Monday, April 29, 2019

Facebook, Privacy, and Regulation

In what may signal a change in attitude, the U. S. Federal Trade Commission is talking about fining Facebook billions of dollars for breaching a privacy agreement between the company and the FTC.  At issue is how Facebook uses the data it gleans from its users and whether Facebook has asked permission before sharing private data with third parties. 

In a recent AP article, reporter Barbara Ortutay says Facebook has set aside $3 billion in case the FTC fines the firm.  This is somewhat of a drop in the bucket of Facebook profits, which are estimated to be over $20 billion this year.  But still, it's large enough to attract investors' attention, and so the publicly traded company mentioned it in a recent news release. 

Privacy is one of the more nebulous concepts in ethics and law, as opposed to murder, say.  With murder you generally have a dead body and a definite event that produced it.  But privacy is all in the mind, or rather, minds—the mind of the person whose privacy has been violated, and the minds of those who allegedly know something about the victim that the victim doesn't want known.  And figuring out what is in peoples' minds isn't that easy.

One of the earliest institutional guarantees of privacy is what the Roman Catholic Church calls the "seal of confession."  Catholics are supposed to confess all their mortal sins periodically to a priest in what's called the sacrament of penance or reconciliation.  In turn, the Church promises on behalf of its priests never to reveal what is confessed.  A priest who breaks the seal of confession is subject to immediate defrocking, and so some priests have become martyrs rather than reveal secrets they learned in the confessional to government agencies, for example. 

There are many differences between confessing one's sins to a priest and posting your latest trip to a bar on Facebook, but structurally the situations are similar.  In each case, there is a person who is providing information that they would like to keep private:  the penitent in the confessional, or the person posting something on Facebook.  There is also the desired audience which the person wants to reach:  the priest (and presumably God) in the confessional, the intended circle of chosen friends in the case of Facebook.  There is the institution whose job it is to ensure that privacy is maintained:  the Church in the one case and Facebook in the other.  And finally, there's everybody else—the rest of the world which is supposed to remain wholly ignorant of what is going on in the private interchanges between priest and penitent in the one case, or Facebook and the user in the other case.

There have been isolated cases in which the seal of confession has been broken, but they have been rare, probably owing to the drastic penalty the Church exacts on a priest who breaks the seal.  In the case of Facebook, things are much different.  For one thing, individual users have no sure way of knowing if Facebook shares their private information with advertisers.  So it's reasonable that another institution with enough resources to investigate such large-scale questions systematically should get involved, in this case the FTC.  Instead of the seal of confession, we have a 2011 agreement reached between the FTC and Facebook which bound the company for twenty years to ask for "affirmative express consent" before Facebook shares any data the user hasn't made public with a third party.

Here's where things get tricky.  Anyone who deals with computers knows that whenever you sign up with a new service or install new software, you get asked to consent to something that most people blow by without reading.  If you try reading the terms and conditions, as they're called, you will either waste hours on it or have to hire a lawyer to figure out what you're really committing to.  This digital equivalent of fine print on a written contract is where companies like Facebook sometimes try to bury things you may not like if you knew about them.  But the case the FTC has against Facebook may amount to something like in clause 4 of paragraph 3.7A, you actually agreed to let Facebook share what you thought was private data with anybody who will pay for it. 

The question of whether clicking a button that says you read and understood the terms and conditions without really doing that is "affirmative express consent" has two answers.  The technical answer is, yes, it does, and if you didn't read and understand all that legal boilerplate it's your own fault.  The practical and man-on-the-street answer is, no it doesn't, because nobody but a corporate lawyer getting $300 an hour for the job is going to read and understand all that stuff in the sense that is intended, and making ordinary non-lawyers press the button is simply a CYA (cover-your-afterparts) action on the part of the company.  And the FTC may be saying that Facebook hasn't been covering well enough.

I do not personally use Facebook, although my wife does and lets me know if she finds anything important on it that she thinks I ought to know.  As I said to begin with, privacy is a fuzzy concept which in the digital age we live in has come to mean different things to different people.  Younger people especially seem not to mind sharing things on public sites that forty or fifty years ago would have been confined to the privacy of one's diary kept under lock and key.  I suppose the best we can do is to make clear what users expect in the way of privacy, in terms that users themselves can understand, and then use government regulation if necessary to keep organizations like Facebook from abusing the trust that their users place in them.  And if it takes billion-dollar fines to get a company's attention, then I say go to it. 

Sources:  The AP article by Barbara Ortutay about the potential Facebook fine was carried by numerous news outlets, including the print edition of the Austin American-Statesman on Apr. 26, 2019, where I saw it.  One online location that is not protected by a pay-to-get-behind-it firewall (an increasingly common practice these days) where the article can be viewed is the website of West Virginia's Bluefield Daily Telegraph at 

Monday, April 22, 2019

The Stork Goes Digital

Pregnancy and childbirth, as well as the activities leading up to these, are among the most private matters women are concerned with.  They can also be some of the most expensive medical conditions that otherwise healthy young women encounter.  It comes as no surprise, then, that a company called Ovia has developed a system that lets women employees track their fertility and resulting pregnancies digitally. 

Originally, Ovia planned to promote their product directly to the consumers—young women—but as described in a recent Washington Post article, the company began to get inquiries from employers wanting to know how they could encourage their women workers to sign up.  Why?  The hope that Ovia would reduce medical-insurance costs for expensive infertility treatments and problem pregnancies.  Ovia showed employers that women who use the app can indeed benefit from the improved monitoring and awareness of warning signs that it provides.  Presently, Ovia's website clearly prioritizes this mode of delivery, and the typical user can even receive small payments from her employer to encourage her to keep checking in and providing data.  But what happens to that data?

Ovia stresses that all identifying information is stripped from the data before it is passed to the employer, who can then use it to anticipate health-care costs and glean a detailed picture of the most intimate aspects of their women employees' lives.  The contract Ovia signs with employers includes a promise that the employer will not "de-anonymize" the data to figure out exactly who is pregnant, for example, but there have been bad actors in the business world before, and it's not hard to imagine someone doing this for illegitimate reasons. 

Ovia is one of the more prominent apps of a variety that track various aspects of user health—Fitbit being the most well known.  Using such an app simply for one's own benefit is one thing.  But signing up to share intimate details with an employer-sponsored app is a different matter.  According to statistics provided by Ovia, the benefits are real—they say that users have a 30 percent reduction in premature births, and  a 30 percent increase in natural conception, as opposed to costly and absence-inducing infertility treatments. 

In a country where the burden of health insurance typically lies with the employer, one can't fault employers for doing whatever they can to minimize this cost, and gynecological-related procedures are among the most expensive ones that young women predictably encounter.  So the synergistic cooperation among Ovia, employers, and their women employees looks mostly like a win-win situation.

All the same, the article interviewed experts who expressed privacy concerns.  As long as there are no data breaches, these concerns may be largely imaginary.  But one aspect of engineering ethics is trying to imagine what could go wrong before it happens, and here's one way an app like this could be misused.

In a free country where agreements are freely arrived at between employees and employers, voluntarily sharing information is one thing.  But in countries with less freedom, such as the Peoples' Republic of China, governments are systematically worming their way into increasingly private aspects of their employees' lives.  I'm sure Ovia would like to have a market of the 1.3 billion or so people in that country.  But what if women there, instead of being offered the option to use the app, were forced to use it as a requirement of employment?  And what if turning up pregnant without first informing Ovia could be a cause for fines or imprisonment? 

It sounds awful, but such regimentation is becoming just another part of life in China, where all kinds of digital information on citizens is being used to come up with a "social credit" score.  It's sort of like a financial credit rating, but measures your reliability as far as the government is concerned.  In the dystopian novel 1984, the omnipresent Big Brother monitored everyone's actions through telescreens, which were sometimes laughed off by readers at the time because it would have taken half the population to sit behind the monitors to watch the other half.  But now in the age of AI pattern recognition, the watchers are 99% digital, and what was formerly thought impossible because of the absurd manpower demands has become quite feasible for a government that sets no bounds for snooping on its own citizens.

So far, Ovia seems to be simply another employee benefit that really does make things better for both users and the companies they work for.  Working women who get pregnant always encounter more or less conflicted situations, and anything that reduces the conflict, making employers less bothered about their women employees who have children, seems to be a good thing.  Still, it's another step into the digital future, which young persons especially seem to be embracing with little or no regret.  Things that once people blushed to tell even their doctors are now fodder for online posting, and as long as the privacy Ovia and similar apps promise is not breached, I suppose this is a good thing if it leads to healthier mothers and babies. 

Still, one wonders where the sharing of formerly private and personal data will stop, if ever.  Freedom, as an abstraction, can get overlooked in the rush to convenience that so many digital advances offer.  And so far, it looks like Ovia really has kept their promises that users' privacy will not be compromised.  But in the hands of a malevolent employer, or worse, a malevolent government, these kinds of personal-health apps could lead to serious incidents of abuse.  Let's hope that we can keep the benefits of Ovia and related apps while fending off any attempts to use it for nefarious purposes.

Sources:  The Washington Post article "Is Your Pregnancy App Sharing Your Intimate Data With Your Boss?" appeared on Apr. 10, 2019 at  I also referred to Ovia's website at 

Sunday, April 21, 2019

The FCC and 5G

When I attended Cornell University in 1976 and 1977 for my master's degree, I took a microwave lab course.  In the lab room where we worked was a large glass desiccator jar, sort of like a clear cookie jar with blue desiccator crystals in the bottom to keep the contents dry.  Inside the main area of the jar were tiny rectangular copper pipes with little connectors on the ends. The pipes were about a quarter of an inch wide or less, some as small as soda straws, and a few inches long.  When I asked one of the professors what this was, he explained that the pipes were millimeter-wave waveguides.  Certain frequencies of millimeter waves were highly absorbed by water, so they had decided to keep the waveguides in a desiccator jar to make sure that they didn't have any absorbed film of water in them that would mess up the measurements they might make with them. 

Back then, millimeter-wave equipment was nothing more than a laboratory curiosity.  In terms of frequencies, millimeter waves range from 30 GHz up to 300 GHz.  Their name comes from the fact that they make waves in air that are between 1 and 10 millimeters long from one peak to the next peak.  Back in the 1970s, they were extremely hard to generate and detect, and nobody but a few scientists had anything to do with them.  The only large corporation that had pursued serious research about millimeter waves was Bell Laboratories, which thought for a while that the future of their network would involve millimeter-wave waveguides crisscrossing the country.  But when Corning and other companies figured out how to make extremely low-loss optical fibers, Bell dropped their millimeter-wave idea and switched to fiber optics, which is how the vast majority of network traffic travels today.

But you can't attach fiber optics to a moving car, or somebody walking down the street, so as newer applications such as virtual reality and the Internet of Things grow, there is a constantly increasing need for more wireless bandwidth.  And millimeter waves will be a key player in the next generation of wireless network technology called 5G.

Last Friday, Apr. 12, the U. S. Federal Communications Commission (FCC) announced that it plans to auction off close to 5 GHz of some millimeter-wave bands that have previously been reserved for other purposes.  These bands are at 37, 39, and 47 GHz.  For many years now, auctions have been the FCC's preferred method of allocating frequencies to private entities, and while such auctions shut out everyone except those well-heeled enough to afford to exploit the frequencies they buy, this process is a lot more transparent and fair than their former practice of simply opening applications to all comers, and waiting to see who gets there first.  And the old process was often subject to political log-rolling.  For example, the way Lyndon B. Johnson obtained control of station KLBJ in Austin and vastly mproved its value in the 1940s does not bear a lot of scrutiny, unless you don't mind finding a lot of political wangling that the then-senator engaged in with the FCC. 

While auctions of radio spectrum allocations are not inherently just proceedings in themselves, they do acknowledge that the spectrum is a limited natural esource, and an auction allows interested parties to express their perceived value of that resource in bids.  We don't often value what we don't pay for, and so an auction tends to ensure that whoever gets the right to use certain frequencies is going to exploit them so as to get their money's worth. 

Even as recently as a decade ago, an auction of millimeter-wave bands wouldn't have attracted much attention, because the technology to generate and receive such waves was way too expensive for consumer products.  But with advances in fabrication methods, microwave technology, and adaptive control of antennas, it's now feasible to start building the micro-cells that millimeter-wave wireless will need.  As you go higher in frequency to around 60 GHz, millimeter waves are increasingly absorbed by oxygen in the air, and even below that frequency they do not propagate very far compared to the longer microwaves that are used for earlier wireless systems.  So this means we will need a whole lot more millimeter-wave base stations than you would need for equivalent coverage at lower frequencies. 

A millimeter-wave base station won't be a two-hundred-foot tower with antennas several feet long hanging from the top.  It will probably take the form of a box or panel just a few feet square, sitting at or near ground level, typically on a utility pole.  They will show up first in big cities where the density of foot and vehicle traffic justifies the installations, and then less dense areas will be covered.  For sparsely populated areas, the FCC has announced it is thinking about allocating some frequencies as low as 600 MHz, whose waves can cover much wider areas, so suburbs and rural regions won't be totally left out in the cold, wireless-wise.

This all assumes that there's nothing harmful to human health regarding the increased amount of millimeter-wave radiation that people will be subjected to as 5G deploys.  There is at least one person with apparently good qualifications who says this isn't so.  Martin L. Pall is a retired professor of biological sciences at Washington State University who has published both refereed journal papers and popular talks saying that Wi-Fi, and in particular millimeter waves, can cause everything from low sperm counts to cancer.  I know enough about electromagnetics to have reason to doubt some of his reasoning as to how this occurs, but interested parties can examine his case here.  If he's right, we ought to go slow on the rollout of 5G, but it looks like instead we'll be performing a massive experiment in which millions of people get exposed—and then we'll see if anything bad happens. 

Sources:  The FCC's news release about their planned 5G auction can be found at  I read about the plan in an Associated Press article carried by the Austin American-Statesman on Apr. 13, a version of which can be viewed at the AP website  Dr. M. L. Pall's expression of his concerns regarding the increasing use of Wi-Fi can be read in his paper in Environmental Research vol. 164, pp. 405-416 (July 2018), which is downloadable at

Monday, April 08, 2019

Boeing Confirms Software At Fault In Ethiopian Crash

Last Thursday, Apr. 4, Ethiopian Transport Minister Dagmawit Moges released a preliminary report into the crash of an Ethiopian Airlines Boeing 737 Max 8 outside Addis Ababa last month, killing all 157 people on board.  Cockpit voice recordings and data from the flight recorder make it very clear that, as Boeing CEO Dennis A. Muilenberg admitted regarding both this crash and that of an Indonesian Lion Air flight last fall, "it's apparent that in both flights the Maneuvering Characteristics Augmentation System, known as MCAS, activated in response to erroneous angle of attack information."  Boeing is currently scrambling to fix both that software problem and another minor one uncovered recently, but as of now, no 737 Max 8s are flying in the U. S. or much of anywhere else.  And the FBI is reportedly investigating how Boeing certified the plane.

When we blogged about the Ethiopian crash three weeks ago, there were significant questions as to whether the MCAS alone was at fault, or whether pilot errors contributed to the crash.  But according to a summary published in the Washington Post, Minister Moges said that the pilots did everything recommended by the manufacturer to disable the MCAS, which was repeatedly attempting to point the plane's nose downward in response to the single faulty angle-of-attack sensor output.  But their efforts proved futile, and the plane eventually keeled over into a 40-degree dive and crashed into the ground at more than 500 mph. 

Our sympathy is with those who lost relatives and loved ones in both crashes.  Similar words were spoken by CEO Muilenberg, on whose head lies the ultimate responsibility for fixing these problems.  In doing so, he and his underlings will be dealing with how to smoothly integrate control of life-critical systems when both humans and what amounts to artificial intelligence are involved.

This is not a new problem, but it has transformed so much over the years that it seems new. 

I once toured a museum near Lowell, Massachusetts which preserved a good number of the original pieces of machinery used in one of the many water-powered textile mills that used to dot the landscape in the early 1800s.  Attached to their main water turbine was a large, complicated system of gears, flywheels, springs, levers, and so on which turned out to be the speed regulator for the mill.  As looms were cut in and out of the belt-and-shaft power distribution system, the load would vary, but it was important to keep the speed of the mill's shafts as constant as possible.  The complicated piece of machinery I saw turned out to be a sophisticated control system that kept the wheels turning at the same rate to within a few percent, despite wide variations in load.

I'm sure that from time to time the thing might malfunction, and in that case a human operator would have to intervene, shutting it down if it started to go too fast, for example, or if continued operation endangered someone caught in a belt, say.  So humans have been learning to get along with autonomous machinery for almost two hundred years.

The difference now is that in transportation systems (autonomous cars, airplanes), timing is critical.  And because cars and planes travel into novel situations, not all of which can be anticipated by software engineers, conditions can arise which make it hard or impossible for the humans who are ultimately responsible for the safety of the craft to respond.  That increasingly seems to be what happened to Ethiopian Air Flight 302, as evidenced by the black-box data clearly showing only one angle-of-attack sensor to be transmitting flawed data. 

Such issues have happened numerous times with the limited number of autonomous cars that have been fielded in recent years.  We know of at least two fatalities associated with them, and there have probably been many more near-misses or non-fatal accidents as well. 

But even a severe car wreck can kill at most a few people.  Commercial airliners are in a differenc category altogether.  They are operated by (mostly) seasoned professionals who should be able to trust that if they follow the procedures recommended by the manufacturer (in this case, Boeing), they will be able to deal with almost any imaginable contingency, even something like a stray plastic bag jamming an angle-of-attack sensor (this is my imagination working, but something had to make it give an erroneous reading).  In the case of the Ethiopian crash, the implied promise was broken.  The pilots did what they were told would disable the MCAS, but it didn't disable, and with disastrous results.

It is unusual for a criminal investigation to be aimed at the civilian U. S. aircraft industry, whose safety record has been achieved under mostly cooperative conditions between the Federal Aviation Administration and the firms who make and fly the planes.  Obviously it is too soon to speculate about what, if anything, will turn up from such an investigation.  In teaching my engineering classes, I sometimes ask if anyone has encountered on-the-job situations whose ethics could be questioned.  And I have heard several stories about how inspection or test records were falsified in order to pass along defective products.  So such things do happen, but one hopes that in a firm with a reputation such as Boeing's, incidents like this are rare. 

The marketplace has ways of punishing firms for bad behavior which are not just, perhaps, but nonetheless effective.  With the growth of Airbus, Boeing knows it has a formidable rival for commercial aircraft, and any company with millions of dollars' worth of capital sitting idly on the ground as the 737 Max 8s wait for properly vetted software upgrades is bound to be having second thoughts about going with Boeing the next time they need some planes.  I would not want to be one of the software engineers or managers dealing with this problem, as the reputation of the company may be hinging on the timeliness and effectiveness of the fixes they will come up with. 

Boeing has been reasonably transparent about this problem so far, and I hope they continue to be up-front and frank with customers, regulators, investigators, and the public about the progress they make toward fixing these software issues.  People have been learning to get along with smart machines for centuries now, and I am confident that engineers can overcome this issue as well.  But it will take a lot of work and continued vigilance to keep something like it from happening in the future.

Sources:  The Washington Post carried the story "Additional software problem detected in Boeing 737 Max flight control system, officials say," on Apr. 4 at  I also consulted a  Seattle Times article at and the original report from the Transport Ministry of Ethiopia, which the Washington Post currently has at

Facts, Investigations, and Rumors: The Houston Tank-Farm Fire

NOTE:  Due to an oversight, this blog was not posted last week.  It was intended to appear on Apr. 1.  My apologies in case you missed it.---KDS

As most readers of this blog know, most of what appears here is commentary on engineering-ethics-related news from other sources.  First-hand reporting is not my bag, if for no other reason that I don't have time for it, and there aren't a lot of sources who are willing to be called at 5 AM, which is usually around the time I'm writing it.  But a week or so ago I received some information almost by chance, and it puts me in something of an ethical dilemma.  Do I write about something that wasn't intended for publication or not?  Well, with certain precautions, I've decided to go ahead.

Here's the known and widely publicized facts:  On Sunday, Mar. 17, a fire began at the Intercontinental Terminals Company (ITC) tank farm in Deer Park, an industrial suburb of Houston.  It quickly spread and at one point involved 11 of the 242 tanks at the facility.  Firefighters could only spread foam on nearby tanks to keep the fire from spreading, but had to wait for the products contained in the tanks to burn away, which took several days.  These products included toluene, xylene, naphtha, and benzene, a known carcinogen.  The fire made a huge black plume visible for miles, and caused the closure of several local school districts for a day or two.  Authorities also temporarily closed a portion of the nearby Houston Channel to shipping due to the fire.

Naturally, the fire is going to be investigated.  Although no one was killed or injured as an immediate result of the fire, millions of dollars' worth of chemicals and plant facilities were destroyed, and an unknown amount of toxic chemicals was released into the air, the ground, and the water nearby.  Anything this consequential is worth investigating because of the lessons that can be learned to avoid similar accidents in the future.

An independent agency, the U. S. Chemical Safety Board, announced last week that it was opening its investigation into the accident.  This board is recognized for its thorough and reliable conduct of mishap investigations, which can take months or even years before a well-researched report is issued.  In the meantime, before such reports are available, the cause remains officially unknown, although the facts that wind up in the official report are presumably somewhere waiting to be investigated.

And in the meantime, the last thing any company official is going to do is talk loosely about what they think might have happened.  This explains the relatively small amount of information that ITC released on its own during the fire, which burned off and on for nearly a week.  Lawyers flock to major accidents like—well, I was going to mention a species of bird, but we'll just let it go at that.  Already the Texas attorney general has announced that he's suing ITC for the pollution caused by the fire, and other suits will follow as night follows the day.  And the less fodder given by a company's officials to lawyers to use against them, the better, as far as the company is concerned.

So much for officialdom.  Now for the rumors and unconfirmed reports.  I did manage to find a reference in a minor Houston news outlet (the Houston Press) to the following report:  "Also Wednesday morning, the Houston Chronicle was quoting an unidentified worker as says the fire may have been started when a tank overheated and a safety valve did not shut that down."  I was unable to locate the original Chronicle story, but (and here's my contribution to the mix), it fits in with what a friend of mine heard from his connections back in Deer Park, where he was raised and worked in the refining business for most of his career before retiring to my area.  For obvious reasons, he will remain anonymous here.

On the Friday after the fire began, he told me the following.  At a tank farm there are tanks, pipes, valves, and pumps to send the various products to nearby facilities or transportation points such as loading locations for tank cars and tank trucks.  Some of these pumps are quite large, using multiple-horsepower motors that consume many kilowatts of power.  If an order comes through to a technician to send a certain amount of product to a certain pipe, the appropriate pump is turned on first and then the valve is opened, because otherwise, unforeseen back pressure or other issues might cause products to go the wrong way and get mixed up.

But it's vitally important, especially when a large powerful pump is involved, to turn on the valve shortly after the pump is turned on.  If this isn't done, all the energy that the pump's spinning impeller puts into the liquid can't go anywhere and turns into heat.  And the product—often a flammable one such as naphtha—can get hot enough to rise past its flash point, so that once the valve is turned on and any air is present, the product will spontaneously catch fire.

Normally there are thermal cutout sensors that will detect when a pump's outlet overheats due to misguided operation such as this, and shut off the pump automatically.  But sensors sometimes fail.

What my friend heard was that someone turned on a pump in preparation for shipping some flammable product out of the plant, but due to paperwork or some other delay, the appropriate valve wasn't turned on for some 17 hours.  That's plenty of time for a pump without a safety thermal cutout to get its product way too hot.  And so sometime Sunday, the product caught fire, and the rest is very public history. 

Distorted through a rumor mill and two news outlets, that more detailed story fits in with the unconfirmed and unattributed report that a "tank overheated" and a "safety valve" (read: thermal cutout) did not shut it down.  So strictly speaking, I'm not reporting a scoop here.  But it does sound like confirmation of another unattributed report.

Whatever the rumors say, we'll have to wait for the Chemical Safety Board to interview everyone concerned, compile the data they can obtain from SCADA (supervisory control and data acquisition) digital records, and anything else they find that's relevant to getting to the bottom of this accident officially.  But in the meantime, plant operators everywhere should pay extra attention to pumps and valves and timing.

Sources:  Besides my friend, I consulted the report on the fire carried by Chemical and Engineering News at and found the unattributed report of the overheated tank at