Fatal Tesla Crash Into Home Raises More Questions

  

Around 8 P. M. Friday June 19, 76-year-old Martha Avila was standing in the playroom at the front of her daughter's house in Katy, Texas.  Her daughter, son-in-law, and their children were also in the house or in the back yard.  Suddenly a Tesla Model 3 occupied by 44-year-old Michael Butler crashed into the house after reaching a speed exceeding 70 MPH on the short residential street.  The car pinned Avila, who was extracted from the crash by EMS personnel but later died at a local hospital.  Within a few days, Avila's family had filed a lawsuit against Tesla and Butler, and last Wednesday the National Transportation Safety Board (NTSB) announced it was opening an investigation into the accident.

 

Something obviously went wrong if a car failed to negotiate a right turn of a residential street and instead hopped the curb and plowed into a house.  According to those investigating the crash, Butler, who was also injured, claims that the vehicle was in self-driving mode at the time of the accident. 

 

Elon Musk, Tesla's CEO, has issued a statement on social media saying that the crash "made no sense" as the self-driving mode usually maintains a low speed in residential areas.  Another Tesla official stated that according to vehicle data, "the driver pressed the accelerator to 100% and reached a speed of 73 MPH before the crash." 

 

Clearly, investigators have a job on their hands to figure out exactly what happened.  Rose Hollow Lane, the street on which the Tesla accelerated, is only about 1000 feet long before it makes a right turn going east and becomes another street at the corner where the crash occurred.  Teslas are notorious for their ability to accelerate rapidly, however, so it's possible that the car was traveling at a lower speed at first and then responded to its accelerator, which might have been pressed in error. 

 

In fairness to Tesla, there are plenty of examples of non-self-driving cars crashing into structures and killing people as well.  Tesla releases quarterly statistics on its vehicles that are operating in full self-driving mode, and claims that the number of accidents per million miles is lower than the average for the entire U. S. fleet.  Critics say that this isn't an entirely fair comparison because the Tesla fleet is newer and has more advanced safety features than the average car on the road.

 

All the statistics in the world won't bring back Martha Avila, however, and that is why the family is suing Tesla and the driver of the car. 

 

According to information on Reddit, the driver of a Tesla in full self-driving mode can override the system by pressing on the accelerator.  If that's what happened in the accident, the responsibility cannot be laid exclusively to Tesla, which is why the driver is also being sued as well. 

 

If we allow imagination to roam, perhaps the following scenario occurred.  As the driver went down Rose Hollow Lane, perhaps a squirrel or other small creature darted out in front of the car.  Intending to hit the brake, Butler instead pressed the accelerator pedal.  The resulting goose of energy could have sent the car off the road into the house where Avila died. 

 

Again, we will have to wait for the outcome of the NTSB investigation to find definitive answers to the questions raised by this tragedy.  If the cause turns out to be largely human error which could have happened with a non-self-driving vehicle, then there is nothing out of the ordinary about it except that the vehicle happened to be a Tesla.  If on the other hand, there was something about the self-driving mode that contributed directly to the crash, investigators will want to know what it was, and possibly issue directives to fix the problem.

 

Other self-driving vehicles such as Waymo rely on multiple types of sensors, while Teslas have so far relied exclusively on vehicle cameras, possibly for reasons of cost.  Whether such a compromise will be viable going forward may depend on how frequently crashes occur which could have been avoided through the use of a wider variety of sensors.

 

The course of autonomous driving in the U. S. has not followed the forecasts of its initial optimistic promoters.  The SAE five-level autonomous-driving scale which ranges from Level 1 (e. g. cruise control) to Level 5 (fully self-driving in all conditions everywhere) shows that there are only a few places in the world where Level-4 cars such as Waymos operate specific routes in favorable conditions.  As we noted in this space a few weeks ago, Waymo temporarily suspended operations in San Antonio and other locations where its vehicles ran into trouble with flooded streets.  So for most people, self-driving cars are not something they encounter voluntarily, unless they take a Waymo taxi where they are available, or take a ride with a Tesla owner who wants to show it off.

 

It looks like the ideal Level-5 self-driving car is still in the future.  And even if it arrives, it may remain in a niche market favored by the handicapped, the elderly, and other people who simply can't drive at all without it, or have to hire a cab.  For the rest of us, the price we'd have to pay for even a Level-4 self-driving car is way more than what it is worth to us not to have to bother turning the wheel and operating the pedals when we're in the car.  And that may remain the case for the indefinite future.

 

As for Tesla, which still promotes its "Full Self-Driving" mode of operation in what seems to be a misleading way, the requirement for the driver both to let the computer drive the car and still remain ready to take over if something goes wrong means that the driver's attention is theoretically required all the time, but practically almost none of the time.  I don't know about you, but I would find it very hard to just sit behind the wheel and pay attention to the road just as much as if I were driving, only not drive.  It may be a situation like this which led to the accident that killed Martha Avila.

 

Time will tell, and if the NTSB investigation report reveals anything new, we hope to bring it to you in this space.  But not right away.

 

Sources:  I referred to reports at https://abcnews.com/US/tesla-allegedly-autopilot-mode-crashes-texas-house-woman/story?id=134062374, https://www.fox26houston.com/news/tesla-sued-after-katy-crash-leaves-76-year-old-woman-dead, https://www.khou.com/article/news/local/tesla-crash-katy-texas-ntsb/285-42522116-a98b-4e89-8bae-7db39b5d642d, and a reference to a Forbes report (unfortunately behind a paywall) at https://www.forbes.com/sites/bradtempleton/2025/11/14/tesla-finally-releases-fsd-crash-data-that-appears-more-honest/. 

The GUARD Act and Recovering Covenant Economics

  

Sen. Josh Hawley (R-Missouri) is something of a gadfly to Silicon Valley.  Even in his days as Missouri's Attorney General, he investigated the likes of Google for violating state consumer-protection laws.  In an editorial published online recently by the journal of religion and public life First Things, he stakes out an existential claim that artificial intelligence (AI) is the defining technology of our day, and threatens to break the founding covenant of the United States:  to hold respect for persons made in the image of God supreme over considerations of money and power.

 

One way he proposes to do this is through passage of a proposed GUARD Act, designed to protect children from the depredations of AI that have led to sexual exploitation, depression, and even suicide in many cases.  Co-authored with Democratic Senator Richard Blumenthal, the act would impose strict age verification to prevent those under 18 from accessing certain AI systems, prohibit systems that are known to promote sexual and violent acts directed at oneself or others among young people, and impose severe meaningful penalties for violations of these regulations.  The bill has been approved by the Senate's Judiciary Committee and awaits action by the full Senate and House.

 

While the GUARD Act would go far in the direction of preventing some of the most horrific side effects of the AI revolution we are now living in, it addresses only the tip of an iceberg of threats that Hawley perceives.  In the editorial, Hawley outlines the history of the United States, beginning not with 1776, but with the 1630 voyage of the Puritans led by John Winthrop from England to the Massachusetts Bay Colony.  Opinions differ as to whether the noble sentiments in a sermon delivered during that trip amounted to an actual covenant agreed to by the refugees, or simply aspirations that were not universally shared.  But details aside, Hawley traces the same spirit of democracy guided by Christianity through Lincoln's Homestead Act granting 160 acres of public land to all comers, Samuel Gompers' promotion of the 8-hour workday, and the twentieth century's adoption of social insurance of various kinds. 

 

Opposed to this tendency to regulate economic and technical innovations for the good of all is a progressive notion that the modern world is too complex to leave its governance to the masses.  Hawley proposes what he calls "covenant economics" in opposition to the government-by-expert notions promoted during the Progressive Era and exemplified by the takeover of the economy by Woodrow Wilson during World War I.  Nowadays, he points out, the progressive elite in government and the economic elite who runs Silicon Valley are largely the same class, and are working to make the country "K-shaped."  Meaning, a few lucky people go up one bar of the K and get to run everything and own most of everything, while the unlucky masses have to take the lower arm, which is whatever the elites dish out for them, whether it's unemployment checks compensating for losing one's job to AI or new and fun ways to amuse oneself to death. 

 

Hawley is under no illusions that his own party is going to avert this crisis any better than the Democrats.  He makes no reference to the Trump administration, but he doesn't have to, as it's clear to anybody with working eyes by now that Trump favors Trump, and to hell with everybody else. 

 

But one of the primary Christian virtues is hope.  Only by continuing to take the machinery of government seriously can people like Sen. Hawley make a difference:  drafting laws, passing them in the face of opposition, and rallying like-minded people to just causes.  The prospects for the GUARD Act in a climate in which President Trump has endorsed a laissez-faire attitude toward AI are not good.  But things can change, and if it passes it will be one small step in the direction of covenant economics, and away from the domination of average people by a small, super-powerful elite who increasingly seem to think they live on a different planet than the rest of us.

 

Sen. Hawley is right to look to history for precedents of covenant economics.  What I'd like to see from history is a precedent for our present situation:  one in which a megalomaniacal political leader is largely in cahoots with a small upper class of very wealthy and powerful individuals who dominate politics as well as economics, and how the population of that country got out from under domination.

 

One has to go back to the days of Louis XVI, the last king of France before the Revolution of 1792 abolished the monarchy, to find a similar divide between the ruling classes and the rest of the population.  Ironically, Louis's downfall was caused partly by his adoption of what we would now call liberal ideas, such as supporting the rebellion of the American colonies. 

 

Revolutions are always a last resort, and nothing I write here should be construed as advocating for one.  Once a revolution starts, even its promoters can't tell where it's going to end up—it's like the boys in Mark Twain who started a boulder rolling down a hill just to see what it would do.  As long as the creaky democratic machinery of the U. S. Constitution still works, we should use it to move things in directions that put into practice the idea the country was founded on:  in Lincoln's deathless words, that "government of the people, by the people, for the people, shall not perish from the earth."

 

In one sense, regulation of AI is like nailing Jell-O to the wall.  It's everywhere, changing all the time, and a key problem in legislating about it is getting enough of a handle on it to say something that will last longer than a few months.  But the pernicious effects of AI are clear enough:  the loss of jobs by millions of people who have done nothing wrong other than not to be born to privilege; the fear, whether justified or no, that the proliferation of data centers is creating burdens of higher electric and water rates as a byproduct of rich people getting even richer; and the harm that AI can do to children and teenagers.  Sen. Hawley wants to draw lines in the sand that tell AI's promoters "here, and no farther."  We can pray that his efforts will be joined by other legislators of good will to turn the vast tide of AI in a direction that will benefit all the citizens of the United States, and not just continue to enrich a few at the cost of the many.

 

Sources:  Sen. Hawley's essay is on the First Things website at https://firstthings.com/the-american-covenants-answer-to-ai/.  I also referred to an AI summary (!) of the GUARD Act and Wikipedia articles on John Winthrop and Louis XVI.  AI isn't all bad. . . .

Saronic Drone Boat Saves Helicopter Crew

  

On Monday night, June 8, Iranian forces shot down a U. S. helicopter with a two-member crew aboard off the coast of Oman near the Strait of Hormuz.  Presumably they bailed out with life jackets or some other means of flotation, but their prospects for rescue were uncertain, to say the least. 

 

The U. S. Navy chose to direct a Corsair unmanned sea drone, made by Saronic Technologies, to the last known location of the flyers.  The Corsair was inspired by Ukraine's successes with unmanned sea drones used to attack Russian naval assets.  It's a 24-foot-long boat that can carry a payload of up to 1,000 pounds.  Early Tuesday morning, it successfully located the helicopter crew members, who climbed aboard it and rode on it to another location where a helicopter picked them up and took them to safety.  They were in the water for about two hours before being rescued.

 

This success story shows how unmanned drones are taking on more roles in modern warfare all the time.  The Corsair's rescue was the first time in history that an unmanned sea-going drone was used in a successful rescue attempt. 

 

A BBC report on the rescue quotes naval expert Bryan Clark, of the Hudson Institute, as saying the drone was probably manually piloted during the search.  The boat has a 360-degree camera and onboard radar, both of which would have been helpful in locating the downed flyers. 

 

Remotely-controlled floating vehicles are nothing new.  In 1898, Nikola Tesla demonstrated a radio-controlled model boat in a small tank at his New York City laboratory, and filed numerous patents on it in the hopes of interesting the day's naval powers in it.  Although World War II saw some work with remote-controlled planes, the communications technologies of the day were not up to the challenge of sending the massive amounts of data needed to both convey an adequate picture of the vehicle's environment and to exert precise control over it. 

 

With computer networks and satellite communications, those challenges have been overcome.  Now drones play an essential role in the Russia-Ukraine war, as well as the conflict between Iran and the U. S.  While the emphasis has been on hostile drones carrying weapons or doing surveillance, it's good to know that drones can be used for search-and-rescue operations as well.  One wonders when the U. S. Coast Guard will get into the drone business in a major way, to avoid endangering their own personnel during hazardous searches for lost boats.

 

Saronic, the company recently awarded $392 million to produce Corsairs and similar products, is a newcomer to the defense industry, with much of its operations based in Austin, Texas.  It is not surprising that the big innovations in technological warfare are coming not from the large, established firms such as Boeing and General Dynamics, but from newer upstarts such as Palantir and Saronic.  This is a pattern that plays out in most new technical fields, and says something about the sociology of invention and organizational innovation. 

 

Reportedly, the U. S. Navy has about fifty Corsairs all told, and it was a good thing that one of them was deployed close enough to effect the rescue earlier this week.  Should the Navy be worrying about acquiring larger seagoing drones to do more than just rescue a few downed flyers? 

 

This is a debate that has been going on for some time in the engineering ethics community:  the question of autonomous warfare, in which unmanned devices and systems do the things that soldiers and sailors used to do. 

 

In the case of a benign action such as a rescue, I think everyone would agree that sending a seagoing drone to do the job is better than risking human lives, as long as the drone succeeds.  In peacetime, drones and remotely-controlled robots are resorted to in situations such as building collapses that are simply too hazardous for people to enter.  This advantage compensates for the expense and limited abilities of drones and robots compared to a human being. 

 

In the case of war, drones become another tool or weapon that is ultimately controlled by those in charge of fighting.  The fear of turning loose a completely autonomous drone or robot in the battlefield is that it will be unable to discriminate between enemy fighters who are legitimate targets, and innocent bystanders such as housewives or children, who should be exempt from attack, although that ethical principle has been violated countless times in the last several decades.  Also, an autonomous drone might turn against its own operators. 

 

Those are some of the hazards that have kept drones out of warfare historically, although in places like Ukraine where the need to fight trumps almost all other considerations, these hesitations have been swept aside.  Not too long ago, a group of Russian soldiers were captured by remotely controlled Ukrainian robot fighters.  The capture was a legitimate act of war, and whether the Ukraine soldiers were standing right there with guns or safely ensconced in a control room miles away didn't make any difference to the Russians.

 

Drones are making war into a new kind of ball game, and any country which wants to remain militarily competitive can't afford to ignore that fact.  What seems to be happening now is a kind of innovation that is integrated into the whole matrix of the battlefield, rather than standing out as a totally novel kind of warfare, the way the invention of nuclear weapons did. 

 

"War is hell," according to General Sherman, whose depredations in the South were notorious for their thoroughness and harshness.  He should have known.  While it would be wonderful if all war ceased, the realities of international politics mean that all available technologies will be pressed into service of military priorities.  It's nice to know that a technology which Ukraine developed to blow up Russian ships has been modified to serve as a rescue vehicle.  And there may be other positive benefits that wartime technological developments bring in the future. 

 

But for now, we should expect to see more firsts of many kinds involving drones and autonomous weapons.  While they are not so effective as to make war unthinkable, they may make it safer for those who fight, and that would be a good thing.

 

Sources:  I referred to a BBC News account "What we know about US sea drone used in helicopter crew rescue mission," which appeared at https://www.bbc.com/news/articles/cx2xvnd5eqwo.  I also referred to the Saronic website at https://www.saronic.com/.  A description of Tesla's experimental radio-controlled boat appears on pp. 229 of W. Bernard Carlson's supreme biography, "Tesla:  Inventor of the Electrical Age" (Princeton Univ. Press, 2013).

Aristotle, Aquinas, and AI

What have a Greek philosopher who lived about 2300 years ago, a Dominican friar, theologian, and philosopher who died in 1274 A. D., and artificial intelligence (AI) got to do with each other?  Sounds like the beginning of a bad joke.  What I have to say is no joke, however, because if we don't heed the wisdom of these two parties, which has been almost totally forgotten, we are liable to make some mistakes shortly that will be exceedingly costly in terms of missed opportunities, misdirected hopes, and maybe even lives.

 

The particular wisdom I speak of is known by the technical term of scholastic metaphysics.  It was, and still is, a way of viewing the universe, and it dominated the West for over a thousand years.  The Scientific Revolution vigorously uprooted it and threw it in the trash pile, to oversimplify a very complicated history.  And now it is almost completely forgotten except by a few lucky people such as yourself, if you keep reading.

 

The aspect of scholastic metaphysics I wish to explain concerns the nature of things.  Here's an example, taken from an article by journalist Mary Harrington in the June/July issue of First Things.  Take a dog, any dog.  It may be black, white, spotted, or bald.  But none of those attributes change the fact that it's a dog.  The scholastic metaphysical term for the dogness of a dog is its substantial form, also known as essence.  The aspects of a thing that can change without changing its substantial form are called accidents.  That's a weird use of the word, I know, but I'm not going to argue with Aristotle, who came up with these ideas, and Aquinas, who put them in terms compatible with Christianity.  The substantial form of a thing is its organizing principle.  The accidents are characteristics that can change without altering the substantial form.

 

What about people?  We have an organizing principle called the soul.  No matter what accidental characteristics we have—whether a person is fat, thin, from Teaneck, New Jersey, or in a coma—that substantial form remains. 

 

What about computers, and all the systems that are known by the general term of AI?  AI is, of course, artificial—that is, it is a man-made artifact.  Unlike living things, an artificial object has no substantial form that is prior to what its human makers say it is.  We can cobble together a bunch of transistors, call it a computer, and get it to do certain things for us.  But computers, and the AI systems supported by them, are simply assemblies of accidents.  This makes AI systems fundamentally different in kind from human beings. 

 

What emerges from looking at humans and AI from the viewpoint of scholastic metaphysics is this:  human beings are just a clean different kind of thing from AI systems.  And treating AI systems and humans as though they were basically the same kind of thing, simply piles of atoms arranged differently—which is how modern materialistic science encourages us to think—ignores a vital difference between the two.  Human beings have souls as their organizing principle, and AI systems do not.  No imaginable or unimaginable future progress in AI can change that fact.

 

This viewpoint flies in the face of the transhumanist agenda so popular in Silicon Valley, which looks forward to the day when human beings can transcend their messy, disease-and-death-prone meat-cage origins and live forever in an eternal bit-world of computer-borne bliss that will take over the universe.  (I may have left something out in that description, but I think I got most of it.)  Human beings are the rational animals that result from propagation by other human beings.  Anything you might upload from a human being to a computer is not going to be that human being.  And treating it, or any other AI product, as if it were human is a category error that can lead to heinous consequences.

 

In Harrington's words, trying to teach sand to think is not only futile, but if we start treating the result as though it had a soul, we are in danger of losing our own souls.

 

This may sound like just another anti-technology rant, but it's not.  AI can do truly amazing and useful things, but only if its human users keep in mind what it is and don't try to endow it with quasi-human agency.  A tool should be under the control of its human users at all times.  That control may be loose and barely perceptible sometimes, but it has to be there.  If we begin to bow down to AI entities as though they were thinking humans like us, we will soon regret it.  An automobile provides useful service when under control, but if it gets out of control it becomes a dangerous missile.  The same thing is true of AI.

 

Thinking in terms of scholastic metaphysics seems strange to most people unfamiliar with it, and it takes a while to realize that it's just as useful as it ever was.  I have had a passing acquaintance with it ever since I read a book on Thomistic philosophy in the 1990s.  The thing that drove me to that book was a statement by a former theoretical physicist turned pastor, who said that the Catholic Church's notion of transubstantiation of the bread and wine of the Eucharist into the body and blood of Christ was based on an outmoded theory of matter.  I wanted to know more about this outmoded theory, and it turned out to be scholastic metaphysics. 

 

What modern science did to scholastic metaphysics is a classic case of throwing out the baby with the bathwater.  There was a lot of useless bathwater in Aristotle's physics—rocks having a desire to fall downward and so on—but there was also great wisdom in his metaphysics.  The wisdom of scholastic metaphysics can save us from making lots of mistakes that could be avoided if we just keep in mind that however clever and human-like AI appears, it's really just words written in the sand.  And we wrote the words to start with. 

 

Sources:  Mary Harrington's article "Thomophobia" appeared on pp. 19-27 of the June/July 2026 issue of First Things.  For those wanting to know more, she refers to Edward Feser's book Scholastic Metaphysics (Editiones Scholasticae, 2014, $34 on Amazon).

 

Autonomous Cars Need Waymo Time Out for Floods

  

Pardon the bad pun.  But imagine that you've taken one of the new driverless Waymo taxis from the San Antonio airport right after a big rain.  The car exits the freeway, and on the access road ahead you see where a nearby stream has overflowed, and water the color of coffee with cream is rushing across the road.  The Waymo vehicle keeps going.  You can't be sure, but the water looks deeper than you'd like, and if you were driving, you'd follow the poetic advice to turn around rather than drown.  You look for a panic button in the car:  there is no such thing.  You think about just opening a door and jumping out, but the car's going too fast for you to try that without risking your neck.  Just as the front wheels hit the water, you feel the car skidding, and you decide to try jumping out anyway.  Only now the water pressure on the door is too great, and it won't open. . . .

 

This didn't actually happen.  But it could have. 

 

On April 20, after heavy rains caused flooding on several roadways in San Antonio, an unoccupied Waymo vehicle was swept away from an interstate access road in floodwaters arising from Salado Creek.  The vehicle was later found about half a mile downstream. 

 

Following this and another incident earlier in the month, when a Waymo car became stuck in high water in San Antonio and had to be towed out, Waymo suspended all service in San Antonio and five other cities in three states, including Nashville and Atlanta.  Another Waymo car got stranded in Atlanta during heavy rains as well.  Waymo is working on updating its software to prevent such incidents in the future, but as of today, service still appears to be suspended in Austin and Atlanta, although it has been restored in San Antonio.

 

Waymo is to be commended for taking swift action in the face of obvious problems that could kill passengers in a peculiarly horrifying way.  Especially with high-tech operations of super-wealthy companies such as Alphabet (the parent firm of both Waymo and Google), profit sometimes takes a back seat to safety, and that is as it should be. 

 

Up-to-date information on high water in roadways is currently available through various means, including municipal emergency services and mapping organizations such as Waze.  But especially in Texas, floodwaters can rise within minutes, and few systems can respond that fast.  It looks like the challenge of directly detecting the presence of high water on a road through on-board sensors is something that is either too hard to do, or too unreliable.  So Waymo and other autonomous-vehicle operators may rely mostly on third-party data about where it's too dangerous to drive because of high water. 

 

Despite the drama surrounding the flooded Waymo cars, this is actually part of a process I would call normal engineering.  No matter how many problems a designer anticipates before a new technology is fielded, there will always be some issues that don't show up until the technology has been in use for a while.  This is doubly true for a complex multidisciplinary system such as an autonomous vehicle.  The world is simply too complicated for non-omniscient engineers to anticipate every single thing that might go wrong before deploying a system in the field.

 

Many of the locations where Waymo suspended service were new to the company, so Waymo had its first encounter in those cities with this spring's rainy season.  While California also has flash floods, I don't think they are as prominent a part of the landscape as they are in central Texas, for example. 

 

If I'd been riding in a Waymo car headed toward a flooded road, I wouldn't have had a lot of options.  There is no panic button as such in a Waymo.  But on the Waymo website there is a section titled "Pulling over, collisions, and security events."  They do list an option to ask the car to pull over out of traffic, but the decision as to how and when to do that is up to the system, not the passenger.  There is a way to contact "Support" (presumably a human being on the monitoring staff that every autonomous-vehicle company maintains), but having a conversation with someone possibly thousands of miles away as water surrounds the car is probably not the first thing you'd want to do.

 

All things considered, it was the wisest course for Waymo simply to shut down all service until their engineers can figure out a way to keep their cars out of water, hot or otherwise. 

 

This is also a good example of how semi-serious incidents can flag a problem that could easily lead to more serious consequences, such as customer fatalities.  If you look into the details of many historic engineering disasters, you will commonly find that less serious precursor incidents often happened in the days or years leading up to the big disaster.  This isn't always the case.  But it happens often enough that system designers should train themselves to take very seriously any safety-related problems that constitute narrow escapes.  And they should address the issues allowing such narrow escapes before some unlucky person encounters the combination of circumstances that proves deadly.

 

In shutting down all service in certain cities until the flood problem can be addressed satisfactorily, Waymo did the right thing.  This doesn't guarantee that nobody will ever drown in a Waymo car.  But in taking such a public move that obviously cost the company revenue, Waymo has both given itself time to fix the problem, and has sent a strong message to the public that they regard passenger safety as paramount. 

 

Sources:  I referred to articles in the Austin American-Statesman at https://www.statesman.com/business/technology/article/waymo-freeway-robotaxi-safety-pause-22272052.php, the BBC News website at https://www.bbc.com/news/articles/ckgplyxxl75o, and Waymo's own safety information at https://support.google.com/waymo/answer/9449023?hl=en. 

They Died to Clean Up Boston Harbor

  

Trapped Under the Sea is the most exciting book you'll ever read about a sewage plant.  Let me explain.

 

One day, a colleague of mine was asked to sum up engineering ethics in a single sentence, and he said, "No headlines."  When engineering goes right, it's usually not news, unless it's some spectacular success such as a moon landing.  The engineering-related events that attract reporters are the ones in which someone gets injured or killed.  And that's exactly what attracted Boston Globe reporter Neil Swidey when in July of 1999, two specialist commercial divers died in a nine-mile-long tunnel underneath the Atlantic Ocean as part of an effort to improve the sewage-treatment facilities of the greater Boston area.  Ironically, the men died in the process of removing safety devices designed to prevent an unlikely but terrible accident. 

 

For about a century, the sewage of the greater Boston area was dumped with minimal treatment into Boston Harbor, with dire consequences to fishing and public health.  The sluggish bureaucracies in Massachusetts finally got coordinated enough in the 1980s to mount a massively expensive plan to build a new state-of-the-art sewage facility on a peninsula called Deer Island.  As part of the plan, engineers called for a nine-mile-long tunnel dug through the rock underneath the Atlantic Ocean to take the now-much-cleaner effluent to a series of "diffusers" (sort of like giant water sprinklers) that would discharge it where it would be diluted by ocean currents and dissipate with much less environmental impact. 

 

Digging the tunnel itself was a huge undertaking, and putting the vertical "riser" pipes in place to conduct the effluent up from the main tunnel to the ocean floor without flooding the tunnel was a tricky process as well.  The diffusers were plugged when installed so water couldn't get in that way.  But in the unlikely event that a stray ship dragged its anchor across a riser and broke one off, the ocean would rush in and flood the tunnel prematurely, killing all the workers inside.  So as an added precaution, the contractor installed safety plugs where the risers connected to the main tunnel. 

 

The problem with this was, nobody gave much thought to how they were going to take out the safety plugs once the tunnel was finished.  The sensible thing would have been to take them out just before removing all the lighting and air supplies that made it possible to work there without special breathing equipment.  But this was not done for various bureaucratic reasons, and so in the late 1990s, the contractor was faced with the problem of how to get those plugs out after all the power and air supplies were removed. 

 

In the absence of incoming surface air, the stale air in the tunnel quickly lost oxygen to rusting metal and organic processes, making it impossible to enter safely without specialized breathing apparatus such as commercial divers use.  So it was to a team of divers hastily assembled that the engineering organization turned.

 

What happened next is a case study in how not to undertake a unique and hazardous specialist operation.  All parties relied on a mostly self-trained expert named Harald Grob, who designed a cryogenic-gas setup to supply artificial air through long flexible umbilical tubing to the five workers who would pilot two Humvees, each with its own oxygen supply (one for going out and one for coming back in the narrow confines of the tunnel) and perform the complicated work of removing the safety plugs.  What could go wrong? 

 

A lot, as it turns out.  The book begins at the worst moment, when one of the divers operating the air-supply system sees that the oxygen level indicated with a crude and inaccurate system has fallen below 9%—the threshold for sustaining life.  Two of the divers died, and the other three survived only by quick and ingenious moves to switch to backup air supplies. 

 

Swidey did years of research and interviews with everyone he could talk with as well as obtaining court filings and other documents that laid out the decades-long story.  He follows the often tumultuous lives of the five divers as well as the experts, managers, and bureaucrats who get involved both before the misguided effort and in the aftermath, when a much more expensive but safer method of removing the plugs is developed.  Taking advantage of the fact that the ill-fated divers removed a few plugs before the tragedy occurred, workers used one of the diffuser pipes to suck air in from the far end, making the entire tunnel habitable enough to remove the remaining plugs, but at an expense of about twenty times more than what the original diver plan cost.  The book follows the long legal consequences of the accident, including judgments and fines, but without losing any momentum.

 

A sewer plant is about the most undramatic infrastructure you can think of.  But Swidey has made this story into a thriller that graphically portrays the real dangers and complicated problems that men face in hazardous occupations such as commercial diving.  As a detailed case study of how a complicated and unique engineering problem went wrong, it compares favorably with books on the Challenger disaster for detail and interest. 

 

As with many engineering disasters, a combination of factors contributed to the accident:  a desire to cut corners to save money, the fact that the project was nearing completion and everyone was impatient to get it finished, and a reluctance to cross a cantankerous and moody expert—Grob—whose rigidity and overconfidence played a big role in the tragedy. 

 

The book is illustrated with helpful and accurate diagrams.  Swidey made sure to check his technical statements sufficiently so that I didn't notice any errors along those lines.  In addition to presenting an accurate technical picture of what went wrong, Swidey has written a real page-turner that keeps the reader on edge. 

 

Sources:  Trapped Under the Sea:  One Engineering Marvel, Five Men, and a Disaster Ten Miles Into the Darkness was published in 2014 by Crown Press, and is currently available in paperback. 

The Canvas Ransomware Attack: Paint Us Insecure

  

Anyone even a little familiar with how higher education is done these days has dealt with what are called "learning management systems" (LMS for short).  Basically, an LMS is what has replaced paper homework, paper gradebooks, and in many cases, paper exams that used to be shuffled back and forth between students, graders, and faculty members. 

 

Like many other universities around the world, several years ago my university switched from the LMS they were using to something called Canvas.  Once I learned its ins and outs, it has proved to be a useful, flexible, and mostly easy-to-use tool.  I can send out emails to everyone in a particular class, I can record grades that instantly show up on students' phones, and while I don't personally use the test-administering feature, many professors do. 

 

Canvas is so good, in fact, that its parent company, a privately-held outfit called Instructure, now has a plurality of all LMS customers in the world, serving over 8,000 institutions in dozens of countries. 

 

A lot of confidential data is stored in Canvas.  For example, it turns out to be a violation of a Federal law for me to post a list of grades on my door, even if I anonymized them with Social Security numbers.  So if anybody other than the student concerned manages to find out what a person's grade is, a whole lot of people can be in trouble.

 

Last month, these facts plus a fairly behind-the-times security posture made Instructure a prime target for the loosely-organized but highly effective ransomware ring known as ShinyHunters.  These criminals are thought to be concentrated in Canada and France, and are known to have committed numerous ransomware attacks on organizations whose wide-ranging databases make them particularly juicy targets, such as Ticketmaster and AT&T.

 

According to a report on thenextweb.com and the Wikipedia website "2026 Canvas security incident," on April 30, ShinyHunters breached Instructure's security and posted a ransom note on May 3.  On May 6, Instructure, which had publicly acknowledged the breach on May 1, notified its users that everything was back to normal.

 

But according to ShinyHunters, Instructure ignored their ransom demand and simply doubled down on security measures.  In retaliation, ShinyHunters put their ransom notice on every user's webpage, prompting Instructure to pull most of the system down and replace it with an "under maintenance" notice on 8 PM May 7 Eastern Standard Time.

 

Unfortunately, this was just when a lot of schools were relying heavily on Canvas for exams, grading, and other end-of-semester activities.  I was fortunate to have my last necessary interaction of the semester with Canvas just a few hours before it crashed, but a lot of other professors and students weren't so fortunate.  Our provost sent out a notice during the outage asking toleration and understanding on the part of both students and faculty members.

 

According to Hacker News, Instructure eventually reached a ransom agreement with ShinyHunters on May 11, averting release of some 3.6 terabytes of stolen data.  Since then, Canvas has apparently been running normally, although after this experience one wonders how reliable it will be in the future.

 

The days when universities developed their own custom software for large-scale applications such as LMS are long past.  But farming out important tasks to vendors places the responsibility for security squarely on the vendor's shoulders.  And bigness, however attractive it is profit-wise, attracts the attention of hackers as well.  So we shouldn't be too surprised that an outfit like ShinyHunters picked Canvas for their next target.

 

Ransomware hackers are the modern pirates of the Internet.  During the heroic age of global exploration and trade from the 1200s AD onward to 1800 and later, the ocean became a network of trade routes over which the world's valuables flowed.  The prospect of siphoning off some of those valuables for their own purposes, or of extorting money to allow their uninhibited flow, attracted pirates such as the ones based on the Barbary Coast region of North Africa in the years leading up to and following the American Revolution.  In what was the United States' first major foreign military action, President Thomas Jefferson decided he was through with paying off the pirates, and sent the Marines in a series of expeditions that ultimately broke the stranglehold they held on U. S. maritime trade in regions they controlled.

 

Jefferson had the advantage that the pirates sailed physical ships and could be tracked back to specific ports, where plans could be made to attack them.  The power that the internet gives to put the world at your Ethernet port also makes it possible for criminals to hide literally anywhere there is an internet connection, which these days means pretty much anywhere.  Tracking them down is a costly, slow, and uncertain enterprise at best.  And as soon as some bad actors are rounded up and thrown in jail, their uncaught associates rise up to take their place.

 

It's hard to imagine a modern-day Jefferson scaring ransomware hackers enough for them to lay off an entire country.  As the ShinyHunters' actions showed, national borders mean little to them.  They were attracted to Instructure because it formed one of the largest data-holders on the planet, not because it was a particularly large or rich country. 

 

The only thing that may lead to something like what Jefferson did to the pirates of 1800 is if a particular organization goes after the hackers with determination and even a kind of vengeance.  Perhaps something along the lines of a trade organization of large data-holders could fund a multinational policing effort that would make every ransomware hacker sorry they ever messed with a company that is a member of the organization.

 

That may require international and inter-company cooperation that simply doesn't exist today.  But if the problem gets bad enough, maybe firms will overcome their reluctance to put their money and efforts together and do something truly effective.  Until then, however, outfits like Instructure can look forward to more attacks, and users will just have to deal with it. 

 

Sources:  I referred to reports at https://thenextweb.com/news/the-largest-education-data-breach-in-history-was-not-an-attack-on-a-school-it-was-an-attack-on-a-vendor, https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html, and the Wikipedia article "2026 Canvas security incident."