Monday, August 24, 2015

Light On the Dark Side: Planned Parenthood and Ashley Madison


In the last few weeks, an organization called the Center for Medical Progress posted videos of Planned Parenthood employees discussing cash transactions involving the body parts of aborted fetuses.  And just last week, a hacker group calling itself the Impact Team posted personal information on 32 million users of Ashley Madison, a website that advertises itself as a matchmaker for those wishing to have extramarital affairs.  In both of these cases, the hackers or investigators "went to the dark side" technologically, using spy technology or hacking abilities to penetrate secrets of the target organizations.  What can we say about the use of technology in this way?  Does the end justify the means?  Or are we not permitted to do evil, even if good may come from it?

Though the technology is new, the moral dilemma posed by these cases is very old.  Both St. Augustine (354 - 430 A. D.) and St. Thomas Aquinas (1225 -1274 A. D.) took up the question of whether good intentions can justify an evil act.  In fact, Aquinas cited Augustine approvingly as he considered this question:  ". . . Augustine says that there are some actions which neither a good end nor a good will can make good." 

For those familiar with digital logic, we can express what Aquinas says about the matter in terms of an AND function of three inputs A, B, and C.  All inputs  have to be true in order for the output of the AND gate to be true.  For Augustine and Aquinas, not only must the will (intention) of the actor be good.  And it's not sufficient even if the outcome of the action (the end) is good.  The act itself has to be good, or at least not on a list of intrinsically evil acts, for the overall action to be permissible.

What does the list of intrinsically evil acts look like?  Well, most moral theorists include lying on the list.  Right there, the anonymous investigator of Planned Parenthood who posed as a buyer for a fetal-tissue company ran afoul of the no-evil-acts principle.  He wasn't telling the truth—there was no such company.  And he was wired with audio and video recording equipment that took down every word spoken by the Planned Parenthood representatives, who wouldn't have been so forthcoming if they had known the guy they were talking with was a spy, basically. 

How about the Impact Team, those Ashley Madison hackers?  We're on softer ground here.  About the worst moral transgression they committed was theft of the Ashley Madison records, though it is theft of a peculiarly digital kind, because Ashley Madison still has all the records they used to have.  They're just exposed to public view now, for curious spouses to peruse in case they have had some suspicions about whether their partner has been straying, or trying to.  As it turns out, there were a lot more wanna-be adulterers signed up than real ones.  One of the embarrassing things the Impact Team revealed about the website was that about 85% of the site's customers were men, and it's likely that many of the female profiles on the site were fabricated.  Add that to the fact that the site charged users $19 to allegedly remove all their personal data from the site, only they didn't, and Ashley Madison's business model looks to be coming apart at the seams.  Which is probably just what the Impact Team hoped would happen. 

Now, I happen to believe that the planet would be a better place if neither Planned Parenthood nor Ashley Madison existed as organizations, at least in their present forms.  If the actions of hackers or investigative journalists move circumstances in the direction of ending or diminishing the influence of these outfits, I think that outcome would be a good thing.  Does this mean I disagree with Augustine and Aquinas that a good end sometimes does justify intrinsically evil means?  Not necessarily.

Just to show how complicated things can get, let's consider St. Thomas's views on war, specifically, killing in the context of war.  He allowed as how there were sometimes "just wars" and in such cases, killing was justified in that context, even though murder was on that list of intrinsically evil acts. 

The people at the Center for Medical Progress may view what Planned Parenthood does in its abortion clinics as a war on unborn children.  They, along with virtually everyone else in the prolife community, reject violence as a means of stopping abortion.  But nobody was physically injured by their investigations.  Instead, the statements of Planned Parenthood personnel that were intended for a private audience have been exposed to the world—brought to the light, in other words.  The same happened with Ashley Madison's client lists.  Both organizations have issued strenuous condemnations of the people who exposed them, which is not surprising.  It's just like Jesus said:  "For every one who does evil hates the light, and does not come to the light, lest his deeds should be exposed." 

There is a difference between deciding that you would do a thing yourself and observing the actions of someone else in a historical process.  The radical abolitionist John Brown (1800-1859) killed numbers of slavery supporters and was captured as he tried to take over a Federal armory in Harper's Ferry, Virginia.  He was tried and executed for his crimes, but his actions brought attention to slavery in a way that moved the mysterious processes of history forward, and may have hastened the day when slavery was abolished throughout the entire U. S.  The U. S. Civil War was not a good thing in itself, but the outcome of ending slavery was.

I would not personally go around hacking somebody's private customer lists or carrying spy cameras to get the goods on somebody engaged in nefarious dealings.  But other people have already gone and done these things.  The Impact Team and the Center for Medical Progress knew what they were getting into, and I hope they are prepared for the legal and moral repercussions of their actions.  I'm not them, and I can't presume to say what natural or supernatural motives stirred them to their actions. 

But I can say that the exposure of evil deeds, leaving aside the means by which they are exposed, is a good outcome.  The vulnerability of sites like Ashley Madison to hacking is now known.  The fact that Planned Parenthood exchanges fetal tissue for money in long-standing contracted relationships with outside organizations is also known.  And while I might have advised the Impact Team and the Center for Medical Progress not to do what they did, they didn't ask me before they did it.  And maybe that's a good thing, too.

Sources:  My sources for information on the Ashley Madison hack included the Defense One military site (a lot of the users turned out to be military personnel) at http://www.defenseone.com/threats/2015/08/ashley-madison-hack-opm-government-military/119279/ and Wired.com articles at http://www.wired.com/2015/08/happened-hackers-posted-stolen-ashley-madison-data/
and http://www.wired.com/2015/08/ashley-madison-hack-exposes-wait-lousy-business/.  The latest Center for Medical Progress video as of this writing can be viewed at http://www.centerformedicalprogress.org.  I also referred to St. Thomas Aquinas's Summa Theologica (First Part of the Second Part, Question 20, Article 2) from which the above quotation from St. Augustine is taken (Anton C. Pegis, Basic Writings of St. Thomas Aquinas, Random House, 1945).  I also referred to an article on the Planned Parenthood videos on Yahoo at https://www.yahoo.com/health/with-release-of-6th-undercover-video-evidence-of-126520215477.html.  The quotation from Jesus is from the New Testament book of John, chapter 3, verse 20 (Revised Standard Version).

Monday, August 17, 2015

Tianjin Tragedy: A Painful Lesson


Last Wednesday, Aug. 12, people living near the coast of Bohai Bay, in the southeast part of the port city of Tianjin, were awaked by the sound of sirens and the flickering of a fire.  A chemical warehouse on the bay was ablaze, and several residents got out their smartphones and videoed the impressive conflagration as it illuminated nearby apartment and office buildings.  At 11:30 PM, eyewitnesses saw a blinding flash as a huge detonation went off, followed a few seconds later by an even bigger one that registered 2.3 on the Richter scale of seismographs many miles away.  Acres of new cars awaiting shipments were incinerated, huge shipping containers were tossed around like matchsticks, and
as of this writing (Sunday Aug. 16), the confirmed death toll from the explosions has reached 112, with 90 more reported missing.  Hundreds have been injured, many seriously, and evacuations and property damage have rendered several thousand residents temporarily homeless.  Sodium cyanide, a highly toxic chemical, has been detected in the port's sewer system and the sewage outflow leading to Bohai Bay has been cut off. 

At this point, there are more questions than answers, as reporters who attended a news conference called after the tragedy learned before officials abruptly ended the conference.  Why was such a dangerous collection of chemicals stored within 2,000 feet of a residential area?  What was in the warehouse that exploded?  And last but not least, how can such a tragedy be prevented from happening again?

A chemical fire is one of the firefighter's worst nightmares, even when the nature of the chemicals is known.  The warehouse that exploded was owned by the Rui Hai International Logistics Company, which was unable to provide officials with a complete inventory of what was in the building when it caught fire.  Records indicated that the firm had a license to store calcium carbide, which produces highly flammable acetylene gas when it gets wet.  And sodium cyanide is not something you want to spread around either—an amount the size of a single small pill can kill you.  If there is enough left of the warehouse and its records to investigate, we will probably find out that there was a lot of something—ammonium nitrate, perhaps—stored in one big pile that went off all at once.  Sadly, many of the fatalities were in the ranks of the first responders who approached the warehouse with fire hoses after the first alarm was turned in.  Some of their bodies may never be recovered.

Years ago, in the late 1980s, I visited Tianjin during a trip related to my research activities.  My first impression of the city came as we emerged from an underground railway station into a square which was dominated by a strange assortment of suspended wires that I recognized immediately as a shortwave transmitting antenna.  This was back when shortwave radio was one of the main ways that people in totalitarian countries could get news that wasn't controlled by the government.  Accordingly, the government erected local shortwave jamming stations that tried to cover up Voice of America broadcasts with racket that sounded like a battle between two buzz saws.  Control of outside information is a lot harder nowadays because of the Internet, and the government of China has quit trying to suppress undesirable information completely, as the aborted news conference proves.  But just knowing how awful an accident is doesn't guarantee that something will be done about it.  Can we expect this horrific disaster to lead to any improvements in safety?  That depends.

One thing that is clear beyond a doubt:  people all over China and the rest of the world know how bad this explosion was.  And at a minimum, the residents of Tianjin are going to demand changes in the way the port operates and keeps track of hazardous materials.  Sometimes local politics in China is a lot more quasi-democratic than you would expect from a nominally totalitarian government system, in that incompetent heads roll and genuine reforms can take place if public pressure is great enough. 

The larger question is whether the Tianjin explosion will create a drive toward safer operation of industrial facilities in general across China.  The pollution problems in Chinese cities are notorious, with one expert estimating that 16 of the 20 most polluted cities in the world are in China.  Lacking a formal means of influencing their government through meaningful elections, the Chinese people have taken to mounting lots of protests, and one Chinese Communist Party official estimated that in 2012 alone, about 50,000 environmental protests took place.  This is evidence of a great deal of frustration on the part of the country's citizens, who have enjoyed tremendous economic growth in the past few decades, but have paid the price by living in overcrowded, polluted, and increasingly dangerous cities.

There isn't much that is nice about a totalitarian government, but you can say this—once the people in power make up their minds to do something, they can go ahead and do it without a lot of compromises and political bargaining.  If Beijing wants to enact much stricter regulations about the types of chemicals stored in port warehouses such as Rui Hai's, they can do so tomorrow.  But regulations alone aren't enough.

Tragedies similar to the Tianjin explosions here in the U. S., such as the fertilizer-plant explosion in West, Texas in April of 2013, have emphasized how important it is for accurate inventory information to be available at all times to first responders, who in turn need to be educated about the various dangers and appropriate techniques that should be applied in case of a chemical fire.  Ideally, the Rui Hai warehouse would have been constructed and equipped with sprinkler and alarm systems so that it wouldn't have caught fire in the first place, or at least the fire could have been extinguished before it got out of control.  But despite the best precautions, chemical fires sometimes get out of hand.  In that case, fire departments need to know when to try to fight a fire, what to fight it with, and when to look at the online inventory and decide, "Let's issue an evacuation order and clear out ourselves too—this is too dangerous."  But there has to be an accurate online inventory and first responders who are trained to know what to do and when to do it.

These things are not rocket science, but they represent a change in the way people do things.  Let's hope that not only in Tianjin, but all across China, the sad lessons of last week's explosions lead to safer ports and better information exchange in the future. 

Sources:  I referred to news reports on the disaster carried by CNN at http://www.cnn.com/2015/08/15/asia/china-tianjin-explosions/, the New York Times at http://www.nytimes.com/2015/08/15/world/asia/rising-anger-but-few-answers-after-explosions-in-tianjin.html, NBC News at http://www.nbcnews.com/news/world/tianjin-china-explosion-area-evacuated-over-sodium-cyanide-fears-n410371, and the Wikipedia articles on "Tianjin explosions" and "Environmental issues in China."

Monday, August 10, 2015

Is The World Ready for Digital DNA?


Sixty-year-olds don't often have children, but we are witnessing the birth of a new field of engineering made possible by the marriage of two discoveries that date from the 1950s:  DNA and the integrated circuit.  In a recent article in the San Jose Mercury News, Emily Leproust, CEO of Twist Bioscience, is quoted as saying that her company can manufacture DNA to order, letter by letter.  They do this by using advanced microstructures and computing power made possible by the semiconductor-chip revolution to synthesize DNA based on concepts drawn from the latest biological discoveries.  According to her claims, the possibilities, as the saying goes, are endless:  everything from tailor-made vaccines targeted at the latest flu-virus strain to weirder ideas like nice-smelling bacteria to grow on your skin as a perpetual perfume.  But is this capability really "designing life from scratch," as the headline claims?  And will it really lead to the kinds of radical advances in manufacturing and materials science that its promoters are talking about, without opening the door to some dire consequences as well?

First, we should get straight what companies like Twist Bioscience are really doing.  Say you're a biologist who wants a particular genetic sequence for some reason or other.  In the past, you'd have to find large chunks of what you want lying around and splice them together, sort of like editing a documentary video out of existing footage.  A lot has already been done in this way under the general name of genetic engineering, leading to things like disease-resistant crops, fluorescent fish in bright artificial colors, and so on.  But what Twist Bioscience and similar firms are doing is more like making an animated film, frame by frame.  Each frame (i. e. letter in the genetic sequence) can be whatever you want, and so you can literally get whatever gene you ask for. 

The problem in this novel situation is knowing what to ask for.  And here's where we have to stand back at the designing-life-from-scratch claim and think twice about it. 

 No engineering design is truly de novo—totally original—if for no other reason than the designer has to remain within the constraints of the physics and mathematics of what is possible to design.  If your bridge design ignores the rated strength of the materials used in its construction, it's likely to fall down.  Making DNA that will do a prescribed task in a living cell is a highly constrained problem—constrained by the existing design of the target cell.  Currently, we have adequate (but probably not exhaustive) knowledge of the functions of only a few types of cells—bacteria, mostly—knowledge that is enough to allow us to manipulate their machinery with custom DNA to do things we want.  But we didn't design the cells that the synthetic DNA is going into. 

Most people not handicapped with a Ph. D. can see that there is a Designer behind the unfathomably complex thing that is biological life on this planet.  No human being can claim to have designed an existing cell from scratch.  Clients of Twist Bioscience ordering their customized DNA molecules are like programmers who have laboriously learned an operating system language and are now ready to program a computer they had no hand in designing.  As every coder knows, one little comma in the wrong place can wreck the whole program, and that is why checking and accuracy are so important to DNA synthesis—cells can be as unforgiving as computers when it comes to mistakes.

Fortunately, most mistakes along these lines simply die, or fail to achieve the goal that the designer aimed at.  But along with all the wonderful promises of fantastic new materials comes the downside question:  when and how will the ability to synthesize DNA be used for evil as well as good?

And some answers to that question might not be as simple as the melodramatic picture of some anarchic radical cooking up a kill-everybody-in-sight germ in his secret laboratory.  Take one of the ostensibly good predictions touted by synthetic DNA's promoters:  the ability to make bacteria that would crank out meat and milk without the tedious inconvenience of raising cows or pigs or chickens.

Suppose synthetic milk that is every bit as good as the real thing becomes something you could do in a chemical plant for one-tenth the cost of the way dairy farms do it.  The dairy farmers would immediately find themselves in the position of slide-rule manufacturers when the first cheap electronic calculators hit the market.  Only there are a lot more dairy farmers around the world than there were slide-rule makers.  To a dairy farmer, this so-called advance that the synthetic DNA promoters call a good thing, looks a lot like an evil thing.  Unless some social or governmental factor intervenes, the dairy farmers would simply be out of luck and would have to find some other way to make a living.

This situation reminds me of one of the best classic Ealing comedies of the 1950s:  the Alec Guinness film "The Man In the White Suit."  It was made at a time when postwar industrial Britain was feeling threatened by technological advances.  The story concerned a nerdy chemist played by Guinness who discovered a way to make a type of cloth that never stained, never tore or wore out, and appeared to be capable of lasting forever.  His escapades with unsympathetic managers, union leaders, and other interested parties lead both to some hilarious scenes, and also to a serious point, encapsulated in an encounter he has toward the end of the film with an old, broken-down woman who ekes out a living taking in washing.  Having heard of his invention, she confronts him and asks, "What about me bit of washin', eh?"  What, indeed.

The film avoided a serious answer to this question (spoiler alert!) by giving the cloth a shelf life of only a month or so, and when all existing samples self-destructed, life went back to normal.  But we may not have such an easy out with the products of synthetic DNA.  Throughout history, ways of life have come and gone in response to technological advances, and at this time, it doesn't seem that synthetic DNA is about to plunge us either into a secular Paradise or Hell on earth.  But as its products prove themselves in the marketplace and begin to disrupt older ways of doing things, we may have to decide where designing ends and meddling begins.

Sources:  The article "Designing life from scratch: A fledgling field is about to take off" by Lisa M. Krieger appeared on Aug. 8, 2015 on the San Jose Mercury News website at http://www.mercurynews.com/science/ci_28608185/designing-life-from-scratch-fledgling-field-is-about.  I also referred to the Twist Bioscience website at www.twistbioscience.com, the Wikipedia articles on recombinant DNA and artificial gene synthesis, and the Internet Movie Database article on "The Man In the White Suit."

Sunday, August 02, 2015

"I See the Problem"—Or Do You?


Apologies in advance to those who have heard the following joke, but it illustrates an issue that can get engineering types into trouble—not technical trouble, but trouble in an organization or setting in which more skills are called for than technical ones.

During the French Revolution, when the guillotine was busily employed in purging the body politic of undesirable elements, the time came one morning to execute three enemies of the revolution:  a priest, a nobleman, and an engineer.  A large crowd gathered to watch the execution.  First, the priest was led forward.  He was given a last chance to recant from his faith.  He refused.  The executioner pulled the rope that lifted the deadly blade up to the top of the guillotine.  The priest's neck was placed in the bloody slot—the basket to catch his head was readied—and the signal was given to release the blade.  The blade began to fall—and halfway down, it jammed!  Instantly the crowd shouted "A miracle!  Release him!"  As skeptical as the revolution's leaders were of miracles, they were equally afraid of having the crowd turn against them, so they let the priest go.

Next, the nobleman was led forward.  Accused of exploiting the poor, he remained proud and unrepentant.  Again the blade was raised to the top, again the neck was laid bare to the path of the deadly knife, again the signal was given—and again, the blade jammed halfway down!  "A miracle!" cried the crowd.  So the nobleman was released too.

Finally, the engineer came forward.  His crime?  Helping the old regime stay in power through his apparently magical arts.  He made an odd request.  Instead of being placed face-down like the others, he asked to be placed face-up so he could see what was coming.  It seemed a harmless if perverse request, so it was granted.  For the third time that morning, the blade was raised to the top, the engineer took his position facing the instrument of his doom, and the signal was given.  Midway in its fall, the blade jammed yet a third time!  Above the cry of the crowd came the voice of the engineer:  "I see the problem!!"

This story came to mind as I considered the results of a little 24-question test I took to find out what my leadership strengths and weaknesses are.  You might wonder why engineers need to be concerned about leadership at all.  As we have mentioned from time to time in this space, most engineers who don't leave the engineering field altogether eventually become managers of one sort or another, and good management requires leadership skills.  And even the lowliest engineers in an organization deal with non-experts who look to the engineer as a technically informed person, and one way to describe such a relationship is that of leader to follower.

Given that engineers need to lead, it's a good idea to know what leadership pitfalls await the kind of personality who typically becomes an engineer.  For what it's worth, you can consider the point of view taken by one Gary Salton, who sent me a notice about the results of some research his consulting firm has performed recently.  All I know about Mr. Salton is what he sent me and some background information on Wikipedia, but I think he has at least one good point:  if you tend to approach life with only one set of skills, you should be aware that you may get into trouble when you deal with others who use different kinds of skills.  Specifically, analyzing problems is not the only way to deal with life.

Salton has developed a sociological analysis of organizations that he calls "I Opt," which is short for "input-output processing template."  Basically, he treats individuals in organizations in terms of their inputs and outputs and the type of processing they do best.  He seems to think that most people can be classified in terms of four types:  Logical Processors, Reactive Stimulators, Relational Innovators, and Hypothetical Analyzers.  He has developed a free online test that anyone who can read English can take, and it spits out a good-size Word document that is a customized report on your leadership strengths and weaknesses based on how you score in each of the four types.  According to my report, and material on Mr. Salton's website, I am a rather typical engineer in that I scored highest in the Hypothetical Analyzer category. 

That makes sense, because engineers spend lots of time studying complex problems and imagining how a proposed solution would work in the context of real-world situations.  The proposed solution is the hypothesis, and the analysis consists of checking to see if the solution will work by using theoretical and computational tools, or by building prototypes and testing them.  In a report Salton recently released, he says these are appropriate activities for engineering organizations.

But one of the hazards this personality type faces is over-investment in analysis.  This warning rings true to me.  Looking back on my career, I can recall several times when I was attracted to a problem, not because a lot of people urgently needed a solution for it, but simply because it looked fun to analyze.  Consequently, several of my projects that I invested months or years of work in were stillborn, in the sense that once I was finished, nobody cared.  In the case of the hapless engineer who analyzed the guillotine, figuring out the solution to that problem was the last thing he wanted to do—and maybe it was.

Salton's I Opt concept is in the sociological tradition of organizational analysis that goes back at least to Rensis Likert, the fellow who back in the 1930s developed the five-point Likert scale that goes from "strongly agree" to "agree" to "neutral" to "disagree" to "strongly disagree."  In his work, Salton tries to objectify information about human organizations, and because humans are unique, such knowledge can never be exhaustive.  But in pointing out a type of blind spot that engineering personalities are prone to, Salton has made one good point, a point with which I strongly agree.

Sources:  Gary Salton's "I Opt" leadership test can be found on his website at http://engrldr.iopt.com/, as can a report at http://garysalton.blogspot.com/2015/07/engineering-insights.html describing the results of a study of over 4,000 engineers that shows the important differences in leadership style compared to a larger sample of other professionals.  I also referred to the Wikipedia articles on Rensis Likert and organizational engineering.

Monday, July 27, 2015

The Wireless-Car-Hack Recall: A Real-Life Drama in Three Acts


Act One—2010-2011

As automakers begin to build in more wireless technology to enable not only hands-free mobile phone use from their cars but streaming audio services and navigational and safety aids as well, some researchers at UC San Diego and the University of Washington look into the possibility that these new two-way communication paths can be used to hack into a car's computer for nefarious purposes.  After months of work, they manage to use a wireless connection to disable the brakes on a particular car, which to this day remains anonymous.  Rather than releasing the maker's name in their research publication in 2011, the researchers suppress it, and instead go privately to the car's manufacturers and warn them of the vulnerability.  Also in 2010, more than 100 car owners in the Austin, Texas area whose vehicles were linked into a system that can disable a car if the owner gets behind in his payments, found that their cars wouldn't start.  Only, they weren't deadbeats—one of the enforcement company's employees got mad at his boss and intentionally disabled the cars. 

Act Two—2012-2013

Two freelance computer security specialists, Charlie Miller and Chris Valasek, read about the UCSD/University of Washington wireless-car-hack study and decide to investigate the issue further.  They apply for and receive an $80,000 grant from the U. S. Defense Advanced Research Projects Agency (DARPA), with which they buy a Ford Escape and a Toyota Prius.  With this hardware, they teach themselves the intricacies of the automakers' internal software and as a first step, develop a wired approach to hacking into a vehicle's control systems.  This allows them to plug a connector into the car's diagnostic port and operate virtually any system they wish.  However, when they show this ability at Defcon 2013, a hacker's convention, representatives of automakers are not impressed, pointing out that they needed a physical connection to do the hacking.  That inspires Miller and Valasek to go for the ultimate hack:  wireless Internet control of a car, and demonstration of same to a journalist.

Act Three—2014-2015

After reading dozens of mechanics' manuals and evaluating over twenty different models, the pair decide that the model most vulnerable to an online hack is the Jeep Cherokee. Miller buys one in St. Louis and the pair begin searching for bugs and vulnerabilities in software.  Finally, in June of 2015, Valasek issues a command from his home in Pittsburg and Miller watches the Cherokee respond in his driveway in St. Louis.  They have succeeded in hacking remotely into the car's CAN bus, which controls virtually all essential functions such as brakes, throttle, transmission, wipers, and so on. 

After the lukewarm reception they received from automakers a couple of years earlier, they have decided a stronger stimulus is needed to get prompt action.  When they informed Fiat Chrysler Autos of their hacking work into the firm's Cherokee back in October of 2014, the response was minimal.  Accordingly, they invite Wired journalist Andy Greenberg to drive the Cherokee on an interstate highway, telling him only in general terms that they will do the hack while he's driving, and surprise him with particular demonstrations of what they can do. 

Greenberg must have felt like he was in a bad sci-fi flick about aliens taking over.  As he recalled the ride, "Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass."  During the finale, the hackers disabled the transmission, throwing it into neutral and causing a minor backup on the interstate.

Greenberg's article appears on Wired's website on July 21.  On July 24, Fiat Chrysler Autos announces a recall of 1.4 million vehicles to fix software flaws that allow their cars to be hacked remotely via the UConnect Internet connection that Miller and Vasalek used.  It is the first recall ever due to a demonstrated flaw that lets hackers access a car through its Internet connection.

. . . Back in December of 2014, I blogged on the possibility that someone would figure out how to use the Internet to hack into a car's controls.  At the time, I reported that several automakers had formed an Information Sharing Advisory Center to pool knowledge of problems along these lines.  And I hoped that nobody would use a remote hack for unethical reasons.  What Miller and Vasalek have done has ruffled some feathers, but falls short of truly illegal activity. 

Instead, it's in the tradition of what might be called "white-hat" hacking, in which security experts pretend to be bad guys and do their darndest to hack into a system, and then let the system designers know what they've done so they can fix the bug.  According to press reports, pressure from the National Highway Traffic Safety Administration prompted Fiat Chrysler Autos to issue the hacking recall as promptly as they did, only three days after the Wired article appeared.  The annals of engineering ethics show that a little adverse publicity can go a long way in stimulating action by a large organization such as a car company. 

You might ask why Fiat Chrysler's own software engineers couldn't have done what Miller and Vasalek did, sooner and more effectively.  That is a complex question that involves the psychology of automotive engineers and what motivates them.  Budgeting for someone to come along and thwart the best efforts of your software engineers to protect a system is not a high priority in many firms.  And even if an engineer with Fiat Chrysler had concerns, chances are that his superiors would have belittled them, as they did Miller and Vasalek's demo of the wired hack in 2013.  To do anything more would have required a whistleblower to go outside the company to the media, which would have probably cost him his job. 

But this way, Miller and Vasalek get what they wanted:  real action on the part of automakers to do something about the problem.  They also become known as the two Davids who showed up the Goliath of Fiat Chrysler, and this can't do their consulting business any harm.  Best of all, millions of owners of Cherokees and other vehicles can scratch one small worry off their list:  the fear that some geek somewhere will pick their car out of a swarm on a GPS display somewhere and start messing with the radio—or worse.

Sources:  The Associated Press article on the Fiat Chrysler Auto recall appeared in many news outlets, including ABC News on July 24 at http://abcnews.go.com/Technology/wireStory/fiat-chrysler-recalls-14m-vehicles-prevent-hacking-32665419.  The Wired article by Andy Greenberg describing the Cherokee hack is at http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.  My latest previous blog on this subject appeared on Dec. 1, 2014 at engineeringethicsblog.blogspot.com/2014/12/will-remote-car-hacking-stop-before-it.html.

Monday, July 20, 2015

I Compute Your Pain: Emotion-Sensing Software


My wife usually knows when I'm upset long before I do.  I haven't performed a scientific study to determine how she does this.  She says she reads my body language, the tone of my voice, and my facial expressions, as well as what I say.  Women seem to have a built-in advantage when it comes to sensing the emotional states of others, so it's not a surprise that the co-founders of a company that sells software to read emotions were two women:  Rosalind Picard and Rana el Kaliouby.  The history of why they began their research into getting computers to sense emotions and what their company is doing now may tell us something about the ethical challenges to come if companies begin using emotion-reading software on a large scale.  A recent article in The New Yorker profiles these women and their work.

Back in the 1990s, almost no one in computer science was thinking professionally about emotions.  One of the few exceptions was Rosalind Picard, who has been on the MIT faculty since 1991.  She realized that computers could serve people better if they had a clue as to what emotional state a person was in.  Despite confused stares and even active discouragement from computer-science colleagues, she persisted in researching what she termed "affective computing" and wound up establishing an entirely new field.

Rana el Kaliouby entered the fray by a similar route.  Her first idea of a practical application of affective computing was to develop a kind of emotional hearing aid for autistic people, whose disability usually prevents them from inferring the emotional state of people around them.  She wound up teaming with Picard on some academic research projects, which attracted so much attention that they decided to spin off a company called Affectiva in 2009.

Once their ideas left academia for the commercial world, the tone of things changed.  Every second, thousands of marketers are competing for online attention—in TV ads, YouTube video ads, smartphone apps, and all the other electronic attention-grabbers we surround ourselves with these days.  Someone has even calculated what the attention of the average American is worth these days:  about six cents per minute in 2010.  Your attention is the coin of the realm that you exchange for "free" internet services, and companies who sell these services would dearly like to know how you feel about what you see.  This is what Affdex, the software offered by Affectiva, is supposed to do.

It works by monitoring facial expressions in a sophisticated way that uses fixed points (e. g. the tip of the nose) as references for the movement of eyebrows, the corners of your mouth, and other features that have been proven to be emotionally expressive.  The result is a readout of four emotional dimensions:  happy, confused, surprised, and disgusted.  I expect most marketers try to get the biggest happy readings, maybe laced with a little surprise here and there, and try to lower the confused and disgusted numbers.  Anyway, lots of companies are willing to pay lots of money to get these numbers.

So far, the main use has been in focus groups and other controlled settings where the consent of the consumer has been obtained to use video of their faces.  You can imagine the day when those little built-in cameras in computers and smart phones will be activated for emotion-reading software, possibly without your knowledge.  That is a thin red line which, to my own knowledge, has not been crossed yet.  But I can easily picture a situation in which a browser turns on your camera to watch your face, maybe in exchange for some bonus or free this or that, and somehow it just never gets turned off again.

Like most technology, affective computing can be used for either good or not-so-good purposes.  If software developers could learn how to sense a user's emotions, it could make software a lot easier to use.  I can think of many times when I was trying to do something with new software and got frustrated or confused.  Software that could sense this and trot out simpler and simpler explanations and help files, and even ask questions ("Just what are you trying to do?") would be a tremendous advance over that peculiar sense of helplessness I get when I face a zillion menu options and know one of them will do what I want, only I don't have twelve hours to spare in order to try each one. 

On the other hand, both Picard and Kaliouby realize that this sort of software could be abused.  Picard left Affectiva in 2013, and although Kaliouby is still with the firm, she expresses some disappointment that the commercial applications of Affdex have overshadowed the assistive applications for autism sufferers and other disabled people.  If one tries to come up with a worst-case scenario for how emotion-reading software could be abused, some sort of subliminal manipulation comes to mind.  What if emotion-reading ads prove to be well-nigh irresistible? 

Years ago, there was a flap of concern that advertisers were inserting single-frame images in TV ads that went by so quick your conscious mind didn't even notice them.  But supposedly, they went straight to your subconscious and made you go out and buy a Coke you didn't need, or something like that.  So-called subliminal advertising has proven to be useless, but we have yet to see how effective advertising is when it's coupled to software that can read the viewer's emotional state and make changes in its presentation in real time in response.  Of course, a good salesman does this instinctively, but up to now Internet advertising has been open-loop, with no way of knowing what the viewer felt about the ad.  Software such as Affdex promises to close that loop. 

Let's hope that affective software leads to a kinder, gentler interaction with the machines that take up an increasing part of our lives, without taking us down a road that amounts to secret manipulation of consumers without their knowledge or consent.

Sources:  The article "We Know How You Feel" by Raffi Khatchadourian appeared in the Jan. 19, 2015 issue of  The New Yorker, and provided many of the details in this blog.  I also referred to the Wikipedia article on Rosalind Picard and the Affectiva website www.affectiva.com. 

Monday, July 13, 2015

You Can't Take It With You: Airline Security as Industrial Engineering


The first question you may have is, what's industrial engineering?  It's an uninformative name for an important discipline:  the study of how best to design industrial processes of every type, from time-and-motion studies of assembly lines to how we can treat more hospital patients better with fewer resources.  The subject came to my mind recently as I was lifting empty gray plastic tubs from a conveyor belt onto a stacking machine that automatically recycled them to the head of the line at a security checkpoint in London's Heathrow Airport.  How did I get that job?  Well, let me begin at the beginning.

This was on the return leg of a business trip to France.  Lest you think I'm a world traveler, I should say that this was my first international trip in five or six years, and I'd never been to France before.  The conference I attended was in the "department" (sort of a state) of Cantal, in the legendary South of France, which is world-famous for its wine and cheese.  These attractions were somewhat wasted on me as I don't drink wine and I don't like cheese.  But at the end of the conference, the organizers gave me a box containing selections of the local foods.  I received it eagerly with the hope that I could take it back to my wife, who is fond of cheese and has been known to have a sip of wine now and then.  What neither I nor the conference organizers reckoned on was airline security.

For those familiar with the U. S. Transportation Security Administration system, the French do it similarly except you don't have to take off your shoes.  They had set aside my bag after the X-ray, though.  They wanted to know what a dark cylindrical object was.  I took out the cardboard box of goodies and opened it up for them.  There was a can of paté of some kind.  When they saw what it was, they were happy, and let me go.  So far, so good, but next came British security in London.

At Heathrow, everything is very organized.  First you queue up and have to go through a kind of museum display of all kinds of items you can't put in your luggage.  Anything liquid or liquid-like, you have to take out and put in a clear plastic bag for them to sniff at.  I'd done this with my toothpaste and thought I was all ready for them.  Think again.

It really did look like a miniature production line when I got to the luggage X-ray system.  You are handed these large gray plastic tubs and everything has to fit in a tub.  Then this industrial-quality conveyor belt with motorized rollers lines up the tubs to go through the X-ray.  If something fishy shows up, all the operator has to do is push a button, and a set of push rods shoves the suspect tub out of the main line into a second inspect-by-hand line behind a clear plastic barrier.  To my dismay, that happened to both of my tubs of stuff.

My glasses were in one of the tubs, but I could see well enough to watch my luggage as it sat behind the barrier.  It was well back in a line of several, and so it would be a while before I could get at it again.  Just to have something to do, I started picking up the empty tubs that the more fortunate travelers were leaving behind, and stacked them on the automatic return gizmo.  While I was doing this for ten or fifteen minutes, I noticed one of the inspect-by-hand inspectors playing with what I thought at first was a back-scratcher he'd confiscated from someone.  It was a blue plastic wand about a foot and a half (50 cm) long with some white cloth thing at the end. 

Then I noticed he was wiping it over contents of a piece of luggage and taking it over to a machine.  He removed the cloth and stuck it in the machine.  Turns out it was an ion mobility spectrometry (IMS) device that uses the varying speed of ions under the influence of an electric field to detect vapors of explosives, drugs, and other non-allowed chemicals.  Very clever technology which has made it out of the lab into the field—at least, a lot of airfields.

Finally, they got to my bag.  I pulled out the notorious box and showed him the contents.  There was a glass bottle of something—maybe it was beer—and a jar of what looked like marmalade. 

"I'm sorry, sir, but these are both over 200 milliliters.  To take them with you you'll have to go back out and check this bag."  There wasn't time, so I bid my marmalade and beer, or whatever it was, good-by.  I never even got a good look at them.  Then he let me go.

All was well after that till the U. S. passport control point at the Austin airport.  At passport control, there were just a bunch of kiosks with computerized touchscreens asking you a series of questions.  One of them was about food brought back from abroad. 

I faced an ethical dilemma.  I knew if I said I had none, I'd be lying, but I could also get through quicker.  Partly just to see what happened, I answered yes, I did have food from abroad.  There was a big "A" on the slip of paper that came out, which I handed to a man at the exit.  He put a big red checkmark on it, stuffed it in a blue folder, and told me to go have a seat over there.

Over there turned out to be a waiting area with people in it who looked like they were all at a funeral.  I said, "Nobody looks very cheerful over here."  One lady griped that this was what she got for being honest. 

In a bit, a brisk gal in a uniform came up, said, "Everybody with blue folders, come with me."  I was the only one, so I followed her into a room where once again, I took out the box and showed her what was in it.  This time the offending item was a piece of dried sausage sealed in plastic wrap.  "The meat has to go, but you can keep the other stuff."  So it went, and in another minute so did I.

Based on my limited sample during my trip, I'd say the British win the industrial-engineering competition for most efficient carry-on-luggage inspection.  They also took the most stuff.  All I have left from Cantal is a bag of cookies and that can of paté.  I don't know much French, but I think the label says it has a guaranteed minimum fat content of 30%.  Paté, anyone?

Sources: You can read more about ion mobility spectrometry at the website of a manufacturer of these systems, Smiths Detection: http://www.smithsdetection.com/index.php/products-solutions/explosives-narcotics-detection/61-explosives-narcotics-detection/ionscan-500dt.html#.VaJBYM6aH8w.