79 posts categorized "Travel" Feed

Consumer Reports: Don't Use Consumers as 'Guinea Pigs For Vehicle Safety Beta Programs'

Consumer Reports logo The recent fatal crash involving a Tesla auto operating with the Autopilot feature has highlighted the issues with beta software in commercially-available vehicles. Consumer reports discussed the matter in a recent blog post:

"The company’s aggressive roll-out of self-driving technology—in what it calls a “beta-test”—is forcing safety agencies and automakers to reassess the basic relationship between human drivers and their increasingly sophisticated cars... Consumer Reports experts believe that these two messages — your vehicle can drive itself, but you may need to take over the controls at a moment’s notice—create potential for driver confusion. It also increases the possibility that drivers using Autopilot may not be engaged enough to to react quickly to emergency situations. Many automakers are introducing this type of semi-autonomous technology into their vehicles at a rapid pace, but Tesla has been uniquely aggressive in its deployment. It is the only manufacturer that allows drivers to take their hands off the wheel for significant periods of time..."

For decades, Consumer Reports has reviewed, tested and rated both new and used vehicles to help drivers make informed decisions about purchases and repairs. It also tests and rates a wide variety of household appliances, electronics, telecommunications services (e.g., phone, cable TV, broadband), music streaming services, social networking sites, prepaid cards, credit monitoring services, and more. Consumer Reports owned and tested three Tesla vehicles: 2013 Model S 85, 2014 Model S P85D, and 2016 Model X 90D.

Laura MacCleery, the vice president of consumer policy and mobilization for Consumer Reports, said:

"By marketing their feature as ‘Autopilot,’ Tesla gives consumers a false sense of security... In the long run, advanced active safety technologies in vehicles could make our roads safer. But today, we're deeply concerned that consumers are being sold a pile of promises about unproven technology. 'Autopilot' can't actually drive the car, yet it allows consumers to have their hands off the steering wheel for minutes at a time. Tesla should disable automatic steering in its cars until it updates the program to verify that the driver's hands are on the wheel... Consumers should never be guinea pigs for vehicle safety 'beta' programs...”

Consumer Reports provided four recommendation for Tesla and its Autopilot feature, which include renaming it, halting beta test programs, and reprogramming the feature to require drivers to keep their hands on the steering wheel.

I agree. Beta testing features with business software (e.g., spreadsheets, word processing, VPN connections, etc.) and general software are entirely different from vehicles where lives are directly at risk. What are your opinions?


Several Countries Issued Travel Advisories For Visiting The United States

Last Friday, the Ministry of Foreign Affairs within the Government of the Bahamas issued this travel advisory for its citizens:

"We wish to advise all Bahamians traveling to the US but especially to the affected cities to exercise appropriate caution generally. In particular young males are asked to exercise extreme caution in affected cities in their interactions with the police. Do not be confrontational and cooperate. If there is any issue please allow consular offices for The Bahamas to deal with the issues. Do not get involved in political or other demonstrations under any circumstances and avoid crowds... Pay attention to the public notices and news announcements in the city that you are visiting."

On Saturday, the Bahrain Embassy in Washington, DC sent the following message on Twitter:

Bahrain Embassy tweet about travel to USA. Click to view larger version

The United Arab Emirates Embassy in Washington, DC issued a "Special Alert" for its citizens visiting the United States:

"For your own safety, the Embassy of the United Arab Emirates urges you to please stay away from any ongoing or planned demonstrations and protests in cities around the United States. Please be aware of immediate surroundings and avoid crowded places when possible. Exercise particular caution during large festivals or events, be alert and stay safe. You are encouraged to contact the embassy if you are in need of assistance..."

According to the Safe Travel site for New Zealand citizens:

"There is some risk to your security in the United States due to the threat from terrorism and we advise caution... The United States remains a likely target for terrorist activity by domestic-based extremists and internationally-trained individuals and groups, and we continue to receive reports that terrorist groups are planning attacks against the United States... Wherever you are, you should keep yourself informed about the latest alerts and stay aware of your surroundings in areas where large numbers of people congregate, such as shopping malls, markets, monuments, tourist destinations, demonstrations, public events and on any public transport... There is a higher incidence of violent crime and firearm possession than in New Zealand, however crime rates vary considerably across cities and suburbs and incidents rarely involve tourists... Research your destination before traveling and seek local advice if you are concerned... We recommend you avoid all protests and demonstrations as on occasion civil disorder can result."

The U.S. Department of State regularly issues travel advisories for U.S. citizens traveling abroad. It would seem that, to use an old saying: the shoe is on the other foot.

If you are traveling to or within the United States, the Department of Homeland Security provides a resource page for security line wait times.

Have you seen alerts from any more countries? If so, share them below.


National Parks Celebrate Their 100th Anniversary

For your next vacation, consider visiting a national park. This summer, the United States National Park Service (NPS) celebrates 100 years of operations on August 25, 2016 with special discounts, programs, and events. The NPS was created to preserve:

“…unimpaired the natural and cultural resources and values of the National Park System for the enjoyment, education, and inspiration of this and future generations.”

When you visit a national park, you see what your ancestors saw. That includes trees, plants, wildlife, lakes, rivers, mountains, and glaciers. The NPS includes 411 areas covering all 50 States, plus the District of Columbia, American Samoa, Guam, Puerto Rico, and the Virgin Islands. These areas include national parks, monuments, battlefields, military parks, historical parks, historic sites, lake shores, seashores, recreation areas, scenic rivers, and trails.

The largest NPS site is Wrangell-St. Elias National Park and Preserve (Alaska) at 13.2 million acres. The smallest site is the Thaddeus Kosciuszko National Memorial (Pennsylvania) at 0.02 acres. 307 million people visited NPS sites during 2015. The NPS is a bureau of the U.S. Department of the Interior. It was created by an act signed by President Woodrow Wilson on August 25, 1916. The Director of the NPS is nominated by the President and confirmed by the U.S. Senate.

Some of the favorite national parks:

  • Yosemite National Park (California): this park is famous for outdoor activities including hiking, fishing, biking, camping, rock climbing, photography, and more
  • Mount Rushmore National Memorial (South Dakota): enjoy marvelous views of the 60-foot-tall heads of Abraham Lincoln, George Washington, Theodore Roosevelt, and Thomas Jefferson
  • Grand Canyon National Park (Arizona): view dazzling colors and the Colorado River, as it makes its way through the mile-deep canyon, which is 277 miles long and 18 miles wide
  • Glacier National Park (Montana): with more than 700 miles of trails, this park features pristine forests, alpine meadows, and majestic mountains
  • Volcanoes National Park (Hawaii): volcanoes created the Hawaiian islands, and the park features two massive volcanoes, Kīlauea and Mauna Loa, that erupt periodically with slow lava flows down the mountainside. Mauna Loa is 56,000 feet (17,000 meters) high, as measured from the sea floor.

The parks operate programs for adults, families, and children. Some of the programs for children include the Junior Rangers, Web Rangers, Every Kid in a Park, and mobile apps for citizen science. Check the NPS site for event times and locations.

View from atop Haleakala. Click to view larger version It is easy to combine a visit to a national park with a cruise vacation. My wife and I visited the Volcanoes National Park in 2004 during a cruise around the Hawaiian Islands. We sailed on Norwegian Cruise Line round-trip from Honolulu. At night, we saw red lava flows into the ocean. That cruise also included a port stop at the island of Maui, where we visited Haleakala National Park. Our bicycle ride down the mountainside started above the clouds.

In 2005, we visited Denali National Park and Preserve (Alaska) during a cruise-tour on Princess Cruises. A cruise-tour combines sea and land travel, so you see the best of everything – the inland wilderness, wildlife, glaciers, parks, and mountains. The land portion of our cruise-tour included 5 days and 4 nights traveling from Fairbanks to Anchorage, with hotel stays at several Princess Lodges across Alaska. The cruise-tour price included everything, and it was easy! The cruise line handled our luggage and checked us into each lodge. Then, our 7-night cruise sailed southbound from Whittier (near Anchorage) to Vancouver (British Columbia, Canada).

Southbound via train in Alaska. June, 2005 The land portion of our cruise-tour included travel by bus and train. If you love trains, this is a must-experience vacation. Each cruise line has their own rail cars with glass-domes, so you sit comfortably and easily watch the spectacular countryside pass by. The trains don't travel fast, which makes photography and filming easy. Some rail cars have open-air platforms for photographers wanting to avoid reflections created by glass windows.

Clear view of Mount Denali in 2005. Click to view larger image Before visiting Denali National Park, we stayed at the Denali Princess Wilderness Lodge. When you visit the park, allow enough time for the full-day tour. The park is massive, about the size of the State of New Hampshire. You won't see much if you book the half-day tour. We stayed the next night at the Mount McKinley Princess Wilderness Lodge, which featured a spectacular view of the mountain. We were lucky because clouds didn't obstruct views of Denali (a/k/a Mount McKinley).

View of the Grand Canyon from the South Rim. Click to view larger version During a trip to Las Vegas in 2012, we visited Grand Canyon National Park. The hotel offered an excursion package that included both air and bus travel. You could rent a car and drive, but short one-hour flight was faster and offered spectacular aerial views of Hoover Dam!

Words cannot describe the splendor and beauty of these national parks. If you haven’t visited a national park, I strongly encourage you to visit one this year. Don’t wait. You’ll be glad you did. Filmmaker and historian Ken Burns said it best in the title of his documentary series, "The National Parks: America's Best Idea."

If you don’t want to drive or fly, you can easily visit a park via train. Amtrak serves many NPS sites including Glacier, Grand Canyon, Yosemite, Everglades, Sequoia, Kings Canyon, Rocky Mountain, and more.

For the 100-year celebration, the national parks will waive entry fees for 16 days including August 25 through 28, September 24, and November 11. To find a national park near you, use the Find A Park search tool. To prevent damage to the environment, off-road vehicles are illegal with the national parks. And, leave your drone at home. The use of drones are banned in all national parks.

Which national parks have you visited?

Princess Lodge in Denali, Alaska


NHTSA Investigates Fatal Crash Of Tesla Auto. Numerous Implications For Drivers

Several news sites reported that the fatal crash of a Tesla Motors model S car while operated in Autopilot mode. Tesla Motors released a statement about the incident:

"... NHTSA is opening a preliminary evaluation into the performance of Autopilot during a recent fatal crash that occurred in a Model S. This is the first known fatality in just over 130 million miles where Autopilot was activated. Among all vehicles in the US, there is a fatality every 94 million miles. Worldwide, there is a fatality approximately every 60 million miles... What we know is that the vehicle was on a divided highway with Autopilot engaged when a tractor trailer drove across the highway perpendicular to the Model S. Neither Autopilot nor the driver noticed the white side of the tractor trailer against a brightly lit sky, so the brake was not applied..."

Established in 1970, the National Highway Traffic Safety Administration (NHTSA) is responsible for ensuring safety standards and safety on the nation's highways. Tesla's statement also described its Autopilot feature:

"... Tesla disables Autopilot by default and requires explicit acknowledgement that the system is new technology and still in a public beta phase before it can be enabled. When drivers activate Autopilot, the acknowledgment box explains, among other things, that Autopilot “is an assist feature that requires you to keep your hands on the steering wheel at all times," and that "you need to maintain control and responsibility for your vehicle” while using it. Additionally, every time that Autopilot is engaged, the car reminds the driver to “Always keep your hands on the wheel. Be prepared to take over at any time.” The system also makes frequent checks to ensure that the driver's hands remain on the wheel and provides visual and audible alerts if hands-on is not detected. It then gradually slows down the car until hands-on is detected again."

The Tesla site provides a general description of the Autopilot feature:

"Autopilot allows Model S to steer within a lane, change lanes with the simple tap of a turn signal, and manage speed by using active, traffic-aware cruise control. Digital control of motors, brakes, and steering helps avoid collisions from the front and sides, and prevents the car from wandering off the road. Autopilot also enables your car to scan for a parking space and parallel park on command. And our new Summon feature lets you "call" your car from your phone so it can come greet you at the front door in the morning. Autopilot features are progressively enabled over time with software updates."

This fatal crash has broad implications. The New York Times reported:

"The crash also casts doubt on whether autonomous vehicles in general can consistently make split-second, life-or-death driving decisions on the highway. And other companies are increasing investments in self-driving technology. Google, for example, recently announced plans to adapt 100 Chrysler minivans for autonomous driving. Earlier this year, G.M. acquired the software firm Cruise Automation to accelerate its own self-driving applications. Even as the companies conduct many tests on autonomous vehicles at both private facilities and on public highways, there is skepticism that the technology has progressed far enough for the government to approve cars that totally drive themselves."

In 2013, NHTSA defined five levels of automation in vehicles:

"No-Automation (Level 0): The driver is in complete and sole control of the primary vehicle controls – brake, steering, throttle, and motive power – at all times.

Function-specific Automation (Level 1): Automation at this level involves one or more specific control functions. Examples include electronic stability control or pre-charged brakes, where the vehicle automatically assists with braking to enable the driver to regain control of the vehicle or stop faster than possible by acting alone.

Combined Function Automation (Level 2): This level involves automation of at least two primary control functions designed to work in unison to relieve the driver of control of those functions. An example of combined functions enabling a Level 2 system is adaptive cruise control in combination with lane centering.

Limited Self-Driving Automation (Level 3): Vehicles at this level of automation enable the driver to cede full control of all safety-critical functions under certain traffic or environmental conditions and in those conditions to rely heavily on the vehicle to monitor for changes in those conditions requiring transition back to driver control. The driver is expected to be available for occasional control, but with sufficiently comfortable transition time. The Google car is an example of limited self-driving automation.

Full Self-Driving Automation (Level 4): The vehicle is designed to perform all safety-critical driving functions and monitor roadway conditions for an entire trip. Such a design anticipates that the driver will provide destination or navigation input, but is not expected to be available for control at any time during the trip. This includes both occupied and unoccupied vehicles."

Today's vehicles offer several safety automation features to assist drivers: Automatic Crash Notification (ACN), Automatic Emergency Braking (AEB), Electronic Stability Control (ESC), Forward Collision Warning (FCW), Lane Departure Warning (LDW), Lane Keeping Support, and Pedestrian Crash Avoidance/Mitigation. There are huge differences between autonomous automation and assisted-driving features.

There are big differences between Tesla cars and Google's self-driving car. Earlier this year, NHTSA granted the software in Google's driver-less cars as "driver" status. According to the Washington Post:

"... the law will treat the car's software as the driver. "We agree with Google its [self-driving vehicle] will not have a 'driver' in the traditional sense that vehicles have had drivers during the last more than one hundred years," the letter reads: "If no human occupant of the vehicle can actually drive the vehicle, it is more reasonable to identify the "driver" as whatever (as opposed to whoever) is doing the driving." The decision by NHTSA marks a huge moment for Google and the rest of the auto industry as it races to build the first fully autonomous motor vehicle. While most other carmakers are building their vehicles with steering wheels, brake pedals and other machinery in mind, Google imagines that its robot car will have none of these things."

The fatal Tesla accident is truly tragic. It is also a reminder for consumers to:

  • Know the differences between full autonomous automation and features that assist drivers,
  • Know the limitations of automation features including road conditions that require driver intervention,
  • Know which features are beta version (which means they are unfinished and still being tested), and
  • Read all applicable polices (e.g., terms of service, privacy) before and after purchasing a vehicle to understand your responsibilities and liability. Certain features and road conditions require driver intervention.

The features in automated vehicles depend upon software, and beta version software indicates software still being tested. Wise Geek provides a definition:

"The beta version of a software release is considered to be a preview; though it may include many standard features, it is not yet ready for wide release or sale. During this phase, the developers collect feedback from users about the product's functionality, including what they like and what should be changed before its wide release. A beta version of a program can be either "closed," which is limited to a specific group of users, or "open," which is available to the general public. During this testing, developers might release numerous versions of a program, including improvements and bug fixes with each iteration."

So, the software may have bugs or errors in it that affect the feature's performance and/or interaction with other features. And, government regulators seem satisfied with this. Reuters reported:

"Hours before the crash became public knowledge on Thursday, U.S. National Transportation Safety Board Chairman Christopher Hart said driverless cars will not be perfect. "There will be fatal crashes, that's for sure," Hart told the audience at the National Press Club in Washington, but added that will not derail the move toward driverless cars, even if the vehicles are not ready.. Former NHTSA chief Joan Claybrook said in an interview the agency needs to set performance standards for electronic systems like Autopilot. "It's the like Wild West. The regulatory system is not being used," Claybrook said."

It seems wise for consumers to know before purchase: a) the specific limitations of features (and associated sensors) using beta version software; b) when software testing will be completed and a final version available; c) if price discounts are available for features being tested; and d) if the limitations require more driver attention or driver intervention during specific road and/or weather conditions.

Also, a 2014 survey found that half of Americans don't know what a privacy policy is. It is difficult to find statistics about the percentage of users that read terms of service policies (a//k/a terms and conditions). The best estimate I've found is from 2008: 10 percent of consumers read terms of service policies. Even if that percentage is now double, it's still abysmal.

Should drivers place a lot of trust in features using beta version software? Do you view current regulatory activity as acceptable? Comments?


New Panama Canal Locks Opened on June 26

Lycaste Peace tanker in new locks. Click to view larger version On Sunday June 26, the new locks opened on the Panama Canal. The first freighter to sail through the new locks was the Chinese-owned Cosco Shipping Panama, carrying about 9,000 metal shipping containers. It left the Greek port of Piraeus on June 11 headed for a port in Asia. The second commercial ship was the liquid petroleum gas (LPG) tanker Lycaste Peace (pictured on right), owned by Japanese shipping company Nippon Yusen Kaisha (NYK Line). Originating from Houston, Texas, the Lycaste Peace is en route to the Port of Hitachi, Japan. The Panama Canal provides a far shorter sailing route for ships sailing between the Atlantic and Pacific Oceans.

Built in 1914, the original canal accommodates freighters carrying about 5,500 containers. The new locks, built along side the existing locks, can accommodate ships carrying 13,000 containers. The $5.25 billion canal expansion project included the new, larger Agua Clara locks on the Atlantic side, and a similar set on the Pacific side. The older locks, still in use, accommodate ships -- referred to as "Panamax" -- measuring up to 106 feet (32.3 meters) wide by 965 feet (294.1 meters) long with drafts up to 39.5 feet. The newer locks accommodate ships -- referred to as "neo-Panamax" -- measuring up to 160 feet (49 meters) wide by 1,200 feet (366 meters) long with drafts up to 50 feet (18.3 meters).

The Cosco Shipping Panama freighter is one of the newer neo-Panamax sized ships.

Diagram of locks. Click to view larger version The locks raise and lower ships by 85 feet, using gravity-fed water stored in Gatun Lake, a man-made reservoir. The older locks include Gatun (on the Atlantic side), and Pedro Miguel and Miraflores (on the Pacific side). While far bigger than the older locks, the newer locks use less water due to water-savings basins (details in diagram on right) that recycle 60 percent of the water used.

The Panama Canal Authority (ACP), an autonomous legal entity of the Republic of Panama, operates and manages the canal and the Canal Zone: the land area adjacent to the waterway. 75 percent of Panamanians approved the expansion project in a nation-wide referendum in 2006. Construction began in 2007. The ACP employs about 10,000 persons.

During the inauguration ceremony on Sunday, Panamanian President Juan Carlos Varela and Panama Canal Administrator and CEO Jorge L. Quijano spoke before a crowd of 25,000 jubilant Panamanians, ACP employees, foreign heads of state and dignitaries, canal customers, and shipping executives. Mr. Quijano said:

"More than 100 years ago, the Panama Canal connected two oceans. Today, we connect the present and the future... It is an honor to announce that what we did it together: providing this great connection to the world. This is the beginning of a new era."

About 40 cargo ships sail daily through the canal. Experts say that will increase to about 55. Most major cruise lines offer passenger ships sailing through the canal in either direction. The Panama Canal Railway operates passenger service along the canal.

Aerial view of a ship in the Panama Canal. Click to view larger version


Study: Many Sharing Economy Companies Not There Yet On Privacy And Transparency

Uber logo You've probably heard of the term, "sharing economy" (a/k/a digital economy). It refers to a variety of companies that link buyers and sellers online. These companies include taxi-like ride-sharing services (e.g., Uber, Lyft), home sharing services (e.g., Home Away, Airbnb, VRBO), delivery services (e.g., Postmates), and on-demand labor services (e.g., TaskRabbit).

The 2016 "Who Has Your Back?" report by the Electronic Frontier Foundation (EFF) focused upon companies in the sharing economy, and their policies and practices for inquiries by law enforcement. Prior annual reports included social networking websites, email providers, Internet service providers (ISPs), cloud storage providers, and other companies. The EFF observed that companies in the sharing economy:

"... also collect sensitive information about the habits of millions of people across the United States. Details about what consumers buy, where they sleep, and where they travel are really just scratching the surface of this data trove. These apps may also obtain detailed records of where your cell phone is at a given time, when you are logged on or active in an app, and with whom you communicate.

It’s not just the purchasers in the gig economy who have to trust their data to the startups developing these apps. Individuals offering services are users just like the buyers, and also leave behind a digital trail as (or more) detailed than that of the purchasers. From Lyft drivers to Airbnb hosts to Instacart shoppers, people providing services are entrusting enormous amounts of data to these apps... As with any rich trove of data, law enforcement is increasingly turning to the distributed workforce as part of their investigations. That’s not necessarily a bad thing, but we need to know how and when these companies actually stand up for user privacy..."

So, it is sensible and appropriate to evaluate how well (or poorly) these companies protect consumers' privacy and communicate their activities. The EFF found overall:

"Many sharing economy companies have not yet stepped up to meet accepted tech industry best practices related to privacy and transparency, according to our analysis of their published policies. This analysis is specific to government access requests for user data, and within that context we see ample room for improvement by this budding industry... however, some gig economy companies leading the field on this issue...

Regarding ride-sharing companies, the EFF found:

"We analyzed 10 companies as part of this report. Of them, both Uber and Lyft earned credit in all of the categories we examined. We commend these two companies for their transparency around government access requests, commitments to protecting Fourth Amendment rights in relation to user communications and location data, advocacy on the federal level for user privacy, and commitment to providing users with notice about law enforcement requests. These two companies are setting a strong example for other distributed workforce companies... In contrast, another ride-sharing company, Getaround, received no stars in this year’s report."

TripAdvisor logo The EFF also found improvements by home-sharing companies (links added):

"... FlipKey (owned by TripAdvisor) has adopted several policies related to government access of user data. FlipKey requires a warrant for user content or location data and promises to inform users of law enforcement access requests. It is also a member of the Digital Due Process Coalition, fighting for reform to outdated communications privacy law. Of the home sharing companies we reviewed, FlipKey does the most to stand up for user privacy against government demands.

Only two other companies from our research set earned credit in any categories: Airbnb and Instacart, each earning credit in three categories. Both of these companies require a warrant for content, publish law enforcement guidelines, and are members of the Digital Due Process Coalition..."

Airbnb logo The Digital Due Process Coalition (DDPC) seeks reforms to the Electronic Communications Privacy Act (ECPA) because:

"Technology has advanced dramatically since 1986, and ECPA has been outpaced. The statute has not undergone a significant revision since it was enacted in 1986... As a result, ECPA is a patchwork of confusing standards that have been interpreted inconsistently by the courts, creating uncertainty for both service providers and law enforcement agencies. ECPA can no longer be applied in a clear and consistent way, and, consequently, the vast amount of personal information generated by today’s digital communication services may no longer be adequately protected. At the same time, ECPA must be flexible enough to allow law enforcement agencies and services providers to work effectively together..."

DDPC members include Adobe, Airbnb, Amazon.com, Apple, AT&T, Dell, Dropbox, eBay, Facebook, IBM, Intel, Lyft, Reddit, Snapchat, and many more well-known brands.

Postmates logo The EFF report also found (links added):

"... half of the companies we reviewed—Getaround, Postmates, TaskRabbit, Turo, and VRBO—received no credit in any of our categories. This finding is disappointing... most of the companies we analyzed were not yet publishing transparency reports. Only two companies in the field—Lyft and Uber—have published reports outlining how many law enforcement access requests they’ve received. As a result, the general public has little insight into how often the government is pressuring gig economy companies for access to user data. This concerns us, as one way to make surveillance without due process worse is to allow it to happen entirely in secret. Publicizing reports of law enforcement access requests can help illuminate patterns of overzealous policing, shine a light on efforts by companies to resist overly broad requests, and perhaps give pause to law enforcement officials who might otherwise seek to grab more user data than they need..."

Read the 2016 EFF "Who Has Your Back?" executive summary, or the full report (Adobe PDF). Kudos to the EFF for providing a very timely and valuable report. What are your opinions.


What's New: Cruise Ship Vacations Through The Northwest Passage

Map of Northwest Passage itinerary. Click to view larger image You can now sail to parts of Canada and the Arctic Ocean that were previously inaccessible.

Since the 1500s, explorers have attempted to sail the Arctic Ocean and Northwest Passage, but were unable due to thick sea ice present all year long. With climate change, the sea ice has retreated far enough and long enough during the summer months for cargo and cruise ships to navigate this shorter route between the Atlantic and Pacific Oceans.

Crystal Cruises announced a new itinerary through the Northwest Passage to destination ports in the United States, Canada, and Greenland. Starting in August of 2016, the Crystal Serenity cruise ship will sail from Anchorage, Alaska to New York City, with port destinations at Kodiak (Alaska), Nome (Alaska), Ulukhaktok (Northwest Territories, Canada), Cambridge Bay (Canada), Pond Inlet (Canada), Ilulissat (Greenland), Nuuk (Greenland), Bar Harbor (Maine), and more.

Crystal Cruises is a high-end, luxury cruise line offering a truly all-inclusive cruise experience. Budget or entry-level cruise lines typically offer a low price, but add on a variety of fees. Many consumers prefer a one-price, all-inclusive vacation.

The cruise price includes complimentary fine wines and premium spirits, plus gratuities for housekeeping, bar, dining and Penthouse butler staff. It also includes fine dining at any of eight on-board restaurants, classes at the Computer University@Sea®, foreign language classes, themed cruises focusing upon music, film and entertainment shows, wellness and golf,  lectures featuring speakers, authors, and celebrities, art classes, an on-board fitness center, and concierge services to arrange personalized shore excursions.

The fitness center includes state-of-the-art exercise equipment, yoga classes, cycling classes, golf lessons, Pilates, and tai chi classes. The ship includes deluxe staterooms, staterooms with verandahs, penthouses, and penthouse suites. Staterooms include satellite TV, movie/DVD rentals, housekeeping, complimentary soft drinks and bottled water, complimentary beer, wine and spirits upon request, luxury bathrobes, and fine Egyptian cotton linens. Additional complimentary services are available in the penthouses and penthouse suites.

The Crystal Serenity cruise ship debuted in July, 2003. The cruise line spent $52 million in 2013 to redesign and upgrade the ship, including both staterooms and public areas. Besides the Northwest Passage itinerary, the ship sails to destinations in the Caribbean, South America, Hawaii, Australia, and the Mediterranean.

Prices for the 32-day cruise start at $21,855 per person double occupancy, and include the above onboard services plus transfers between the airport and cruise terminal in Anchorage. Prices exclude air fare and transfers between the cruise ship and airports in New York City.

Whether or not you believe in climate change, or agree that human activity contributes to climate change (a/k/a global warming), the retreating sea ice is an indication of changes in the planet.

Image of Crystal Serenity cruise ship


What's New: Cruise Ship Vacations To Cuba Starting May 1 That Include Volunteering

On Monday, March 21, Carnival Corporation announced a signed agreement with the Cuban government allowing its Fathom cruise line to provide service to port destinations in Cuba beginning May 1, 2016. Carnival received approval by the United States government in July, 2015. With approval by both countries' governments, cruise sailings can soon begin. This will be the first time in about 50 years that passengers can sail from the United States to Cuba.

Fathom cruise line logo Tara Russell, president of Fathom cruise line said in the announcement:

"Our Carnival Corporation and Fathom brand teams have worked closely with Cuba throughout this process and we are thrilled to begin regular sailings to Cuba from Miami starting on May 1, 2016... We have been told that we will be the first cruise line to sail from the U.S. to Cuba with our historic inaugural sailing."

The history-making sailings will be made by the 704-passenger MV Adonia cruise ship. Based in Miami, the MV Adonia will sail to three port destinations in Cuba: Havana, Cienfuegos, and Santiago de Cuba. To celebrate this historic event, the itinerary will include a Cuban experience with onboard seminars about Cuba’s history, customs, and culture plus conversational Spanish lessons, Cuban music, films, and Cuban menu options.

What distinguishes Fathom from other cruise lines is the concept of "impact travel." The site explains:

"Fathom was created for the passionate and growing number of travelers seeking mindful, purpose-driven and easily accessible travel programs that allow them to make an impact on the world... Fathom offers consumers authentic, meaningful travel experiences to enrich the life of the traveler and work alongside locals as they tackle community needs..."

Those programs include activities such as planting trees, building and installing water filters, teaching grade-school to read, and more. So you can mix volunteer work with your vacation. That's definitely a different cruise-ship vacation.

Carnival Corporation owns several cruise lines, including Carnival, Costa, Cunard, Holland America, Princess, and its new Fathom cruise line. How did Fathom start? There's a robust discussion by consumers on the Cruise Critic social site. One person offered this perspective:

"... I live in New Orleans... the origin of Fathom was born out of Carnival's experience during Hurricane Katrina in 2005. To support first responders, Carnival made the decision to reallocate 3 Fantasy Class vessels to New Orleans to provide safe infrastructure (housing, food, communications etc). The city had zero support systems in place (destroyed by the levy breaking) to provide those services for at least 90 days after Katrina. Contrary to popular outcry, Carnival had enough excess capacity fleet-wide to absorb guests (who expressed the willingness to be flexible) who were displaced by this action. Katrina proved to be be the greatest outpouring of volunteerism in the history of this country. Every year since Katrina, thousands of volunteers return to continue to help rebuild. Carnival Corporation learned from that experience. Thru the concept of Fathom, it can bring hundreds of volunteers with various skills and passions to any destination that can be reach by a cruise ship and a workable port of call... or in Cuba's situation to help rebuild a long decayed infrastructure... I think this will be a major hit...it will change the paradigms of how the younger generation views vacations. I applaud Carnival for doing this..."

The MV Adonia will make 7-day sailings departing Miami on Sundays. The Fathom cruise line will also provide service to ports in the Dominican Republic. Prices for 7-day sailings to Cuba start at $1,800.00 per person, excluding Cuban visas, taxes, fees, and port expenses. The prices include all meals on the ship, onboard experiences and on-land activities. Prices will vary by season. To book a sailing, a $600.00 per person deposit is required, and final payment is due 90 days prior to departure.

This is exciting news. I look forward to experiencing what Fathom has to offer. You can learn more in this video:


Vehicle Accident Involving Google Self-Driving Car Highlights Several Issues

In a monthly report on February 29 to California regulators, Google disclosed that one of its self-driving cars hit a city bus in Mountain View. Google's description of the accident on February 14:

"... our vehicle was driving autonomously and had pulled toward the right-hand curb to prepare for a right turn. It then detected sandbags near a storm drain blocking its path, so it needed to come to a stop. After waiting for some other vehicles to pass, our vehicle, still in autonomous mode, began angling back toward the center of the lane at around 2 mph -- and made contact with the side of a passing bus traveling at 15 mph. Our car had detected the approaching bus, but predicted that it would yield to us because we were ahead of it..."

A human test driver was in the Google self-driving car while it was operating in autonomous mode. Nobody was hurt in the accident, and 15 bus passengers were transferred to another bus. The Google car sustained damage to its left front fender, left front wheel, and one driver's side sensor.

The company operates 23 self-driving Lexus RX450h SUVs on public streets. That includes 14 vehicles in Mountain View (California), 8 in Austin (Texas), and one in Kirkland (Washington). It also operates 33 self-driving prototypes in public city streets: 26 in Mountain View, and 7 in Austin. The cars have driven about 1.5 million miles in autonomous mode, and about one million miles in human-driver mode. There have been more than a dozen accidents; mostly where Google vehicles were rear ended by other vehicles. The first injury accident was in July last year when several employees suffered whiplash when their Google vehicle was rear ended by a human-driven vehicle.

Google admitted that it bore some responsibility in this accident:

"In this case, we clearly bear some responsibility, because if our car hadn’t moved there wouldn’t have been a collision. That said, our test driver believed the bus was going to slow or stop to allow us to merge into the traffic, and that there would be sufficient space to do that. We’ve now reviewed this incident (and thousands of variations on it) in our simulator in detail and made refinements to our software. Our cars will more deeply understand that buses and other large vehicles are less likely to yield to us than other types of vehicles, and we hope to handle situations like this more gracefully in the future."

Reportedly, this would be the first accident where a self-driving car operating in autonomous mode is at fault. Many experts predict that insurance for self-driving cars will be lower than insurance for human-driven cars. Besides ethical dilemmas, accidents involving self-driving cars highlight unresolved liability issues. The Guardian UK explained:

"Hilary Rowen, a partner at the insurance regulation practice Sedgwick LLP and an expert in the issue of self-driving cars and legal responsibility, said the case is a good example of a conundrum that will soon be common. “Here, the software didn’t avoid the accident, but the human could have taken over,” she said. “Who’s at fault – the driver, the bus driver, or the software? Rowen said in real world situations, both the driver and injured party will actually be incentivized to blame the software which, if found to be guilty, will leave the driver’s record clear and likely have a higher payout for the injured party."

It is good that the company is transparent and forthcoming with accident reports. The accident also highlights the state of the self-driving or robotic software for vehicles. It's not ready yet for every-day operation. You can bet that when the software is ready a lot of drivers for ride-sharing services and taxi companies will find themselves quickly out of work. View the February 2016 Google Self-Driving Car Report (Adbobe PDF).

What are your opinions of the accident? Of the liability issue?


Editor's Picks: Cruise Vacations

Considering a cruise ship vacation? Unsure which cruise line is best? Received an offer in the mail> You may find the resources below helpful:

  1. Considering A Cruise Ship Vacation? What Consumers Need To Know
  2. 8 Tips About Cruise Ship Vacations And Cruise Ship Maintenance
  3. Free Cruise Vacation Offer: Legit or Scam?
  4. Cruise Review: Sept. 13 - 27 Viking River Cruise From Amsterdam to Budapest
  5. Massachusetts Attorney General Announced Settlement WIth Travel Company For Pressure Sales And Over-Priced Vacations
  6. Traveling Abroad? New T.S.A. Rules For Inbound Flights To The U.S.A.
  7. 10 Ways To Avoid Identity Theft During Vacation Travel
  8. 7 Tips To Avoid A Rejected Credit Card During Vacation Travel
  9. Traveling Outside The Country? Before You Leave, Notify Your Credit Card Issuer So Your Purchases Aren't Denied
  10. Disney Cruise Ship Child Care Staff Lose Young Child. Frantic Search Ensues

The Ethical Dilemmas Of Self-Driving Cars

There have been plenty of articles in the news media about self-driving cars. What hasn't been discussed so much are the ethical dilemmas. What are the ethical dilemmas? The M.I.T. Technology review explored the topic:

"Here is the nature of the dilemma. Imagine that in the not-too-distant future, you own a self-driving car. One day, while you are driving along, an unfortunate set of events causes the car to head toward a crowd of 10 people crossing the road. It cannot stop in time but it can avoid killing 10 people by steering into a wall. However, this collision would kill you, the owner and occupant. What should it do?”

If one programs self-driving cars to always minimize the loss of life, then in this scenario the owner is sacrificed. Will consumers buy self-driving cars knowing this? Would you?

Researchers posed this and similar ethical dilemmas to workers at Amazon Mechanical Turk, a crowd-sourcing marketplace for developing human intelligence in computers. The researchers found that while people wanted self-driving cars programmed to minimize the loss of life:

"This utilitarian approach is certainly laudable but the participants were willing to go only so far. [Participants] were not as confident that autonomous vehicles would be programmed that way in reality – and for good reason. They actually wished others to cruise in utilitarian autonomous vehicle more than they wanted to buy a utilitarian autonomous vehicle themselves”

So, few people want to sacrifice themselves. They want others to do it, but not themselves.

There are plenty of ethical dilemmas with self-driving cars:

"Is it acceptable for an autonomous vehicle to avoid a motorcycle by swerving into a wall, considering that the probability of survival is greater for the passenger of the card than for the rider of the motorcycle? Should different decisions be made when children are on board, since they both have a longer time ahead of them than adults, and had less agency in being in the car in the first place? If a manufacturer offers different versions of its moral algorithm, and a buyer knowingly chooses one of them, is the buyer to blame for the harmful consequences of the algorithm’s decisions?”

You can probably think of more dilemmas. I know I can. Should self-driving car manufacturers offer different algorithms so each driver can use the algorithm they want? Or should all cars have the same algorithm? If the approach is differing algorithms, how will this affect insurance rates? If you drive from one country to another, must drivers adjust their car's algorithm for each country?

Last, I prefer the term, "self-driving" to describe the new technology. While some technology sites and news organizations have used the term "driverless," the term "self-driving" is a more accurate description, and it places the responsibility where it should be. Something is driving the car, and not a person.

And, there may be hybrid applications in the future, where a driver operates the vehicle remotely, as drone operators do today. So, there will always be drivers: somebody or something.

Read the MIT Technology Review article titled, "Why Self-Driving Cars Must Be Programmed To Kill." Share below your opinions about how self-driving cars should be programmed.


Luxury Trump Hotel In Las Vegas Begins Notification Of Consumers About Data Breach

Trump International Hotel and Tower Las Vegas logo The law firm representing the luxury Trump International Hotel and Tower property in Las Vegas announced at data breach affecting its client. To comply with breach notification laws in many states, corporations (or their agents) typically submit breach notices (e.g., sample or final) to the attorney general or applicable legal agency in each state where there are affected residents.

The breach notice at the California Attorney General website (Adobe PDF) read, in part:

"... we are providing notice of a security incident possibly affecting certain individuals who made payment card purchases at Trump International Hotel & Tower Las Vegas, located at 2000 Fashion Show Drive, Las Vegas, NV... Although an independent forensic investigation has not conclusively determined that any particular customer’s payment card information was taken from the Hotel’s payment card system or misused as a result of the incident, we are providing this notice out of an abundance of caution to inform potentially affected customers of the incident... it appears that there may have been unauthorized malware access to payment card information as it was inputted into the payment card systems... including payment card account number, card expiration date, security code, and cardholder name) of individuals who used a payment card at the Hotel between May 19, 2014, and June 2, 2015, may have been affected..."

It seems that payment information was stolen by malware installed within infected terminals. The breach notice also mentioned that the hotel is working with law enforcement, banks, and an independent forensic investigation vendor. All, pretty standard stuff. The notice did not disclose the total number of records or consumers affected.

The breach notice includes instructions for affected customers to sign up for one year of free fraud resolution and identity protection services with Experian ProtectMyID. The offer is only for U.S. residents who used a payment card at the Hotel between May 19, 2014, and June 2, 2015. (Since the hotel's website includes content in several languages besides English, I guess that deep-pocketed customers from other countries are simply screwed.) That duration seems skimpy, since many other corporations have offered two years. The breach notice lists a hotel toll-free number for affected customers to get assistance and ask questions.

A check this morning of the hotel's home page did not find a link to a breach notice. Typically, a well-organized post-breach response also includes a website providing affecting customers with more information (or dedicated pages at their main site).

So, there seems to be two massive failures in this data breach. The first was a failure to promptly detect the unauthorized access. The second was a lengthy delay of more than a year to notify affected consumers. And, the investigation is still underway so things could be even worse.

Note: the Krebs On Security blog first broke news in July about data breaches at several hotels, including the Trump hotel in Las Vegas. One wonders why the hotel didn't announce the breach then.


Payment Scam Dupes Airbnb Customer. Was There A Data Breach?

Airbnb logo Readers of this blog are aware of the various versions of check scams criminal use to trick consumers. A new scam has emerged with social travel sites.

After paying for a valid stay, an Airbnb customer was tricked by criminals using an wire transfer scam. The Telegraph UK described how an Airbnb customer was tricked. After paying for for their valid rental with a valid credit card, the guest:

"... received an email from Airbnb saying that the card payment had been declined and I needed to arrange an international bank transfer within the next 24 hours to secure the apartment. Stupidly, I did as asked. I transferred the money straight away to someone I assumed was the host as they had all the details of my reservation."

Formed in 2008, Airbnb now operates in 34,000 cities in 190 countries.

After checking with their bank, the guest determined that the credit card payment had been processed correctly. So, the guest paid twice, with the second payment to the criminal. The guest believes that Airbnb experienced a data breach. According to one security expert:

"The fraud works by sending an email to a host that appears to come from Airbnb asking them to verify their account details. The host foolishly responds thus giving the fraudster access to their account and all the bookings correspondence. Even though the addresses are anonymised the fraudster can still send emails to the customers via Airbnb to try to extract a second payment by bank transfer."

What can consumers make of this? First, hosts should learn to recognize phishing e-mails. Don't respond to them. Second, guests need to remember that inattentive hosts can compromise their identity information. Third, guests should never make payments outside of Airbnb's system.

Criminals are creative, persistent, and knowledgeable. Consumers need to be, too. Read the Scams/Threats section of this blog.


The $30 Device Thieves Can Use To Hack Your Car And Garage Door

Stealing automobiles just got a lot easier. Ars Technica reported about a new mobile device criminals can use to open both your garage door and steal your car. The $30 hacking device takes advantage of vulnerabilities in the way keyless entry systems operate:

"... serial hacker Samy Kamkar has devised RollJam... It works against a variety of market-leading chips, including the KeeLoq access control system from Microchip Technology Inc. and the High Security Rolling Code generator made by National Semiconductor. RollJam is capable of opening electronic locks on cars from Chrysler, Daewoo, Fiat, GM, Honda, Toyota, Volvo, Volkswagen Group, Clifford, Shurlok, and Jaguar. It also works against a variety of garage-door openers, including the rolling code garage door opener made by King Cobra."

Ars Technica explained how the RollJam device works. Thieves use it when within broadcast distance of both the targeted vehicle and the owner's electronic key:

"The device contains two radios. The first jams the airwaves to prevent the lock from receiving the rolling code sent by the electronic key. Since the car or garage door doesn't unlock, a user almost certainly will press the lock or unlock button again. Once RollJam has collected the latter rolling code, it uses the second radio to broadcast the earlier rolling code to the lock. RollJam then stores the latter rolling code. Because the code was never received by the lock, it remains valid. By replaying it later—say, after the car owner has locked the car and walked away—RollJam is able to unlock the car or garage... The reason many electronic locks are vulnerable to RollJam is that the rolling codes are invalidated only after it or a subsequent rolling code is received."

Nice, eh?


Uber: Its Labor Ruling In California, Lawsuits, And Privacy Concerns

Uber logo During June, Uber, the ride-sharing company, has been in the news for a variety of reasons. Many consumers like the ride-sharing service as an alternative to tradition taxi-cabs. Uber is one of the largest ride-sharing services with about 8 million users worldwide and 160,000 drivers in the United States.

First, in March the State of California Labor Commission ruled that Uber drivers are employees and not independent contractors, as the company claimed. The ruling became public after the company appealed the original decision. In the original complaint, an Uber driver filed a claim for reimbursement of $4,152.00 of expenses.

The issues are worthy noting. Time reported:

"... the ruling is non-binding, has no legal bearing on any other drivers, and won’t force any money to change hands. But Uber’s decision to appeal will now move the fight to California’s court system where — along with several similar lawsuits pending in the state..."

One of several pending lawsuits:

"Uber has essentially shifted to its workers all the costs of running a business, the costs of owning a car, maintaining a car, paying for gas,” says Shannon Liss-Riordan, a Boston-based attorney who has a class-action case pending against Uber in California federal court. “Uber has saved massive amounts …. It’s important that the labor laws be enforced so that the companies can’t take advantage of workers that way. Uber’s a $50-billion company and I think it can afford to bear the responsibilities of an employer...”

Second, a new Uber policy bans firearms in its vehicles. KRJH in Tulsa, Oklahoma reported:

"Uber drivers and passengers have to follow a new company policy. Uber has banned all firearms from any vehicle used for its service. The policy comes two months after an Uber driver shot a man who was firing into a crowd of people in a Chicago neighborhood. The Uber driver had a concealed carry license and was not charged with a crime, but it raised the question of safety and comfort for its drivers and riders."

Third, the Electronic Privacy Rights Center (EPIC) has filed a complaint with the U.S. Federal Trade Commission (FTC) about Uber's upcoming privacy policy amendments to both collect more data about its customers and to track customers. Uber's new Privacy Policy goes into effect on July 15:

Location Information: When you use the Services for transportation or delivery, we collect precise location data about the trip from the Uber app used by the Driver. If you permit the Uber app to access location services through the permission system used by your mobile operating system (“platform”), we may also collect the precise location of your device when the app is running in the foreground or background. We may also derive your approximate location from your IP address."

"Contacts Information: If you permit the Uber app to access the address book on your device through the permission system used by your mobile platform, we may access and store names and contact information from your address book to facilitate social interactions through our Services and for other purposes described in this Statement or at the time of consent or collection."

The sharing of customers' information by Uber seems extensive:

"We may share your information: With Uber subsidiaries and affiliated entities that provide services or conduct data processing on our behalf, or for data centralization and / or logistics purposes; With vendors, consultants, marketing partners, and other service providers who need access to such information to carry out work on our behalf; In response to a request for information by a competent authority if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation, or legal process; With law enforcement officials, government authorities, or other third parties if we believe your actions are inconsistent with our User agreements, Terms of Service, or policies, or to protect the rights, property, or safety of Uber or others; In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company..."

Words to focus upon include vendors, consultants, marketing partners, and other service providers. That can include a lot of companies anywhere. Note: that sharing is in addition to any sharing you may perform with social networking sites.

You may remember that ethics and privacy issues surfaced after news reports in 2014 about Uber allegedly using customer and tracking data it collected to target journalists critical of the service.

The EPIC complaint filed with the FTC (Adobe PDF) stated:

"19. Uber will also collect precise location information if the app is operating in the background. On phones running iOS, this means that Uber may be able collect location data even after an app has been terminated by the user."

"20. Even if a user disables the GPS location services on their phone, the company may still derive approximate location from riders’ IP addresses."

"21. This collection of user’s information far exceeds what customers expect from the transportation service. Users would not expect the company to collect location information when customers are not actively using the app, or have turned off their GPS location finder (as Uber can still collect location information through the phones’ IP addresses)..."

"24. Uber claims that it will allow users to opt-out of these features. However, this change in business practices places an unreasonable burden on consumers and is not easy to exercise: while iOS users can later disable the contact syncing option by changing the contacts setting on their mobile devices, the Android platform does not provide any such setting..."

"31. Job interviewees have been granted provisional access all the customer location data available to full-time employees, allowing non-Uber employees to temporarily track any customer. One such interviewee was granted this access for an entire day, even after the job interview ended. He admitted using the database to search records of people he knew, including politician’s relatives."

Based upon the new privacy policy, the tracking and data collection seems very invasive since it will also occur when customers aren't using the service. It seems invasive because the address book collection includes people who aren't Uber customers, didn't agree to the data collection, can't opt out of the collection, and have no control over how their contact information is used. Based upon the company's history, Uber executives seem to play fast and loose with consumers' personal private information.

If you don't like the privacy invasion, there are several resources online about how to cancel and delete your Uber account: C/Net, Reddit, and wikiHow.

What are your opinions of Uber's new privacy policy?


Less Competition. Consumers Pay More And Get Less

Business leaders and economists like to promote the idea of a free marketplace, where there is plenty of competition and consumers get more benefits, such as lower prices and more choice. So, are consumers getting a good deal? The facts suggest not.

On Monday, April 27, former U.S. Labor Secretary and professor Robert Reich posted the following:

"We’re paying more and getting less because giant companies face less and less competition. For example:

1. U.S. airlines have consolidated into a handful of giant carriers that divide up routes and collude on fares. In 2005 the U.S. had nine major airlines. Now we have just four.

2. 80% of Americans are served by just one Internet Service Provider – usually Comcast, AT&T, or Time-Warner.

3. The biggest banks have become far bigger. In 1990, the five biggest held just 10% of all banking assets. Now the biggest five hold almost 45%.

4. Monsanto owns the key genetic traits in more than 90% of the soybeans and 80% of the corn planted by U.S. farmers.

5. Giant health insurers are larger; the giant hospital chains, far bigger; the most powerful digital platforms (Amazon, Facebook, Google), gigantic.

Whatever happened to antitrust enforcement?"

There are more examples. Here in the Northeast, EverSource, a publicly-traded utility holding company, provides residential energy services in Connecticut, Massachusetts, and New Hampshire. EverSource was created when Northeast Utilities merged with NSTAR Electric & Gas. Northeast Utilities included Connecticut Light & Power, Public Service of New Hampshire, Western Massachusetts Electric, and Yankee Gas. Earlier this year, electricity rates in Boston rose from 29 percent higher to 63 percent higher in February than the national average.

What are your opinions? What consolidation examples come to mind? Are we consumers getting a good deal, or are we getting screwed?


Meme: Florida's Approach To Fight Climate Change

Meme: Florida approach to address climate change

Of course, state executives claim no such policy exists, while the employees responsible for protecting the state's environment reported that the policy was communicated verbally. Read more:


You Own That New Car You Bought, Right? Not So Fast...

Cars are fast becoming like smart phones. They offer many of the same features: hands-free and voice-activated controls, video monitors, Internet access, WiFi hotspots, maps with turn-by-turn travel instructions, and much more. That's a good thing, right? Read on and judge for yourself.

You did you homework. You decided to buy a new car and not lease one. Many people dislike the restrictions with leasing contracts: mileage caps, required maintenance schedule, required maintenance at the dealer, and more. So, you own a new car and can use the mechanic of your choice for maintenance, repairs, and modifications, right? Not if automakers have their way.

The Electronic Frontier Foundation (EFF) is collecting consumers' signatures for a petition with the U.S. Copyright Office. What's the Copyright Office have to do with your vehicle? Plenty. The EFF petition is to ensure vehicle owners have the rights to access the software your vehicle uses. The automakers want to use the Digital Millennium Copyright Act (DMCA) to control who can access the software in the vehicles they make.

What's the big deal? Most automakers oppose the EFF petition for an DMCA exemption. No access to the software in your vehicle means you've lost the freedom to choose the mechanic of your choice for maintenance, repairs, and modifications of your vehicle. That means, you really don't own that new vehicle you just bought.

many of you are wondering: wasn't this problem fixed with the "Right to Repair" laws? After a vote in 2012, Massachusetts enacted in 2013 a "right to repair" law. In 2014, the Alliance of Automobile Manufacturers, the Association of Global Automakers, the Automotive Aftermarket Industry Association, and the Coalition for Automotive Repair Equality agreed to a memorandum of understanding, based upon the Massachusetts law, to preserve consumer choice and not oppose "right to repair" legislation in the other 49 states.

Now, it seems that the fight has quietly shifted to software law: the DMCA and Copyright Office. Some people might call this an end-run by automakers around "Right to Repair" laws.

The EFF explained why vehicle owners need access to the software:

"Modern cars contain dozens of computers called electronic control units (ECUs), and the code on those ECUs is potentially covered by copyright. But many repairs require access to that code, as does research into vehicle safety... When auto manufacturers deploy technology to lock people out of the code controlling their own cars... The result is that only persons authorized by the manufacturer can effectively perform repairs, and independent audits of car safety and security take place under a legal cloud, if at all... Errors in ECU code can cause braking systems to malfunction, and security researchers have exposed vulnerabilities that would allow attackers to hijack vehicle functions. When this research takes place in public, it makes it much more likely that manufacturers will act to fix those problems... Some car modders have experimented and found that modifications to the code in vehicle ECUs can increase fuel efficiency. Others have implemented new vehicle functions using free space in the ECUs' memory."

Can drivers trust the auto industry to be forthcoming with problems in the software their cars use? Recent history suggests not: airbag-related deaths, ignition-switch-related deaths, massive numbers of recalled vehicles, and hacking concerns. The problems occurred outside the USA, too.

The EFF explained opposition by auto manufacturers:

"... They warn that owners with the freedom to inspect and modify code will be capable of violating a wide range of laws and harming themselves and others. They say you shouldn’t be allowed to repair your own car because you might not do it right. They say you shouldn’t be allowed to modify the code in your car because you might defraud a used car purchaser by changing the mileage. They say no one should be allowed to even look at the code without the manufacturer’s permission..."

The EFF explained how this situation happened:

"The DMCA essentially blundered into this space and called all tinkering and code inspection into question, even acts that are otherwise lawful like repairing your car, making it work better at high altitude, inspecting the code to find security and safety issues, or even souping it up for use in races on a private course."

Just like any desktop computer, laptop, smartphone, or tablet I'd expect to be able to install anti-virus software in my car to inspect the software and storage devices for malware. All of these devices are essentially computers that perform similar functions.

To be fair, many companies besides automakers have issued DMCA-related threats and lawsuits. The EFF compiled a list in 2013. You'll probably recognize some of the corporate names. Here's one example from the list:

"In 2009, Apple threatened the free wiki hosting site BluWiki for hosting a discussion by hobbyists about reverse engineering iPods to interoperate with software other than Apple’s own iTunes. Without a work-around, iPod and iPhone owners would be unable to use third-party software, such as Winamp or Songbird, to “sync” their media collections between computer and iPod or iPhone. The material on the public wiki was merely a discussion of the reverse engineering effort, along with some snippets of relevant code drawn from Apple software. There were no “circumvention tools,”... Apple’s lawyers sent OdioWorks, the company behind BluWiki, a cease and desist letter threatening legal action under the DMCA. Bluwiki ultimately sued Apple to defend the free speech interests of its users. In response, Apple dropped its threat, and BluWiki reinstated the deleted pages."

Auto-industry executives aren't stupid. They've watched consumers spend massive amounts of money to buy smartphones and wireless data plans. Those smartphones are tethered (via contracts) to a specific wireless service provider (e.g., AT&T, Verizon, Sprint), operating system software, app store, and device manufacturer. So, don't blame auto-industry executives entirely.

For years, consumers have chosen convenience over the freedom of choice:

  • Consumers have given up the freedom to choose the wireless service provider with their smartphones. (Remember, the term "jailbreaking" effectively criminalized an activity with smartphones that had previously been legal with landline phones.)
  • Consumers have given up the freedom to choose the operating system with their smartphones,
  • Many mobile devices lack USB ports, which force users to use data plans and/or cloud services to move files to other devices
  • Consumers have agreed to one-stop shopping with app stores. (Where else in your life do you shop only at one store?

Having watched all of this, auto-industry executives probably have concluded that they can get vehicle owners to accept similar trade-offs: convenience over freedom of choice.

If this bothers you (and I sincerely hope that it does bother you), then sign the EFF petition, especially if you had problems fixing or modifying your vehicle because you were locked out of the software. And, write to your elected officials.

What are your opinions of automakers using DMCA law? When you buy a new car, do you expect to take it to the mechanic of your choice? What are you opinions of trading convenience for freedom of choice?


Senator Releases Report Calling For Greater Automobile Security And Privacy

Earlier this month, Senator Edward Markey (D-MA) issued a report calling for greater automobile security and privacy for consumers. The "Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk" report included questions Senator Market posed to 16 automobile manufacturers during 2014. The questions focused upon how vehicles might be vulnerable to hackers, and how driver information is collected and protected.

Senator Markey sent letters to the following automobile manufacturers:

Automobile Manufacturers Queried
1. Aston Martin The Americas
2. Audi of America**
3. BMW North America*
4. Chrysler Group LLC*
5. Ford Motor Company*
6. General Motors*
7. American Honda Motor Co. Inc.*
8. Hyundai Motors North America*
9. Jaguar Landrover LLC*
10. Automobili Lamborghini America
11. Mazda North American Operations*
12. Mercedes-Benz USA*
13. Mitsubishi Motors North America*
14. Nissan North America*
15. Porsche Cars of North America*
16. Subaru Motors America*
17. Tesla
18. Toyota North American Region*
19. Volkswagen Group of America*
20. Volvo North America
*Provided responses to Senator Markey's inquiry letters.
** Audis response was included with Volkswagon's submission.

Some of the questions asked:

  • How does the company assess whether there are vulnerabilities related to technologies it purchases from other manufacturers as well as wireless entry points of vehicles to ensure malicious code or other infiltrations cannot occur? 
  • Does the company utilize independent third parties to test for vulnerabilities to wireless entry points? 
  • Do any vehicles include technology that detects or monitors for anomalous activity or unauthorized intrusion through wireless entry points or wireless control units? And how are reports or unauthorized intrusion or remote attack responded to? 
  • Has the company been made aware of any intentional or inadvertent effort to infiltrate a wireless entry point, and what, if any, changes were made to protect vehicles from vulnerabilities in the future? 
  • What types of driving history information can be collected by navigation technology or other technologies, and is this information recorded, stored, or sold? 
  • Has the company received any request for data related to the driving history of drivers, and what were the reasons and final disposition of the requests? 
  • Which vehicles include technologies that can enable the remote shutdown of a vehicle, and are consumers made aware of this capability before purchase, lease ore rental of the vehicle?

Regarding automobile data security, the report found four trends:

  1. Almost all vehicles (nearly 100 percent) include wireless technologies that could pose vulnerabilities to hacking.
  2. Most manufacturers were unaware of or unable to report on past hacking incidents,
  3. Security measures to prevent unauthorized, remote access are inconsistent and haphazard across manufacturers.
  4. Only two manufacturers were able to describe any capabilities to identify, diagnose, and/or respond to unauthorized access or hacking in real-time. Most said they rely on technologies that cannot be used for this purpose at all.

Regarding privacy, the report found:

  • Auto manufacturers collect large amounts of data about driving history and vehicle performance
  • A majority of automakers offer technologies that collect and transmit wirelessly driving history information to data centers, including third-party data centers. Most did not describe effective means to secure the information collected.
  • Manufacturers use the data collected in several ways with vague descriptions, such as to “improve the customer experience,” and involve third parties. How long the data collected is retained varies greatly across manufacturers
  • Often, customers are not told about the data collection. When they are told, often they cannot decline or opt out of the data collection without disabling valuable features (e.g., navigation)

Download the "Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk" report (Adobe PDF). After reading it, I had several reactions. First, I would love to know why Aston Martin, Lamborghini, and Tesla failed to respond. Are data security and privacy not important to them? If they are important, then does their failure to respond indicate some internal disorganization?

Second, I was struck by the lack of focus on data security among the respondents. Websites and mobile apps provide terms of use and privacy policies. Mobile device manufacturers (e.g., laptops, tablets, smart phones) also provide these policies. Telecommunications providers do, too. Many mobile apps do, too. Why not auto manufacturers? Do they consider themselves a special, exempt class? All auto manufacturers should provide consumers before purchase with terms-of-use and privacy policies that fully discuss data collection, data retention, and data sharing. After purchase, they should inform consumers of changes to those policies

Third, the lack of focus by auto manufacturers on data security and privacy is an alert to the hackers, identity thieves, and fraudsters worldwide that these autos are vulnerable. While writing this blog, I have learned that the bad guys are persistent, creative, and posses the same equipment, software, and technologies as the good guys. Autos contain computing technologies that are similar to other mobile devices (e.g., laptops, smart phones, tablets, fitness devices, and wearables). Autos should have the same data security protections: firewalls, anti-virus software and updates, and so forth. So, it makes sense to keep a strong focus on data security and privacy.

Fourth, the lack of focus by auto manufacturers on data security and privacy is an alert to governments and spy agencies worldwide. Why? They already perform surveillance using other mobile devices. Autos are just another mobile device they'll add to their lists.

The lack of  focus represents a data security and privacy disaster of epic proportions in the making.

What do you think of the automobile security and privacy report?


Considering A Cruise Ship Vacation? What Consumers Need To Know

It's the middle of Winter, and you are probably tired of the cold, the snow, or both. At this time of year, many people consider warm weather vacations.Last week, a friend asked about cruise ship vacations:

"Do you have a travel agent you use for cruises? A group of us who are turning 60 this year are thinking of taking a cruise to celebrate. Maybe a repositioning cruise. Are there suites for 5 people? Any advice is most welcome."

Cruise ship vacations are popular. A cruise is a good way to sample several destination ports, and return to the ports you like for a longer, land-based visit. You can board a cruise ship near where you live, or sail from a popular travel destination.

According to the industry group Cruise Lines International Association (CLIA), about 20 million consumers went on cruise ship vacations globally during 2012.There are about 60 cruise lines with 400 total ships. The industry generated about 356,000 jobs paying $17.4 billion in wages to American workers.

It's not just more people cruising. Experienced cruise customers also book cruise itineraries with longer durations. The CLIA surveyed travel agents and 37 percent reported an increase in books of longer cruises (e.g., 14 to 100 days duration). If you have the time and money, several cruise lines offer itineraries of 30 days or longer.

I was happy to answer my friend's questions. Nobody wants to overpay or have their wallet "mugged" during a vacation. My wife and I have sailed on 22 cruise ship vacations to many parts of the world. For several years, i ran a cruise group of interracial couples and families. At a major creative advertising agency, I worked on web projects for a cruise line client. Interesting publications include the book, "Devils On The Deep Blue Sea," a history of the cruise industry, and industry magazines such as Porthole and Cruise Travel. So, I know the industry well and feel pretty qualified to give advice and answer my friend's questions.

1. Your interests. Decide what type of vacation you and your group like. Some people like as much beach time as possible. Others like golf. Others like Eco-tours. Others like active sports, such as hiking, bicycling, surfing, snorkeling, and scuba diving. Some like motorized excursions including off-road vehicles. Pick a cruise line and itinerary that fits your interests. Royal Caribbean focuses upon active sports.

2. Themed cruises. If you group has a specific interest, there is often an itinerary for that. So you can find singles cruises, NASCAR cruises, cruises for nudists, gay/lesbian cruises, and so forth. Carnival has the best night clubs and discos. It also has the best Las Vegas style shows. Celebrity Cruises is known for having the best food. Disney focuses upon families with children. All ships in Royal Caribbean's fleet feature rock-climbing walls. Some include specialize pools you can surf in. A good place to start looking for theme cruises is www.cruisecritic.com. Other places to look include Cruise Addicts and Cruise 411.

3. Cruise lines. Just like land-based hotels, there are entry/discount, mid-range, and luxury cruise lines. Entry/discount: Carnival, Royal Caribbean, Disney, Costa, and Norwegian. Mid-range: Holland America, Princess, Celebrity, and MSC. Luxury: Crystal, Cunard, Seabourn, Silversea, Windstar, Viking, and Avalon. The entry/discount cruise lines focus upon people under 40. The mid-range cruise lines focus on people 55+. The luxury cruise lines tend to have smaller ships with 150 or 200 passengers. The entry/discount cruise lines tend to have larger ships, with as many as four or five thousand passengers.

The primary language spoken varies by cruise line. For example, when we sailed on Costa and MSC in the Mediterranean, we noticed that the primary language spoken on board was Italian. We do not speak Italian and felt we had a poor experience on board these two cruise lines.

4. River or ocean cruises? My friend and her group seemed interested in ocean cruises. There are also river cruises. The two types are ENTIRELY different. Rive cruises are all about the shore excursions: you get off the ship every day, Usually, the shore excursions and tips are included in one cruise price. Viking River Cruises and Avalon Waterways focus on river cruises. Some destination ports are only acessible via river cruises.

5. Departure ports. When selecting an itinerary, some people start with the departure port because that is often a city you may want to explore its land-based attractions, restaurants, and sights. Then, you can get good and juiced before you board the cruise ship. When traveling in Winter, it is always wise to arrive at the departure city 2 days before the ship sails, in case your flight is delayed by bad weather. Departure ports we have sailed from: Amsterdam, Boston, Ft. Lauderdale, Honolulu, Los Angeles, Miami, New Orleans, San Juan (Puerto Rico), Seattle, and Venice (Italy).

6. How the industry works: pay their minimum deposit. Buy travel insurance at that time, too. The full amount is typically due 90 days before the ship sails. You will probably set up an account through the cruise line’s website to indicate in your profiles any preferences (e.g., non smoking, diets, physical limitations, etc.). After you have paid for your cruise, then you can select (and pay for) the optional shore excursions in each destination port.

Similar to airlines, all of the major cruise lines have rewards programs for frequent travels. Some consumers book travel with a single cruise line to generate as many rewards points as quickly as possible. Some pick itineraries based upon where they want to go, and then look for cruise lines sailing there.

Some consumers wait until the last minute and book whatever empty cabins are available. This is a good strategy for consumers (e.g., retirees) with flexible schedules who can travel on a moment's notice. It's a good way to get a cabin cheap, but you may not get the cabin location you want on a ship. This strategy works well if you live reasonably close to the departure port. If not, what you saved on a low-priced cruise may be eaten up by higher, last-minute, air fares.

7. Selecting your cabin: there is no single correct way. After selecting a ship or itinerary, some people select a cabin type: inside, outside, balcony, suite. Others pick a specific cabin on a ship they already know. All of the cruise lines have websites that present deck plans. My advice: no matter what type of cabin, you do NOT want a cabin underneath the disco, dining room, or lido deck pool... unless you like hearing footsteps overhead.

8. Use a travel agent? Some in your group will likely ask: are travel agents necessary? While you can do it all yourself and book your cruise through a cruise line’s website, you may want more service or have questions. Travel agents are there to answer your questions. They can give you the kinds of advice I mentioned above, recommend hotels in departure cities, often get you a lower price than the cruise line’s website, and book all elements of your vacation: the cruise, hotels, air travel, and transfers between airports, hotels, and cruise ship terminals. Whenever we work with a travel agent, we have in mind a budget and the probable retail price for the itinerary we want. We use a travel agent located nearby, so we can visit their office.

9. Read cruise reviews. Once you've selected 3 or 4 itineraries and ships, then it makes sense to read cruise reviews about the ships or itineraries you are considering. Many passengers write and post online their reviews. This is a good way to learn about the advantages and disadvantages of a ship or itinerary. A good place to read passenger-written cruise reviews is the Community section at the Cruise Critic site. Select the cruise line and then the cruise ship you are interested in.

As I said above, my wife and I have sailed on 22 cruises; both ocean and river cruises; and to most parts of the world: Mediterranean, Alaska, Hawaii, Bermuda, Panama Canal, the Caribbean, and northern South America. We have sailed on almost all of the above entry and mid-range cruise lines. We’ve only sailed on one of the luxury cruise lines.

Learn more: 8 tips about cruise ship vacations.

My friend really appreciated this detailed reply. If you have sailed on cruise ship vacations, what are your favorite itineraries? Your favorite destinations? Favorite ships? Any advice you have for new cruisers?