Monday, September 28, 2015

Seattle Amphibious Vehicle Crash: Should the Ducks Retire?

Last Thursday, a "duck tour" amphibious vehicle used to show tourists the city of Seattle from both land and water was involved in a crash with a charter bus on the city's Aurora Bridge.  Four international students on the bus died and several others were injured.  This accident has raised concerns that the vehicles used for amphibious tours are inherently unsafe. 

An eyewitness said that the amphibious vehicle, which appears to be a World-War-II-vintage "DUKW" type, was traveling on the bridge when its left front wheel locked up, causing it to veer into the path of the bus.  The bus was carrying students from North Seattle College, and the four who died were from Austria, China, Indonesia, and Japan.  A later report says that investigators have found that the DUKW's left front axle was sheared off in the accident.  The investigation may take a year or more to complete.

The usefulness of a craft that can negotiate both land and water is obvious if you are an invading army, and that is why the U. S. military bought thousands of six-wheeled DUKW-type vehicles from General Motors during the Second World War.  After that conflict, they went on the surplus market, and in 1946 two enterprising gentlemen named Mel Flath and Bob Unger bought some and started what is now known as Original Wisconsin Ducks on the banks of the Wisconsin River.  The unique appeal of seeing a locale both from streets and a river without having to disembark from a land vehicle into a boat made their idea a success.  Since then, the concept has spread around the world, and today over 30 cities have some form of amphibious-vehicle tours available.

In the U. S., there are both state and federal regulations governing the operation of such tours, and the vehicle involved in the Seattle accident was reportedly inspected annually by a federal inspector.  Despite such measures, you might wonder if 70-year-old boats that weren't designed for ordinary city streets are simply outmoded and need to be retired. 

One main concern voiced about the DUKW-type vehicle is visibility.  The driver rides high above the street and the view immediately in front of the craft is blocked by the bow.  This problem has led to some non-fatal accidents involving low-slung cars being rear-ended by a DUKW.  Another concern is that the technology used is simply wearing out, and anything that old needs to be replaced by a more modern design.

As defenders of the DUKW point out, the wearing-out argument is countered by the fact that regular hull inspections and mechanical checkups can catch problems associated with aging vehicles and fix them before they become the cause of a bad accident.  In 1999, a DUKW used for tours in Hot Springs, Arkansas sank and 13 people died.  And in 2010, a DUKW's engine failed in the Delaware River, and a barge crashed into it and killed two passengers.  The Delaware River incident was later attributed mainly to an inattentive tugboat pilot, who was on his cellphone instead of watching where he was going.  The available accident record involving DUKWs does not show that any particular age-related defect is causing large numbers of accidents.  On the contrary, doing good maintenance on the vehicles seems to keep them going indefinitely.

It would be nice if we had a database of total number of passenger-miles carried by DUKWs and could compare the vehicle's safety record with those of other modes of tourist travel—charter buses, for instance.  But no such database apparently exists, and it would be a lot of work to estimate the customer volumes of a number of privately owned tour companies throughout the world. 

Part of what is going on here is what I might call the pathos effect.  News media tend to report on incidents that have an emotional tug to them.  The contrast between the joyful pleasures of a holiday excursion and the tragedy of sudden death by drowning or collision is pathetic, in the technical sense of arousing pity.  It's one thing if a commuter is hit by a bus, or a drunk driver runs into a tree and kills himself.  It's a higher level of pathos if some international students who are getting their first sights of America suddenly have their lives cut short by a crash with another sightseeing vehicle.  So other things being equal, fatal accidents involving duck tours are going to get publicity way out of proportion to the actual body count, to put it somewhat cynically. 

Nevertheless, it's a valid question to ask whether these mid-twentieth-century vehicles should be replaced by more modern ones, or whether the existing fleets can be made safer.

Regular inspections with annual certifications are already part of the ongoing effort to keep these types of tours safe, and if some maintenance lapses are discovered in the Seattle accident, increased scrutiny of the integrity of these inspections will be warranted.  But until we find out exactly what happened to cause the wreck, such measures are premature.

The visibility problem is relatively easy to solve these days with small video cameras and displays.  Not too long ago, I helped a friend of mine install a backup video camera on the bumper of his large pickup so that he can see anything low that he might not want to back into.  With this type of installation for a DUKW, there might be some issues involving waterproofing and so on, but these can be dealt with relatively easily, leading to greatly improved visibility in the vehicle's blind spots.

When the investigation of the Seattle duck-tour accident is complete, we'll have a better idea of why it happened and whether negligent maintenance or some other cause was at fault.  In the meantime, it's probably safe to say that tourists who want to see London or Malacca or Singapore from an amphibious vehicle are not taking their lives in their hands when they get aboard.  But it wouldn't be a bad idea to find out where the life vests are kept.

Sources:  An Associated Press report on the Seattle accident was carried by numerous news outlets, including the Los Angeles Times on Sept. 26 at  A more recent report carried on USA Today's website at reported the axle shearing off.  I also referred to Wikipedia articles on duck tours, the DUKW, and amphibious vehicles. 

Monday, September 21, 2015

EPA Accuses VW of Software Cheat in Diesel Autos

Last Friday, Sept. 18, the U. S. Environmental Protection Agency (EPA) announced that it had discovered a "defeat device" installed in nearly half a million diesel vehicles made by Volkswagen (VW) and sold in the U. S. from 2009 to 2015.  Specifically, EPA claims that VW engineers have admitted to designing and installing software that implements full emissions controls on their diesel engines only when the software detects that the car is undergoing emissions testing.  The rest of the time, some of the emissions controls are disabled, allowing the vehicle to produce as much as forty times the maximum allowed levels of NOx, a type of pollutant that can lead to respiratory problems and smog.  When queried about the accusations, VW spokespersons declined comment, citing the ongoing investigation.

Until VW has their day in court, or wherever this case ends up, fairness dictates that we give them the benefit of the doubt.  But when both the EPA and the California Air Resources Board (CARB) issue notices that VW is in violation of clean-air ordinances, citing admissions made by VW personnel, it's a fairly safe bet that something is amiss.

In 2014, some researchers at West Virginia University who were working for the International Council on Clean Transportation discovered that certain VW diesels emitted far more pollutants when operating under actual road conditions than one would expect from the fact that they are certified by the EPA for sale in the U. S.  When the researchers notified the EPA about this, EPA asked VW about it, and VW said they would issue a recall to recalibrate the systems involved, which they did in December of 2014.  However, the California Air Resources Board checked some of the supposedly fixed VWs in May of 2015, and found that some of them were still out of compliance—hence, more meetings with VW.  According to a letter from the CARB, its staff and EPA staff held a technical meeting with VW personnel on Sept. 3, 2015.  Reading between the lines, we can surmise that the question they asked was along the lines of, "Okay, guys, what's really going on here?"  Faced with the inevitable, VW admitted that they had deliberately designed the vehicle's software to detect an official emissions test, and to turn on all the pollution controls only during testing.  The rest of the time, some of the controls were inactive. 

Faced with this smoking gun (so to speak), EPA and CARB had no choice but to declare the affected vehicles in violation and to order VW to issue a recall to remove the defeat-device software. 

As it turns out, if the allegations prove true this isn't the first time that regulators have found diesel-engine defeat devices deployed on a massive scale.  Back in 1998, diesels in trucks and construction machinery made by Caterpillar, Renault, and Volvo were found to have two different sets of software.  One set was used when the EPA was running emissions tests on the engines, and adjusted the injection timing for low NOx emissions.  The second set of software used a different injection timing that delivered better fuel economy, but also caused more NOx emissions.  The manufacturers ended up paying about a billion-dollar fine for that infraction. 

There seems to be something about software that tempts engineers to bend the rules.  With hardware, it's relatively easy to dig into the machinery and find the gizmo that's doing its nefarious work—that's the kind of thing that the term "defeat device" brings to mind.  It reminds me of a scene from the autobiography of Vannevar Bush, who was in charge of the U. S. Office of Scientific Research and Development during World War II.  In the 1920s, he was a professor at MIT and got involved with a startup company named Raytheon.  At the time, Raytheon's hot product was a type of rectifier tube that was useful in the rapidly growing production of radios that operated from power-line current (earlier radios used messy and expensive batteries).  In a dispute with rival radio manufacturer Westinghouse, Bush claimed that Westinghouse was using Raytheon's patented tube structure.  The patent attorney for the rival firm rival denied it.  In response, Bush told Westinghouse's patent attorney to pick up a Westinghouse tube (which had an opaque coating on the glass) and crack it over a trash can.  He did so, and there was Raytheon's patented tube structure.  As Bush put it, the patent attorney agreed to advise his client Westinghouse to "keep off the grass."

You can't do that sort of dramatic stunt with software so easily.  If the accessible form of the software involved is in the form of machine code (which it usually is in production systems), often nobody other than the people who wrote it can really tell what it does.  So sneaky evasions such as the one VW engineers are accused of doing with the defeat-device software are hard to pin down, which means that indirect evidence such as performance measurements have to be used instead.  And it's not often that regulatory agencies go to such trouble to track down violations.  Further investigation may reveal exactly who at VW was responsible for the defeat-device software, and how high in the firm the decision was made.  And then, if the charges are proven, VW will have to pay—at least with a recall fixing the problem, and perhaps with fines or other penalties. 

The contrast between the way cars used to pollute before environmental regulations and what comes out the tailpipe today was brought home to me recently when we started working on a 1955 Oldsmobile owned by my late father-in-law.  It now starts up pretty reliably without help, but whenever it does, a blue cloud appears behind it and the sharp tang of volatile organic compounds (VOCs) fills the air.  Exhaust just doesn't smell like that any more, by and large, and that's thanks to catalytic converters, selective catalytic reduction for diesels that uses urea to reduce NOx emissions, and many other measures that make the air cleaner than it would otherwise be.

If the charges against VW prove to be true, that firm will have the opportunity to make the air behind its cars even cleaner.  And we will all be thankful for that.

Sources:  Numerous news outlets carried reports of the EPA's press release of Sept. 18, which can be found on the EPA website at!OpenDocument.  I referred to reports on the issue by the Washington Post at and a letter from the CARB at  I also referred to an article on the 1998 defeat-device actions in the Los Angeles Times for Oct. 23, 1998 at  The patent dispute between Raytheon and Westinghouse is described on p. 198 of Vannevar Bush, Pieces of the Action (William Morrow, 1970).

Monday, September 14, 2015

Mecca Construction Crane Tragedy

Construction sites can be dangerous places.  That is why under most circumstances, access to the sites is strictly limited to workers who presumably know what they're doing, and even then, worksite injuries and deaths can occur as temporary structures or machinery such as cranes can get out of control. 

But what if the site you're working on is regarded as sacred by your religion, and in a few weeks hundreds of thousands of pilgrims are going to visit it?  Putting up "closed for construction" signs isn't an option. 

This is the dilemma that those in charge of the Grand Mosque (Masjid al-Haram, in Arabic) in Mecca faced as this year's hajj (obligatory pilgrimage) approached.  When upwards of a million people are expected to crowd into a few dozen acres of ground, the potential for disaster is always present.  And in years past, stampedes of pilgrims have on occasion led to the deaths of hundreds of people caught in panic-stricken rushes.  Improvements to the structures used can help with crowd control, and so areas near the Grand Mosque have seen a lot of construction activity in recent years.  That is one reason why the Grand Mosque was surrounded by numbers of tall construction cranes last Friday, Sept. 11, shortly before the time of evening prayer at 6:30.  At least one of these was a "crawler crane" mounted on a mobile platform that could move on tank-like treads. 

Around 5 PM, a thunderstorm approached the city and brought heavy rain, lightning, and high winds.  Although the central part of the Grand Mosque surrounding the Kaabah (the black cube at the center) is open, much of it is covered by in a ring-shaped multistory structure that affords protection from the weather.  

While details are not yet clear and await investigation, apparently about 5:30, winds became strong enough to overbalance one of the crawler cranes stationed just outside one of the Grand Mosque's walls.  Videos shot at the time show the crane as it toppled onto the roof of part of the mosque, crashing through the ceiling and landing with its top  inside the mosque's inner open area.  Unfortunately, hundreds of people were in the path of the collapse and were killed or injured when the crane knocked down masonry as it fell.  As of Sept. 13, the death toll had risen to 107, with over 200 injured.  King Salman of Saudi Arabia has stated that once an investigation of the tragedy is complete, the findings will be made public.

First, our prayers and sympathy are with the injured and the relatives and friends of those who died.  Accidental deaths are always tragic, but especially so when victims were engaged in a religious pilgrimage made obligatory by one's faith.  There is some comfort at least in the knowledge that the pilgrims who died were engaged in what they considered to be a holy act. 

From an engineering point of view, this incident has several lessons that can be learned. 

First, crawler-type cranes can be less stable than other types with bases that are anchored to the ground.  The crawler crane is obviously more flexible and easier to position, but this convenience comes with a price:  less stability, unless great precautions are taken to ensure that the crane's rated load and maneuvering envelope are strictly observed.  And even if this is done, unpredictable wind loads such as are present in a thunderstorm can tip the balance of forces away from stability. 

Prudence might have suggested that with all the cranes around, someone should have kept an eye on the local winds and issued an evacuation order if the wind exceeded a certain speed.  But that might not have helped, for a number of reasons.  First, winds in a thunderstorm can change minute by minute, and it's possible that a sudden gust was responsible for the crane's collapse.  But evacuating a complex as large as the Grand Mosque would have presented its own problems, including the possibility of inducing exactly the kind of panic that has led to deaths in stampedes in the past.  So although evacuating the area might have prevented some loss of life, it might have contributed to it as well.

The other alternative would have been to use only cranes that could withstand higher winds.  This might mean either using only stationary ground-mounted units, or shorter crawler cranes that are sturdier in high winds.  While either of these options would cost something in terms of workplace efficiency and schedules, in retrospect it would have been a price worth paying.

Like airports in expanding metropolitan areas, the Grand Mosque complex in Mecca is likely to be under construction in some sense for an indefinite time.  Given that it is, the authorities in charge of it are under an obligation to see that nothing like this tragedy can ever happen again.  Unlike the whims of mobs, engineering involves calculation, prediction, and the ability to plan ahead.  While engineers cannot foretell every eventuality that could lead to disaster, the investigation of the Mecca crane collapse may show how it could have been prevented.  If it does, the engineering staff in charge have their work cut out for them to make sure that pilgrims can worship safely in the holiest city of Islam.

Sources:  I referred to news articles on the collapse carried by several outlets:  CNN at, the BBC at, Al Jazeera at, and The Guardian at, which has a cellphone video showing the crane falling amid heavy rain.  I also referred to the Wikipedia articles on the Grand Mosque and the climate of Mecca.

Monday, September 07, 2015

Stingray and the Swiss Cheese of Electronic Privacy

The main distinguishing characteristic of Swiss cheese is that it's got holes in it.  This image came to mind when I read a recent report about a cellphone tracking device colloquially known as Stingray.  These expensive, sophisticated devices are contributing to a pernicious double standard about electronic privacy.  Private citizens on the one hand, and local and state law enforcement authorities on the other hand, appear to be working under very different rules.

Ordinary U. S. citizens are forbidden to eavesdrop on private electronic communications over the airwaves.  Back in the days when cellphones transmitted easily received analog signals, this meant you could not buy scanners that covered cell-phone frequencies.  And wiretapping—connecting a listening device to a telephone wire—was something that only authorized law enforcement people could do.  Back then, even the cops first had to get a court to issue a warrant for a wiretap, which was limited as to time and the target of the wiretapping.  Just to make sure that these restrictions weren't overwhelmed by new technological developments, in 1986 Congress passed the Electronic Communications Privacy Act (ECPA), which extended restrictions on landline communications to the then-new wireless types.

Then there was 9/11 and a burst of foreign terrorism, and a need arose to track cellphones in foreign countries that were being used for nefarious purposes, like setting off improvised explosive devices.  In response to this demand, the Harris Corporation developed a clever system that has come to be called the Stingray.  In order to track and eavesdrop on a target cellphone, you set up the Stingray in the general vicinity of the target—a few dozen or hundred yards is probably sufficient.  When the target phone is activated, the Stingray pretends it's a real cellphone tower, sending out a "pilot" signal that is stronger than the genuine tower's pilot nearby, and capturing not only the target phone, but many others in the vicinity.  In its most sophisticated mode, the Stingray performs a real-time decryption of the encrypted cellphone data and relays the content of the phone call (or text message, or what have you) to the legitimate system, while making copies for the cops.  In this mode, any calls the target phone originates go through as usual.  Only, the law enforcement people using the Stingray can hear and read everything in the vicinity.

I can't refer you to an advertising brochure or an official website on the Stingray, because Harris cloaks the device in secrecy.  Any agency buying one has to sign a non-disclosure agreement in which they promise not to divulge any details about it.  Nevertheless, the technology has become quite popular among the better-heeled state and local law enforcement agencies that can afford up to a half-million-dollar price tag.  And it is by no means clear that the agencies get proper court authorization before using the Stingray.  So your phone call or text might be showing up on a police computer near you—without your knowledge, of course.

In recent months, considerable information has leaked out about the Stingray and how it is being used, and there's even a Wikipedia webpage devoted to the technology.  It was most recently in the news when Deputy U. S. Attorney General Sally Yates announced on Sept. 3 that Federal investigators will now have to obtain a judge's permission before using cellphone trackers.  As recently as six months ago, the Feds were arguing in court that no such permission was necessary.  So on the federal level at least, some measure of protection has been restored to electronic privacy.  However, the ruling does not apply to state and local jurisdictions, which can presumably still use the Stingray and similar devices with impunity.

This is only one of many situations in which technology has outrun the legal system's ability to adapt to it.  Despite the blanket prohibitions of the ECPA, state and local law enforcement agencies are apparently using Stingrays frequently with or without court approval, depending on what the patchwork legal context in the specific region will let them get by with.  Sometimes, use of the device is revealed only in a court case when defense attorneys start asking embarrassing questions.  In Tallahassee, Florida, the state prosecutor gave an armed-robbery suspect a reduced sentence rather than being forced to disclose details of how a cellphone was tracked to the criminal's house—by use of a Stingray, presumably.

It may be the case that most, if not all, uses of this technology are approved by courts, although in some cases judges have complained that they were not aware of what exactly it was they were approving.  In that case, we are in principle no worse off privacy-wise than we were under the old regime of wiretapping laws, in which a court order was required to allow the telephone company technicians to permit a wiretap. 

We actually have two sets of Swiss cheese here:  one is the public's Fourth Amendment protection against unreasonable searches and seizures, and the other is the Harris Corporation's attempts to keep its technology out of the public eye.  Any system that has a 4500-word article on Wikipedia about it is no longer secret in any meaningful sense.  But nobody can sit down and build one for themselves just from the information on Wikipedia, and as long as nobody steals a physical unit and tries to reverse-engineer it, Harris is probably safe from getting their prize cellphone-tracker knocked off. 

There are two conflicting stakes here:  one on the part of the general public not to have its private communications eavesdropped on at the whim of a local police force, and another on the part of Harris Corporation not to have their advanced and very profitable cellphone tracker either copied or rendered useless by equally sophisticated bad guys who figure out some way to foil the Stingray.  One easy way to foil it is simply not to carry a cellphone, but for most people nowadays, that's like telling them not to breathe.  For the forseeable future, anyway, many crimes will involve cellphones one way or another, and the Stingray will continue to be useful in tracking down criminals.

My metaphorical hat is off to Deputy Attorney General Yates, who has at least clarified the situation at the federal level so that Stingrays will be used only with the proper authorization—we hope.  Maybe the state and local agencies will now follow the Federal lead and be more circumspect about how they use the devices, at least until the next round of electronic spy-and-counterspy warfare comes to pass.

Sources:  The New York Times article "Justice Dept. To Require Warrants for Some Cellphone Tracking" appeared on Sept. 3, 2015 at  I also referred to an earlier New York Times article "A Police Gadget Tracks Phones—Shhh-It's a Secret" at  The Washington Post carried the article about the plea bargain in Florida at, and I also referred to the Wikipedia articles "Stingray Phone Tracker" and "Telephone Tapping," and a How Stuff Works article on how wiretapping works at