and may require your additional, detailed scrutiny.

PEN AND PAPER

Society has evolved and wrongly conditioned us into thinking that if it is computer-generated, then it is correct and accurate. Little thought is therefore given to the fact that for each brilliant piece of software out there, there exist equally brilliant and multiple ways of tweaking it for personal gain.

The IFMIS saga that has refused to fade away remains the best local example of how to compromise digital systems.  

Other notable and potential candidates for cheating software include the national and county e-Revenue systems and perhaps more critically, the digital systems for the upcoming 2017 elections.

The global standard practice for minimising risks is through mandatory regular audits of digital systems. Unfortunately, in Kenya, auditing of information systems (IS-Audit) is not mandatory. 

We are therefore operating under the mercy and grace of both the Almighty and that evil genius.

Only financial institutions have some form of mandatory IS-audits, courtesy of Central Bank procedures and regulations, but it is not clear if the auditors engaged by financial institutions are qualified enough to identify the presence of ‘cheat’ software designed to deliver what the auditors expect.

Clearly, there is need to review and enhance the existing regulatory and audit practices that seem to be easily side-stepped or fooled by IT-savvy criminals. But before then, please do yourself a simple favour. 

Pull out your pen and paper and re-calculate your monthly shopping bill manually. Do not always believe what the computer-driven cash registers print out – sometimes they lie.

Mr Walubengo is a lecturer at the Multimedia University of Kenya's Faculty of Computing and IT. Twitter:@jwalu email: [email protected]