Thursday, March 30, 2006

Engineering Censorship in China

On the last day of April in 2005, Chinese journalist Shi Tao was sentenced to ten years in prison for sending an email to a New York colleague, the editor-in-chief of a publication called Democracy News. According to the Chinese court's verdict, Tao's email contained state secrets, and his crime consisted in leaking them to an "overseas hostile element," namely, Democracy News. The thing that makes Tao's case interesting to the rest of the world, and America in particular, is that Yahoo ! Holdings (Hong Kong) helped the Chinese government identify Tao by divulging information about his private email account. Without Yahoo's help, Tao quite possibly would be a free man today, working for what he sees to be the noble goal of promoting democracy in China.

By some estimates, China is the world's biggest untapped market for information technology. The population of mainland China makes up the second-largest group of Internet users, second only to the U. S. That wouldn't have happened without technology—hardware and software-—furnished largely by U. S. owned or operated companies such as Yahoo, Google, and Microsoft. In order to gain access to the lucrative Chinese market, all three firms have agreed to abide by the restrictive censorship and information-control policies of the Peoples' Republic of China. They have also been roundly criticized for such cooperation. In January, the Secretary General of Amnesty International expressed dismay at the "growing global trend in the IT industry" to impose "restrictions that infringe on human rights." Revealing private email account information, shutting down "undesirable" websites, and restricting search-engine results to items that are politically acceptable are a few examples of the steps that IT firms have taken in order to stay on good terms with the Chinese government.

Some people like to say that all technology is ethically neutral, and the only time ethics comes into the picture is when you look at how the technology is used. I have yet to be convinced of the ethical neutrality of a nuclear weapon. As we have found, the nuclear tests of the 1960s in which no one was directly killed nevertheless caused environmental damage and radiation levels that led to serious later harm. Some technologies carry with them an intrinsic bias toward good or evil, and it is foolish to pretend otherwise. It may be necessary from time to time to build things with a built-in ethical bias, but we do that in full consciousness that they cannot be viewed as ethically neutral.

The Internet's designers imbued its very structure with the spirit of egalitarianism and, one might even say, democracy. The distributed, non-hierarchical way that information travels, the "universal" record locators that anyone from an eleven-year-old boy in his bedroom to the U. S. government can obtain under basically the same rules, and the almost-instant access to anything are all biased toward the "global village" model of human interaction. While one may disagree with the merits of that model, it has created a situation in which democracy, openness, and the free exchange of information come naturally to the Internet. To restrict any of these things means that IT designers and companies have to go to extra trouble and expense. In a sense, they are going against the grain of the whole design philosophy of the system.

In defending Microsoft's actions, Microsoft founder Bill Gates claims that the basically open nature of the Internet will lead to a net increase in freedom for the Chinese people, despite the restrictions and occasional blog-takedowns that his firm does at the government's bidding. Speaking at the World Economic Forum in Davos last January as reported in the Times of London Online, Gates said, "I do think information flow is happening in China ... even by existing there contributions to a national dialogue have taken place. There’s no doubt in my mind that’s been a huge plus."

It is a fact that laws and freedoms differ greatly from one country to another. Doing business in countries with evil or corrupt regimes has always been a morally complex thing. Quite often, moral clarity is arrived at only after the utter defeat and repudiation of a government such as that of Nazi Germany after World War II. And as Gates points out, engaging a country through trade can lead to opportunities for improving the lot of its citizens that an absolute hands-off posture would prevent.

All the same, I get a strange feeling in the pit of my stomach when I think that where I live influences what I'll be able to find on Google, or what I'll be able to email to my friends. I visited China back in 1989, less than two months after the Tiananmen Square massacre. Our guide pointed out the blackened blocks of concrete which had not yet been replaced after the fires and violence of those days. It saddens me that the same government which committed those crimes is still in power, and has strong-armed the cooperation of U. S. corporations that have enjoyed freedom in this country and now are a party to restricting it in China. But this may be one of those situations where we will find out what the right course is only by waiting to see how things turns out.

Sources: Article "Gates Defends China's Internet Restrictions" is at,,19149-2012784,00.html. Article on Yahoo co-founder, "Yang defends support for 'firewall of China'" is at
Amnesty International's press release of January 2006 "China: Internet companies assist censorship" is at Shi Tao's verdict is at the Reporters Without Borders website

Tuesday, March 21, 2006

Retire the Space Shuttles Now

Last week, NASA announced that the same kind of fuel-sensor problem that delayed last summer's flight has cropped up again. Program managers decided this time to replace all four sensors with new ones, a process that will take three weeks and delay the next flight until sometime in July. It was originally planned for May. This is both good news and bad news.

The good news is that NASA managers are finally showing some conservatism in their approach to potentially catastrophic problems. The fuel sensors monitor fuel levels in the external tank, telling the engines to cut off before the liquid-hydrogen fuel runs out. If the fuel tank ran dry while the engines were still operating, the resulting oxygen-rich mixture could cause severe corrosion and damage to the engines. Under normal operation the sensors are not needed, but if two or more sensors gave a false "empty" reading, the resulting engine shutdown could force an emergency landing or even cause a crash. So NASA is showing wisdom in replacing all the sensors before attempting another launch.

The bad news is that once again, NASA is going into space with a flying antique. Major elements of the space shuttle design are now over thirty years old. NASA engineers routinely comb the web for surplus sales of outmoded electronic components to use for repairs on the shuttle. I own a pickup truck that was built in 1981, the year after the first shuttle flew. I still drive it around town, but I must confess I'm somewhat reluctant to take it on a 35-mile trip to Austin and back for fear of a breakdown or worse. Granted that the shuttle fleet has received a great deal more attention and refurbishing than my truck, the fact remains that for every year the existing shuttles are kept in operation, maintenance and operating costs rise and the chances of failure from a hitherto unexpected cause grow greater.

Every reliability engineer is familiar with the "bathtub curve" that shows rates of failure in a collection of components over time. Suppose you buy a thousand new light bulbs for a large institution such as a school or hospital, install them, and keep track of when they fail. A small number will blow out within a few hours of first being turned on. This is called "infant mortality" and is due to defects that did not show up at the factory's inspection. This is the downward-sloping end of the bathtub curve. Then for a long time, you will see a very low rate of failure, one or two every month, perhaps. This is the bottom of the bathtub. Finally, as the usual failure mechanisms start to act, the failure rate will rise toward the end of the rated lifetimes of the bulbs. This is the rising slope of the bathtub, and continues until virtually all the bulbs fail.

The shuttles have literally thousands of components, each with a particular lifetime. No doubt NASA reliability engineers have studied the problem extensively, and the fact that the remaining shuttles still work is mute testimony that the engineers have done something right. But as time goes on and numerous components are used far beyond their expected lifetimes, unusual and undocumented failure modes can start to show up. It's not normal for a car's wheel to fall off, but when I pushed the mileage of an old car past the 200,000 mile point, that's almost what happened. Every successful launch moves the shuttles closer to the next failure, and as time goes on, it will be harder and harder to predict what the failure might be. From an engineering perspective, the only sensible thing to do with such antiquated hardware is to retire it. But politics plays as much a role in what NASA does as engineering, if not more.

No one likes to kick an organization when it's down, so ironically, the 2003 Discovery disaster probably kept President Bush from doing the sensible thing and terminating the shuttle program in a timely way. But who knows how many more astronauts will die between now and 2010 when the program is scheduled to end?

Space is billed as the last great frontier, and no one pretends that space exploration is without its hazards. The Apollo program cost the lives of three astronauts in a 1967 launchpad fire. The accident investigation wrapped up in three months, the program continued, and we landed on the moon two years later. No great achievement is without risks, and the consensus at the time was that the risks were worth it.

No such consensus exists today. The primary mission for the shuttles these days is to support the international space station, which is itself an enterprise of dubious utility, plagued by cost overruns, equipment problems, and a signal lack of clarity in its goals and mission. Some continued presence of man in space is probably worth while. But the numerous recent successes in privately funded space efforts indicate that private enterprise can do everything NASA is doing with the shuttle at less cost, more safely, if private firms are given some good ground rules and sufficient funding to make a fresh start. If the U. S. government had taken the same attitude toward air travel that it has taken toward manned space flight, we would still be watching a few highly trained NASA aeronauts fly across the Atlantic in single-engined Spirits of St. Louis, if that much. Shut down the shuttle, open up the field to private competition, and let the idealism of a new generation of space explorers come up with something that old institutions cannot even conceive.

Sources: For more details on the Shuttle's external tank, see

Tuesday, March 14, 2006

BP Houston Refinery Disaster: One Year Later

On March 23, 2005, some temporary workers in a Texas City, Texas oil refinery owned by BP (formerly British Petroleum) were just finishing lunch near the trailers that housed their offices, when they saw a geyser of clear liquid spurting out the top of a steel tower only a few yards away from them. According to the Houston Chronicle, one of them cried into a radio, "God, I hope that's water." A few seconds later, a highly flammable pool of an intermediate product called raffinate spread throughout the area. Although the exact cause of ignition was never officially determined, some witnesses recalled that an idling diesel pickup truck suddenly sped up as if somebody stepped on the gas. Then came the explosion.

It killed fifteen workers, injured 170, and wrecked acres of refinery equipment. In the year following, both the U. S. Chemical Safety and Hazard Investigation Board and BP carried out independent investigations, which reached similar conclusions. While the investigators found that outmoded and nonfunctional hardware contributed to the accident, the single most important cause was a culture of carelessness and bad management.

In a highly automated business such as oil refining, it is easy to look at the vast expanse of fractionating towers, pipes, flares, and tanks, and get the impression that such a system basically runs itself. But when you realize how many dangerous chemicals—corrosive, flammable, volatile—go through intense heat and pressure inside thousands of pipes and vessels, the amazing thing is that there are not major refinery accidents every day. More important than the visible structure of hardware, controls, and even the computer software that helps operators run the plant is the human structure of management, authority, will, energy, memory, obedience, and trust. As many industries mature, more and more is known about the physical and chemical processes involved. Computer models can predict even unexpected and dangerous behavior before two pipes are ever welded together to build an actual refining unit. This improved physical understanding can lull managers and operators into thinking that no thinking is required, or at least very little.

As with many accidents, a combination of relatively unlikely events and decisions conspired to bring about the tragedy of a year ago. First, a number of temporary trailers were brought into the borders of the active plant within a few yards of equipment that processed hazardous materials. If the plant had been treated like what it is—potentially, a bomb about to go off—these trailers would have been blocks away. Inconvenient, perhaps, for the workers who would have had to travel farther and get less done each day, but better than dying. Next, operators tried to restart a unit that had been down for maintenance without clearing the area. Starting and stopping chemical-plant processes are much more dangerous than periods of smooth operation, and more things are likely to go wrong. A fractionating tower that should have been filled to a depth of only about six feet instead filled up to a height of over a hundred feet with flammable raffinate. The operators were misled into thinking the levels were normal by malfunctioning and nonfunctioning instruments. When they realized there was too much hot raffinate in the tower and attempted to drain it away, the action one worker took to improve things actually made them worse, because the heat from the hot material drained away at the bottom was exchanged back into the tower, causing both it and an auxiliary "blowdown" stack to overflow. This was what caused the geyser that a worker prayed was water.

BP has paid for this accident in several ways. The entire plant was shut down for months, the U. S. Occupational Safety and Health Administration levied a $21 million fine against the company (which it paid without admitting the correctness of the charges), and numerous lawsuits arising from the accident continue. But wouldn't it be better if before a tragedy like this happens, enough pressure could be brought to bear on an organization to make it mend its ways?

The Internet may be one way this can happen. I would be very interested to hear from anyone who has had experience with the BP accident (directly or indirectly), or who can share factual insights about it and suggest ways to keep the next major refinery accident from happening. You can respond to this posting by clicking on the comments link below. I hope to hear from you!

Sources: A more detailed summary of the incidents leading up to this disaster is available at the
U. S. Chemical Safety and Hazard Investigation Board website, complete with a narrated video simulation of the incidents and the vapor and pressure waves resulting from the explosion. BP has also posted its completed investigation report at

Saturday, March 11, 2006


This is a forum for discussion of current issues in engineering ethics and current events that have an engineering ethics angle. Historian of technology Henry Petroski has said that engineers often learn more from failures than from successes. My hope for this forum is that it will serve as a rapid way for knowledgeable people to exchange factual information and insights about matters such as:

--- Consumer safety issues
--- Disasters and accidents involving engineered products or systems
--- Hazards that need attention drawn to them
--- Official statements concerning controversial issues that involve engineering ethics
--- Ways engineers can learn from past mistakes and problems

Each week I plan to post a brief commentary on a news item related to engineering ethics. I invite you, the reader, to respond, especially if you have technical or other knowledge that will add to public understanding of the issue at hand. If readership allows, I may add other features such as ongoing discussion threads and an FAQ section. This forum will be successful if it attracts the attention of thoughtful, knowledgeable individuals who can contribute to the better understanding of how engineers can do the right thing, as well as how they can do things right.