Monday, December 31, 2018

Design Flaw Identified in FIU Bridge Collapse


Back on Mar. 15 of this year, a new pedestrian bridge across a busy highway running through the Florida International University campus suddenly collapsed, killing six people and injuring eight more.  The bridge was fabricated as a single long concrete truss consisting of upper and lower decks connected by a series of diagonal and vertical struts.  Trusses are familiar elements of steel-bridge construction, but there are special design issues involved in making a truss out of concrete.  And according to an update issued by the U. S. National Transportation Safety Board (NTSB) on Nov. 15, it looks like someone may have made a fatal error in part of the design.

When we blogged on this accident back in March, it was already known that some cracks had shown up at the north end where the northernmost vertical member and the adjacent diagonal strut went into the bottom deck.  At the time, the construction supervisors held a meeting about the cracks, but the NTSB has successfully prevented publication of the meeting minutes before their final report on the accident can be issued, which probably won't be till some time next year.  The Miami Herald reports that after the meeting, a construction worker was sent out to tighten tension rods inside the diagonal strut.  This worker appears to be the one who died when the bridge collapsed.

The modern civil engineer has abundant design resources at his or her disposal:  computer-aided modeling and stress calculations, three-dimensional visualization and planning tools, and other computational aids that take a lot of the former drudgework out of mechanical and civil engineering design.  Such aids have made possible many recent designs that would have been difficult or impossible to create using the old manual slide-rule and design-table approaches. 

But even with all the computer assistance in the world, the information about a given design has to be understood and checked by human beings.  That is why most public civil engineering projects must have their designs approved by a registered professional engineer (PE), whose stamp or signature appears on the drawings.  That stamp puts the reputation of the engineer on the line:  it is a guarantee that the design will do what it's intended to do. 

Long chains of reasoning and responsibility lie behind every decision to approve a set of drawings.  Those chains may pass from person to person, or from computer output to person.  Computer-aided calculations answer such questions as, "If this particular junction of a strut and a vertical member is under that kind of stress, will it be able to withstand the stress with a reasonable margin of safety?"  Given that the inputs to tried and tested software are correct, the software should give the correct answer, assuming that the person using the software knows how to use it and interpret the results correctly.  Furthermore, the chain of engineering integrity requires that when the PE responsible for the overall design, the person whose stamp of approval appears on the plans, asks underlings if this or that part of the design is good, the underlings must give an honest answer.  And the PE must trust that answer, or rather, the persons answering for the integrity of the plans.

In any human organization, there is always the possibility of error.  Sometimes errors can be traced to a particular person, and sometimes they can't.  The NTSB has made sure that all available sample materials from the wreckage of the FIU bridge were tested to see whether they met the minimum specified strength and other standards.  And so far the results are all positive, so it doesn't seem that the collapse can be based on defective materials. 

The death or injury of bystanders in a bridge collapse is a tragedy regardless of whether the accident could have been prevented or not.  But if a design flaw really is the reason for the collapse, it will be ironic that the design, which has been termed "unorthodox" in the Herald report, was before its installation a point of pride for FIU's civil engineering program, which specializes in accelerated bridge construction of the type that was used on this bridge. 

Back when universities were smaller and more personal institutions, engineering faculty members would sometimes contribute their professional expertise to campus projects, helping in the design of new buildings or consulting professionally with regard to campus technical issues.  The FIU civil engineering professors do not appear to have been personally involved in this particular design, however, other than to give their informal approval of the general approach and construction methods.  In fairness, many bridges have been successfully built using on-site accelerated bridge construction, which does not appear to be implicated in the collapse.  But in this case, it might have been a good idea to have qualified faculty members go over the plans, and they might have caught any errors that contributed to the collapse.

However, that is not the way most universities operate these days.  Each professor has his or her own irons in the research and teaching fires that are lit under them, and to ask one of them to stop what they're doing and check some plans for a new building or bridge would be regarded as an unfair imposition on their time, and rightly so.  They might reply that there are professionals being paid to do that, and they would be correct.

But when professionals are paid to do a job, it's up to them to do it right.  According to the latest update from the NTSB, someone (or possibly something, if we include computers) failed in that responsibility.  And physical objects are not forgiving.  The warning signs were there:  cracks in the location that subsequently failed.  We hope that the NTSB will use the embargoed meeting report to figure out what went wrong, not only in the original design, but also in the management process that led to the fatal decision to try tensioning the strut without stopping traffic underneath the bridge.  But until the final report on the accident is issued, this accident stands as a reminder to everyone who deals with technology that could kill or injure someone—a reminder that the lives of innocent people depend on how well you do your job.

Sources:  The NTSB update of Nov. 15, 2018 can be found at https://www.ntsb.gov/investigations/AccidentReports/Reports/HWY18MH009-investigative-update2.pdf.  I also referred to the Miami Herald report on the update carried at https://www.miamiherald.com/news/local/community/miami-dade/article221706575.html.  My original blog on this accident at http://engineeringethicsblog.blogspot.com/2018/03/the-fiu-bridge-collapse-more-questions.html had an incorrect date for the accident, which has now been corrected.

Monday, December 24, 2018

The Gatwick Drone Incident: Technology Outpaces Policy


Gatwick Airport is the UK's second busiest flight facility after Heathrow, and last Wednesday, Dec. 19, it was accommodating thousands of holiday travelers.  Around 9 PM, an unmanned aerial vehicle (UAV), commonly known as a drone, was sighted in the airspace dangerously near the airport's single runway.  Just this year, the UK prohibited drone flights within 1 km of airports, and this drone was well within that limit. 

No details are yet available about exactly what kind of drone it was.  But it was large enough (or its lights were bright enough) to be seen at night.  The airport authorities, acting with prudence, ordered a temporary shutdown in the hopes that the drone flight was an isolated mistake that could be dealt with quickly.  Unfortunately, that wasn't the case.  Shortly after flights were resumed, another drone was sighted.  Eventually, observers logged over 50 separate drone sightings, and the airport was shut down for a total of 33 hours before the last drone went away and flights were resumed.  As of Saturday, Paul Gait and Elaine Kirk, a couple living near the airport, were arrested in connection with the incidents, but as of Monday Dec. 24 they had been released without being charged.

Because Gatwick is a key hub in so many airline networks, the shutdown affected over a hundred thousand travelers and sent ripples in the air-transport system around the world for days.  Eventually, the authorities mustered military equipment capable of both locating and shooting down drones, but by that time the threat had ceased.

This incident raises a number of questions about what the proper policies of airports should be about drone sightings, about what regulations drone users and manufacturers should have to deal with, and how we are going to prevent copycat drone incidents like this in the future.  First, the policy question.

It looks like the UK is somewhat behind the U. S. in its regulation of drone technology.  For several years, the U. S. Federal Aviation Administration (FAA) has required registration of ownership of drones (at least those above a certain size and capability), and laws are already in place restricting drone flights above certain altitudes and near airports.  The U. S. has had incidents of drones near airports, but no long-term shutdowns of major airports comparable to Gatwick. 

It's possible that the UK authorities erred on the side of excessive caution in ordering a total shutdown of the airport.  Depending on the size of the drone, they might have opted merely to warn pilots that there was a drone in the vicinity, as there are birds whose weight and consequent hazards to aircraft are comparable to that of a small drone, and it is rare to see airports shut down because of excessive bird flights over the landing areas.  But birds don't carry explosives, and terrorist fears were probably prominent in the decision to play it safe and simply shut down the single runway rather than run the risk of having a plane damaged or destroyed by a bomb-carrying drone.

That being said, what could authorities have done to prevent the drone pilot (or pilots) from flying their UAVs in restricted airspace?  Presently, not much, short of trying to shoot them down.  There is electronic fence technology available, but depending on the radio frequencies used by the drones, attempts simply to jam the frequencies typically used by drones could have severe unintended consequences, even possibly disrupting electronics that are vital to legitimate air operations.  And if the drones were pre-programmed to follow a set flight pattern, they do not even have to be in constant communication with the drone's operator to fly, and therefore jamming might not have done any good.

Going aggressive and trying to shoot the thing down is not that easy.  A drone at a distance of a kilometer or so is a very small target.  If a bullet or rocket misses it, that bullet or rocket is going to come down somewhere, and typically metropolitan airports are not places where you want bullets or rockets coming down at random.  So that's not a realistic option either.

The best long-term solution might be to build in something called "remote ID" that the world's largest drone manufacturer, DJI, suggested in a statement.  Remote ID would be a system whereby all drones would transmit their location, the pilot's location, and an identification code in real time.  If such a system were made mandatory, authorities could simply read the code and run over to where the pilot is and arrest him or her.  It's interesting that the biggest drone maker suggests such a thing, but obviously hasn't included it in their products yet, possibly for cost and performance reasons.  Low-end drones don't have GPS receivers and wouldn't be capable of remote ID, but maybe those types are not the most serious threat to places like Gatwick anyway. 

Even with such ID technology, a determined pilot could keep on the run and stay ahead of the cops long enough to cause serious disruption.  And chasing down more than one drone at a time could be hard.  Because drones can typically stay in the air for only half an hour before their batteries have to be recharged, the number of drone sightings during the Gatwick shutdown leads authorities to believe that several drones and operators were involved. 

The investigation continues, and it will be interesting to discover who did it and why.  In the meantime, the UK has had a rough wake-up call with regard to their policy on drones.  One hopes that they don't overreact with blanket bans on the devices, which are proving to be useful in a wide variety of commercial and amateur applications.  But we can't have major airports getting shut down at the whim of a few people with consumer-grade drones.  So the policy and regulatory environment, especially in the UK, will have to catch up with drone reality on the ground—or rather, in the air—to prevent such incidents in the future.

Monday, December 17, 2018

Has Human Gene Editor Been Edited Himself?


Dr. Jiankue He of the Southern University of Science and Technology in Shenzhen, China, claims to have used a gene-editing technology called CRISPR/Cas9 to edit the genes of twin girls in order to make the babies resistant to the AIDS virus carried by their father.  When news of his experiment leaked out, scientists and governments around the world attacked him for doing what is widely viewed as an unethical experiment.  After Dr. He tried to defend himself at a Human Genome Editing Summit in Hong Kong at the end of November, the president of Dr. He's university reportedly collected him and took him back to Shenzhen, and his whereabouts are presently unknown.  He is no longer answering his phone, his lab has been shut down, a company he founded has lost contact with him, and one report says he has been placed under house arrest. 

First, a little background.  It will be very little because biology and bioengineering is not my forte, to say the least.  CRISPR is an acronym for some DNA sequences that are found widely in cells, and these sequences are used with an enzyme in a technology called CRISPR/Cas9 to edit DNA.  So in the last fifteen years or so, we have gone from reading the human genome (the goal of the Human Genome Project, completed in 2003) to editing the genes of human beings—at least if Dr. He has done what he says he's done.

From a scientific point of view, his claims remain unsubstantiated, because he has not yet published anything about this particular experiment in a peer-reviewed journal.  He apparently intended to do so when news of it leaked out, and Dr. He decided to post information about it to forestall rumors.  What he posted did a lot more than that.

There's enough questionable ethical practices in this incident for several columns.  The most prominent one is whether Dr. He did wrong in deliberately manipulating the gene sequence of human embryos and then implanting them back in the mother to be born.  Nothing has been said about how many unsuccessful tries were made along these lines, but if this experiment was like others, the yield rate was probably very small. 

Besides that question, there is the problem of talking about controversial experiments prior to peer review.  We still don't have any verification as to whether Dr. He really did what he said, although he has a good track record in the field of previous genetics research in less controversial areas.  But given the nature of his situation, Dr. He probably did the least bad thing in releasing more information rather than just letting rumors run wild.

What is most interesting to me is the way the government of China has reacted to the firestorm of controversy.  Up to now, Dr. He has been treated like a golden boy, being allowed to study abroad at Rice and Stanford, receiving a coveted Thousand Talents Award to set up his own lab, and founding or being involved in six companies focused on commercializing aspects of his research.  Earlier this year he announced that he was taking a leave from his university position to concentrate on his commercial activities. 

But once news leaked of his alleged CRISPR/Cas9 experiment with the twins and criticisms began to mount, the weather changed fast.  China currently has no inconvenient encumbrances, such as the legal concept of due process, to delay rapid and decisive action on the part of its government.  So when someone high up in the power structure decided that Dr. He was no longer an asset, his fate was sealed.  It may be months or years before we find out exactly what has happened to him, but for now, his high-flying career appears to be at an end.  What the government gave, the government can take away, and apparently has.

There is an odd parallel here between what the Chinese government has done to Dr. He, and what Dr. He has reportedly done to the twins.  For years, he enjoyed the freedom to study at the best universities in the world, to follow his investigations into the secrets of the genome, and to speculate on commercial applications of his ideas.  But in a matter of weeks, it's been taken away, at least for the time being.

At least Dr. He had the opportunity to judge whether his experiment might land him in hot water.  He may have judged wrong, but he was free to refrain as well as to go ahead.  The twins—referred to in news reports only as Lulu and Nana—have had no choice whatsoever.  From the time they were born, they became participants for life in an experiment that was not of their choosing.  If what Dr. He claims to have done is true, they are the first human beings on Earth whose intrinsic genetic makeup came about not only through the volition of their parents, grandparents, and ancestors stretching back before the dawn of human history, but also through the deliberate mechanical technology of CRISPR/Cas9. 

Is this a tragedy?  A lot of people seem to think so.  Judging from the swiftness of the negative reactions heaped on Dr. He's head, most of them arose from what bioethicist Leon Kass calls the "yuck factor."  Some ideas and actions are just intuitively revolting to most people, and fiddling with a human embryo's genes fall into this category.  Given the magnitude of the opprobrium, the government of China saw a threat to their hoped-for reputation as a leader in rapidly advancing scientific fields such as biotechnology, and removed Dr. He from public (and maybe even private) view.  One researcher going a bit too far is disposable.  But China's long-term plans in this area are not known.

The more basic question raised by this research, and one that has not been addressed much so far in news reports on it, is whether human life is really distinct, set apart, or holy compared to other life.  If it is, then a whole array of things that are now legal and even praised in some circles, ranging from mix-and-match in-vitro fertilization to abortion, are highly questionable, to say the least.  If it isn't—if playing with human genes is no more harmful than what the Jesuit priest Gregor Mendel did to his bean plants to figure out the basics of genetics over a century ago—then I would ask, what's the big deal?  Once you've gotten over the shock of novelty, human gene editing will fade into the background and become just another way we mess with ourselves technologically.  I hope that never becomes the case, but unless we use this controversy to open up a wider inquiry into what the limits of biotechnology should be, I'm afraid we'll look back on Dr. He's case and wonder what all the fuss was about.

Sources:  The Australian Broadcasting Company posted a report about Dr. He's disappearance at https://www.abc.net.au/news/2018-12-07/chinese-scientist-who-edited-twins-genes-he-jiankui-missing/10588528.  I also referred to a report of theirs on the experiment itself at https://www.abc.net.au/news/2018-11-27/china-gene-edited-babies/10556676. 

Monday, December 10, 2018

Microchipping People: Convenience or Concern?


For some years now, we have had radio-frequency identification (RFID) technology available to make transponder chips small enough to be implanted into living beings such as dogs or people.  Almost no one objects to placing an identifying microchip in a pet, which in a legal sense is a piece of property like the sunglasses you might buy at a store.  But some lingering sense of the difference between humans and everything else gives us pause when we start talking about microchipping people. 

That sense hasn't stopped some four thousand Swedes from getting microchip implants, mostly from a startup called Biohax International.  It's interesting that Biohax's founder Jowan Österlund was at one point a professional body piercer, a profession which itself couldn't exist unless a segment of the population had already let down its guard somewhat concerning the idea of affixing pieces of metal to one's person. 

According to an NPR report, Swedes have high levels of trust for institutions such as their government, banks, railroad companies, and other organizations.  And microchipped Swedes are now able to use their implanted microchips instead of train tickets or credit cards for transportation, and can simply wave an implanted hand at a door-lock sensor instead of fumbling in a wallet for a pass card. 

A report in the Economist last summer mentioned something that often comes up in U. S. discussions of personal microchips:  a passage in the New Testament Book of Revelation about "the mark of the beast."  When the reporter asked Österlund about this concern, his reply was dismissive:  "people once thought the Beatles were the Antichrist."

Leaving such eschatalogical concerns aside for the moment, what are the other potential downsides of either voluntary or compulsory personal microchipping?   First, there is a privacy concern.  The memory capacity on such chips will only increase in the future.  Depending on what sorts of data are stored on the chip, for example medical information, you could inadvertently allow strangers to access your most intimate medical secrets.  With a wallet card, you can always refuse to show it to somebody or even keep it in a shielded enclosure to prevent unauthorized readings.  But if an RFID chip is implanted in the web of skin between your right thumb and forefinger (a typical location), the only way to prevent unauthorized access for sure seems to be wearing foil-lined gloves all the time. 

And there is another concern which is hard to express, but I'll try.  A person's identity cannot be realized in isolation.  That is to say, who we are is formed in the process of relating to other people.  I hold an appointment as a full professor at Texas State University.  But if somebody picked me up and dropped me off by myself on a desert island, my status as a full professor would become effectively void, because I would no longer be among the people who recognize me as such.  And so the ways by which we are recognized influences our own ideas about who we are.

We are already pretty far down the road I'm trying to describe, in that we are used to identifying ourselves by numbers, passwords demanded by all sorts of online systems, and by other impersonal means such as swipe cards and even biometric sensors.  In ways that are hard to quantify or even detect, but which I am convinced are nonetheless real, these impersonal or mechanical means of identifying ourselves do things to our self-concept—things that I am convinced are not that helpful.  But at least with passwords and biometric ID methods and wallet cards, these are all things that leave my bodily integrity alone. 

With a microchip, that bodily integrity is breached.  Now an actual physical part of myself, a foreign body, has become an essential part of my public identity.  And make no mistake, once people find out (and the technology allows) that one little implanted microchip can replace a fistful of wallet cards and a brain full of memorized passwords, they will become very popular, as many Swedes have already discovered.  And as night follows day, those chips will themselves become things of value—more valuable in some cases than the persons harboring them.  I am unaware that anyone has yet tried to extract another person's microchip under duress, but sooner or later, you can be sure it will happen, leaving the victim with a bloody hand and the thief with the victim's identity, at least until the victim can call a hotline and report that his microchip was stolen.  And Biohax had better start putting such a hotline system in place soon, if they haven't already.

I'll save my thoughts on the mark of the beast for last.  Christians who take the New Testament seriously, as God's word revealed to man, are nevertheless puzzled by the last book of the Bible.  Revelation is an example of a type of writing called apocalyptic literature (the Greek word for the book is "apocalypse") that was popular around the first and second centuries A. D.  It is highly symbolic, and unfortunately the keys to much of the symbolism have been lost.  So no one knows for sure who the two beasts are of Rev. 13, in which we are told that the second of the two beasts will require everyone who wishes to buy or sell anything to receive a "mark" on their hand or forehead. 

This is bad news for them, because in the next chapter we hear from an angel who says, "If any one worships the beast and its image, and receives a mark on his forehead or on his hand, he also shall drink the wine of God's wrath," and it goes downhill from there, all the way to torment with fire and sulphur.   This explains the almost automatic and sometimes hysterical opposition from some Christian groups to any hint of a compulsory identification program that leaves marks or other things on one's body. 

I respect these concerns to the extent that I do not personally wish to have a microchip installed in my person.  But I don't necessarily agree with those who tell microchipped people that they're bound to be playing with fire.

Sources:  The National Public Radio report on Swedish microchipping appeared on the NPR website on Oct. 22, 2018 at https://www.npr.org/2018/10/22/658808705/thousands-of-swedes-are-inserting-microchips-under-their-skin.  I also referred to The Economist website, specifically an article carried on Aug. 2, 2018 at https://www.economist.com/europe/2018/08/02/why-swedes-are-inserting-microchips-into-their-bodies. 

Monday, December 03, 2018

Marriott's Data Breach: Not In Our Line of Work


Back when I attended Cornell for my master's degree, I learned that one of the stronger academic programs on campus was what is now called the Cornell School of Hotel Administration.  There was even an actual hotel on campus run by undergrads in the program, and reportedly (I never stayed there) it was one of the best hotels in Ithaca, and quite reasonably priced.  But this was back in the days when guests registered by signing a physical registration blank, which was filed in a file cabinet.  Advance registrations were made by phone or letter, although faxes were just beginning to be used in 1976. 
In order to steal a guest's registration information, a thief would have to break into the hotel office (which was staffed 24/7, meaning it would have to be robbery, not burglary) and carry off piles of paper.  And even if he did, the only records he'd get would be the ones from that particular hotel.

Fast forward to last Friday, Nov. 30, when Marriott, the largest hotel chain in the world, announced that their Starwood chain, purchased in 2016, had suffered one of the largest data breaches on record, beginning in 2014 and affecting possibly some 500 million customers worldwide.  Besides the usual name, address, phone number, and email info, this breach may also have compromised passport and credit card numbers, although the latter were encrypted.  Today's sophisticated cybercriminals have shown that de-encryption is not beyond their capabilities, however.  Details of the breach are still sketchy, as the news release from Marriott indicated only that an unauthorized party copied and encrypted information within their system and "took steps toward removing it," although whether it was actually stolen is not clear from the announcement.  Nevertheless, the possibility exists, and this knowledge is less than comforting to the millions of Starwood guests whose personal data may have been stolen.

It used to be that running a hotel, or even a hotel chain, didn't require you to be a world-class information technology expert.  But hotels eventually saw the advantages of centralizing their electronic records so that no matter where their guests travel, the same information is available and discounts and other favored-customer perks can be applied instantly all around the globe.  The same overwhelming network advantages that often transform a slight numerical superiority in a network situation into a practical monopoly apply also to hotels as well as to telecomm companies, Internet providers, and other network-intensive businesses.  And such concentrations of data are attractive to sophisticated cybercriminals who aren't going to waste their time on independent mom-and-pop businesses when the same amount of hacking effort can be rewarded with the personal records of 500 million people.

Human systems and organizations respond slower than the Internet to change, and I can't help but wonder whether part of the fault for the Marriott data breach lies with management of the Starwood organization, who may have been very good hoteliers, but less than competent IT managers.  It's too early to draw any conclusions, of course, but an interesting comparison can be drawn between hotel-running and banking, say. 

Banks were into computers and their predecessors, IBM punch-card business machines and weird giant-typewriter-looking things called posting machines, back when the fanciest information technology you were likely to find in a hotel was the accountant's adding machine.  As the advantages of computerized banking became clear for purposes of check clearing, banks led the way in developing machine-readable checks and methods of securely sending financial data from place to place.  The spread of automated teller machines (ATMs) in the 1980s taught banks how to put secure networks in places where there was no actual bank, just an ATM.  Having been used to thinking about the possibility of theft constantly as a part of their business, banks naturally built up the security functions of their digital operations along with the operations themselves.  Their systems are by no means perfect, but even when data is stolen, they have devised rapid and effective methods to detect data breaches and to put a stop to their effects.  For example, if someone steals your credit card number, the credit-card issuer uses sophisticated buying-pattern software to raise a flag and check with you within hours to see whether illegitimate charges were made. 

While hotel people have long dealt with thefts of personal property from rooms, the notion that digital information garnered from customers can itself be more valuable than anything that guests carry on their persons is a novel one to the hotel students who were attending Cornell when I was there, at any rate.  And while I'm sure that Cornell's current hotel administration curriculum includes something about IT management, I suspect it's a recent innovation, and almost certainly wasn't taught forty years ago.  So it's not surprising that a type of business that historically wasn't that involved in digital systems turns out to be especially vulnerable to modern-day cybercriminals. 

It's still not clear whether any Starwood customer information was actually used illegally, but such questions take time to answer.  That hasn't stopped some lawyers from filing a national class-action lawsuit against Marriott.  Both the lawyers and the cybercrooks are taking advantage of the fact that the Starwood chain tends to attract upscale customers who both have lots of money and connections worth stealing, and who are more likely to support a class-action lawsuit for that reason.  If your humble scribe has stayed at a hotel in the Starwood chain, I don't remember it, as my taste runs more to Best Western or LaQuinta.

Still, for the sakes of the 500 million people affected, I hope this incident turns out to be less serious than it appears to be now.  And I bet that the IT management course at the Cornell School of Hotel Administration will cover the famous 2018 Marriott data breach as a case study in the future.

Sources:  I referred to reports on the data breach carried by NBC News at https://www.nbcnews.com/tech/security/marriott-says-data-breach-compromised-info-500-million-guests-n942041 and the Hawaiian paper the Star Advertiser at http://www.staradvertiser.com/2018/12/01/breaking-news/national-class-action-lawsuit-filed-over-marriott-data-breach/.