Monday, March 30, 2020

Welcome to the All-Digital Economy


. . . and how's that working out for you?

The United States, along with many other industrialized nations, is currently engaged in a large-scale experiment that is in some ways the realization of the fondest dreams of a small but influential segment of the population.  For some time now, many investors, as well as leaders of the dominant high-tech companies—Facebook, Apple, Amazon, Netflix, Google, etc.—have strived to move us toward an ideal future in which all human interaction and economic activity would take place by means of digital platforms—owned and operated by them, of course.  This ideal world would consist of two classes:  the small symbolic-manipulator elites of owners, designers, and engineers who create and operate these platforms and profit mightily therefrom; and the masses of consumers whose only useful function is to use what the platforms provide. 

Well, the shelter-in-place orders that affect about half the U. S. population and have shuttered all non-essential businesses have violently catapulted us into this ideal future in a matter of a couple of weeks.  And so far, the results are not good.

Yes, a few lines of business have benefited:  food-delivery services, the online videoconferencing system Zoom, and those who provide binge-watched TV series.  But we have also seen the largest number of applications for unemployment benefits in history (over 3 million last week), a stock market slide resembling an avalanche, and a level of economic uncertainty that has no parallel in living memory. 

I have the privilege of knowing one of the few people in the U. S. whose weekly routine has been almost completely untouched by these events.  He is not a resident of a desert island, nor a fantastically wealthy hermit living in an isolated compound with years worth of supplies.  It's just that for years now, he has been following the shelter-in-place rules by choice.  This relative of mine acquired enough funds to retire about twenty years ago, and chooses to live by himself and spend most of his waking hours online in chatrooms, watching YouTube programs, and viewing the occasional sports show on TV.  He ventures outside once a week or so for grocery shopping, but other than the occasional medical problem, he has no other human contact, and likes it that way.  The only inconvenience he has experienced so far from the coronavirus restrictions is that he had to go to four grocery stores last week to find bread—the first three were sold out.  But other than that, his lifestyle is largely undisturbed.

A nation can afford only so many people like my relative.  It's a free country, so far, and so if a person chooses to cut himself off from society like that, he is allowed to do so.  But we are currently experiencing what happens when he is joined by dozens of millions more forced to live that way.  Yes, we're glad there are such things as Zoom, Netflix, YouTube, and for that matter, cellphones, electric utilities, and water supplies.  But we are also finding out by direct experience that a vast part of our economy consists of embodied people going places and being together to do useful and entertaining things.  And when you cut that part out, everybody suffers in one way or another—the subsistence-wage person who loses the low-wage service job at a restaurant or movie theater, to the wealthiest investor who has seen his net worth decline by a third recently. 

Underlying the prejudice in favor of digital everything, and the corresponding disdain for people and industries that make things rather than bitstreams, is a kind of Gnostic dualism.  The Gnostics were sects popular in the early years of the Christian era.  One prominent branch of Gnosticism believed that the universe was divided into a good spiritual part and a bad material part.  Because the physical human body was material, they disdained it and believed that the real person was a good spirit who just happened to be imprisoned in a decaying material body.  The goal of life was to free yourself from the body and all its trappings, and rejoin the other good spirits after death.  Or something like that.

Well, we are finding out what happens when we all become temporary Gnostics, and eschew as much human contact with each other and with our physical workplaces as we can.  The distant goal of having everybody exist mainly online as an anticipation of the day hoped for by transhumanists (a popular movement in Silicon Valley) when we can all free ourselves from our mortal biological "meat cages" and live forever as software, has just jumped into our laps without being invited. 

The fact is that human beings are creatures that don't just inhabit bodies:  we are bodies, but we are also more than our bodies.  We are also immaterial minds, but a mind without a body is incomplete, as is a body without a mind.  Any rational political economy will acknowledge this fact, and will plan for a future that includes bodies as well as minds—full human beings interacting in accordance with human nature, which—despite the last few hundred years of innovations in philosophy, science, and culture—has not changed. 

We as a nation will get through the coronavirus pandemic somehow, though not without serious losses that could have been mitigated with more foresight.  But the experiment we are now undergoing of trying to live all-digital lives holds lessons for us that we can all profit from, and I don't mean just dollars and cents. 

Here's an idea:  if your life has been disrupted by the pandemic, start writing a list of things you miss from back before the pandemic began.  Ask yourself why these things were important.  And when things get back to whatever the new normal will be, don't lose the list.  Ask yourself, and ask your leaders, what things we have chased after too hard, and what things we have neglected.  And then let's try to apply the lessons that this experiment is teaching us, before we forget about the whole thing and go back to the mistakes we were making before.

Sources:  The 3 million unemployment compensation applications recorded for the week of Mar. 22-28, 2020 were reported in numerous sources such as The Guardian at https://www.theguardian.com/business/2020/mar/26/us-unemployment-rate-coronavirus-business.  I also referred to the Wikipedia article on Gnosticism. 

Monday, March 23, 2020

Conditions On the Front: The Clinical Lab Test for the COVID-19 Virus


Rodney Rohde is the head of the Clinical Laboratory Sciences department at Texas State University here in San Marcos.  His department is where people go to learn how to run the horrendously complicated tests that clinical labs do, such as the CDC 2019-novel coronavirus (2019-nCoV) real-time RT-PCR diagnostic panel.  That's the official name for the CDC's test for the coronavirus.  I wouldn't know even that unless Rodney had directed me to the CDC website, where you can download the entire 48-page instruction sheet for using the test.

This is no dip-the-stick-and-look-at-the-color test.  First you have to get the reagents, which were in short supply, and according to some reports, some early sets of test kits were defective.  (Some day, when everything goes back to the new normal, whatever that is, somebody will dig around and find out exactly what went wrong.  But not right now.)  Assuming you've got a good set of reagents, and a clean-room-quality lab that has been disinfected from any kind of biological stuff that could contaminate the phenomenally sensitive test, and a 96-well cold plate at -20 C, and an Applied Biosystems 7500 Fast Dx Real-Time PCR System with SDS 1.4 software, and "molecular-grade water," whatever that is, and a bunch of gloves, gowns, pipette tips, centrifuges, and a lot of other expensive and delicate equipment, you can start doing the test—that is, if you know what you're doing, which means you have to have passed courses in Prof. Rohde's department or equivalent.  There are not that many of such trained people around.

A lot of these reagents have to be kept at -20 C or colder because the heart of the operation, the polymerase chain reaction (PCR) that doubles the number of virus-derived DNA molecules for every heating-cooling cycle, is temperature-sensitive. 

Imagine following an instruction sheet for assembling an IKEA table, directions for installing new software on your computer, and filling out your own long-form tax return all at once, while balancing a spoon on the end of your nose.  That's easy compared to running this test.  Of the 48 pages, 23 are the actual instructions of how to run the test, down to which button to press and where not to put the labels on the test vials.  Each sample produces some lines on a logarithmic graph that rise with each cycle of the doubling reaction.  A positive result is when two of the lines cross a threshold after 45 cycles.  Did I mention that each heating-cooling cycle takes several minutes and has to be controlled in temperature extremely closely, or else the whole thing screws up and you have to start over?  Once you've loaded the samples into the machine after doing a bunch of fiddly aliquot combining and dilutions and agitations, the machine runs for an hour and twenty minutes, and if you've done everything right, you get valid results.  But if one of the quality-control checks indicates contamination or some other problem, the whole set of tests has to be thrown out and you start over.

It takes a very particular type of person to do this fantastically complex yet repetitive stuff correctly day after day, week after week.  My friend Rodney is one such person, and we who are anxiously awaiting the next phase of this crisis should pause to thank every clinical lab worker who is doing this kind of job.  They are probably not pausing from work right now for anything except to eat or sleep every so often.  The amazing thing is not that the CDC sent out some defective kits early on, but that the whole complicated rigmarole ever works at all.  But it does, and many lives depend on how well, and how fast, and how many tests are done right in the coming days and weeks.

As others have said, the U. S. lost precious time in early February when the first COVID-19 cases showed up here.  The winner in this regard is South Korea, as The New Atlantis editor Ari Schulman points out in an editorial posted at that journal's website.  I can endorse his opinion, because what convinced me that the U. S. was basically flying blind in this crisis was a chart I found a week or so ago that described the number of COVID-19 tests administered per million population as of March 11.  The leader was South Korea, with I think several hundred per million.  The U. S. was about the lowest on the list, with only 23 per million population tested by then.  That meant we had no idea who had the disease, comparatively speaking.

Schulman says that the South Koreans never had to shut down their country, because they did three things early enough:  (1) They performed massive testing of both ill people and well people who thought they might have been exposed; (2) officials performed rigorous contact tracing to find the sources of the infection and tested them too; (3) infected persons were rigorously isolated until they recovered.  South Korea is now on the downhill side of their new-infection curve.  They continue to be highly vigilant, but life was never shut down there like it is being shut down here, and it looks like they won't have to do that at all.

We do, because, well, never mind why.  Recriminations are pointless.  Schulman's main point is that we need a definite criterion from our national leaders as to how we will know when we can ease up on the national shutdown.  Is it that new COVID-19 cases are decreasing?  That essentially no new cases are showing up?  Or what?  He's concerned that if the shutdown goes on indefinitely, a backlash will happen that could be worse than doing nothing.

In the meantime, you now have a wide choice of online church services to attend.  Prayer has never been more popular online. Some people are saying that this whole thing is going to be what unites us as a country again.  God has a way of doing good things with bad situations, and that would be a welcome outcome.  But first we have to get through it, and here's hoping and praying that those who are performing the critical testing can do their jobs rapidly and accurately, and that we use the test results to end the epidemic sooner rather than later.

Sources:  The official instruction sheet for the CDC test can be downloaded at https://www.cdc.gov/coronavirus/2019-ncov/lab/index.html.  Ari Schulman's editorial can be viewed at https://www.thenewatlantis.com/publications/whats-the-plan.  South Korea's downward new-case curve can be viewed at https://www.worldometers.info/coronavirus/country/south-korea/.  And I thank Rodney Rohde for replying to my query in the midst of his hurricane of a life right now. 

Monday, March 16, 2020

Hiding In Plain Sight: Foiling Face-Recognition Technology

The government of China has invested billions of dollars and years of effort in creating a facial-recognition database of as many of its 1.3 billion people as possible.  Their goal is social control:  to keep tabs on every individual and to make sure anyone doing anything the government doesn't like will at least worry about being caught.

But those of us in the U. S. and Europe shouldn't simply sigh in relief that our governments don't do such things.  Facebook and Google are virtually everywhere, as are closed-circuit TVs (CCTVs) and dashcams, not to mention smaller companies such as ClearView that are focused on selling facial-recognition technology to law-enforcement agencies.  It is hard to go more than a few feet in most cities these days without your image, or the license plate of your car, being converted into an electronic form that can reveal your identity and location. 

In a recent issue of The New Yorker, reporter John Seabrook describes how some individuals and researchers are fighting back with what amounts to digital-surveillance invisibility gear.  This equipment doesn't make you invisible to ordinary people, who might just think you have a fondness for eccentric outerwear:  shirts with images of random license-plate numbers, or even fuzzy-looking artwork that might be a traffic signal painted by Monet.  But the same artificial-intelligence (AI) researchers who came up with the powerful facial-recognition software in the first place have found that some of the same AI techniques can be used to produce patterns that, if worn on the body or applied to the face, confuse facial-recognition software to the point that as far as it's concerned, you might as well not be there.

Admittedly, the average person in the U. S. is probably unaware that CCTV  cameras can track your every move, because the data thus generated is currently used mostly for commercial purposes:  optimizing online ads, for example, by figuring out what kinds of people look at certain store displays and so on.  But residents of China and other places where systematic government spying using facial recognition is a part of everyday life have already adapted their behavior to the fact that anything they do outside their own homes (and maybe inside, too) is probably known to the government.  It's the Big Brother of George Orwell's dystopian novel 1984 realized, not just in an isolated experiment or two, but over most of the most populous nation in the world. 

In today's interconnected, hyper-monitored, Internet-of-Things world, the ethical concept of privacy is a soiled and tattered thing.  Every time you sign up for a "free" service such as Facebook or another social-media platform that involves images, you are obliged to lie that you have read and understood a ream of legalese that it would take several lawyers a long time to understand thoroughly.  Buried in that legalese is probably verbiage that allows the company to do effectively whatever it wants to with your pictures.

I attended a seminar on ethics and technology recently at which philosopher Eric T. Weber argued that some day, a clever lawyer may file a class-action suit on behalf of all of us who have thus signed our rights away.  His point was that assent without understanding is not assent, and compared the situation to the concept of informed consent that subjects of medical experiments have to grant.  If you don't understand what the doctors are going to do to you but say it's okay anyway, that is not regarded as informed consent. 

Prof. Weber also pointed out that European laws are more advanced in this regard, in that the presumption there is that a person owns the data they generate until they intentionally let go of it.  That's a nice theory, but the minute you set foot on public property—a road, a sidewalk, even a shopping mall—the fact is that you are liable to have your picture taken.  And with the way AI has proliferated, you are liable to be recognized and categorized, even if the data is supposedly "anonymized" so that identifiable individuals cannot be picked out.

The whole thing uncomfortably reminds me of something that began during World War II and continues today:  the continuing rivalry in what are called electronic countermeasures (ECM).  As soon as someone invented radar, someone else invented a way to fool radars, and the game has continued ever since.  But that game is played by sophisticated adversaries with access to billions of dollars of research and development funds. 

What chance does an ordinary person with no AI knowledge or skills have to defend themselves against the nosiness of a Facebook, Google, or ClearView?  Up till now, virtually none, unless you just self-isolate at home indefinitely (pardon me for letting that phrase creep in, but I couldn't keep the coronavirus out of this blog entirely).  But clothing and accessory designer Kate Bertash, profiled in Seabrook's article, now sells ready-to-wear "anti-surveillance" items from her small studio in Los Angeles.

The right to privacy is something that any democratic government should respect and defend, rather than ignore or even destroy, as the government of China appears to be doing.  But privacy is one of those subtle rights that you may not miss if it is slowly and gradually chipped away, until one day you suddenly find that you need it and it's gone.

It's gratifying to know that at least some researchers and retailers are waking up to the problem of omnipresent surveillance and trying to do something about it.  And it isn't just bad actors who want to evade facial-recognition systems.  In the words of the U. S. Declaration of Independence—"life, liberty, and the pursuit of happiness"—liberty implies the freedom to do all sorts of innocent and licit things without being concerned that your actions will result in consequences you don't want, either from unwelcome government intervention or from commercial entities exploiting their knowledge about you to sell you things.  It's a shame that people even have to think about AI-generated invisibility cloaks, but such are the times we live in. 

Sources:  I referred to the article by John Seabrook, "Adversarial Man," on pp. 44-51 in the Mar. 16, 2020 New Yorker.  Eric T. Weber is an associate professor in the Department of Educational Policy Studies at the University of Kentucky, and appeared in a panel discussion entitled "Can Ethics Keep Pace with Technological Change?" hosted by the Texas State University Department of Philosophy on Mar. 12, 2020.

Monday, March 09, 2020

To Brick or Not To Brick: When What You Buy Isn't Really Yours

Mood lighting isn't really my thing, but a number of consumers have bought something called a Hue smart lighting system from the well-known lighting manufacturer Philips.  For maximum enjoyment, you buy a Hue Bridge and connect it to the Internet so it both controls your lights and interacts with some online resources operated by Philips.  For people who get a thrill out of dimming their living-room lights while they're still at work, I suppose this is as good as it gets.  But early adopters who bought the first version of this system up to five years ago are in for an unpleasant surprise, according to Matthew Gault, writing at www.vice.com.

Next month, Philips will cease supporting Version 1 of the Hue Bridge, which means it will then be vulnerable to security issues and the online services won't work anymore.  To retain the full functionality of your system, which can include up to 50 bulbs if you went whole hog with every light in your house, you have to buy a new $60 Bridge and start over registering all your light bulbs and changing accounts and I don't know what all.  My life is complicated enough without having to register light bulbs, so my sympathies are with the unfortunate owners of what are now legacy Hue systems that either have to upgrade or go back to kerosene lanterns (not really).

Gault points out that this is just one example of a larger trend:  the increasing tendency of companies to treat hardware like software, which nobody really buys.  If you hire a lawyer to render that fine-print boilerplate nobody ever reads before saying they've read it in order to use new software, he or she will tell you that you don't own the software even if you pay thousands of bucks for it.  All you get is a license to use it, and the term of the license can vary from indefinitely to a very short time indeed. 

Apply this notion to hardware, and you get such situations as Gault describes with another smarthome company called Revolv.  For a couple of years, Revolv was doing well selling smarthome systems, and then a subsidiary of Google bought Revolv and unilaterally shut down the service in May of 2016, leaving people with hundreds of dollars' worth of useless hardware.  Gault uses the word "brick" as a verb when describing this charming behavior, as in, "They bricked my phone" meaning to disable remotely—to turn a useful piece of electronics into something as useful as a brick. 

Faced with such an eventuality, consumers don't have much recourse.  Suing over the price of a piece of consumer electronics is not cost-effective.  Class-action lawsuits are possible, but that works only if there is a reasonable possibility of a large-enough payout if the defendant loses, so that the lawyers for the plaintiffs, who typically work on a contingency-fee basis, can recoup their expenses and make a profit.  Unless someone is actually physically harmed or otherwise injured, such civil suits rarely succeed.  Having your smart speaker or smart light bulb quit working does not pull on the heartstrings of juries, especially juries of people who can't afford such niceties.  So most consumers on the short end of sticks like this will just grumble and swear not to buy anything from that company again—unless it's somebody like Google, whose services and products are getting to be almost as ubiquitous as water and air.

Where does this leave the companies morally?  Suppose this was the Middle Ages, say, and we're looking for a situation in human relationships comparable to what these companies are doing by bricking or ceasing to support their products.  This may sound extreme, but the only thing I can think of that's comparable is a raid:  to be specific, a Viking raid on an English coastal town.

Say you're a fisherman, minding your own business one day and mending your nets.  You've managed to accumulate a small number of useful objects:  cups, bowls, maybe some jewelry for your wife—imagine whatever would equate to an upper-middle-class living in, say, 900 A. D.  All of a sudden, you see ships on the horizon, and you know they're Vikings.  And you know what's going to happen next.  You can kiss all your nice things good-bye, and maybe your wife and your life as well.

Now, Google or Philips doesn't rape your wife and burn your house down.  But when they brick or otherwise reduce the functionality of their products, they do take something that you thought was yours, and they don't give anything in return.  In their defense, the companies would say that they delivered a certain amount of service over the useful life of the product, but surely we didn't expect the device to work forever, did we? 

That's a hard question to answer.  As I get older, my perspective on technological progress has changed, possibly because I've seen so many technologies come and go:  8-track tapes, videotapes, cassette tapes, floppy disks, CRT displays. . . . For some reason, the image of a spoiled child picking up and then discarding one new toy after another comes to mind.  Sometimes he tires of the toy and throws it down and demands another.  Other times, the toy is taken away before he's finished with it and he throws a tantrum.  But he's never truly happy or content either way.

Unless we all become lawyers and refuse to buy anything without executing a custom-written contract with every company we buy from, specifying the term of service we expect from their products, we will continue to be the spoiled children playing with toys whose usefulness is at the whim of the manufacturer.  There are too many lawyers as it is, and I also agree with Gault when he says that governments don't seem willing to be the playground supervisor who enforces fair play. 

So a phrase that dates from even longer ago than the Middle Ages seems appropriate here:  caveat emptor.  The buyer should beware that any product involving software, which is increasingly almost any piece of electronics these days, may up and quit on you at any time—not because it breaks, or because you misused it, but because its maker found it uneconomical to keep it going.  And you'll just have to deal with it if it does.

Sources:  Matthew Gault's article "Philips' Internet-Connected Lightbulbs Will No Longer Connect to the Internet" appeared on Mar. 6, 2020 at https://www.vice.com/en_us/article/jgead4/philips-internet-connected-lightbulbs-will-no-longer-connect-to-the-internet.  The announcement Philips made about the Hue Bridge is at https://www2.meethue.com/en-us/support/end-of-support-policy, and the story about bricking the Revolv smarthome systems is at https://www.theguardian.com/technology/2016/apr/05/revolv-devices-bricked-google-nest-smart-home.

Monday, March 02, 2020

Dry Ice and Indoor Pools Don't Mix


Being retired from outside work, my wife has time to follow some peculiar news feeds, and last night she told me of a bizarre accident that killed three and injured several others. 

Ekaterina Didenko is a 29-year-old mother of two and internet influencer.  According to news reports she is a "qualified pharmacist" and has attracted over a million followers of her comments about medicines and related issues. 

For her 29th birthday, her husband Valentin, an IT specialist, had what he probably thought was a great idea:  he would rent a sauna room in a sports complex in Moscow, where they lived, and throw some dry ice in the pool to make cool-looking vapors.  The couple and their friends being internet-savvy and addicted to constant self-documentation, there are plenty of pictures online showing Ekaterina holding "2" and "9" balloons, shots with her husband Valentin against romantic backgrounds, and a video of someone, possibly Valentin, in full haz-mat gear throwing 25 kg (about 60 pounds) of dry ice into the small enclosed pool (we're talking Moscow in the winter here, so the only swimming most people do this time of year is in indoor pools). 

As Valentin hoped, the pool started to boil with clouds of water vapor, and Valentin and a few friends jumped in.  Then things started to go horribly wrong.

Carbon dioxide (CO2) is an inert, colorless gas, and is produced by the human body during respiration.  But it will not support life, and if you try to breathe pure CO2 for more than a few seconds, you will pass out through lack of oxygen. 

It's a fairly easy matter to calculate how much CO2 gas 25 kg of dry ice will produce.  The result is about 14 cubic meters, which is enough to fill a 5 by 5 meter room (about 17 feet square) up to a depth of 50 cm, or almost two feet.  And it would be at the lowest level in the room, because CO2 gas is heavier than air.  I don't know exactly how large the room was, but the photos I have seen indicate it was fairly small, and the pool would have probably been below the level of the floor in any case.

Even if all the dry ice didn't vaporize at once, there would soon be enough to cover the surface of the pool, which is where a swimmer's nose and mouth are.  Poor Valentin may not have fully realized what he'd done before the lack of breathable air caused him to pass out while still in the water.  He and two of his guests died of asphyxiation, and Ekaterina and several more friends ended up in a hospital with severe breathing problems. 

My sympathies are with Ekaterina, her children, the relatives and friends of the others who died, and everyone affected by this tragedy.  It's especially ironic given that it arose from a desire to please a loved one who was evidently known and admired by many people. 

That being said, it's nevertheless remarkable that no one apparently realized the dangers involved in what they were doing.  One hopes that degrees in IT and pharmacy include some training in basic chemistry and physics.  It's possible that somebody at the party at least had doubts that dumping 25 kg of dry ice into a warm pool of water in a small enclosed room was a good idea.  But something took place that day which is at the root of many technological and engineering mishaps:  a reluctance to be a party-pooper. 

Imagine that you were at the party and had at least grounds to suspect that this much dry ice could cause dangerous concentrations of CO2.  What would you have done?  Jumped in front of Valentin and cried, "Don't do that!  It's dangerous!"?

In the midst of a celebratory atmosphere and where alcohol was involved, such an action would not only be psychologically difficult.  Unless you're the perennial wet-blanket type who enjoys spoiling other peoples' fun (in which case you probably wouldn't be invited to the party in the first place), it would be hard to let the calm, rational part of your mind overrule the fun-loving, go-with-the-flow part and spoil the treat that Valentin had obviously invested a lot of time and money in.  Even if you'd managed to voice concerns, it's quite possible you'd be shouted down by the others and the accident would have happened anyway.  Your only consolation then would have been to be able to say, "I told you so."

One term for this effect is "groupthink":  the tendency of a group of people bonded by emotional or other ties to seek consensus even in the face of rational arguments to the contrary.  It's responsible for many engineering tragedies that could have been averted if someone knowing the facts had been able to persuade others that the course the group was taking was wrong. 

From photos of the incident reproduced in the news reports about it, Valentin and his friends were aware that dry ice was dangerous, but seemed to think that the main danger was in contacting it (hence the haz-mat outfits).  While it can cause painful burns, and apparently some guests were injured that way, extreme cold is not the only hazard dry ice can produce, as everyone involved in this incident now knows to their regret.

It is a tragedy that three people died and more were injured in an entirely preventable accident.  But the wide publicity it is attracting can serve a good purpose.  If it ever occurs to anybody else to dump a lot of dry ice into an indoor pool, anyone who has heard of this accident can now recall it to mind and say, "Gee, didn't some Russians die after somebody tried this very thing?  I don't think we ought to do that."  And next time, there's a good chance that other people will listen to the party-pooper.

Sources:  One media outlet (www.news.com.au) points to the U. S. Sun as the source of the English-language report on this tragedy, but no report I was able to locate mentions the date on which it occurred, which was presumably late February, possibly Feb. 28 or 29.  I referred to the Sun's report at https://www.the-sun.com/news/470891/three-killed-and-seven-fighting-for-life-after-being-poisoned-at-instagram-stars-pool-party-steam-show/ as well as reports from https://www.news.com.au/technology/science/russian-mummy-blogger-ekaterina-didenko-distraught-after-three-die-at-her-birthday-party/news-story/edc5e34edd7d7701fb1586925c4952e2 and

Monday, February 24, 2020

Divided Loyalties: The 737 Max Warning Light Glitch


In the sixth chapter of the Gospel of Matthew, Jesus is quoted as saying "No man can serve two masters; for either he will hate the one and love the other, or he will be devoted to one and despise the other."  The context is the impossibility of serving both God and mammon (money), but one does not have to be a Christian to recognize the shrewdness of Jesus' observation that divided loyalties sooner or later lead to trouble. 

A report from Bloomberg News this week makes this saying particularly relevant to the ongoing woes of Boeing Inc., whose 737 MAX airliner is still grounded after two fatal crashes led to investigations revealing serious problems with the plane's software.  Now it appears that a warning light which could have helped mechanics fix the problem that contributed to the crashes wasn't even working, again due to software problems.

As we have mentioned in this blog before, both the Indonesian Lion Air crash in October 2018 and the Ethiopian Airlines March 2019 crash occurred when problems arose with the angle-of-attack sensors.  Specifically, one of them malfunctioned, and as a result, the defective software responded by essentially flying the plane into the ground, despite the pilots' efforts to stay aloft.  The warning light in question would have illuminated if the two angle-of-attack sensor readings disagreed, showing that one of them had a problem.  An alert pilot might have gotten a mechanic to fix the problem, which would have avoided the issue that led to the two fatal crashes.

But due to a separate software glitch, the warning light turned out not to work unless the customer also asked for an optional display showing each angle-of-attack sensor reading independently.  And 80% of 737 MAXes sold did not have that option, and so also had a defective warning light.  It's a little like if you ordered a car and found out that unless you also asked for optional fog lights, your brake lights wouldn't work. 

By itself, the sensor disagreement warning light's malfunction was not a safety violation.  But in a letter written to Congress last July, the U. S. Federal Aviation Administration (FAA) acting head Daniel Elwell said, "A manufacturer cannot alter the airplane’s features after it has been certified."  The FAA is contemplating assessing fines against the company, and such fines can range up to the tens of millions of dollars.

That is a comparative drop in the bucket in relation to the estimated $18 billion that the firm has lost so far in the 737 MAX debacle since that fleet was grounded last year.  But the details of how Boeing discovered the warning-light glitch back in 2017 and decided not to fix it immediately reveal the glaring defects in a practice that the FAA decided to halt last November:  allowing Boeing-paid engineers to act as FAA inspectors for certain aspects of the certification and approval process.

Regardless of the details, the intended relationship between the FAA and private airplane manufacturers such as Boeing is inherently adversarial, to the extent that the point of having a regulatory agency is to ensure that the entity regulated doesn't get away with murder, or its corporate equivalent.  A simple example is the state of food manufacturing and sale in the U. S. prior to the establishment of the U. S. Food and Drug Administration, the history of which can be traced back to 1906.  Before then, it was perfectly legal to sell candy colored with arsenic-containing dyes to children, or fruit with traces of the arsenic-containing insecticide Paris green.  Once laws were passed against such abominations, the laws had to be enforced, which meant that chemists and inspectors paid by the government went out, collected samples, and tested them for harmful ingredients.  If found, the government used the evidence to levy fines and other penalties against the firms, and the U. S. food supply took a notable turn for the better.

But note that the integrity of the inspectorate—those charged with checking the output of the private manufacturers—owed their livelihood not to the manufacturers directly, but to the government.  This is a sound principle to ensure against corruption and divided loyalties, but one that was neglected when Boeing convinced the FAA to allow some of its employees to do inspections that the FAA would normally undertake.

According to the Bloomberg report, one such "inspector"—a Boeing employee authorized by the FAA to decide such matters—chose to let the warning-light glitch go until a future software update rather than issuing an immediate order to repair all the defective planes.  A clearer case of letting the fox watch over the henhouse would be hard to find. 

This lax procedure is probably not unrelated to the fact that Boeing is the only U. S. maker of large commercial aircraft.  Its only serious global competitor is the European combine Airbus.  If there were three or four viable U. S. airline manufacturers, the FAA would be in a stronger position to levy serious and even firm-threatening penalties against Boeing, the reason being that the other hypothetical firms could take up any slack and still allow the U. S. airline manufacturing business to function. 

But both Boeing and the FAA know that is not the case, and that whatever Boeing does, the FAA isn't going to do anything on its own that would threaten the company's existence and put the U. S. out of the international airliner business. 

There are many bad things about monopolies, and one of the worst is that they encourage laziness, both on the part of the monopoly itself and on any agency charged with keeping an eye on it.  In surrendering some of its authority to Boeing employees, the FAA preserved the appearance of vigilance while relinquishing the reality.  When it ended such cozy arrangements last November, it took a step in the right direction of putting a respectable distance between itself and the industry it is charged with regulating.

But cultures and perceptions do not change overnight, and both Boeing and the FAA have a long way to go before they recover some of the public trust that went down in flames in the 737 MAX crashes. 

Sources:  The Bloomberg report on the prospect of FAA fines for the warning-light glitch was carried on the Fortune website on Feb. 21, 2020 at https://fortune.com/2020/02/21/boeing-737-max-warning-light-new-faa-fines/.

Monday, February 17, 2020

Will FIDO Make an End to Passwords?

Anybody who spends much time online these days, which is nearly everybody, wastes a certain amount of time and endures more or less annoyance in entering passwords.  An industry alliance called FIDO (for Fast IDentity Online) promises to make passwords a thing of the past.  But before that happens, there are both technical and social obstacles in the way.

Founded in 2013 by PayPal and other companies wishing to make it easier for people to log in to their sites, FIDO works by collapsing all the different password-validation operations for the sites you use into one device-specific process.  That would be a great improvement over the way things are now, as I will illustrate with a personal example.

Say I want to do the following:  check my bank balance, buy a component from a supplier in a hurry, log in to my university email,  and change a file on my class website. 

Right now I'd have to perform these steps flawlessly: (a) log on to my bank's website and enter two separate passwords which have nothing to do with my other passwords, and therefore are not that easy to remember (b) hunt up the place on my computer where I hide all the dozens of vendor passwords I've accumulated over the years by remembering the name of the file I hid it in, and typing the password into the vendor's website (c)  type in a long sequence of letters, some of which are capitalized, that the university recently made us switch to from an old shorter password, and hope I get it right, which I still do only about 80% of the time; (b) and for the class website, I have to do a two-step verification involving not only the previously mentioned new long password, and also either asking the computer to call my office phone (which is fine if I'm in the office) or letting me enter a six-digit number from a dongle they sold me, which works fine until I accidentally press its button two or three times without using the numbers, which I do from time to time because it's on a keychain in my pocket, and then it loses sync with the computer, in which case I have to phone IT support and spend ten minutes or so waiting for them to hunt up the one guy who is authorized to re-sync dongles, and I read out three numbers in sequence to him, with thirty-second pauses in between.  Then I can go back, log in, and change the file on my class website.

This is not to knock the university's IT people.  They are understandably concerned about security, and within their limited resources they have come up with the best password protection they can figure out.  And admittedly, if I would just break down and buy a smartphone I wouldn't have to fool with the dongle. 

But the dongle is one of the technical hurdles FIDO will have to overcome in its march to eliminate passwords.  As I understand it from the FIDO Alliance website, once FIDO achieves universal buy-in, all password requests would be dealt with the same way.  If you have a smartphone that does fingerprint verification, the same fingerprint will work for every website.  If you do dongle verification, or smart-card verification, or voice-recognition verification, that same method will work for everything.  The method used will depend on the device that the user has access to. 

For old duffers like me who spend at least as much time using a laptop to access the Internet as I do with a phone, this prospect is not so encouraging, because it means to take advantage of FIDO, I'd have to be using the same device all the time.  Or at least it seems to mean that.  But the global trend is toward using mobile phones for just about everything, and newer computers tend to have the hardware and software needed for fingerprint ID or similar biometric methods, so this issue will not be so serious going forward.

The social issue I mentioned is the simple fact that for FIDO to work, the websites all have to be able to take the FIDO "public-key cryptography" stuff that the user's device sets up.  And all the user-device makers have to make FIDO available on their devices.  Fortunately, the upsides to most parties involved way outweigh the downsides, which is why the people in charge of the Android operating system have recently upgraded their buy-in so that it will work with mobile browsers, according to a recent article on the Wired website.  So progress is being made in that area.

For people and organizations unable or unwilling to do FIDO, there will still be the old-fashioned password, which brings back to my mind scenes out of 1930s' movies about Prohibition, where someone desirous of booze would appear before a door with a peephole in it and murmur, "Joe sent me."  Perhaps back then the formality of a password just added to the underworld glamour of obtaining illegal hooch.  But these days, when accessing multiple websites in a day is as routine as walking through multiple doors in a day, passwords have become a digital albatross around our collective necks that we would be more than happy to get rid of.

As is always the case with advances in widely used technology, somebody will figure out a way to hack FIDO.  The obvious weakness to me is the fact that with FIDO, all one's security eggs will be in one basket, so to speak.  Right now, if somebody hacked my bank password, for example, I might wake up broke tomorrow, but at least I could still make a secure purchase from Etsy—if I had any money.  But if FIDO becomes universal and someone manages to hack into your FIDO verification system, they can get into everything your current passwords give you access to, all at once. 

I'm sure the FIDO wizards have thought of this possibility and will try to deal with it somehow.  As long as FIDO will work better than my hardware dongle, I'm all for it, but it looks like it will be a while before it gains the degree of acceptance that would make a real dent in our need for remembering, typing in accurately, and dealing with the downsides of plain old-fashioned passwords. 

Sources:  I referred to a Wired article entitled "Android Is Helping Kill Passwords On a Billion Devices" at https://www.wired.com/story/android-passwordless-login-fido2/, the FIDO Alliance website at https://fidoalliance.org/, and the Wikipedia article "FIDO Alliance."