Monday, January 25, 2021

Sriwijaya Air Flight 182 Investigation Focuses on Automatic Throttle

 

On Saturday, January 9 of this year, Sriwijaya Air Flight 182 took off from Soekarno-Hatta International Airport near Jakarta a little after 2 P. M. with 62 passengers and crew on board, headed for Pontianak, Indonesia.  It was raining heavily, and less than five minutes into the flight, shortly after the plane crossed the shore of the Java Sea, flight controllers and radar lost contact with it.  A fishing boat reported hearing a loud explosion in the vicinity of the disappearance, and search parties have since discovered debris spread over a 2-km area (over a mile).  There were no survivors.

 

Although the flight-data recorder was recovered, the cockpit voice recorder (CVR), a separate piece of equipment, broke apart in the crash.  The CVR's memory unit is designed to survive even if the CVR is destroyed, but understandably it is difficult to locate, and has not yet been found.

 

Even without the CVR, investigators with the Indonesian National Transportation Safety Committee have begun to focus their attention on the automatic thrust controller of the Boeing 737 plane, which entered into service in 1994. (This is an earlier version of the 737 than the later MAX series, which was grounded for more than a year over concerns about flight software when two crashes were traced to software malfunctions.) 

 

Manual aircraft throttles are very similar to the gas pedal in a car:  they simply control the rate of fuel supplied to the engines.  Depending on wind conditions, angle of attack, and other factors, a given throttle setting can result in very different amounts of either thrust or speed.  To maintain constant speed, pilots would have to be constantly fiddling with manual throttles.  So modern airliners have autothrottle control systems that can be set either to maintain a constant speed (within safety limits) or a constant thrust, which is convenient for takeoff and landing.  In this connection, many autothrottles have a takeoff/go-around switch that is normally engaged only during takeoff or if the pilot decides to abort a landing.  Pressing the go-around switch provides a controlled amount of added thrust that will enable a smooth transition from an aborted approach to going around for another approach.  But to engage the go-around switch before entering an approach descent is a bad mistake.

 

This is apparently just what happened in another crash involving a Boeing 767 cargo plane heading for Houston's Bush Airport in February of 2019.  Investigators believe that while the plane was a good distance away from the airport, the first officer's wristwatch accidentally hit the "go-around" button on the autothruster, causing a surge in power.  The plane was in the clouds, which obscured all visible horizon references, and a sudden acceleration can feel like an upward tilt to pilots who are not sufficiently trained to ignore such sensations and pay attention to their instruments instead.  Evidently, the first officer, who was flying the plane at the time, decided that the plane was stalling and pushed the control stick forward, sending the aircraft into a dive from which it could not recover.  It crashed into a swampy area east of Houston with the loss of all three crew members. 

 

It's not yet clear what happened to Sriwijaya Flight 182, but the flight data recovered so far show that one of the plane's two engines was producing much more thrust than the other for the final seconds prior to the crash.  News reports indicate that there may have been problems with the autothrottle computer on this particular plane in the weeks before the crash.

 

Unequal thrust on a plane, if not corrected or compensated for, can cause severe rolling and even destabilize its flight and send it into a dive.  Normally, pilots are trained to notice such situations and to deal with them promptly.  But a factor in the Houston crash was inattention:  neither the captain nor the first officer understood what was going on until it was too late to do anything about it. 

 

In the weather conditions under which Sriwijaya Flight 182 took off, the pilots had to rely on their instruments during and after takeoff, and it's possible that they failed to figure out what was happening during the fifteen seconds or so that the aircraft took to fall from 10,000 feet into the Java Sea. 

 

Fifteen seconds is not much time to diagnose one specific problem from a complicated set of instrument readings and take exactly the right evasive action to deal with it.  As aircraft have become more complex, there are more things that can go wrong, and pilots have to be trained to deal with each one of them in the appropriate way.  Especially during takeoff and landing, where margins of error are small, having the correct response to a sudden emergency can mean the difference between life and death.

 

But 99.9% of the time, piloting a modern aircraft is about as exciting as driving to the grocery store—less, if you consider that in driving a car you don't have some friendly ground controller telling every other car exactly where to go so you have plenty of room to drive in.  But during every second of flight, pilots are expected to be in a state of high vigilance with the procedures for dealing with dozens of different kinds of emergencies at their mental fingertips.  While some pilots do meet these standards, as for example Chesley Sullenberger did during the 2009 Flight 1549 ditching in the East River, others do not.  The ones that don't can nevertheless fly without incident for years, because the systems they operate behave themselves.

 

But when something goes wrong, as it evidently did during Flight 182 out of Jakarta, the responses of the pilots are critical.  While we will have to await the full investigation results to be sure, it appears that both maintenance and training procedures for Sriwijaya Air may need to be overhauled.  Better maintenance can prevent mechanical malfunctions such as autothrottle failures from happening, and better training can help pilots more closely approach the ideal of eternal vigilance that is ready to deal with even unlikely emergencies such as autothrottle failures. 

 

Sources:  I referred to an article in Bloomberg News that describes what is currently known of the accident investigation results for Sriwijaya Air Flight 182 at https://www.bloomberg.com/news/articles/2021-01-20/faulty-automatic-throttle-eyed-in-indonesia-jet-crash-probe.  I also referred to Wikipedia articles on the crash as well as that source's articles on autothrottles, Atlas Air Flight 3591, and takeoff/go-around switches. 

Monday, January 18, 2021

Our Unelected Big-Tech Overlords

 

Last week I blogged about how Twitter kicked off @realDonaldTrump, and how decisions like that give the lie to Twitter's claim of common-carrier-like protection against lawsuits granted by Section 230 of the Communications Decency Act.  Normally I like to change topics every week, but this week is an exception. 

 

A week ago today, on Jan. 10, Amazon Web Services shut down its web-hosting services for the social-media network Parler, taking it off the Internet and capping a series of moves by Amazon, Apple, and Google that effectively ended the company's ability to serve its customers.  It was an extraordinary and united show of the power that large tech companies have to censor social-media speech.  Leaving aside for the moment the question of whether the action was justified, it now appears that not only can Big Tech edit content on its own sites as it pleases, it can exert the same editorial power on supposedly independent companies like Parler.

 

The background of this incident is informative.  As Twitter and other mainstream social-media outlets began ramping up their removal and suspension policies, Parler began to attract many of the users who left Twitter for that reason.  The New York Times reported that by Jan. 9, the day before Parler disappeared, it was the No. 1 free app for Apple's iPhones.

 

No matter.  Some things are more important than money.  Last week, Apple and Google announced that they were no longer going to allow Parler to be downloaded to phones with their proprietary operating systems, which meant that while existing customers could still use the service (at least till Jan. 10), nobody new could join.  But when Amazon pulled Parler's plug Sunday, even those apps became useless.

 

The reason given by Apple, Google, and Amazon is that in their view, Parler was not sufficiently monitoring the content of their posts for incitements to violence and crime.  I have no way of judging that, being a non-user of social media myself, but reports that Parler was used to coordinate the Jan. 6 assault on the Capitol in Washington seem credible.  So we will allow that this was a problem. 

 

Reportedly, Apple gave Parler 24 hours on Friday, Jan. 8, to "clean up its act" and remove offending posts, but Parler's efforts were deemed inadequate, and Apple removed Parler from its app store on Saturday. 

 

In a piece in National Review, Wesley J. Smith points out that Big Tech—Apple, Google, Amazon, etc.—are now behaving more like a fourth branch of government than ever.  However tenuously, the three constitutional branches of the federal government—the legislative, the executive, and the judiciary—are beholden to the citizenry of the United States.  But no one elected the leaders of the media giants who can, unilaterally and without breaking any laws, decide that a competing social-media service that is growing rapidly and under the protection of the same Section 230 that allowed them to become what they are today, decide to kill a competitor like Parler in a matter of days. 

 

Historically, the United States has been a haven for freedom of speech.  It was a bedrock principle in the philosophical discussions which led to the founding of the country.  In 1798, seven years after the Bill of Rights was added to the U. S. Constitution, Congress passed and President John Adams signed the Alien and Sedition Acts, which made it a crime to make false statements critical of the federal government.  These acts proved very unpopular, contributing to Thomas Jefferson's victory in the presidential election of 1800, and the acts limiting free speech were allowed to expire by 1801. 

 

Jay Cost points out that tolerating a certain amount of offensive speech is the price of allowing freedom of speech, which is vitally necessary to a self-governed people.  He quotes Madison as saying, "Our First Amendment freedoms give us the right to think what we like and say what we please.  And if we the people are to govern ourselves, we must have these rights, even if they are misused by a minority."

 

The excessive restrictions of the Alien and Sedition Acts were duly removed in keeping with the idea that any significant restriction of free speech is inimical to the free exchange of views that a free citizenry needs in order to govern itself.  Madison realized that certain people would abuse that right, but he regarded it as the price we had to pay in order to avoid suppression of thoughts that the powerful in government disapproved of.

 

I am personally appalled by the execrable and deadly riot at the Capitol, and by anyone who uses the Internet to encourage violence.  But for some time now we have been trying to have our social-media cake and eat it too.  The vaunted freedom of social-media speech is no longer free if those who run the media empires can squash, not only speech on their own systems, but speech on rival companies by shutting them down.

 

One choice is to accept the fact that in order to use social media at all, we will be subject to the consensus censorship of the powerful few who run the "private" sevice providers, and we will simply have to accept whatever they think is right as far as what can be posted and can't be.  This is the direction we are heading.  And it looks to me no different than the regime imposed by the Alien and Sedition Acts, a situation in which anyone who wants to post anything that the powerful firms think goes too far is simply out of luck and can't do it, with no appeal.  Yes, we might agree that letting people organize an attack on the Capitol is not a good idea, but in killing Parler, Apple/Google/Amazon are acting as legislators (making their rules), executives (imposing the rules) and judges (deciding where the rules apply).  And if you don't agree with what they decide, which many of the millions of users of Parler who didn't post objectionable material didn't, well, you are just out of luck.

 

Another alternative is to take Section 230 of the Communications Decency Act seriously, and go only after the individuals responsible for objectionable speech if they violate any laws, or prompt such violation of laws.  That is what Parler more or less tried to do, and you see what happened to them.  As deplorable as much of the material they carried on their system was, Parler was much more in the spirit of Madison's attitude toward free speech.

 

China shows that huge successful economies can thrive under a repressive government that makes people watch everything they say and hauls them off to a concentration camp if they say the wrong thing.  But, as I said, some things are more important than money.

 

Sources:  The New York Times report on the squelching of Parler appeared at https://www.nytimes.com/2021/01/09/technology/apple-google-parler.html.  Wesley J. Smith's editorial on Big Tech appeared in National Review at https://www.nationalreview.com/corner/big-tech-now-the-fourth-branch-of-government/.  Jay Cost's essay on James Madison and freedom of speech appeared in the same journal at https://www.nationalreview.com/2017/09/james-madison-free-speech-rights-must-be-absolute-nearly/.  I also referred to the Wikipedia articles on Parler and the Alien and Sedition Acts.

Monday, January 11, 2021

Trump, Twitter, and Section 230

 

The events in Washington, D. C. last Wednesday, and the subsequent permanent suspension by Twitter of the account @realDonaldTrump, throw into a spotlight glare the question of how responsible social-media companies are for the material that users post by the technical means that the companies provide.  They add urgency to a question that was already being raised:  should Section 230 of the Communications Decency Act of 1996 be modified or repealed?

 

The critical part of Section 230 has been hailed as "the twenty-six words that created the Internet," which is also the title of a book by Jeff Kosseff.  In case you're wondering, the twenty-six words are, “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”  To see how these words apply to, for example, the thousands of tweets from President Trump, read "Twitter" for "provider . . . of an interactive computer service" and "President Trump" for "another information content provider." 

 

What this section did was to place the then-infant Internet in the category of common-carrier communications providers such as telephone companies, and not in the category of news providers such as the New York Times.  The traditional "old media" (newspapers, radio, TV) were regarded in law as the originators of what they printed or broadcast, and could be sued if their material proved libelous or otherwise harmful.  But if a blackmailer, for instance, called his victim on the phone and made a threat, the idea of suing the phone company because of the blackmailer's actions would be regarded as ridiculous.  So for the next two decades or so, the industries spawned by the Internet—notably Facebook, Twitter, Google, and their ilk—grew without concern for possibly crippling lawsuits regarding the content that their users posted.  Legally, it wasn't their fault what people put on their sites, generally speaking.

 

Few people (or lawmakers, who are also people) anticipated that the main source of news and information for millions of U. S. citizens would shift from the old-media world to the social-media world, but that is exactly what happened.  The techno-optimists who foresaw a brave new world of egalitarian news sharing have been disappointed to find that lies get halfway around the world while the truth is still putting on its pants.  (Neither Winston Churchill nor Mark Twain apparently wrote that, but it's worth saying anyway.)  In particular, the elaborate structure of lies coming from @realDonaldTrump since the Nov. 3 Presidential election has convinced many millions of people that (a) the election results were manipulated by evil conspirators who managed to hide their tracks from everyone except a few off-the-wall news sources and President Trump himself, (b) President Trump actually won the election and deserves to be president for another four years, at least, and (c) the alternative is the end of America, as the evil Biden administration takes charge and sends us all straight to perdition in a wicker container. 

 

After concocting increasingly incredible lawsuits challenging state vote counts, the President issued a call via Twitter for his followers to show up in Washington on Jan. 6, when a joint session of Congress would count the Electoral College votes and certify the result.  He fraudulently claimed that Vice-President Pence had the power to discard the results and reinstate the President, whereas nowhere in the Constitution or elsewhere does the Vice-President receive this power.  But by the technique of saying lies and repeating them over and over in the echo chamber of the Internet where people who like certain kinds of material get more of it, the President drew a crowd of thousands to Washington last Wednesday.  He spoke to them in person in a long, inflammatory speech that repeated many of the lies he originated over the past two months, and then sent them down the street to disrupt, invade, and vandalize the building where the duly elected representatives of these United States were legally carrying out their Constitutional responsibilities.  And Twitter helped him do it.

 

On Friday, Jan. 8, Twitter announced that they were permanently suspending @realDonaldTrump, citing that the President had violated their "Glorification of Violence policy."  To those who would say that Twitter is violating the President's freedom of speech, I would counter along with Justice Holmes that that someone who is "falsely shouting fire in a theater and causing a panic" has forfeited his right to free speech, at least with regard to that particular statement.  And the President has abundantly shown that he is incapable of tweeting without straying into falsehood sooner or later.

 

But in doing so, Twitter has admitted that they do indeed bear the responsibility for the effects of information provided by another information content provider.  In a world where the main source of news for the bulk of the public is social media, social media can no longer pretend that they are a small, insignificant, hobby-type operation that people use mainly for amusement and sharing cookie recipes.  They now play a critical, essential role in the conduct of public affairs, and their increasing censorship of one kind or another (of which the strangling of @realDonaldTrump is only the chief example) amounts to rump editing, essentially no different from what the ink-stained newspaper editors of yore did with their letters to the editor columns.  To choose one letter is to reject all the rest, and to censor one tweet is to accept all the rest.

 

I have no easy solution to the problem of Section 230, but it is clear that things cannot go on the way they are now.  As for President Trump, I hope that Congress has sense and guts enough to impeach him with the penalty of never holding a federal office again.  But social media firms cannot have it both ways.  They must not enjoy the financial and cultural benefits of being the main purveyors of news while shirking the responsibility for the news (and lies) that pass through their hands. 

 

In calmer times, I would have taken notice in this space of the Boeing 737 that crashed off the coast of Jakarta on Jan. 9, but as of this writing there are few details available, and it will have to await a future column.

 

Sources:  The Twitter announcement of the banning of President Trump's account appeared at https://blog.twitter.com/en_us/topics/company/2020/suspension.html.  I also referred to Wikipedia articles on Twitter and Section 230.  The author of the "truth getting its pants on" quote is unknown, but researchers have traced the saying back at least to the 1700s.

Monday, January 04, 2021

The SolarWinds Data Breach: Should We Care?

 

The year 2020 will go down in history for a number of reasons, but the cherry on the disaster cake hit the news in mid-December.  Cybersecurity investigators discovered that some software provided by the Austin, Texas network-monitoring software firm SolarWinds was "trojaned" some time in early 2020.  Hackers, later identified as Russian, managed to insert malware into an update of Solar Winds's popular network-monitoring software, and this allowed the hackers to access customers' emails and other supposedly secure data from around March of 2020 until one of SolarWind's customers noticed that someone had stolen some of their cybersecurity tools, and notified the company.  In similar attacks, Microsoft software was similarly compromised.

 

This was a complicated and well-organized exploit, as the hackers focused their attention on high-value targets such as government agencies.  Wikipedia's article on the breach reads like a list of a spy's dream targets:  the Department of Defense, the National Nuclear Security Administration, the National Institutes of Health (in the midst of the COVID-19 pandemic, yet), the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, the Department of State, and the Department of the Treasury.  As in any spying operation, most of what they got won't be that useful to them, but some of it very well may be. 

 

Fortunately, the hackers did not use their access to lock files or cause other disruptions that might have drawn premature attention to what they were doing.  They were spying, not sabotaging.  But of course, what they learned may help them commit sabotage in the future.  We simply don't know.

 

How did this happen?  In the case of SolarWinds, the hackers gained access to the firm's "software-publishing infrastructure" way back in October of 2019.  Clearly, the company's own security measures were insufficient to prevent this initial breach, which if caught could have stopped the whole attack in its tracks.  But something as simple as carelessness with passwords can allow hackers into a system.  Hacking is like burglary, in that ordinary defenses stop the average burglar, but if a huge sophisticated gang decides to focus on your house, there's not a lot you can do to stop them.

 

And SolarWinds was the focus of the Russian hacking group known as "Cozy Bear" because of their critical place in the software supply chain.  Thousands of firms use their network-monitoring software, which meant that "trojanizing" a SolarWinds software update gave the hackers potential access to any of SolarWinds's customer's systems.  And that is exactly what happened.

 

Once the breach was discovered last month, SolarWinds went public and warned its customers of the problem.  But as one expert interviewed on the breach put it, fixing the leaks that the hackers established is like getting rid of bed bugs:  sometimes they are so spread out that finding each individual bug is an impossible task, and you have to burn the mattress.  The reason is that once the attackers got into a system, they could wander around and establish more access points.  And stopping the original breach does nothing about those access points, which can be hard to find.  So even though we know how the hackers got in, it's not going to be an easy matter making sure that they can't keep spying on their victims without throwing out a whole lot of software and starting over from scratch.

 

What difference does all this make to the average Joe or Jane?  If you don't work for one of the affected companies or agencies, should you even bother to put this on your already-lengthy worry list? 

 

In itself, the breach's consequences are unpredictable.  Governments keep some things secret for good reasons, mostly, and when those secrets are revealed, bad things can happen.  We are not currently in direct hand-to-hand conflicts with Russia, but there are low-level military operations going on all over the world, many of which the U. S. is involved in without the knowledge of the general public.  As in any military operation, intelligence about plans or proposed actions can be used against you if it leaks, so for one thing, our military forces have been put in a potentially bad situation.  But again, it's hard to tell yet.

 

During World War II, the Germans were largely unaware that the Allies had breached their most-secure code system with the Turing-inspired "bombes" of Bletchley Park, because any military advantage that the Allies' decoding operations gave them was carefully disguised to look like luck.  So we can expect Russia to disguise any advantages it's attained from the Cozy Bear attacks similarly, although we now know roughly what they've been up to. 

 

Institutions change slowly, and the old saying that generals in a new war start out by fighting with the previous war's weapons is still true.  There will always be a need for troops on the ground in some situations, but as more and more commerce and activity of national importance takes place in cyberspace, future battles will also be staged more and more in the digital realm. 

 

As we know from bitter experience in other areas of engineering ethics, it usually takes a spectacular tragedy to inspire major institutional change that could have prevented the tragedy in the first place.  We have been relatively fortunate that bad consequences from cyberattacks on U. S. targets have not approached the magnitude of a 9/11, for example.  Probably the worst ones have been ransomware attacks mounted by apparently private criminal groups that shake down organizations for money, usually in the form of bitcoin.  While serious for the organizations targeted, these sorts of attacks have not up to now appeared to be part of a coordinated terrorist-like systematic assault on the nation's infrastructure.

 

Such an attack could come at any time, however.  And the fact that Cozy Bear hackers were reading the Pentagon's mail for the last nine months does not inspire confidence in the ability of our nation's cyber-warfare personnel to prevent such attacks.  Until we take cyberwarfare fully as seriously, if not more seriously, than attacks with conventional weapons, we are effectively inviting hackers to see what they can do to disrupt life in the United States.  Let's hope they don't try any time soon.

 

Sources:  I referred to an article by Kara Carlson of the USA Today Network which appeared on the Austin  American-Statesman's website on Dec. 30 at https://www.statesman.com/story/business/2020/12/30/solarwinds-breach-could-shape-cybersecurity-future/3999961001/.  I also referred to a chronology of the attacks on the channele2e website at https://www.channele2e.com/technology/security/solarwinds-orion-breach-hacking-incident-timeline-and-updated-details/, and the Wikipedia article "2020 United States federal government data breach."