From 1963 to 2013: Two Robberies and How The Thieves Got Away

Last week brought news of two robberies that happened five decades apart:  the Great Train Robbery of 1963 and the Great Target Data Breach of 2013.  A comparison of the two tells us something about how the business of thievery has changed over the years, and how likely it is that criminals who execute large-scale thefts like these today will be punished for their misdeeds.

But first, the tale of Ronald Biggs.  On his 34th birthday, August 8, 1963, he assisted a dozen or so partners in crime in an elaborate scheme to divert a British mail train carrying some $7 million in banknotes (equivalent to about $50 million today).  Back then, the Bank of England had the bad habit of shipping large amounts of physical currency from one bank to another, and the thieves caught wind of a shipment and successfully heisted it all.  Biggs' fingerprints were found and he was captured quickly and sentenced to a long jail term.  But less than two years later, he staged a daring escape and made his way first to Australia, then to Brazil, living a life of debauched indolence and occasionally taunting the British authorities by consenting to interviews with visiting newspeople.  However, as he became aged and sick, home looked better than ever, and he returned to England in 2001, expecting a pardon.  What he got instead was a jail sentence, which he served until 2009 when he was released on account of poor health.  He died Dec. 18, a hero to rebels everywhere but a convicted criminal nonetheless.

Only three days earlier, the giant U. S. retailer Target announced that from Nov. 27 to Dec. 15, an elaborately planned hack of their point-of-sale terminals acccomplished the theft of as many as 40 million credit and debit card numbers, names, and one of the two types of card security codes (the one embedded in the magnetic stripe, not the one printed on back of the card).  The potential value of this data on the black market is comparable to the $50 million or so that Biggs and his cohorts nabbed.  This particular piece of information came uncomfortably close to home when I discovered that my wife had used our debit card at Target for Christmas shopping recently.  Fortunately, she used it after Target said they had stopped the breach, but some 40 million people weren't so fortunate.

Catching Ronald Biggs was a matter of examining physical evidence such as fingerprints.  The digital fingerprints left by the Target thieves are much harder to trace.  Late word is that security experts have localized the source of the hack to Southeast Asia, but they may well encounter a brick (or bamboo) wall in their investigation at that point.  The global village metaphor is overused, but from a digital point of view, we really do live practically in each others' laps, with millisecond access to any of millions of computers around the world possible from my lowly laptop here on my desk in Texas.  But the uniformity of jurisdiction that allowed English detectives to move freely and quickly to investigate the Great Train Robbery does not exist across international boundaries, and it's hard to imagine how this situation would change.

There is some precedent in the way that international technical standards are worked out by so-called "working groups" that gather voluntarily to decide on a given technical problem.  But such groups have an automatic unity of purpose that the law-enforcement agencies of different countries do not share.  In some parts of the world, the criminal element is almost indistinguishable from the legitimate government.  Somalia comes to mind, and North Korea, where counterfeiting is regarded as a legitimate act of war.  The only way you could catch cyber-criminals who are harbored by such governments is to go to war with the government, and that measure is a little extreme even for the most dedicated law-and-order types. 

Fortunately for the millions of Target shoppers who were caught with their numbers down, so to speak, the big losers in such thefts are not the individual credit-card holders (whose liability is usually limited to $50) but the retailer whose system was breached, and the credit-card companies and banks themselves.  There will be lawsuits, surely, but the chances of recovering either the data or the money stolen by means of the data are small, if the history of similar breaches is any guide. 

In many European countries, a more complex type of credit card is used, one which has a microchip embedded in it that generates a different security code every time it is used.  It's much harder to hack the microchip type of card than it is to hack the old-fashioned magnetic-stripe variety that dominates the U. S. market.  But because the microchip card will require massive retooling at retailer point-of-sale systems and in the systems of credit-card issuers, the industry has resisted it so far.  According to the president of the Connecticut Bankers Association, MasterCard and Visa have promised to roll out the microchip cards by 2015, but this assumes that retailers won't block it by protesting it will cost them too much.  However, if the banks tell the retailers that they will be liable for fraudulent charges unless they switch to the new system, that may persuade reluctant retailers to get with the program.

As long as there is money and other valuables, there will be people who want to steal.  And the Target data breach is just the latest in a long series of cops-and-robbers escapades that goes all the way back to cavemen filching another tribe's giant-mastodon meat, no doubt.  But let's hope that the credit companies, banks, and retailers get their act together sufficiently to give us a well-tried microchip technology soon, one that at least makes it harder for thieves to break in and steal your credit-card number. 

Sources:  I referred to articles on Ronald Biggs in the Washington Post at

http://www.washingtonpost.com/world/europe/ronnie-biggs-notorious-participant-in-great-train-robbery-dies-at-84/2013/12/18/3f142a38-c5da-11df-94e1-c5afa35a9e59_story.html and the New York Times at http://www.nytimes.com/2013/12/19/world/europe/ronnie-biggs-great-train-robber-dies-at-84.html.  I used information on the Target data breach from NBC News at

http://www.nbcnews.com/technology/massive-target-credit-card-breach-new-step-security-war-hackers-2D11778083, from Forbes at http://www.forbes.com/sites/anthonykosner/2013/12/20/targets-biggest-pr-mistake-with-credit-card-security-breach/, and from an AP report carried by the Boston Globe at

http://www.boston.com/2013/12/20/fury-and-frustration-over-target-data-breach/LAEw7wmAeKBl0MJk0lBRDL/story.html as well as a Fox News report at

http://www.myfoxtwincities.com/story/24274470/target-victims-not-financially-responsible-for-credit-fraud.  The Connecticut banker was quoted by the Connecticut Post at http://www.ctpost.com/local/article/New-credit-card-features-may-prevent-breaches-5083388.php, and I referred to the Wikipedia article on card security codes. 

To Vape or Not to Vape?

A year or two ago, the administration at Texas State University, where I teach, passed a regulation that abolished smoking everywhere on campus, inside and out.  I have mixed feelings about this.  Personally, I have never smoked.  Both my parents were moderate to heavy smokers, and my father died of lung cancer at the age of 57.  So I am familiar with the harm smoking can do.  On the other hand,  some see widespread bans on personal habits that have at least some redeeming features as abuse of governmental authority.  Overall, I was mildly pleased by the ban, and so when I walked by a student lounge area in our building the other day and saw what I thought was a puff of cigarette smoke, I was surprised.

But on closer inspection, the student turned out to be "vaping":  smoking (or whatever the appropriate verb is here) an electronic cigarette.  Was that violating the smoking ban or not?  So far, the university hasn't ruled on whether vaping counts as smoking.  Since electronic cigarettes are unquestionably an engineered product, their production, sale, and use fall within the purview of engineering ethics. 

A visit to the website HowStuffWorks.com informed me that a Chinese pharmacist invented e-cigarettes a decade ago.  They depend on small lithium batteries for their energy source, and rechargeable lithium batteries themselves haven't been around for much longer than that.  The power goes through a voltage regulator to a small heating element, where a solution of nicotine in propylene glycol is vaporized and inhaled by the user.  The stuff becomes a finely dispersed mist upon exhaling and looks different than true cigarette smoke, probably because the particles are larger and evaporate rather than dispersing.  The current form of the device was originally marketed as an aid to help people quit smoking, but as with many such aids for addiction, the cure may not be much of an improvement over the disease.

Who is affected by vaping?  Well, there are the manufacturers of the product and its auxiliary apparatus and supplies:  chargers, the nicotine solution, the e-cigarettes themselves.  There are users, many but not all of whom are former smokers of real cigarettes.  There are the makers of conventional tobacco products, who may either feel threatened by the new development or may co-opt it once the market gets large enough, and start selling similar products themselves.  There are various organizational entities ranging from private companies up to things like the European Union, which are now tasked with deciding what if anything to do about vaping.  And last, but hopefully not least, there is the general non-smoking public for whom second-hand-smoke bans were enacted.  But partly because e-cigarettes are so new, nobody has a lot of solid data on their health hazards and whether second-hand nicotine-tinged propylene glycol is something to worry about. 

Hong Kong and Singapore, among other countries, have imposed flat-out bans on e-cigarettes, but most nations either have no laws about them or impose only mild regulation.  Their status in the U. S. has been the subject of numerous court cases, and attempts to get them classified as drug delivery devices have been unsuccessful.  The latest court ruling, which is more definite than logical, says they can be regulated only as tobacco products, which is a little like classifying tires as agricultural products because rubber comes from trees.  But the effect is that governments can't do anything to e-cigarettes that they can't do to regular cigarettes.  Consequently, some state governments have banned sales to minors, but that is about the extent of U. S. regulation so far.

It seems to me that e-cigarettes are all about the nicotine, which has been proved time and again to be addictive.  But so has alcohol, and we all know what a flop Prohibition was.  I confess that I don't relish the idea of attending a party at which I discover several of my friends or students sucking on phony cigarettes, but then again, I don't go to a lot of parties anyway.  In the last couple of decades, the latent puritanical streak in American culture has fastened onto cigarettes, with the result that most people who smoke, as well as most non-smokers, regard the cigarette habit as a disreputable vice.  And this attitude itself will probably keep e-cigarettes from becoming as common as cellphones, for example.

The medical and health evidence on vaping is still largely lacking, so the precautionary principle says to leave it alone until it's been proven to be safe, whatever "safe" means in this context.  The main ingredients of the vapor—nicotine and propylene glycol—are well-understood compounds.  Nicotine use in any form is psychologically addictive, but doesn't itself cause cancer.  Propylene glycol, if pure, is approved for use in foods.  So it's unlikely that their combination in e-cigarettes poses a sinister unknown risk, although one can't be sure without the appropriate long-term studies.

The thing I dislike the most about e-cigarettes is that they present one more opportunity for people, especially young people, to become dependent on a costly habit that otherwise doesn't make the world a better place.  I say that in full knowledge that some of the historical figures I most admire, including G. K. Chesterton and C. S. Lewis, were smokers, not of e-cigarettes but of the original old smelly tobacco products themselves.  E-cigarettes are an addition to a spectrum of products that are potentially habit-forming, products that lie on a spectrum whose mildest end includes coffee and tea, and whose opposite malignant end winds up with heroin and crystal meth.  Some people can choose to stay in one place on the harmless end of that spectrum, while others find that they are drawn through the milder products to take dangerous and illegal risks at the other end.  This is not to say that everyone who tries e-cigarettes will end up hooked on them, or will start smoking real ones.  But some will.  And is the pleasure, or whatever satisfaction that people get from them, worth the risk to those who may find that they are being controlled by their habit, rather than the other way around?  We don't know, but it is a risk both governments and individuals should consider seriously. 

Sources:  HowStuffWorks.com has a good description of e-cigarettes I referred to at http://science.howstuffworks.com/innovation/everyday-innovations/electronic-cigarette1.htm, and I also referred to Wikipedia's articles on electronic cigarettes, nicotine, and propylene glycol. 

Positive Train Control and Commuter Lines: A Train Wreck of Another Kind

Early Sunday morning, Dec. 1, dozens of people living in Westchester County and points north of New York City along the Hudson were riding in a southbound Metro North commuter train driven by veteran engineer William Rockefeller Jr.  The scenic rail line follows the east bank of the Hudson and makes a sharp curve just north of the Spuyten Duyvil station.  According to information leaked by a union official later, Rockefeller "basically nodded" at the controls in his booth at the front of the train, which was electrically linked to the locomotive that was pushing the train from behind.  Whatever Rockefeller's state of mind was, the speed recorder recovered from the train verified that it hit the curve at 82 MPH (131 km/hr), well above the 70-MPH (112 km/hr) speed limit for the straight stretch of line north of the curve, and way too fast for the 30-MPH (48 km/hr) zone in the curve.  The result?  The locomotive and all seven cars derailed, four persons were killed, and over 60 were injured.  As bad as this literal train wreck was, it highlights a different kind of train wreck that is taking place at commuter lines across the U. S.:  one involving a federally-mandated system called Positive Train Control (PTC).

There is little doubt that if the Metro North train operated by Mr. Rockefeller had been equipped with PTC, the accident would never have happened.  As passed into law by Congress in 2010 and required in all trains by the end of 2015, PTS is a system that takes information on a train's location and automatically enforces speed limits in accordance with track regulations, operating conditions, and other factors.  (Think of it like a car equipped with a cruise control that would automatically slow you down to 20 MPH (32 km/hr) in a school zone even if you stomped on the gas.)  So even if Mr. Rockefeller had fallen asleep with his foot on the "dead-man" control (which automatically stops the train if a driver lets go of it), the train would have slowed down safely before it reached the 30-MPH zone.

So why didn't Metro North install PTC already?  Many freight lines have completed their installations, and even the Brotherhood of Locomotive Engineers and Trainmen, a union which does not happen to count Mr. Rockefeller as one of its members, has issued a call for PTS to be installed as soon as possible in all commuter trains. 

There are a couple of reasons, which can be summarized as suitability and cost.  PTC was developed and intended mainly for long-distance freight lines to prevent derailments and other accidents involving hazardous cargo.  Freight-train engineers are often on 24-hour call, and so sleep-deprivation-induced inattention is a real danger, which is one reason freight lines have adopted it so fast.

Commuter lines, with their regular schedules, frequent starts and stops, and much more dense traffic and line networks, are a different sort of problem.  While PTC often relies on GPS for some of its functions, GPS doesn't work underground, which is where many commuter lines spend a good bit of time.  It turns out that the unfunded mandate to install PTC on all U. S. commuter lines might cost as much as $2 billion, which is a lot of change for cash-strapped municipalities.  Even before the crash, many commuter lines had given notice that they were going to miss the deadline, and there was talk of legislating an extension for such lines.  But clearly, PTC was too late to help the four victims of Sunday's crash. 

Not all engineering ethics issues are clear-cut, and rail safety is one of them.  One of the first ethical cases to draw the attention of the IEEE, the largest professional organization of electrical engineers in the world, involved a commuter rail line.  In 1972, as BART, the Bay Area Rapid Transit System of San Francisco, tested its new state-of-the-art automatically controlled train cars, a non-injury accident occurred which led whistleblowers to go public with their doubts about the design.  There are similar concerns that PTC technology is not ready for commuter lines, and if fully installed would either slow down the trains so much that schedules would have to be changed, or might take automatic actions that could cause accidents instead of preventing them. 

Metro North trains already have several safety systems installed such as the "dead-man" switch, but reportedly a second type of "alerter" system, which required the engineer to respond to a beep by tapping a control every 25 seconds, was available only in the locomotive itself at the rear of the train, not in the front cab where Rockefeller was.  Investigations of many kinds of accidents often reveal that safety equipment was installed that could have prevented the mishap, but it was either not operating at the time, was disabled, or not available under the particular circumstances that prevailed. 

As the controls and software capable of replacing some, if not all, of the functions of a human driver become more available, either economic forces or the force of law will push both private and public entities to adopt them.  We are seeing this already with Google's self-driving cars, and while PTC does something close to the same thing, it has been out of the public eye until now.  But the same type of tradeoff exists for both PTC and self-driving cars.  The promise of much lower accident rates is offset by the expense and administrative headaches of implementing the systems. 

The immediate cause of Sunday's accident is pretty clear by now.  Mr. Rockefeller did the honest thing by admitting he was sleepy.  When even locomotive-engineer unions call for the installation of potentially job-threatening systems such as PTC, it's a sign that the technology's time has come.  As long as it can be adapted safely and economically to the demands of commuter lines, we can look forward to the chance that the four people who died on Dec. 1, 2013 might be the last lives lost in a U. S. train accident for many years.

Sources:  I referred to reports on the accident carried in the New York Daily News on  Dec. 5 at http://www.nydailynews.com/new-york/bronx/metro-north-engineer-sleep-disorder-article-1.1538717, a statement issued on Dec. 5 by the Brotherhood of Locomotive Engineers and Trainmen at http://www.blet.org/pr/news/newsflash.asp?id=5507, a CNN report on the crash published on Dec. 4 at http://www.cnn.com/2013/12/04/us/new-york-train-crash/, and the Wikipedia article on Positive Train Control.

Self-Driving Cars: More Bumps in the Road

In what is probably the most detailed reporting on Google's self-driving cars to appear so far, New Yorker staff writer Burkhard Bilger shows just how far the technology has advanced since the Defense Advanced Research Projects Agency (DARPA) held its first Grand Challenge race of autonomous vehicles in the Mojave Desert in 2004.  Nobody came even close to finishing that first race, but only a year later the lessons learned from the inaugural debacles paid off when five vehicles completed the 132-mile course.  Today, Google's fleet of self-driving cars regularly plies roads in California, where the legislature recently passed new licensing laws making it legal to ride in such a vehicle without actually driving it.  But as Bilger briefly points out, a lot remains to be done before you can reasonably expect to own (or at least ride in) a self-driving car yourself.  And in my opinion, technology is not the main stumbling block.

A couple of years ago, I wrote in this blog that I perceived at least two problems which stood in the way of self-driving cars:  unexplored technical problems that might arise if lots of them were on the road all at once, and the reluctance of drivers to hand over the wheel to a robot.  I now think that the first issue has probably been overcome (or easily can be if it arises), and the second issue will take care of itself as the technology becomes more available and peer pressure or necessity (would you rather be told you're too old to drive, or buy a car that can drive itself?) convinces reluctant drivers to hand over the keys to Cyborg. 

But Bilger touches on what I now believe is the single most important obstacle that might slow the spread of autonomous vehicles, at least in the U. S.:  the conservatism of U. S. automotive engineers. 

Bilger spoke with representatives of several car companies:  GM, Ford, Nissan, Toyota, Mercedes, and Volvo, among others.  Ford and GM continue to make incremental "driver-assist" options available, but don't seem enthusiastic about self-driving cars at all. Nissan is the only firm that has made a definite commitment to market a self-driving car, with a target date of 2020.  Mercedes is worried about what the currently-required laser dome on the roof will do to styling, and Volvo is concentrating on safety more than autonomy:  their goal is to make fatal crashes in a Volvo essentially impossible.  But whether a robot or a human drives the car is not their primary concern.  Toyota is still recovering from the controversial accusations that their cars were prone to sudden acceleration, and has paid out millions in legal costs as a result.  That firm is probably not eager to market a product that a few accidents could transform into another huge legal liability.

Here is what I think will happen.  In highly congested non-U. S. cities—Tokyo, Amsterdam, Berlin—auto makers will first market self-driving cars to people for whom car ownership is very expensive in terms of parking and driving aggravation.  Bilger makes the somewhat curious claim that once cars can drive themselves, most people will not feel the need to own one.  I for one fail to see the connection, except in circumstances where it is a positive pain to own a car, such as living in Manhattan. 

Google admits it's not planning to go into the car business.  But if it thinks Ford or GM is going to buy turnkey controls sold by Google and install them in their own products, they have not given sufficient consideration to the power of N. I. H.:  Not Invented Here.  Not only will the U. S. auto engineers be reluctant to hand over critical responsibilities for their products to a bunch of California geeks; the Detroit crowd recognizes that the whole idea of car ownership is tied intimately to the fact that you drive the thing, you don't just ride in it.

Most U. S. automakers sell cars by playing on the emotions of potential car owners.  The idea is "you are what you drive."  Drive a Dodge Ram?  You're a rough, tough guy who can climb mountains while carrying a ton of rocks—in your pickup.  And so on.  The psychological distance between the driver's seat and the passenger seat (even if you're still sitting behind the wheel) is vast.  A car that drives itself isn't a car anymore, it's a one-person bus.  And public transportation in this country is about as sexy as a roomful of old men playing dominoes. 

To sell self-driving cars, the U. S. auto companies would have to retool their whole way of thinking about how cars are sold.  Of course, if buying a car becomes a thing that only really rich people can afford to do (like keeping a chauffeur), and most cars become part of some public transportation network, the marketing job for the auto industry becomes much easier.  They will have to sell only to a few large municipal purchasing agents rather than to millions of individual car owners.  But except in a few quasi-European cities on the U. S. coasts, I simply can't picture this happening to any large extent.  People love their cars too much to let go of them, even if they no longer drive them. 

Perhaps we will go through another U. S. automaker shakeout, like the one that happened in the early 1980s as foreign automotive producers out-manufactured U. S. firms and took over huge tracts of market share.  If lots of people like the idea of not having to drive, but still want to own a car, Nissan will find out when they offer a truly self-driving vehicle.  Legislatures in states where the demand is high will take care of the licensing problem, and if U. S. carmakers ignore or downplay the self-driving car trend after foreign makes start selling, it's their funeral, along with the funerals of those people who die as a result of human-driver error—deaths that Google engineers claim can be reduced drastically once we switch to self-driving vehicles.  And that's another factor that may push U. S. auto manufacturers unwillingly into the self-driving-car business:  insurance companies.  If a large enough database of statistics shows that self-driving cars are, say, four times as safe on average as human-driven ones, insurance rates on the self-driving models will plummet, and people will have to pay more for the privilege of driving rather than letting the computer steer. 

Sooner or later, the sight of driverless cars will no longer attract the attention it does today.  But a lot of things will have to change first, and among the most important are attitudes of engineers, legislatures, and drivers themselves.

Sources:  Burkhard Bilger's article "Auto Correct" appeared on pp. 96-109 of the Nov. 25, 2013 issue of The New Yorker.  I addressed the issue of autonomous vehicles in my blog in this space on August 11, 2011.

Do You Smell Gas? Thank New London

On Thursday, March 18, 1937, a seventh-grade girl named Sibyl sat in a school bus outside the junior-senior high school building built four years earlier in the unincorporated town of New London, Texas.  In contrast to the rest of the nation, New London and the surrounding area of East Texas were prospering from a local oil boom, and many of the school's students came from families drawn to the area by oil-field jobs.  Sibyl had mistakenly left her class early, but rather than go back inside and look foolish, she had decided just to wait in the bus until school let out for the day in another twenty minutes or so.  Suddenly, at 3:17 PM, she saw the entire front of the building rise several feet into the air and then collapse into a huge pile of dust with a thunderous crash.  She had just narrowly escaped what turned out to be the worst school disaster in the history of the United States.  Over three hundred children and adults died either in the explosion itself or as a result of injuries they sustained in it.  The cause?  Odorless natural gas.

As you may know, natural gas has no characteristic odor of its own.  By law, a malodorant must be added to natural gas for non-industrial users such as homes, businesses, and schools so that a leak will call attention to itself by means of smell.  One of the compounds used, butyl mercaptan, is so stinky that the average human nose detects it at a level of 0.33 parts per billion.  That concentration amounts to one teaspoon of malodorant in a cube of air about 25 meters (80 feet) on a side.  While gas leaks and explosions still occur, the chances of detecting a leak before it causes an explosion are much better when the gas contains a malodorant. 

Flammable gas has been used for domestic light and heat since the early 1800s, but until the discovery of large supplies of natural gas, piped-in gas was a relatively costly type of utility that was confined to cities.  By contrast, the oil wells around New London freely produced so much natural gas that it was (and still often is) considered a waste product, and was flared off near wells in towering flames that burned day and night and could be seen for miles.  The oil companies piped some of it around in what were called bleed-off lines to supply power for their own operations, and because many of New London's residents were already familiar with oilfield equipment and piping, tapping a nearby gas line for free raw natural gas became a common practice.  Although it was technically illegal, someone with the requisite skills could install his own private gas line to an oil lease's bleed-off line, and enjoy free gas instead of paying the local gas utility for it. 

It is a matter of record that a couple of months before the 1937 explosion, W. C. Shaw, superintendent of the New London schools, authorized a janitor to disconnect the schoolhouse from the local gas utility and tap a nearby bleed-off line instead.  Mr. Shaw apparently viewed this as a cost-saving measure, similar to the earlier decision when the school was built to forego the usual steam-boiler-radiator heating system, and instead install an extensive gas piping system and some seventy gas space heaters instead. 

In My Boys and Girls Are in There, a recent book on the tragedy, historian Ron Rozelle notes that many subsequent summaries of the disaster tend to blame Superintendent Shaw for endangering the lives of his charges with the decision to use free untreated bleed-off gas.  The critical question, which Mr. Rozelle doesn't answer in the book, is whether the local gas company was adding malodorant to its product at the time.  Such a practice was widespread by 1937, but by no means universal.  If the utility's gas was odorless as well, then the decision to switch to bleed-off gas made no difference, because the leak that caused the explosion would not have been any easier to detect.  The main reason that the explosion was so severe and extensive was that the poured-concrete school building had a single, poorly ventilated, and uninterrupted crawl space beneath the entire front part of the building, under eight inches of solid concrete floor.  Since natural gas (primarily methane) is lighter than air, this crawl space formed a good container for thousands of cubic feet of gas, which was touched off on that fatal day when a shop teacher switched on an electric sander in the basement. 

While the New London explosion dominated national news for a week or so, it faded quickly as other events diverted the public's attention.  Like war veterans often do, survivors of the explosion usually refused to talk about it afterwards.  However, one survivor, fifth-grader Carolyn Jones, had the courage to make a speech to the Texas House and Senate in Austin only a week after the explosion, urging that safety measures be passed to prevent another disaster like the one at New London.  The result?  Two laws:  one requiring all natural gas for domestic purposes to contain a malodorant, and the other requiring that anyone working on residential natural-gas lines for residential use must be trained and certified for such work by the state of Texas.  The publicity of the New London disaster furnished ammunition for the passage of similar laws in other states, so that eventually, all natural gas sold for household use would carry its own portable detection system, namely, a bad smell.

The New London explosion and its aftermath form a familiar pattern:  first an innovation (the use of natural gas for domestic gas supplies was fairly new in the 1930s); then a tragedy resulting from inadequate safeguards, ignorance, or other factors; then regulations, or a change in good engineering practices, or both, all inspired by the tragedy.  It would be nice if engineers were able to anticipate everything that could go wrong in a novel situation.  But human ingenuity being both fallible and limited, sometimes we have to learn from mistakes, and the more costly the mistake in terms of lives, the faster we learn.  While nothing will ever bring back those three hundred lives lost on that East Texas afternoon seventy-six years ago, it is some comfort to know that their lives were not lost in vain, and that gas users around the globe are safer as a result. 

Sources:  I thank Andrea Nelson and Stephen Paul for bringing my attention to Ron Rozelle's book My Boys and Girls Are in There (College Station:  Texas A&M University Press, 2012), which I relied on for most of the material in today's column.  I also referred to the Wikipedia articles on the history of manufactured gas, thiols, and tert-butylthiol.

Privacy in Public: Mobile Phones and Personal Spaces

The other evening I was waiting in line in a cafeteria, and the woman ahead of me, who was rather short, was reading her phone.  A few years ago, the phrase "reading her phone" would have ranked as nonsense, but nowadays when most mobile phones seem to do everything a desktop computer used to do, only faster, reading your phone has become a humdrum, routine part of life.  Anyway, she was flipping through what looked like either twitters or Facebook comments, and I, being a compulsive reader of anything in my field of vision, began to read along with her.  The content was nothing remarkable—little notes from friends about what other friends were doing, pictures of small children (grandchildren?), comments about an upcoming wedding—I frankly forgot nearly all of what I saw a few minutes after I saw it.  What stuck with me was a question:  what exactly was I doing in reading that lady's phone over her shoulder?  What would you call it?  And does the fact that you can do something like that have any larger implications?

I don't need a Ph. D. in moral philosophy (which I don't have anyway) to know that it was wrong to read somebody else's private messages, from whatever source derived.  Nowadays, of course, they may not really be private.  On Facebook and personal blogs and so on, people make public all sorts of matters that earlier generations would have buried deep inside a locked diary.  But the presumption is that the content of a person's own phone is, well, personal and private.  And it was not right for me to read her mail, so to speak.  I watched an old movie the other night which had a plot that turned on the theft of a letter—a theft that was noted by a landlady, who called the cops and brought the whole criminal scheme tumbling down thereby.  Stealing a letter is an overt, easily documented act.  But just looking over somebody's shoulder in a cafeteria line—who can tell what you're seeing? 

The closest word I can think of that means something like what I did is "eavesdropping,"  but that involves hearing, not seeing.  "Eyedropping" won't work—it sounds like what goes on in an opthalmologist's office.  "Spying" would cover it, but I didn't go to the cafeteria with the intention of snooping on somebody else's phone messages.  I just happened to be standing where, without any real effort or intention on my part, I was able to read private material.  The parallel between that and a situation where you are in a restaurant booth and can't help overhearing conversations in the next booth is pretty exact. 

Whatever it should be called, it's something that happens more and more often as people with portable electronic communications devices take over public spaces in subtle but significant ways.  What about those folks who have either an ear-mounted phone, or one of those little earbud-cord microphones that you have to look closely to see?  They're the same ones who conduct one-sided phone conversations in hallways or sidewalks at normal volume, so that at a distance they give every appearance of talking with an invisible companion, which leads one to doubt their sanity until you get close enough to see the electronics they're talking to.  We don't mind people having normal conversations in public when both parties are right there, so why should we mind if one of the participants happens to be at the other end of an electronic link?  I'm not sure, except that sometimes people talk about things over the phone that they wouldn't mention in a public place.  And if they're doing it over a mobile phone, they sometimes tend to forget their surroundings, and passersby end up privy to TMI (too much information).  This is just as discourteous as what I did to the lady in front of me in the cafeteria line, but it's discourtesy of a different type. 

The real problem, I think, is that the boundary between public and private is getting really fuzzy, and you can get into trouble if you mix up the two.  Saying, "I'd like to kill you!" out in a field where only you and your listener can hear you is one thing.  It may be a serious threat, or it may be nothing more than a joke between well-acquainted friends.  But saying the same thing on Facebook or another internet-mediated forum can land you in jail.

Here are two pieces of advice, one for users of technologies that tend to make the private public, and the other for bystanders who end up hearing or seeing something that the user didn't intend for you to hear or see.  For users, try to realize that while you may be focused just on your friends you are chatting with, the medium you are using is full of holes that leak information to casual passersby—people just browsing the sidewalk or the web, and even folks you may be trying to keep a secret from.  So use some discretion in what you look at or say.  If you wouldn't want to hear someone else saying what you're saying, don't say it, or at least wait for a more private circumstance than looking at your phone while waiting in line or talking through your earbud mike at a crowded bus stop.

And for bystanders, I would say that while sometimes you really can't help overhearing or "overseeing" someone's private information, you can help what you do with it.  If you can read somebody else's email over a shoulder, well, quit it.  If you can hear somebody's private conversation, maybe move to a chair where you can't.  And otherwise, try to be nice even to thoughtless or nasty people.  To some folks, old-fashioned courtesies such as beginning a letter with "Dear" look hypocritical:  if you aren't really dear to me, why should I address you that way?  But courtesy is the social lubricant that you don't wake up the next day with a hangover from.  It makes life easier and more pleasant for all of us, and while it has aspects of hypocrisy, I like to think of it as more like clean, well-tailored clothing that covers a less-than-presentable body.  And come to think of it, that's something else that is out of fashion, and maybe for the same reason.  But just as there is good taste in clothing, there is good taste in the use of mobile phones, and here's hoping more people use them more tastefully.

Sources:  After I wrote this blog, I found a website that makes most of my points and more, and with pictures.  It's "How to Practice Cell Phone Etiquette" at http://www.wikihow.com/Practice-Cell-Phone-Etiquette.  Highly recommended.

Democracy By Sampling

If you had stopped by my house last Saturday, you would have seen me seated on the front porch in a folding chair, watching a presentation on a laptop connected to a notebook computer, which was in turn operated by a woman seated in another folding chair.  The woman works for a contractor to the U. S. Department of Commerce.  The contractor, Abt SRBI, performs high-tech surveys for government agencies.  Instead of pencils and clipboards, the woman brought along the aforementioned technology that she used to show me the options I had for each answer, as well as photographs and other information related to the survey questions.  My subject today is not so much the actual content of the survey (which she requested I keep confidential so as not to bias other potential participants), but the entire process of which the survey was a part, which I'm calling "democracy by sampling."

One vital aspect of engineering ethics is to consider all the stakeholders in a given case, including members of the public liable to be affected by a proposed course of action.  I think it's okay for me to say this much about the survey:  it dealt with a proposed program that the Department of Commerce may implement, and would entail substantial costs to be borne by the U. S. taxpayer.  The program would address an environmental issue which it turns out I have discussed in this space in the past, and it would deal with it in a way that struck me as egregiously boneheaded.  And I told them so.

But unless you, gentle reader, are one of the 1500 or so people nationwide selected to participate in this survey, if you wish to register your opinion on this subject with the government, you are out of luck.  This is unfair, but all too symptomatic of a disheartening trend that has picked up the momentum of an avalanche in recent years.

The ideal of democratic government is that it is, in the words of Abraham Lincoln, "of the people, by the people, for the people."  The preposition in question here is "by."  Ultimately, the authority of government is to vest in the people governed.  The means by which this power is exercised in our type of government is through the legislative branch, meaning Congress.  Originally, the only role of the executive branch was to see that the laws were "faithfully executed." 

But beginning in the Progressive era of the early 1900s, a different view of government arose, which can be summarized as government by experts.  The basic idea is that modern life is too complex to leave governance solely to the slow, messy process of legislating laws.  Instead, new powers should devolve upon educated specialists in such fields as finance, technology and its regulation, commerce, and human relations, and we should allow these experts to make such rules as they think best—rules that have the full force of law.  So far, any agency of this type still holds before its face a mask of democracy, in that the agencies exercising such power have to be established by Congress.  But there are so many of them now that Congress can no longer exercise anything like proper oversight anymore.  The result is that executive agencies like the Department of Commerce and its divisions are left to their own devices and desires.

I will grant this to the Department:  in commissioning the survey I participated in, they are genuinely seeking the input of the public, or at least a sample thereof.  They didn't have to do that—as far as I know, they could just haul off and implement the new program they're considering without asking anybody, and we would all just have to live with it.  So they are at least making a gesture toward the idea of democracy.  But it is an ineffectual gesture, in my opinion.

As a part of the survey, I had an opportunity to "vote" for or against the program, and to give reasons for doing so.  But this "vote" is to real voting as hypocrisy is to holiness.  What if we "voted" to elect the President this way?  It would save tons of money and trouble.  Instead of the Electoral College and all that campaign fundraising and advertising and so on, we'd just hand the whole thing over to Abt SRBI, whose experts would come up with a carefully selected sample of 1500 or so voters, and the rest of us would just wait to find out the results, as determined by the experts.  So much more efficient—so much more scientific.

And so much more opposed to the basic notion of rule by law, and not by men.  One of the big reasons that the thirteen British colonies broke away from England was that they were being taxed by those whom they did not elect.  Based on the information I received during the survey, the proposed program would have done exactly that—nothing was mentioned about any enabling legislation.  This sort of thing happens all the time.  The Environmental Protection Agency's decision to categorize carbon dioxide as a pollutant is a shining example of how unelected bureaucrats can unilaterally proclaim costly regulations, and those injured are forced to undertake expensive legal battles as their only recourse. 

The Department of Commerce deserves one small cheer for consulting me about their idea.  But the whole executive branch gets a loud razz for continuing its drive toward government by bureaucracy that has compromised freedom and due process in this country so severely, that some days I wonder if we can ever get them back again.

Drones, Air Safety, and the FAA

On May 10, 2012, in the South Korean city of Incheon, an engineer from the Austrian company Schiebel was demonstrating to South Korean military personnel his firm's S-100 camcopter, a 150-kilogram remotely piloted drone aircraft that could assist South Korean patrol operations at the country's border with North Korea.  In the midst of the camcopter's flight, it suddenly veered out of control and crashed into the control van where the engineer was sitting, setting the van on fire.  Two Koreans were injured and the Austrian engineer was killed.  Speculation immediately arose that the loss of control stemmed from intentional jamming of GPS (Global Positioning System) frequencies by North Korea, which has caused numerous navigational problems in the area in the past. 

Drones, a term that includes helicopters, fixed-wing aircraft, and anything else that flies without a human on board, have played a major role in warfare for at least a decade.  But prices are falling and capabilities are rising to the extent that commercial and private interests are now wanting to use drones for a wide variety of applications, ranging from surveillance in domestic law enforcement to cargo transport.  Federal Express has even expressed an interest in using pilotless aircraft instead of manned cargo planes, for example.  But in an article in the November issue of Scientific American, two "drone-spoofers" from the University of Texas at Austin raise serious questions about the safety and legal aspects of using drones these ways.

Around the same time that the S-100 crashed in South Korea, UT researchers Kyle Wesson and Todd Humphreys took command of an $80,000 drone at the White Sands Missile Range as part of a demonstration to show how easy it is to distract such aircraft by sending out false GPS signals.  Because GPS signals are so feeble in most locations, it takes relatively little radio-frequency power to overwhelm the real signals from satellites with cleverly devised fake ones.  Once you have taken over the GPS receiver of a drone that relies on GPS for navigation (as many semi-autonomous drones do), you can lead it like a dog on a leash.  Wesson and Humphreys carried their spoof just far enough to show that they did indeed control the craft, and then a backup manual operator took control and landed it safely. 

This demonstration shows that while drones have gained greatly in technical sophistication and capabilities, including the ability to fly completely without manual control from a human operator, the regulatory environment has not kept pace.  The Federal Aviation Administration is charged with the responsibility of making U. S. airspace safe, first of all, then hospitable to air travel for both humans and cargo.  The outstandingly good safety record of air travel in this country is partly due to the FAA's conservatism with regard to changes in the basic way it does things.  

On a flight I took recently from New Jersey to Texas, the captain put the cockpit's air-traffic control channel on one of the audio channels at every seat, and I spent most of the flight eavesdropping as he checked in with a total of six or eight way-stations of the air along our route.  It was reassuring in a way, but at the same time I was impressed by the fact that such conversations would be completely familiar to a pilot who last flew in 1959.  The FAA follows the principle of "if it ain't broke, don't fix it," and they change their basic procedures about air-traffic control very slowly, if at all.  A major change from radar-based control to satellite-based control involving GPS is in the works, but the present system will remain in place for nearly a decade into the future.

Wesson and Humphreys worry that in the shift to the new system, drones will be left to fall between two stools.  If the new rules for air traffic control make no provision for drones, the whole field could be crippled by the absent-mindedness or hostility of legislators and regulators.  Already, several states have adopted anti-drone-surveillance laws arising from privacy concerns.  These laws would not directly impact the transportation aspects of drone use, but could severely handicap legitimate surveillance with drones.  If the FAA requires that licensed unmanned aircraft always be within visual sight of the operator, that would make drones unusable for most of the promising applications their developers hope to find.  But on the other hand, if it is really as easy as it seems for someone to take control of a GPS-equipped drone, there has to be some way to prevent that from happening if the public safety is to be protected from large, heavy machines falling out of the sky.

The FAA traces its history back to the Air Commerce Act of 1926, which charged the U. S. Department of Commerce with taking actions to ensure the safety of the then-novel field of air travel.  While Congress's delegation of authority to quasi-autonomous agencies has been abused in recent years, the FAA has by and large been a poster child for how a federal agency should behave, keeping safety uppermost in mind while restraining itself from issuing industry-crippling regulations.  It has accomplished this feat by embodying the best features of conservatism and by basing decisions on sound technical arguments as well as on politics.  It remains to be seen whether the FAA can manage to incorporate drones in its next major upgrade of the way it keeps people and things safe in the skies.

We are entering an era in which artificial intelligence and remote control systems are bidding fair to replace human transportation operators in many fields:  railroads, automobiles, and now aircraft.  It will be interesting to see whether those in charge of the FAA's safety regulations can adapt them to accommodate beneficial uses of remotely-controlled and autonomous vehicles without putting the public at undue risk of accidents.  How the FAA handles drones will be a test case for a number of other similar problems that will arise in the near future.

Sources:  The November 2013 issue of Scientific American carried the article "Hacking Drones" by UT Austin researchers Kyle Wesson and Todd Humphreys on pp. 54-59.  I referred to an article on the fatal South Korean drone accident at http://www.suasnews.com/2012/05/15515/ and a brief summary of the history of air traffic control in USA Today at

http://usatoday30.usatoday.com/travel/flights/2008-10-10-atc-history_N.htm, as well as the Wikipedia article on the Federal Aviation Administration. 

The Obamacare Website Rollout: Not What the Doctor Ordered

Software failures can have all sorts of bad consequences, ranging from minor annoyances up to and including death.  On that scale, the very public problems that people currently run into when they try to use the Affordable Care Act's website to buy federally-mandated insurance are somewhere in the middle.  (Since President Obama is on record as having no objection to the term "Obamacare" for the Act, I will use it too from this point on.)  To my knowledge, no one has yet died as a direct consequence of not being able to use the site.  But on the other hand, it's hard to think of another software-related issue that has garnered so much negative publicity in as short a time.  While there is plenty of blame to go around, the question I'm interested in today has to do with the ethics of software engineering, and what lessons this debacle can teach us along those lines.

Software engineering is a relative latecomer to the engineering fold.  There were only a few dozen programmable computers in the world as late as 1950, and the first U. S. undergraduate programs in software engineering were not accredited until 2003.  But few types of engineering involve the average non-technical customer more directly than the design of high-volume websites, which requires strategic and organizational planning as an essential aspect of the overall process. 

According to published reports, the rollout of the www.healthcare.gov website was something of a rush job.  For political reasons, the Oct. 1 deadline could not be postponed, and many changes were being made right up to the last minute.  Finally, there was little time for beta testing with a small group of friendly and informative users who could find problems in time for them to be fixed before the main rollout. 

I am glad I was not one of the people who worked on this website, but I can sympathize with them.  My last major engineering job before deciding to go back to school for my Ph. D. was with a firm that wanted to make cable boxes, the little thing that sits on (or now, under) your TV and selects channels.  The company had never made a large-volume consumer product before.  Up to that time, most of their customers were military and scientific users who paid plenty for a few hand-crafted instruments.  Despite the best efforts of our engineering team, the new box never worked right.  At one point I had a conversation with an older engineer who said, "I'm looking at your group and what I see is a bunch of trapped engineers."  I later learned that the company ended up recalling all the boxes from the field at a cost of six million dollars.  By that time, I was in grad school and dealing with problems of a different sort.   

Sometimes, engineers are placed in an impossible situation where even Superman couldn't deliver the goods as requested, and minimizing damage is about all you can do, at least to start with.  The Obamacare website was a large and complex project that everyone knew would both receive tons of traffic from all sorts of people, most of them technically unsophisticated, and would also draw intense media attention, much of it potentially hostile.  If it had been up to the software engineers, the project might have been "frozen" (no more major changes allowed) up to a year in advance of Oct. 1, and early versions would have gone through beta testing with larger and more varied groups of test subjects with plenty of time to work out the glitches before launch. 

Obviously, that didn't happen.  At the risk of sounding biased, I will state here that the way this project was carried out seems to reflect a mindset which is evident in other actions of the Obama administration.  The President and a circle of powerful like-minded people in the administration have a set of ideas which they all agree on as The Way Things Should Be.  Philosophically, they are idealists in the sense that they start with ideas, and then try to make reality conform to their ideas.  Evidently, the political people in charge of implementing Obamacare were coming up with more ideas for the website right up to the time that it was turned on, and disregarded the hard engineering realities of designing a website that must handle many millions of users who are faced with a fine if they don't sign up for insurance through the site by the end of the year. 

The problem with philosophical idealism is that it sometimes collides with reality, and in such collisions, reality always wins.  In such encounters, idealists may or may not learn the error of their ways.  Of necessity, they end up doing what reality requires them to do, but often in a way that is inefficient, expensive, and more trouble than otherwise.  A new deadline of November 30 has just been announced as the day by which www.healthcare.gov will be working.  Jeffrey Zients, the Chief Performance Officer of the United States, is now in charge of fixing it, and has declared publicly that "Healthcare.gov is fixable."  Any system that is not physically impossible is fixable given enough time and resources, but only time will tell whether Zients and his underlings can get the repairs done on time.

But the rocky startup has added more fuel to the fire of ill feeling that the U. S. public in general harbors toward the federal government.  In a poll by the Pew Research Center for the People and the Press released last week, only 19% of those polled said that they trust the government in Washington to do what is right just about always or most of the time.  Before about 1970, most people did have such trust, but the trend since the early 1960s has been downward, falling below 50% around 1973 (the peak of the Vietnam War) and has risen above 50% since then only once:  right after 9/11/2001 and the first war in Afghanistan.  The fact that most people in the U. S. no longer think that their government can be trusted in this way goes beyond partisan politics to signal deep structural problems in the way power is allocated and used.  This is much more than a problem in engineering ethics, but engineers have to deal with it like everyone else.  And those working on www.healthcare.gov bear a particular responsibility to exhibit leadership in the days to come.

Sources:  An article published online on Oct. 25, 2013 by Robert Pear and Sharon LeFraniere at http://www.nytimes.com/2013/10/26/us/politics/general-contractor-named-to-fix-health-web-site.html describes Jeffrey Zients's statements about the proposed repair of www.healthcare.gov by Nov. 30.  I also referred to the Wikipedia article on Jeffrey Zients.  Information on the history of accredited software engineering programs was taken from Chapter XIII, "Software Engineering Accreditation in the United States," by J. McDonald, M. J. Sebern, and J. R. Vallino, in Software Engineering: Effective Teaching and Learning Approaches and Practices, H. Ellis, S. Demurjian and J. F. Naveda, (eds.), Information Science Reference, 2008.  The statistic on public confidence in the U. S. government was published online by the Pew organization at http://www.people-press.org/2013/10/18/trust-in-government-nears-record-low-but-most-federal-agencies-are-viewed-favorably/.