You were right in your first statement, but your follow up is a bad assumption, I think everyone here will agree that in the case of a crash this data should be more easily available and not deleted.

Assuming its not intentionally malicious this is a really dumb bug that I could have also written. You zip up a bunch of data, and then you realize that if you don't delete things you've uploaded you will fill up all available storage, so what do you do? You auto delete anything that successfully makes it to the back-end server, you mark the bug fixed, not realizing that you overlooked crash data as something you might want to keep.

I could 100% see this being what is happening.

> I can't think of a scenario in which you would not unlink it.

Perhaps if there is some sort of crash.

Exactly. That's the last data I would ever delete from the car, if I was trying to preserve valuable data.

All of their actions point at intentionally wanting that data to disappear, they even suggested turning it on and updating it, which everyone who's ever tried to protect important information on a computer knows is that exact opposite to what you should do.

Any competent engineer who puts more than 3 seconds of thought into the design of that system would conclude that crash data is critical evidence and as many steps as possible should be taken to ensure it's retained with additional fail safes.

I refuse to believe Tesla's engineers aren't at least competent, so this must have been done intentionally.

What if you were the guy who got a ticket that just said "implement telemetry upload via HTTP"?

Which of these is evidence of a conspiracy:

  tar cf - | curl
  TMPFILE=$(mktemp) ; tar cf $TMPFILE ; curl -d $TMPFILE ; rm $TMPFILE

That's reductive.

The requirements should have been clear that crash data isn't just "implement telemetry upload", a "collision snapshot" is quite clearly something that could be used as evidence in a potentially serious incident.

Unless your entire engineering process was geared towards collecting as much data that can help you, and as little data as can be used against you, you'd handle this like the crown jewels.

Also, to nit-pick, the article says the automated response "marked" for deletion, which means it's not automatically deleted as your reductive example which doesn't verify it was successfully uploaded (at least && the last rm).

And then you delete the server copy?

They didn’t delete the server copy though. That’s what this article is about.

  > Tesla later said in court that it had the data on its own servers all along

Wasn’t that after they’d been caught?

Yes.

Obviously no. The behavior of Tesla in discovery of this case is ridiculous. But treating this technical detail as an element of conspiracy is also ridiculous.

If that was the only thing going wrong, yes. But when you have a pattern of conspiracy, deleting immediately on the client instead of having a ring buffer which ages out the oldest event, may be a malicious choice.

I haven't seen anything in the (characteristically terrible and vague) coverage of this case that suggests the Tesla deleted the EDR.