Monday, May 29, 2006

Model Railroading: Coming to Your Town in a Big Way

A friend of mine is an avid model railroader. He has spent countless hours assembling intricate scale-model railroad cars and locomotives, constructing miles of model track, and attending meets where dozens of his fellow enthusiasts put together entire scale-model counties of rail routes through scenic landscapes and busy towns. The remote controls for these toys have grown increasingly sophisticated with time as well, all the way down to realistic engine noises produced digitally. The only people who may resent the time and energy spent on such a harmless hobby are the wives thus deprived of their husbands' time (and husbands, if any women pursue this avocation, of which I am unaware). But a parallel development—the remote control of real railroad locomotives with no one on board—is stirring up a considerable controversy.

Since the decline of passenger rail transportation in the U. S. in the last half of the twentieth century, the U. S. rail system has faded into the background of public consciousness. But the freight operations that rail lines support have actually become more critical than ever to the country's economy. Nearly all the coal that fuels our coal-fired power plants (and that is about half of them) is carried by rail, as well as numerous other bulk materials such as gravel, cement, chemicals, and food products, not to mention imported merchandise, automobiles, and so on. Since very few additional rail lines are being built, the railroad industry is searching for ways to put more and more freight through a physically limited system. And one of these ways involves remote control of unmanned locomotives.

An article in the May 28 issue of the Austin American-Statesman describes how this works. An operator who has completed an 80-hour training course stands by a track on which a remote-control locomotive sits. Strapped to his chest is a box sprouting joysticks, crank knobs, and a stubby antenna, rather like an overgrown model-airplane radio-control unit. With this remote control system, the operator can perform most of the operations that the engineer in the cab can do, only without any engineer in the cab. If radio control is lost for any reason, the system automatically stops the train.

Most of these systems are being used in switchyards, where the relatively short range of the radio transmitter is not a problem. But recently, some lines have been experimenting with using the system to send trains to nearby industrial sites for short hauls.

Safety is an obvious concern. If there is nobody in the cab, how can the operator stop the train if an obstruction unexpectedly shows up? Unfortunately, stopping a train is not an instantaneous act. Depending on speed and size, it can take up to a mile or more to stop a train even under emergency conditions. The engineers who designed the remote-control systems have presumably taken these factors into consideration, but as with many technologies, the way it is used has a lot to do with how safe it is.

Railroads are one of the most highly unionized industries in America, and opinions among the unions about the new technology are divided. The Brotherhood of Railway Engineers' feelings about the matter are clear from their main website, which shows a tipped-over railway engine with the legend "Remote Control" plastered across it. Since a locomotive running without an engineer represents direct job loss, their concern is understandable. They are, in the colloquial phrase, "agin it," and have commissioned a report which criticizes wider adoption of the technology before better operating rules are put in place. Numerous attempts by the BLE to slow the technology through strikes or other means have been blocked by federal judges.

On the other hand, the United Transportation Union, which represents conductors and switchmen, has come out, after some waffling, in favor of limited use of the technology. The Federal Railroad Administration, for its part, has studied the issue and allowed limited experimentation as long as the operators (generally switchmen) have received an 80-hour training course. This annoys the railway engineers, who have to take a six-month-long course and pass tests to qualify for their jobs.

What about accidents? There have not been many serious accidents reported as yet, possibly because the technology is so new: a few derailing and three fatalities, but no major large-scale accidents with multiple loss of life. It is not clear how far the rail lines wish to go with remote-control locomotives. It is easy to imagine a single model-railroad-style system the size of the U. S. with thousands of trains running completely under computer control. Even now, locomotive engineers are like airline pilots in that they do what centralized traffic-control operators tell them to via microwave radio links from a few control centers that continuously monitor train positions and movements. So replacing the engineers with "robotic" control would not be as great a change as you might think. What the people on the train supply now, of course, is eyes and ears and hands to do the great variety of things that computers and robots cannot yet do. Some of these things are related to safety and some are not.

So it will be some time before the average train you see trundling across a grade crossing while you wait in your car will be nothing but a pile of steel and cargo, bereft of any human presence. If the Brotherhood of Locomotive Engineers has its way, it will never happen. On the other hand, remote control may spread gradually until some big disaster occurs with a remotely-controlled locomotive, which might energize legislators to prohibit the practice altogether. In the meantime, you might visit the next model-railroaders meet in your town to see what the future of real railroading may be like.

Sources: The Federal Railroad Administration has a statement "Remote Control Locomotive Operations" at http://www.fra.dot.gov/us/content/94. The website http://www.labornotes.org/archives/2003/08/b.html has an article "Rail Workers Battle Unsafe Remote Control Technology" written by Ron Hume. The Brotherhood of Locomotive Engineers website has an article "BLET releases remote control hazard study" at http://www.ble.org/pr/news/newsflash.asp?id=4156.

Thursday, May 25, 2006

Engineering Laptop Data Security, or, 26.5 Million Veterans Can't Be Wrong

On Monday, May 22, we learned that some time in the preceding three weeks, a burglar broke into the house of a mid-level analyst in the Department of Veterans Affairs in Washington, D. C. Among the items missing the next day was the employee's laptop computer. That by itself is not news—laptops are stolen every day. But the thing that motivated Veteran Affairs Secretary Jim Nicholson to announce the theft to the news media was the fact that on that laptop's hard drive were the names, Social Security numbers, and other personal information belonging to over 26 million veterans.

It is not hard to imagine what someone with the scruples of a burglar could do with that information. We can only hope that the miscreant does not read the newspapers, watch TV news, or download iPod newsblogs, and that he fenced the machine to someone who will divest it of all identifying indications, including the hard drive data. But the very small chance that a very big problem will occur is still a very big problem. And since Social Security numbers last for the lifetime of their owners, the concern that one of those veterans will be a victim of identity theft may not go away unless the machine is recovered with the knowledge that the data wasn't copied. This happy eventuality is, to say the least, unlikely.

As it does in many other areas, the advance of technology has blurred the distinction between two groups of people who formerly had very different responsibilities. Back in the 1970s when it took a roomful of refrigerator-size tape drives to store twenty-seven million personal records, there were only a handful of people in any given organization who had the technical ability to manipulate or copy the information. The computer-science specialists who designed, operated, and maintained the systems were generally aware of their special responsibilities that came with the power to work with personal data. Besides which, a putative thief would have had to bring a small loading van along to steal such a large amount of data. Although data theft and identity theft have been a problem at some level since the earliest days of computers, the sheer bulk and awkwardness of large amounts of data, and the relatively scarce and highly secure computer rooms in which they were housed, meant that such a theft had to be carefully planned and executed like a bank or payroll heist. For the average non-technical user of such information, the most data handled at once was contained in a bulky folder of green-and-white-striped computer paper, which nobody wanted to carry out of the office anyway. So computer security was an issue mainly for those few specialists who dealt directly with mainframe computers, and the rest of us scarcely knew it existed.

No longer. Because of the democratization of technology we now enjoy, most laptops sold today with 100 GB hard drives can hold the digital equivalent of all the printed contents of a small town's public library. The size of digital storage has changed, but the responsibilities are still the same. Every person who is in charge of a laptop with sensitive information on it has the same moral obligations as those (now retired) computer operators in the glass-walled computer rooms of yore. But in these days of high-pressure work and high-speed internet connections at home, what is more natural than to throw the laptop in the car and finish that special project in the evening just this once, even though you seem to recall some office rule against taking work home? That is just what the anonymous Veterans Administration employee did, and now look what's happened.

There are technological fixes for this technological problem, of course. A ten-second Google search turns up companies such as Eracom Technologies, which offers a variety of data encryption methods for servers, desktops, and laptops. The idea is that the authorized user types in a special password, and for extra security plugs in a special module to enable the laptop to boot up. Once the computer is satisfied that it is being used by the right person, it acts just like a normal computer. But all the data on the hard drive is actually encrypted with advanced techniques and de-encrypted as needed. Were a thief to steal the unit, he or she would be unable to start the machine. Even if the hard drive were removed and copied, the result would be nonsense.

Of course, Eracom doesn't give this technology away for free. I don't know what it costs, but it must be considerably less than the cost of a laptop, and they probably give quantity discounts for large organizations such as the U. S. Department of Veterans Affairs. But even advanced security technology like this can be thwarted if the user does something dumb, like writing the password on a note taped to the keyboard, or keeping the special unlocking module in the same bag with the computer. As an engineer told me recently, he tries to design systems that are foolproof, but doesn't bother to make them "damn-fool proof."

If a pattern of identity theft matching the stolen records does not emerge soon, our returning soldiers may not have to worry about the consequences of this particular laptop burglary. After all, they have seen and dealt with a lot bigger problems than this one. The rest of us, especially those who have any kind of sensitive data that we carry around in laptops, Blackberries, or data storage devices, should think twice before we take it out of a secure area. And ask what your organization does in case such data is stolen. If the answer isn't satisfactory, maybe someone should invest in a little added security. But all the data-security technology in the world cannot substitute for simply being careful.

Sources: An article describing the news conference at which Jim Nicholson revealed the laptop theft is at http://www.acm.org/serving/se/code.htm. Information on encrypting hard-drive data is available at such sites as http://www.eracom-tech.com/hard_disk_encryption.0.html.

Thursday, May 18, 2006

Engineering Privacy in the Computer Age

The Association for Computing Machinery (ACM) is the world's leading society for computer professionals. Founded in 1947, it is for professionals involved in information technology what the American Medical Association is for U. S. doctors. Prominently displayed on the ACM's website is a lengthy Code of Ethics, which includes the following words about privacy rights:

"Computing and communication technology enables the collection and exchange of personal information on a scale unprecedented in the history of civilization. Thus there is increased potential for violating the privacy of individuals and groups. . . . It is the responsibility of professionals to maintain the privacy and integrity of data describing individuals."

So far, so good. Few will argue that the ubiquity of computers has made it possible to collect, analyze, or steal unimaginable amounts of highly personal information. But the code doesn't simply stop with a call to maintain privacy. It goes into further detail:

". . . This imperative implies that only the necessary amount of personal information be collected in a system, that retention and disposal periods for that information be clearly defined and enforced, and that personal information gathered for a specific purpose not be used for other purposes without consent of the individual(s). These principles apply to electronic communications, including electronic mail, and prohibit procedures that capture or monitor electronic user data, including messages,without the permission of users . . . ."

President Bush has been in hot water this week after a report in USA Today that the National Security Agency has been collecting the phone call records of millions of Americans. One phone company after another has denied providing such information. While it is perhaps too early to decide the truth about the matter, the record of numbers dialed and calls received is something that most citizens would regard as personal information.

On the other hand, we have all seen TV shows in which the dialing records of a criminal suspect have provided important clues to the solution of a crime. Phone taps, call records, and traces have been a part of domestic law enforcement for decades. And of course, computers are involved in nearly all electronic communications of any description these days. How do the computer professionals deal with these cases? Here's how:

"User data observed during the normal duties of system operation and maintenance must be treated with strictest confidentiality, except in cases where it is evidence for the violation of law, organizational regulations, or this Code. In these cases, the nature or contents of that information must be disclosed only to proper authorities."

So, at least according to the ACM Code of Ethics, information such as call records should be disclosed to the "proper authorities" (e. g. the NSA) only when the user data is evidence for the violation of (1) law, (2) "organizational regulations," or (3) the Code itself. The ACM Code of Ethics or the internal regulations of the phone companies are not the inspiration for NSA activities, we hope. So it seems that an ACM member in good standing could participate in such an activity only if the records obtained were evidence for the violation of law.

That's a pretty narrow scope. Somehow I doubt that the phone records of all Americans, or even a substantial fraction of all Americans, constitute evidence for the violation of law. Maybe some of them do, but that is why most phone tap, trace, and call record requests are made by law enforcement officials only for specific individuals who are already under suspicion. If anything like the reported wholesale phone-record transfer took place, those members of the ACM who participated in it are under a cloud ethically, to say the least.

Some days it seems like the great internet-website-phone-fax-TV-MP3-instant message-chatroom behemoth runs on its own without human intervention of any kind. But there are people behind all the systems, and people make the decisions that protect or violate your privacy. Just the other day, I learned that the operator of the website at my church (!) has a way to tell if particular viewers bookmark the site. When I heard this, I had a chilling vision of some invisible guy looking over my shoulder as I sat in front of my computer in my supposedly private room at home. So far, no harm that I know of has come to me because people I don't know and will never meet can tell which websites I bookmark. But it may have something to do with the fact that even after we signed up for the national do-not-call list, I keep getting phone calls right at suppertime from organizations I could swear I have never had any dealings with. But maybe if bookmarking a website counts as a "dealing," this gives them the right to call me. Who knows?

The truth will eventually emerge about the NSA and national calling records. Laws always lag behind rapidly advancing technologies, and a certain amount of confusion and injustice results. But at some point, if things get too out of hand, the legal system may overreact with burdensome regulations that in some cases are worse than the disease they were designed to cure. The best protection against such an outcome is for everyone, especially members of the Association for Computing Machinery, to abide by sound ethical principles and every so often ask, "If I were on the receiving end of this, would it bother me?"

Sources: The Association for Computing Machinery's Code of Ethics is at http://www.acm.org/serving/se/code.htm.

Tuesday, May 09, 2006

Mobile Phones on Airplanes: Too Soon to Talk?

To some airline passengers, a mobile phone is God's gift to air travel. You can see how eagerly they relieve the boredom of watching other passengers struggle into their seats by chatting with friends and relatives until the last possible second—and sometimes longer. I've watched the test of wills as a flight attendant stood by an oblivious businessman who simply would not put up his phone until she repeated her request three times and threatened to delay the flight for everybody. And it sometimes looks like a contest to see who can whip out their phone and make the first call after the announcement that it's okay to use phones again after landing. Clearly, people would like to use their mobile phones all the time, not just on the ground. Possibly in view of this fact, the Federal Communications Commission has announced that it is considering whether to lift the restriction on in-flight mobile phone calls. So is there anything to the notion that electronic devices such as mobile phones can seriously affect the avionics of a modern jet aircraft? Or is it just a silly bureaucratic exhibition of meaningless power without foundation in fact?

Sources: An online version of the March 2006 IEEE Spectrum article, "Unsafe at Any Airspeed," is at http://www.spectrum.ieee.org/mar06/3069.

Surprisingly little research has been done into whether people actually use mobile phones on plane flights, and if such use can interfere with navigation or communication systems. In the March 2006 issue of the magazine IEEE Spectrum, a publication for professional electronic engineers, researchers at Carnegie Mellon University reported the findings of a three-month investigation in which they placed a radio-wave "sniffer" on board numerous commercial flights. This instrument package was designed to receive and record radio emissions in the frequencies used by mobile phones. After the equipment flew in the overhead luggage rack on 37 different commercial flights, the data was downloaded and analyzed.

It turned out that on average, at least one person on every flight, and sometimes several people, made one or more mobile phone calls at times that clearly violated FAA and airline rules. While none of the planes in the study crashed or reported any harmful interference with avionics, the researchers found from independent data collected by NASA that there have been over seventy incidents in which portable electronic devices on board a plane have interfered with aircraft systems. The increasing use of global positioning system (GPS) navigation tools makes newer avionics even more vulnerable to interference than in the past, since GPS relies on receiving weak satellite signals that can disappear under interference from onboard phones, laptops, or other unauthorized electronics. While the Carnegie Mellon study does not cite a particular plane crash as being caused by interference from portable electronic devices, it implies that interference may have contributed to crashes in the past, given what we now know about mobile phone use on airliners.

Based on the results of their study, the researchers made several recommendations. A total ban on mobile phones in airplanes was not one of them. One of their most innovative proposals is to equip flight crews with a hand-held version of their "sniffer." This could be made as small as a pager and could be slipped into a pocket. At the same time that the flight attendant offers coffee, tea, or snacks, he or she could be patrolling the aisles for illicit mobile-phone use. Simply warning passengers that any mobile phone use can be detected in this way would probably go far toward discouraging the practice.

Other recommendations include better coordination between the Federal Aviation Administration, in charge of airline safety, and the Federal Communications Commission, in charge of the airwaves. Also, the NASA program that accumulated data about airline safety problems has had its budget cut in recent years, and the researchers called for its funding to be restored. All of these ideas are good ones, but unless politicians, industry representatives, and regulators take action, things may go on as they are until a tragedy occurs.

Tragedies are, unfortunately, great motivators for regulators and politicians to do something. The trouble with the interference problem in this regard is that, unlike a broken turbine blade or other physical cause, radio interference leaves little or no trace of itself after a crash. Even if a crash was caused by interference that produced a false reading from a GPS display, discovering this cause after the fact would be difficult or impossible without much better in-flight data recording than we now have.

So this is one problem that may be difficult to fix technologically. Of course, if everybody followed the rules, it would disappear. And here is one instance where you, the individual airline passenger, can do something. Not only can you refrain from using your mobile phone during prohibited parts of the flight, but if you see someone else doing it, you might try speaking to them about it. The life you save may be your own!

Tuesday, May 02, 2006

Engineering the Distracted Driver

On the afternoon of June 19, 1999, Bryan Smith was driving along Maine's Route 5 in the White Mountains near the New Hampshire border. His Rottweiler was with him in the back of his Dodge Caravan. The dog did something that caused Smith to turn around to see what was the matter. While his attention was diverted from the roadway in front of him, his vehicle hit an object on the edge of the road. When Smith stopped the car to see what he'd hit, he found that it was famed author Stephen King, who subsequently underwent five operations for the injuries he sustained. Smith was not intoxicated or speeding. The only thing that kept him from seeing King in time to avoid the collision was the distraction caused by his dog.

While this is probably the most famous recent automotive accident involving a distracted driver, recent research by the Virginia Tech Transportation Institute indicates that it was the tip of an iceberg that is much larger than we thought. Using high-tech instrumentation such as Doppler radars, accelerometers, and five channels of compressed video to provide a second-by-second record of over two million miles of driving, the Virginia Tech researchers analyzed events leading up to over 60 crashes documented during the study of 100 instrumented cars and their drivers. The researchers were surprised to find that driver inattention was a factor in nearly four out of five crashes. This category includes fatigue and glancing away from the forward roadway for any reason. The most common cause of driver inattention was found to be "wireless devices," which includes cellphones, although other passengers, radios, and CD players were also implicated. Further information on the study can be found at the website of the sponsoring agency, the National Highway Traffic Safety Administration, at http://www-nrd.nhtsa.dot.gov/departments/nrd-13/newDriverDistraction.html.

Over 43,000 people die in U. S. auto crashes every year. In the hierarchy of things to be concerned about in engineering ethics, death is at the top. Any innovation that leads to increasing fatalities needs to be scrutinized thoroughly. From a system point of view, however, the things people do in their cars are almost uncharted territory, as the Virginia Tech research shows.

Consider a typical Saturday-morning outing for a mother and her children. Their vehicle may contain a built-in GPS navigation system, a satellite radio, a conventional radio, a CD player, and air-conditioning controls, all of which need attention at various times. She may be carrying her own cellphone and Blackberry, and her children may be watching a DVD on a player in the back seat, in addition to carrying their own phones. All of these pieces of equipment were designed without the knowledge that driver inattention is apparently a factor in almost four out of five crashes. The timing and usage of all these devices is left entirely up to the owners and operators, whose last drivers' ed course might have been two decades ago, if ever. The wonder is that anybody can drive more than a couple of miles amid such electronic chaos without hitting something.

This kind of problem has been faced before by the military, whose interest in giving fighter pilots the information they need without unduly distracting them is truly a life-or-death matter. A fighter-plane cockpit is a highly coordinated and uniform environment in which pilots know exactly what to expect, and where instruments and visual cues are placed with careful attention to their effects on the ability of the pilot to perform his job quickly and without needless fumbling.

I don't propose that we hand over control of everyone's car interior to the Department of Defense. But at some point we need to recognize that the original purpose of the automobile driver's seat—to provide a place where the operator can devote his or her full attention to the demanding task of controlling a potentially fatal piece of equipment moving at high speed—is becoming lost in the proliferation of options, gadgets, and distractions that most state driving laws permit. The one exception I am aware of is a law in most states that prohibits the operation of a television screen within the driver's line of vision. But watching TV while driving would be safer than trying to operate some of the latest digital gizmos with their multiple menus and tiny display screens.

Laws almost always lag behind technology, and with good reason. Unless a new technology poses a "clear and present danger," it is best to let enough history accumulate to allow a reasoned judgment based on sufficient evidence. The evidence of driver inattention has been long in coming, but it has now arrived. Engineers need to consider safety ideas that are out of the conventional boxes with regard to technologies used in automobiles. For example, it is technically feasible, given enough standards and agreements, to devise an interlock system that makes all controls for non-essential electronics (GPS, cellphones, etc.) inoperable while the car is in motion. If everyone had to stop or pull off to the side of the road to make a phone call or read a map, would the world come to an end? No. Time was when nobody could make phone calls from cars at all, and somehow people survived.

This isn't necessarily a call for regulation. The people with the greatest financial interest at stake in automotive safety are the insurance companies. What if they offered deep discounts for people who drove interlock-equipped cars? The automakers know that safety sells to a certain segment of consumers, primarily those with young families. Enough clever people working on this problem could come up with solutions that would not require drastic laws and would end up making the highways safer, and probably the electronics easier to operate too. The evidence is in. Now it's time to do something about it.

In the meantime, I suggest adopting the "two-second rule." The 100-car study found that short glances away from the roadway, especially for environmental checks like looking at one's rear-view mirror, were not risky as long as they took less than two seconds. But taking your eyes away from front and center for any longer than that led to increased chances of a wreck. So look away if you must, but not for longer than two seconds if you can avoid it.

Sources: The National Highway Traffic Safety Administration has more information on the Virginia Tech study "The Impact of Driver Inattention on Near-Crash/Crash Risk: An Analysis Using the 100-Car Naturalistic Driving Study Data" at http://www-nrd.nhtsa.dot.gov/departments/nrd-13/newDriverDistraction.html. The biographical information on Stephen King is from the Wikipedia article on King, http://en.wikipedia.org/wiki/Stephen_King.