They Died to Clean Up Boston Harbor

  

Trapped Under the Sea is the most exciting book you'll ever read about a sewage plant.  Let me explain.

 

One day, a colleague of mine was asked to sum up engineering ethics in a single sentence, and he said, "No headlines."  When engineering goes right, it's usually not news, unless it's some spectacular success such as a moon landing.  The engineering-related events that attract reporters are the ones in which someone gets injured or killed.  And that's exactly what attracted Boston Globe reporter Neil Swidey when in July of 1999, two specialist commercial divers died in a nine-mile-long tunnel underneath the Atlantic Ocean as part of an effort to improve the sewage-treatment facilities of the greater Boston area.  Ironically, the men died in the process of removing safety devices designed to prevent an unlikely but terrible accident. 

 

For about a century, the sewage of the greater Boston area was dumped with minimal treatment into Boston Harbor, with dire consequences to fishing and public health.  The sluggish bureaucracies in Massachusetts finally got coordinated enough in the 1980s to mount a massively expensive plan to build a new state-of-the-art sewage facility on a peninsula called Deer Island.  As part of the plan, engineers called for a nine-mile-long tunnel dug through the rock underneath the Atlantic Ocean to take the now-much-cleaner effluent to a series of "diffusers" (sort of like giant water sprinklers) that would discharge it where it would be diluted by ocean currents and dissipate with much less environmental impact. 

 

Digging the tunnel itself was a huge undertaking, and putting the vertical "riser" pipes in place to conduct the effluent up from the main tunnel to the ocean floor without flooding the tunnel was a tricky process as well.  The diffusers were plugged when installed so water couldn't get in that way.  But in the unlikely event that a stray ship dragged its anchor across a riser and broke one off, the ocean would rush in and flood the tunnel prematurely, killing all the workers inside.  So as an added precaution, the contractor installed safety plugs where the risers connected to the main tunnel. 

 

The problem with this was, nobody gave much thought to how they were going to take out the safety plugs once the tunnel was finished.  The sensible thing would have been to take them out just before removing all the lighting and air supplies that made it possible to work there without special breathing equipment.  But this was not done for various bureaucratic reasons, and so in the late 1990s, the contractor was faced with the problem of how to get those plugs out after all the power and air supplies were removed. 

 

In the absence of incoming surface air, the stale air in the tunnel quickly lost oxygen to rusting metal and organic processes, making it impossible to enter safely without specialized breathing apparatus such as commercial divers use.  So it was to a team of divers hastily assembled that the engineering organization turned.

 

What happened next is a case study in how not to undertake a unique and hazardous specialist operation.  All parties relied on a mostly self-trained expert named Harald Grob, who designed a cryogenic-gas setup to supply artificial air through long flexible umbilical tubing to the five workers who would pilot two Humvees, each with its own oxygen supply (one for going out and one for coming back in the narrow confines of the tunnel) and perform the complicated work of removing the safety plugs.  What could go wrong? 

 

A lot, as it turns out.  The book begins at the worst moment, when one of the divers operating the air-supply system sees that the oxygen level indicated with a crude and inaccurate system has fallen below 9%—the threshold for sustaining life.  Two of the divers died, and the other three survived only by quick and ingenious moves to switch to backup air supplies. 

 

Swidey did years of research and interviews with everyone he could talk with as well as obtaining court filings and other documents that laid out the decades-long story.  He follows the often tumultuous lives of the five divers as well as the experts, managers, and bureaucrats who get involved both before the misguided effort and in the aftermath, when a much more expensive but safer method of removing the plugs is developed.  Taking advantage of the fact that the ill-fated divers removed a few plugs before the tragedy occurred, workers used one of the diffuser pipes to suck air in from the far end, making the entire tunnel habitable enough to remove the remaining plugs, but at an expense of about twenty times more than what the original diver plan cost.  The book follows the long legal consequences of the accident, including judgments and fines, but without losing any momentum.

 

A sewer plant is about the most undramatic infrastructure you can think of.  But Swidey has made this story into a thriller that graphically portrays the real dangers and complicated problems that men face in hazardous occupations such as commercial diving.  As a detailed case study of how a complicated and unique engineering problem went wrong, it compares favorably with books on the Challenger disaster for detail and interest. 

 

As with many engineering disasters, a combination of factors contributed to the accident:  a desire to cut corners to save money, the fact that the project was nearing completion and everyone was impatient to get it finished, and a reluctance to cross a cantankerous and moody expert—Grob—whose rigidity and overconfidence played a big role in the tragedy. 

 

The book is illustrated with helpful and accurate diagrams.  Swidey made sure to check his technical statements sufficiently so that I didn't notice any errors along those lines.  In addition to presenting an accurate technical picture of what went wrong, Swidey has written a real page-turner that keeps the reader on edge. 

 

Sources:  Trapped Under the Sea:  One Engineering Marvel, Five Men, and a Disaster Ten Miles Into the Darkness was published in 2014 by Crown Press, and is currently available in paperback. 

The Canvas Ransomware Attack: Paint Us Insecure

  

Anyone even a little familiar with how higher education is done these days has dealt with what are called "learning management systems" (LMS for short).  Basically, an LMS is what has replaced paper homework, paper gradebooks, and in many cases, paper exams that used to be shuffled back and forth between students, graders, and faculty members. 

 

Like many other universities around the world, several years ago my university switched from the LMS they were using to something called Canvas.  Once I learned its ins and outs, it has proved to be a useful, flexible, and mostly easy-to-use tool.  I can send out emails to everyone in a particular class, I can record grades that instantly show up on students' phones, and while I don't personally use the test-administering feature, many professors do. 

 

Canvas is so good, in fact, that its parent company, a privately-held outfit called Instructure, now has a plurality of all LMS customers in the world, serving over 8,000 institutions in dozens of countries. 

 

A lot of confidential data is stored in Canvas.  For example, it turns out to be a violation of a Federal law for me to post a list of grades on my door, even if I anonymized them with Social Security numbers.  So if anybody other than the student concerned manages to find out what a person's grade is, a whole lot of people can be in trouble.

 

Last month, these facts plus a fairly behind-the-times security posture made Instructure a prime target for the loosely-organized but highly effective ransomware ring known as ShinyHunters.  These criminals are thought to be concentrated in Canada and France, and are known to have committed numerous ransomware attacks on organizations whose wide-ranging databases make them particularly juicy targets, such as Ticketmaster and AT&T.

 

According to a report on thenextweb.com and the Wikipedia website "2026 Canvas security incident," on April 30, ShinyHunters breached Instructure's security and posted a ransom note on May 3.  On May 6, Instructure, which had publicly acknowledged the breach on May 1, notified its users that everything was back to normal.

 

But according to ShinyHunters, Instructure ignored their ransom demand and simply doubled down on security measures.  In retaliation, ShinyHunters put their ransom notice on every user's webpage, prompting Instructure to pull most of the system down and replace it with an "under maintenance" notice on 8 PM May 7 Eastern Standard Time.

 

Unfortunately, this was just when a lot of schools were relying heavily on Canvas for exams, grading, and other end-of-semester activities.  I was fortunate to have my last necessary interaction of the semester with Canvas just a few hours before it crashed, but a lot of other professors and students weren't so fortunate.  Our provost sent out a notice during the outage asking toleration and understanding on the part of both students and faculty members.

 

According to Hacker News, Instructure eventually reached a ransom agreement with ShinyHunters on May 11, averting release of some 3.6 terabytes of stolen data.  Since then, Canvas has apparently been running normally, although after this experience one wonders how reliable it will be in the future.

 

The days when universities developed their own custom software for large-scale applications such as LMS are long past.  But farming out important tasks to vendors places the responsibility for security squarely on the vendor's shoulders.  And bigness, however attractive it is profit-wise, attracts the attention of hackers as well.  So we shouldn't be too surprised that an outfit like ShinyHunters picked Canvas for their next target.

 

Ransomware hackers are the modern pirates of the Internet.  During the heroic age of global exploration and trade from the 1200s AD onward to 1800 and later, the ocean became a network of trade routes over which the world's valuables flowed.  The prospect of siphoning off some of those valuables for their own purposes, or of extorting money to allow their uninhibited flow, attracted pirates such as the ones based on the Barbary Coast region of North Africa in the years leading up to and following the American Revolution.  In what was the United States' first major foreign military action, President Thomas Jefferson decided he was through with paying off the pirates, and sent the Marines in a series of expeditions that ultimately broke the stranglehold they held on U. S. maritime trade in regions they controlled.

 

Jefferson had the advantage that the pirates sailed physical ships and could be tracked back to specific ports, where plans could be made to attack them.  The power that the internet gives to put the world at your Ethernet port also makes it possible for criminals to hide literally anywhere there is an internet connection, which these days means pretty much anywhere.  Tracking them down is a costly, slow, and uncertain enterprise at best.  And as soon as some bad actors are rounded up and thrown in jail, their uncaught associates rise up to take their place.

 

It's hard to imagine a modern-day Jefferson scaring ransomware hackers enough for them to lay off an entire country.  As the ShinyHunters' actions showed, national borders mean little to them.  They were attracted to Instructure because it formed one of the largest data-holders on the planet, not because it was a particularly large or rich country. 

 

The only thing that may lead to something like what Jefferson did to the pirates of 1800 is if a particular organization goes after the hackers with determination and even a kind of vengeance.  Perhaps something along the lines of a trade organization of large data-holders could fund a multinational policing effort that would make every ransomware hacker sorry they ever messed with a company that is a member of the organization.

 

That may require international and inter-company cooperation that simply doesn't exist today.  But if the problem gets bad enough, maybe firms will overcome their reluctance to put their money and efforts together and do something truly effective.  Until then, however, outfits like Instructure can look forward to more attacks, and users will just have to deal with it. 

 

Sources:  I referred to reports at https://thenextweb.com/news/the-largest-education-data-breach-in-history-was-not-an-attack-on-a-school-it-was-an-attack-on-a-vendor, https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html, and the Wikipedia article "2026 Canvas security incident." 

Technology in the Strait of Hormuz Closure

  

As I write, Iran continues its effective blockade of the Strait of Hormuz, through which a quarter to a third of the world's petroleum traffic normally passes.  Though opposed by most other countries including the U. S., Iran has succeeded both in surprising the rest of the world with its blockade and in maintaining it in the face of fierce though intermittent opposition.  Modern technologies play a not insignificant role in this blockade, and examining that role can tell us something about how technological advances have affected modern warfare.

 

As an oil-industry newsletter pointed out, Iran has had the capability of blockading the Strait for decades.  Their navy includes numerous small attack boats and thousands of mines, both of which would probably be enough to shut off the Strait to commercial traffic.  In the early stages of the war, Iran announced the Strait's closure on Mar. 4, and proceeded to make good its decision with numerous attacks on tankers and other ships.  Wikipedia lists 40 ships that Iran has attacked, six of which were abandoned with some loss of life. 

 

No commercial insurer is going to let a ship go anywhere near a place where things like that happen.  So within a few days, traffic of ships that were not deemed by Iran "friendly" to the regime crashed to zero. 

 

In addition to the traditional means of attack boats and mines, Iran has also used shore-launched missiles, drones, and electronic warfare in the shape of jamming GPS and satellite signals in the Strait.  In a crowded sea lane, loss of electronic navigational ability can be just as dangerous as a minefield or a drone attack.  So even if GPS spoofing was the only thing Iran was doing, the blockade would be effective in terms of creating hazards that are unacceptable to insurers.

 

Iran has truck-mounted missiles that can be launched from virtually any location accessible by truck.  That makes it very easy for them to attack ships, and very hard for anyone trying to defend the ships.  The same goes for drones, which are turning out to be a true game-changer in recent conflicts.  As Ukraine has shown with its homegrown drone industry, inexpensive drones costing anywhere from a few thousand dollars up to $50,000 or so (the cost of Iran's most frequently used drones) can be effective countermeasures that work as well in some cases as U. S. stealth missiles costing millions of dollars. 

 

Mines are a particularly nasty thing to deploy in a commercial shipping lane.  As the oil-industry newsletter pointed out, after the Persian Gulf War it took the U. S. 51 days to find and disable 907 mines off the coast of Kuwait.  So even if Iran was neutralized somehow and agreed to cease hostile activity tomorrow, it would still take more than a month to clear the Strait of mines, assuming the U. S. has retained its former minesweeping ability, which is not clear.

 

In the long story of technology applied to warfare, progress is measured by victory.  And victory doesn't always go to the good guys, while "good" often depends on whose side you are on.  One of the unstated assumptions of engineering ethics is a background of peacetime.  When such a background is no longer the case, things can get murky quickly. 

 

Judging the ethics of war is way beyond the scope of a single article, and I'm not going to try to do that here.  One can question the justice of the way the current conflict started, with pre-emptive strikes by the U. S. and Israel.  From Iran's point of view, closing the Strait of Hormuz in response was probably one of the smartest and most effective things they could do.  In retaliation, the U. S. has announced a blockade of oil shipments from Iran, which depend largely on ports to the east of the Strait.  Whether this retaliatory blockade has the desired effect of making Iran back down from its own blockade is unclear at this point.

 

One problem to avoid with every advance in military technology is that a country finds itself preparing for the last war, not for the next one.  This problem has become obvious for the U. S., whose military procurement process has become hidebound and overly complex, with the result that it mainly served to enrich defense contractors rather than producing the kind of inexpensive but effective weaponry that Ukraine is currently making. 

 

Could the U. S. or allied countries come up with something clever and cheap to end the Strait blockade?  I'm sure people a lot smarter than I am are working on that right now.  But considering the mixture of traditional and novel technologies that Iran is bringing to bear on the blockade, it's hard to imagine how such technologies would work. 

 

If all restrictions on U. S. military actions were lifted and the President ordered his generals and admirals to open the Strait by any means, I'm sure it could happen.  But that would almost certainly involve a land invasion of the regions of Iran closest to the Strait.  And that would be opposed by a contingent of the 190,000 or so troops in Iran, leading straight to a bad old-fashioned land war with significant casualties on both sides. 

 

The last time a Middle Eastern country tried to take over an internationally important waterway, the U. S. took the side of the country against the then-global powers that wanted to oppose it.  The 1959 Suez crisis found President Eisenhower exerting financial pressure on England to let go of the Suez Canal, when Nasser of Egypt tried to take it over.  Eisenhower knew war inside and out, and while he employed lots of diplomacy and jawboning in foreign affairs, he managed to keep the U. S. out of actual fighting wars almost completely during his tenure from 1952 to 1960.

 

The world was a very different place then, and the current U. S. leader has no personal experience with war.  Perhaps the old-fashioned approach of blockading Iran's ports will have the desired effect without leading to further bloodshed.  If the U. S. had some undreamed-of technology that would end the crisis, I suspect we would have used it by now.  But I might be wrong.  It's happened before.

 

Sources:  I referred to the online newsletter https://oilprice.com/Energy/Energy-General/Why-Military-Force-May-Not-Be-Enough-to-Reopen-the-Strait-of-Hormuz.html and the Wikipedia article "2026 Strait of Hormuz Crisis." 

California Ends Free Ride for Robotaxi Ticketing

  

For good or ill, many things that start in California spread to the rest of the U. S. sooner or later, from Hollywood movies to the Hula Hoop.  So when California's Assembly Bill No. 1777 takes effect this July, companies such as Waymo that operate robotaxis across the country may feel its effects outside just California.

 

The bill, and its implementation by the California Department of Motor Vehicles (DMV), closes a loophole in California law that has up to now allowed driverless vehicles to escape being ticketed for traffic violations.  Previous laws assumed there would always be a driver behind the wheel to cite for illegal U-turns or other roadway malfeasance.  However, existing California law made no provision for ticketing driverless vehicles.

 

That will all change come July 1.  After that, the corporation operating the vehicle will be the designated legal recipient of any citations concerning vehicles under its control.  The ticket takes the form of a "notice of noncompliance," but the effect is the same.  To allow the DMV to track robotaxi company violations, the company must report any citations to the DMV within 72 hours of receipt.  In case a collision was involved, the window shrinks to 24 hours.  If a firm receives too many citations, the DMV is empowered to take drastic action such as limiting the firm's fleet size or even suspending its operating license. 

 

The new law also addresses the problem of how first responders can deal with driverless vehicles that get in the way at a fire or accident scene, for example.  It mandates that the operating companies must respond to calls from first responders within 30 seconds, and requires that companies observe geofencing rules that clear a designated area within two minutes.  Apparently, autonomous vehicles have obstructed the operation of fire and emergency vehicles in the past, and these new laws address that issue.

 

In the modern world, technological developments generally outpace the social infrastructure of laws and customs.  That is why robotaxis in California have been escaping traffic tickets until now, because lawyers and legislators are not prophets, and they can't expect to anticipate every possible new technological development so that the laws are waiting to be used when the technology finally comes along.

 

Most consumer technology is at least intended to have benign effects, but the good of taking people and goods from one place to another is accompanied by problems such as traffic violations.  Getting a traffic ticket is often the only interaction most law-abiding citizens have with law enforcement, but it is a little galling that robotaxis were effectively exempt from such experiences until this year in California. 

 

It's part of the normal progress of technological development for new laws to arise that deal with unexpected problems such as the ones the California bill addresses.  The issue of clearing an area for emergency operations couldn't even happen until there were enough robotaxis around that one of them got caught in such a situation, and led to frustrations and hazards that, while probably not costing a life, made enough trouble for first responders that they reported it to the appropriate authorities.  And while many uncomplimentary things can be said about the California legislature, in this case they seem to have done a good thing in mandating effective communications and actions whenever a driverless vehicle is impeding the work of first responders.

 

It's fair to say that there probably wasn't a popular groundswell of grassroots opinion demanding that robotaxis be able to receive traffic tickets.  The issue is not one to get the average Joe Public's juices going.  Contrast this matter to another technological fault line that is currently the subject of much (mostly local) legislation and discussion:  the construction of data centers around the country. 

 

As an editorial by Charles C. W. Cooke points out, data centers are not new.  In some form we've had them around for decades, and currently there are about 5,000 of them in the U. S. already, with the largest concentration in the liberal state of Virginia. 

 

Yet, to listen to discussions at city council meetings around the country or to see the "No Data Centers" signs popping up in yards, one would think that each data center is a direct portal to Dante's Inferno.  Why are people so upset at data centers, while robotaxis being immune from tickets was never a big deal?

 

Fear has something to do with it—fear of the known unknown.  For most people, robotaxi immunity from ticketing was an unknown unknown.  I didn't even know it was an issue until California fixed it with their new law.  But the publicity about data centers, and their notorious connections with the mysterious and frightening acronym AI, are well known enough, though what the consequences will be in terms of water and energy depletion or increased cost is largely unknown.  After all, if something's not built yet, you can't say exactly what will happen if you build it.

 

Opponents have rushed into that gap of ignorance with highly inflated predictions of disasters that will hit you in your pocketbook:  higher power and water prices, water shortages, and even loss of jobs as AI takes over what you and twenty of your friends do, and does it better and cheaper.  Nobody is threatened in that manner by the fact that robotaxis couldn't get traffic tickets.  Injustice somewhere else never matters as much as injustice to my bank account. 

 

So while even the California legislature can take effective action about a matter that few people knew or cared about, it's not clear that laws slowing down the construction of data centers are going to make anything better.  Saying "not in my back yard" doesn't stop construction as long as back yards don't cover the entire U. S., and that won't happen for a while.  But unless the public understands the issues well enough to make an informed decision, there is not much chance that legislation about data centers that is driven by public opinion will do much good.

 

Sources:  I referred to several articles on California Assembly Bill No. 1777, including https://driveteslacanada.ca/news/california-makes-big-changes-to-autonomous-vehicle-legislation/, https://finance.yahoo.com/economy/policy/articles/robotaxis-driverless-vehicles-now-ticketed-150019014.html, and https://www.carscoops.com/2026/04/california-robotaxi-citation-rules/.  Charles C. W. Cooke's article "Hatred of Data Centers Is Irrational and Self-Defeating" is at https://www.nationalreview.com/2026/04/hatred-of-data-centers-is-irrational-and-self-defeating/.