I've Been Mugged Blog

The American Automobile Association (AAA) reported new research results from tests of automatic emergency braking with pedestrian detection systems in automobiles. The AAA found that these systems work inconsistently and failed when most needed: at night. Chief findings from the report:

"... automatic emergency braking systems with pedestrian detection perform inconsistently, and proved to be completely ineffective at night. An alarming result, considering 75% of pedestrian fatalities occur after dark. The systems were also challenged by real-world situations, like a vehicle turning right into the path of an adult. AAA’s testing found that in this simulated scenario, the systems did not react at all, colliding with the adult pedestrian target every time..."

The testing was performed jointly with the Automotive Club of Southern California’s Automotive Research Center in Los Angeles, California. Track testing was conducted on closed surface streets on the grounds of the Auto Club Speedway in Fontana, California. Four test vehicles were used: 2019 Chevy Malibu, 2019 Honda Accord, 2019 Tesla Model 3 and 2019 Toyota Camry. The testing included four scenarios:

1. "An adult crossing in front of a vehicle traveling at 20 mph and 30 mph during the day and at 25 mph at night;
2. A child darting out from between two parked cars in front of a vehicle traveling at 20 mph and 30 mph;
3. A vehicle turning right onto an adjacent road with an adult crossing at the same time; and
4. Two adults standing along the side of the road with their backs to traffic, with a vehicle approaching at 20 mph and 30 mph."

For scenario #1: a vehicle moving at 20 mph a collision resulted 60% of the time (= the systems avoided a collision 40 percent of the time). For scenario #2: a collision occurred 89% of the time for vehicles moving at 20 mph For scenario #3, collisions resulted 100 percent of the time. For scenario #4, a collision resulted 80 percent of the time for vehicles moving at 20 mph. Additional test results:

"... the systems were ineffective in all scenarios where the vehicle was traveling at 30 mph. At night, none of the systems detected or reacted to the adult pedestrian."

The October 2019 "Automatic Emergency Braking With Pedestrian Detection" AAA report is available here (Adobe PDF).

Some consumers have heard of Automated License Plate Recognition (ALPR) cameras, the high-speed, computer-controlled technology that automatically reads and records vehicle license plates. Local governments have installed ALPR cameras on stationary objects such as street-light poles, traffic lights, overpasses, highway exit ramps, and electronic toll collection (ETC).

Mobile ALPR cameras have been installed on police cars and/or police surveillance vans. The Houston Police Department explained in this 2016 video how it uses the technology. Last year, a blog post discussed ALPR usage in San Diego and its data-sharing with Vigilant Solutions.

What you probably don't know: the auto repossession industry also uses the technology. Many "repo men" have ALPR cameras installed on their vehicles. The data they collect is fed into a massive, nationwide, and privately-owned database which archives license-plate images. Reporters at Motherboard obtained a private demo of the database tool to understand its capabilities.

The demo included tracking a license plate with the vehicle owner's consent. Vice reported:

"This tool, called Digital Recognition Network (DRN), is not run by a government, although law enforcement can also access it. Instead, DRN is a private surveillance system crowdsourced by hundreds of repo men who have installed cameras that passively scan, capture, and upload the license plates of every car they drive by to DRN's database. DRN stretches coast to coast and is available to private individuals and companies focused on tracking and locating people or vehicles. The tool is made by a company that is also called Digital Recognition Network... DRN has more than 600 of these "affiliates" collecting data, according to the contract. These affiliates are paid a monthly bonus for gathering the data..."

Affiliates are rep men and others, who both use the database tool and upload images to it. DRN even offers financing to help affiliates buy ALPR cameras. The image on the right was taken from the site on September 20, 2019.

When consumers fail to pay their bills, lenders and insurance companies have valid needs to retrieve ( or repossess) their unpaid assets. Lenders hire repo men, who then use the DRN database to find vehicles they've been hired to repossess. Those applications are valid, but there are plenty of privacy issues and opportunity for abuse.

Plenty.

First, the data collection is indiscriminate and broad. As repo men (and women) drive through cities and towns to retrieve wanted vehicles, the ALPR cameras mounted on their cars scan all nearby vehicles: both moving and parked vehicles. Scans are not limited solely to vehicles they've been hired to repossess, nor to vehicles of known/suspected criminals. So, innocent consumers are caught in the massive data collection. According to Vice:

"... in fact, the vast majority of vehicles captured are connected to innocent people. DRN claims to have more than 9 billion license plate scans, according to a DRN contract obtained by Motherboard..."

Second, the data is archived forever. That can provide a very detailed history of a vehicle's (or a person's) movements:

"The results popped up: dozens of sightings, spanning years. The system could see photos of the car parked outside the owner's house; the car in another state as its driver went to visit family; and the car parked in other spots in the owner's city... Some showed the car's location as recently as a few weeks before."

Third, to facilitate searches metadata is automatically attached to the images: GPS or geolocation, date, time, day of week, and more. The metadata helps provide a pretty detailed history of each vehicle's -- or person's -- movements: where and when a vehicle ( or person) travels, patterns such as which days of the week certain locations are visited, and how long the vehicle (or person) parked at specific locations. Vice explained:

"The data is easy to query, according to a DRN training video obtained by Motherboard. The system adds a "tag" to each result, categorising what sort of location the vehicle was likely spotted at, such as "workplace" or "home."

So, DRN can help users to associate specific addresses (work, home, school, doctors, etc.) with specific vehicles. How accurate might this be? While that might help repo men and insurance companies spot fraud via out-of-state registered vehicles whose owners are trying to avoid detection and/or higher premiums, it raises other concerns.

Fourth, consumers -- vehicle owners -- have no control over the data describing them. Vehicle owners cannot opt out of the data collection. Vehicle owners cannot review nor correct any errors in their DRN profiles.

That sounds out of control to me.

The persons which the archived data directly describes have no say. None. That's a huge concern.

Also, I wonder about single females -- victims of domestic violence -- who have protective orders for their safety. Some states, such as Massachusetts, have Address Confidentiality Programs (ACPs) to protect victims of domestic violence, sexual assault, and stalkers. Does DRN accommodate ACP programs? And if so, how? And if not, why not? How does DRN prevent perps from using its database tool? (Yes, DRN access is an issue. Keep reading.) The Vice report didn't say. Hopefully, future reporting will discuss this.

Fifth, DRN is robust. It can be used to track vehicles near or in real time:

"DRN charges $20 to look up a license plate, or $70 for a "live alert", according to the contract. With a live alert, a user can enter a license plate they wish to receive updates on; when the DRN system spots the vehicle, it'll send an email to the user with the newly discovered location."

That makes DRN highly appealing to both valid users (e.g., police, repo men, insurance companies, private investigators) and bad actors posing as valid users. Who might those bad actors be? The Electronic Frontier Foundation (EFF) warned:

"Taken in the aggregate, ALPR data can paint an intimate portrait of a driver’s life and even chill First Amendment protected activity. ALPR technology can be used to target drivers who visit sensitive places such as health centers, immigration clinics, gun shops, union halls, protests, or centers of religious worship."

Sixth, is the problem of access. Anybody can use DRN. According to Vice:

"... a private investigator, or a repo man, or an insurance company does not need a warrant to search for someone's movements over years; they just need to pay to access the DRN system, or find someone willing to share or leverage their access..."

Users simply need to comply with DRN's policies. The company says that, a) users can use its database tool only for certain applications, and b) its contract prohibits users from sharing search results with third parties. We consumers have only DRN's word and assurances that it enforces its policies; and that users comply. As we have seen with Facebook data breaches, it is easy for bad actors to pose as valid users in order to doo end runs around such policies.

What are your opinions of ALPR cameras and DRN?

For drivers concerned about the environment and pollution, the automobile industry has offered hybrids (which run on gasoline, and electric battery power) and completely electric vehicles (solely on electric battery power). The same technology trend is underway within the cruise industry.

On September 26, the Port of Vancouver welcomed the MS Roald Amundsen. Some call this cruise ship the "Tesla of the cruise industry." The International Business Times explained:

"MS Roald Amundsen can be called Tesla of the cruise industry as it is similar to the electrically powered Tesla car that set off a revolution in the auto sector by running on batteries... The state of the art ship was unveiled earlier this year by Scandinavian cruise operator Hurtigruten. The cruise ship is one of the most sustainable cruise vessels with the distinction of being one of the two hybrid-electric cruise ships in the world. MS Roald Amundsen utilizes hybrid technology to save fuel and reduce carbon dioxide emissions by 20 percent."

With 15 cruise ships, Hurtigruten offers sailings to Norway, Iceland, Alaska, Arctic, Antarctica, Europe, South America, and more. Named after the first man to cross Antarctica and reach the South Pole, the MS Roald Amundsen carries about 530 passengers.

While some cruise ships already use onboard solar panels to reduce fuel consumption, this is the first hybrid-electric cruise ship. It is an important step forward to prove that large ships can be powered in this manner.

Several ships in Royal Caribbean Cruise Line's fleet, including the Oasis of the Seas, have been outfitted with solar panels. The image on the right provides a view of  the solar panels on the Celebrity Solstice cruise ship, while it was docked in Auckland, New Zealand in March, 2019. The panels are small and let sunlight through.

The Vancouver Is Awesome site explained why the city gave the MS Roald Amundsen special attention:

"... the Vancouver Fraser Port Authority, the federal agency responsible for the stewardship of the port, has set its vision to be the world’s most sustainable port. As a part of this vision, the port authority works to ensure the highest level of environmental protection is met in and around the Port of Vancouver. This commitment resulted in the port authority being the first in Canada and third in the world to offer shore power, an emissions-reducing initiative, for cruise ships. That said, a shared commitment to sustainability isn’t the only thing Hurtigruten has in common with our awesome city... The hybrid-electric battery used in the MS Roald Amundsen was created by Vancouver company, Corvus Energy."

Reportedly, the MS Roald Amundsen can operate for brief periods of time only on battery power, resulting in zero fuel usage and zero emissions. The Port of Vancouver's website explains its Approach to Sustainability policy:

"We are on a journey to meet our vision to become the world’s most sustainable port. In 2010 we embarked on a two-year scenario planning process with stakeholders called Port 2050, to improve our understanding of what the region may look like in the future... We believe a sustainable port delivers economic prosperity through trade, maintains a healthy environment, and enables thriving communities, through meaningful dialogue, shared aspirations and collective accountability. Our definition of sustainability includes 10 areas of focus and 22 statements of success..."

I encourage everyone to read the Port of Vancouver's 22 statements of success for a healthy environment and sustainable port. Selected statements from that list:

"Healthy ecosystems:
8) Takes a holistic approach to protecting and improving air, land and water quality to promote biodiversity and human health
9) Champions coordinated management programs to protect habitats and species. Climate action
10) Is a leader among ports in energy conservation and alternative energy to minimize greenhouse gas emissions..."

"Responsible practices:
12) Improves the environmental, social and economic performance of infrastructure through design, construction and operational practices
13) Supports responsible practices throughout the global supply chain..."

"Aboriginal relationships:
18) Respects First Nations’ traditional territories and value traditional knowledge
19) Embraces and celebrates Aboriginal culture and history
20) Understands and considers contemporary interests and aspirations..."

In separate but related news, government officials in the French Riviera city of Cannes are considering a ban of cruise ships to curb pollution. The Travel Pulse site reported:

"The ban would apply to passenger vessels that do not meet a 0.1 percent sulfur cap in their fuel emissions. Any cruise ship that attempted to enter the port that did not meet the higher standards would be turned away without allowing passengers to disembark."

During 2018, about 370,000 cruise ship passengers visited Cannes, making it the fourth busiest port in France. Officials are concerned about pollution. Other European ports are considering similar bans:

"Another French city, Saint-Raphael, has also instituted similar rules to curb the pollution of the water and air around the city. Other European ports such as Santorini and Venice have also cited cruise ships as a significant cause of over-tourism across the region."

If you live and/or work in a port city, it seems worthwhile to ask your local government or port authority what it is doing about sustainability and pollution. The video below explains some of the features in this new "expedition ship" with itineraries and activities that focus upon science:

Video courtesy of Hurtigruten

[Editor's note: this post was updated to include a photo of solar panels on the Celebrity Solstice cruise ship.]

Many consumers use ride-sharing services, such as Lyft and Uber. We all have heard about self-driving cars. A polling firm asked consumers a very relevant question: "Which ride is trusted more? Would you rather take a rideshare alone or a self-driving car?" The results may surprise you.

The questions are relevant given news reports about sexual assaults and kidnapping ride-sharing drivers and imposters. A pedestrian death involving a self-driving ride-sharing car highlighted the ethical issues about who machines should save when fatal crashes can't be avoided. Developers have admitted that self-driving cars can be hacked by bad actors, just like other computers and mobile devices. And, new car buyers stated clear preferences when considering self-driving (a/k/a autonomous) vehicles versus standard vehicles with self-driving modes.

Using Google Consumer Surveys, The Zebra surveyed 2,000 persons in the United States during August, 2019 and found:

"53 percent of people felt safer taking a self-driving car than driver-operated rideshare alone; Baby Boomers (age 55-plus) were the only age group to prefer a solo Uber ride over a driverless car; Gen Z (ages 18–24) were most open to driverless rideshares: 40 percent said they were willing to hail a ride from one."

Founded 7 years ago, The Zebra describes itself as, "the nation's leading insurance comparison site." The survey also found:

"... Baby Boomers were the only group to trust solo ridesharing more than they would a ride in a self-driving car... despite women being subjected to higher rates of sexual violence, the poll found women were only slightly more likely than men to choose a self-driving car over ridesharing alone (53 percent of women compared to 52 percent of men).

It seems safe to assume: trust it or not, the tech is coming. Quickly. What are your opinions?

A recent worldwide study found that new car buyers continue to enjoy and prefer the experience of driving. When asked whether they would consider fully self-driving cars (a/k/a as autonomous vehicles) or vehicles with autonomous modes, drivers stated their clear preferences. Key findings by Ipsos Mobility:

"1) Roughly half of new car buyers have some familiarity with autonomous mode; Familiarity highest in China and Japan; 2) On a global basis, 36% would consider a vehicle with autonomous mode however, only 12% would Definitely Consider; 3) If given the choice, only 6% of new car buyers would purchase a fully autonomous vehicle while the majority (57%) would purchase a vehicle with an autonomous mode and 37% would just purchase a standard vehicle..."

To summarize: it's the driving experience which matters.

Ipsos surveyed 20,000 drivers across ten countries: Brazil, China, France, Germany, Italy, Japan, Russia, Spain, the United Kingdom, and the United States. The 2019 "Global Mobility Navigator Syndicated Study" includes three modules: a) Autonomous and Advanced Features, b) Electric Vehicles (Needs & Intentions), and c) Shared Mobility (Car Sharing & Ride Hailing). The above findings are from the first module.

Secondary findings about autonomous features in cars:

"The auto industry is also battling an awareness issue with the new technology. Globally, only 15% said they knew a fair amount about Autonomous mode... while there are enjoyment factors to consider in the autonomous future, there are also safety concerns for consumers. The study revealed one is pedestrian safety as well as other vehicles, while the driver’s own safety is a slightly lower concern. Meanwhile, if a driver did use the autonomous mode, 44% state they would still remain focused on the road. This implies a tremendous lack of trust in the system’s ability to safely self-drive. Another big worry for consumers is the security of the vehicle’s data. A strong concern was the possibility of someone hacking into their self-driving system and causing an accident."

The report listed 16 features for "connected cars," including Predicting The Traffic, Advanced Drive Assist Systems, Search For Nearby Parking Lots, Automated Parking, Smart Refueling/Recharging, and more. Additional details about the report and features are available here.

Waymo, formerly the Google self-driving car project, announced it will test vehicles in rainy Florida:

"... we’re bringing both Waymo vehicles — including our Chrysler Pacificas and a Jaguar I-Pace — to the state to begin heavy rain testing. During the summer months of Hurricane Season, Miami is one of the wettest cities in the U.S., averaging an annual 61.9 inches of rain and experiencing some of the most intense weather conditions in the country. Heavy rain can create a lot of noise for our sensors. Wet roads also may result in other road users behaving differently. Testing allows us to understand the unique driving conditions, and get a better handle on how rain affects our own vehicle movements, too."

"First, we’re spending several weeks driving on a closed course in Naples where we will rigorously test our sensor suite — which includes lidar, cameras, and radar — during the rainiest season in the south. Later in the month, we’ll bring our vehicles to public roads in Miami. They’ll be manually operated by our trained test drivers which will give us the opportunity to collect data of real-world driving situations in heavy rain. Additionally, Florida residents will start seeing a few of our vehicles on highways between Orlando, Tampa, Fort Myers and Miami as we learn about Florida roads."

Prior test locations included: a) Novi, Michigan; b) Kirkland, Washington; c) San Francisco, California; and 4) Phoenix, Arizona.

In related news, Waymo announced the availability of an expanded dataset for academic researchers. TechCrunch reported:

"Waymo is opening up its significant stores of autonomous driving data with a new Open Data Set it’s making available for the purposes of research. The data set isn’t for commercial use, but its definition of “research” is fairly broad, and includes researchers at other companies as well as academics... The Waymo Open Data set tries to fill in some of these gaps for their research peers by providing data collected from 1,000 driving segments done by its autonomous vehicles on roads, with each segment representing 20 seconds of continuous driving. It includes a range of different driving conditions, including at night, during rain, at dusk and more. The segments include data collected from five of Waymo’s own proprietary lidars, as well as five standard cameras that face front and to the sides, providing a 360-degree view captured in high resolution, as well as synchronization Waymo uses to fuse lidar and imaging data. Objects, including vehicles, pedestrians, cyclists and signage is all labeled."

After several mass shooting incidents in the United States, several countries have issued travel warnings for their citizens visiting the United States. Fox 2 Now News in St. Louis reported:

"The Japanese Consul in Detroit on Sunday published an alert that said Japanese nationals "should be aware of the potential for gunfire incidents everywhere in the United States," which it described as "a gun society." Uruguay’s Office of Foreign Ministry issued an advisory Monday saying citizens should "take precaution amid the growing indiscriminatory violence, specifically hate crimes including racism and discrimination" when traveling to the United States. The alert noted that other factors, such as the "indiscriminate possession of firearms by the population" and the "impossibility of authorities to prevent these situations," were among some of the reasons... Uruguay’s warning also suggested avoiding the cities of Detroit, Baltimore and Albuquerque... Venezuela’s Foreign Ministry office also issued a warning to its residents Monday, saying Venezuelans should postpone their travels or exercise caution when traveling as a result of the events in El Paso, Texas, and Dayton, Ohio... The statement from Venezuela cites a Forbes article listing these US cities as places to avoid: "Given all of the above, it is suggested above all to avoid visiting some cities that are among the 20 most dangerous in the world, such as Cleveland, Ohio; Detroit, Michigan; Baltimore, Maryland; St. Louis, Missouri; Oakland, California; Memphis, Tennessee; Birmingham, Alabama; Atlanta Georgia; Stockton, and Buffalo." "

CNN reported:

"In April, the US State Department gave Venezuela its highest travel advisory, Level 4: Do Not Travel, citing crime, civil unrest and the arbitrary arrest and detention of US citizens. Venezuela was ranked as the most dangerous country in the world for the second straight year, according to a Gallup survey in 2018. It is one of 13 countries issued the highest advisory. Uruguay is listed as a Level 2: Exercise Increased Caution on the State Department's travel advisory."

These travel warnings by other countries cannot be good news for the tourism and travel industries in the USA. It makes one wonder how many jobs will be lost, or how many workers will be furloughed, as foreign travelers avoid visits to the USA.

And, this follows a January, 2018 report which found that, "since 2015, the U.S. and Turkey have been the only places among the top dozen global travel destinations to experience a decline in inbound visitors." So, the recent travel warnings are bad news on top of existing bad news.

What are your opinions? If you have heard of another country issuing warnings about travel to the USA, please share that below.

The MediaPost Connected Thinking blog reported:

"At the Automated Vehicle Symposium in Orlando [in July], one company involved in automated vehicle technology unveiled its vision for using a single driver to drive a pair of vehicles. The approach, named Automated Following, is an advanced platooning system created by Peloton Technology. It uses vehicle-to-vehicle (V2V) technology to let a lead driver control the vehicle and one that is following, in this case large trucks... Platooning works by utilizing V2V communications and radar-based active braking systems, combined with vehicle control algorithms, according to Peloton. The system connects a fully automated follow truck with a driver-controlled lead truck. The V2V link lets the human driven lead truck guide the steering, acceleration and braking of the follow truck..."

To learn more, I visited the Peloton Technology website. The Platoon-Pro section of the site lists the benefits below:

While it's good to read about specific estimates of fuel savings, I was hoping to also read similar estimates about decreased crashes and/or decreased severity of crashes. The page simply listed the safety features.

The site's home page features a "Safety & Platoon" video explaining how a 2-truck platoon might operate. On an interstate highway, both trucks are manned with human drivers. (What happened to the single driver benefit?) The video also shows what happens when a passenger vehicle briefly "cuts" in between a 2-truck platoon:

According to the video, the drivers can vary the distance between two trucks in a platoon. That seems to be a good feature.

The technology raises several questions. First, the video features a "cut in" with a small car. What happens when a larger vehicle, such as a bus, cuts in? What happens when several (large) vehicles cut in between? Second, just because we humans can do something doesn't mean we should do it. 2-truck platoons in the near future could expand to 4- or 5-truck platoons after that. One wonders about the wisdom. Are highways, country roads, and city streets designed to accommodate truck platoons this large?

Third, my impression: a 2-truck platoon sounds like a short train. In the near future, motorists will have to navigate in-between and around platoons of self-driving tractor-trailer trucks. Are motorists ready for this? Historically, auto drivers have had difficulty with traditional railroad crossings. The technology seems to be something which requires plenty of testing.

Another way of asking the question: is this what we want on our streets and highways given existing railroads already designed for trains = long platoons of trucks?

Fourth, security matters. What's being done to prevent the technology being abused? Automated following technology in the hands of bad guys could enable terrorists to deliver platoons of car bombs, or platoons of small boats armed with bombs. So, security (against hacking and against theft) is even more of an issue.

What are your opinions?

A security breach at a vendor used by U.S. Customs & Border Patrol (CBP) has disclosed the images of both travelers and vehicles license plates. The Washington Post reported:

"Customs officials said in a statement Monday that the images, which included photos of people’s faces and license plates, had been compromised as part of an attack on a federal subcontractor. CBP makes extensive use of cameras and video recordings at airports and land border crossings, where images of vehicles are captured. Those images are used as part of a growing agency facial-recognition program designed to track the identity of people entering and exiting the United States. Fewer than 100,000 people were impacted, said CBP... Officials said the stolen information did not include other identifying information, and no passport or other travel document photos were compromised..."

Reportedly, CBP learned about the breach on May 31. The newspaper also reported:

"CBP said copies of “license plate images and traveler images collected by CBP” had been transferred to the subcontractor’s company network, violating the agency’s security and privacy rules. The subcontractor’s network was then attacked and breached. No CBP systems were compromised, the agency said."

A reporter posted on Twitter the brief statement by CBP, which was sent to selected news organizations:

"On May 31, 2009, CBP learned that a subcontractor, in violation of CBP policies and without CBP's authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network. The subcontractor's network was subsequently compromised by a malicious cyber-attack. No CBP systems were compromised.

Initial information indicates that the subcontractor violated mandatory security and privacy controls outlined in their contract. As of today, none of the image data has been identified on the Dark Web or internet. CBP has alerted Members of Congress and is working closely with other law enforcement agencies and cybersecurity entities, and its own Office of Professional Responsibility to actively investigate the incident. CBP will unwaveringly work with all partners to determine the extent of the breach and the appropriate response. CBP has removed from service all equipment related to the breach and is closely monitoring all CBP work by the contractor..."

Well, that brief statement is a start... a small start. This security breach is very troubling for several reasons.

First, it seems that CBP was unaware of the contractual violation (e.g., downloaded images) until it was informed of the data breach. That suggests an inadequate contractual agreement between the vendor and CBP; or failures by CBP to monitor and enforce its contracts. That also raises more questions:

• When and which executives at the vendor will be reprimanded for this violation?
• Why did CBP fail to identify the download violation?
• What changes are underway to prevent future violations?
• Why is CBP continuing to use a vendor known to have severely violated its contractual agreement?
• What other vendors have violated CBP contracts?

Second, CBP refused to disclose the name of the vendor. Why? What would this accomplish? Its statement described the breach as a "malicious cyberattack." That seems to warrant disclosure. Were CBP executives caught unprepared?

Thankfully, reporters at the Washington Post continued investigating:

"... a Microsoft Word document of CBP’s public statement, sent Monday to Washington Post reporters, included the name “Perceptics” in the title: “CBP Perceptics Public Statement.” Perceptics representatives did not immediately respond to requests for comment... reporters at The Register, a British technology news site, reported late last month that a large haul of breached data from the firm Perceptics was being offered as a free download on the dark web."

So, we don't know for sure if Perceptics was the CBP vendor. However, the May 23rd article in The Register indicates that Perceptics executives were already aware of the breach. CBP executives should have known about the breach on May 23, too, since the article mentioned both entities. Then, why did the CBP statement say it learned of the breach on May 31st? Something here smells -- arrogance, incompetence, or both.

Third, a check at press time of the CBP website and newsroom failed to find any mentions of the security breach. CBP executives have had since May 31st (or since May 23rd), so why send a statement only to select news organizations? Why not publish that statement on its website, too? Were CBP executives caught unprepared and then rushed a haphazard response? When will the breach investigation report be released?

This is troubling. It suggests either arrogance or unpreparedness. As a taxpayer, my money funds CBP activities. I want to know that my money is being spent effectively.

Fourth, the lack of a detailed breach announcement means many related questions remain unanswered:

• When will CBP notify affected persons? If the vendor will notify affected persons, then CBP must disclose the vendor's name in advance.
• What assistance (e.g., free credit monitoring) will CBP provide affected persons?
• What is the status of the post-breach investigation? It helps to know how attackers broke in so effective fixes can be implemented.
• What other data elements were accessed/stolen? Metadata (e.g., image date and timestamp, border crossing GPS location, entering or exiting USA, vehicle brand and model, number and ages of any passengers in vehicles, etc.) attached to the images can be just as damaging.
• Were any data elements encrypted? If not, why not?
• Can facial images be matched to vehicle plate images, and/or to other data elements? If so, this creates more problems for impacted persons.
• When will fixes be implemented so this doesn't happen again?
• Exactly how many persons were affected, and in what states? Local states' breach notification laws may apply.
• How many of the affected persons are U.S. citizens? If the 100,000 estimate applies to only affected U.S. citizens, then we need to know the true total number of persons impacted by the breach.
• Does the 100,000 estimate refer to facial images only? If so, then exactly how many vehicle license plate images were disclosed?

The statement of "fewer than 100,000 persons impacted" seems vague. A breach investigation should determine two fairly precise items: the number of facial images accessed/stolen, and the number of license plate images accessed/stolen.

Plus, it seems wise to assume more data was stolen during the breach. Why? Consider this report by The Atlantic:

"I would be cautious about assuming this data breach contains only photo data," said Chad Loder, the CEO of Habitu8, a cybersecurity firm that trains other companies on security awareness. The full scope of the breach may be much larger than what CBP revealed in its original statement, he said. In recent years, CBP has asked travelers for fingerprints, facial data, and, recently, even social-media accounts. "If CBP’s contractor was targeted specifically, it’s unlikely that the attacker would have stopped with just photo data..."

If social media passwords were stolen, then affected persons need to know so they can change online passwords. And, elected officials are also asking questions. The Hill reported:

"House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) announced on Monday that his committee would hold hearings next month to examine the collection of biometric information by the Department of Homeland Security (DHS), which includes CBP... Homeland Security Committee ranking member Mike Rogers (R-Ala.), used the breach to criticize DHS’s handling of cybersecurity challenges, saying in a statement to The Hill that "the agency is ill-equipped to handle emerging cyberthreats"... Representative Cedric Richmond (D-La.), the chairman of the House Homeland Security subcommittee on cybersecurity, also called for more answers about the breach, which he said would inform Congress's next steps... Senator Brian Schatz (D-Hawaii), the ranking member of the Senate Commerce Subcommittee on Communications, Technology, Innovation and the Internet, said he thinks the breach merits an investigation by the Office of the Inspector General."

Good suggestion by Senator Schatz. Clearly, there's plenty more news to come. Plenty.

[Editor's note: I'm back from my break. Thanks to readers for your patience. That break included a vacation on a different cruise line sailing from New Zealand to Canada via Polynesia, Tasmania, southern Australia, French Polynesia, and the Hawaiian Islands. So, this news story caught my attention.]

On Monday, Carnival Corporation acknowledged violating its probation terms from a 2016 pollution case. Government prosecutors fined the company an additional $20 million for the continuing violations. The New York Times reported:

"In 2016, Princess Cruise Lines agreed to pay a $40 million penalty for illegally dumping oil-contaminated waste into the sea and acts by employees to try to cover it up. It was the largest criminal penalty ever imposed for intentional vessel pollution... The new violations included discharging plastic into waters in the Bahamas, falsifying records and interfering with court supervision of ships... Vessel pollution is just one of the many human-caused hazards facing ocean life today. Ship traffic and noise can cause the death of sea creatures; marine animals routinely turn up dead with plastic in their stomachs; and rising sea temperatures, stemming from climate change caused by human activity, are destroying the framework of many ocean ecosystems."

Based in Miami, Carnival Corporation operates several cruise lines including Princess Cruises, Carnival Cruise Line, Holland America Line, P&O Cruises (UK), Cunard, Seabourn, AIDA Cruises (Germany), and Costa Cruises (Italy). It's website states a combined fleet of 102 ships with 19 new ships to be delivered between 2017 and 2022. The company employs about 120,000 people worldwide, and 11.5 million guests sail in its ship each year. In 2018, Carnival Corporation generated after-tax profits of $3.15 billion on revenues of $18.88 billion.

Government regulators focused upon the company after:

"... Princess agreed, in 2016, to plead guilty to felony charges and pay the hefty $40 million penalty. In that case... the Caribbean Princess ship, had used several means, including a device called a magic pipe, to circumvent water-cleaning mechanisms... Officials said that four other Princess ships had also been found to have engaged in illegal practices to discharge waste. The discharged waste included gray water — water that has been contaminated with food particles, grease and fat — and water found in the ship’s bilge, the bottom part of the ship where oil waste from engines can accumulate. A whistleblower employee alerted the authorities and certain engineers ordered a coverup, including directing subordinates to lie, according to prosecutors."

In an announcement on Monday, the U.S. Department of Justice (DOJ) listed in detail the violations by Carnival Corporation and its executives:

"1. Failing to establish a senior corporate officer as a corporate compliance manager with responsibility and sufficient authority for implementing new environmental measures required during probation;
2. Contacting the Coast Guard seeking to re-define the definition of what constitutes a major non-conformity under the ECP without going through the required process and after the government had rejected the proposal and told the company to file a motion with the court if it wanted to pursue the issue;
3. Deliberately falsifying environmental training records aboard two cruise ships; and
4. Deliberately discharging plastic in Bahamian waters from the Carnival Elation and failing to accurately record the illegal discharges. Prosecutors advised the Court that this particular instance was an example of a more widespread problem, identified by the external audits, in failing to segregate plastic and non-food garbage from waste thrown overboard from numerous cruise ships."

The DOJ announcement also listed the terms of the settlement agreement, which requires Carnival Corporation:

"i) Pay a $20 million criminal penalty;
ii) Issue a statement to all employees in which Carnival’s CEO accepts management’s responsibility for the probation violations;
iii) Restructure the company’s corporate compliance efforts, including appointing a new chief Corporate Compliance Officer, creating an Executive Compliance Committee across all cruise lines, adding a new member to the Board of Directors with corporate compliance expertise, and train its Board of Directors;
iv) Pay up to $10 million per day if it does not meet deadlines for submitting and implementing needed changes to its corporate structure;
v) Pay for 15 additional independent audits per year conducted by the third-party auditor and Court Appointed Monitor (on top of approximately 31 ship audits and 6 shore-side audits currently performed annually);
vi) Comply with new reporting requirements, including notifying the government and court of all future violations, and specifically identifying foreign violations and the country impacted; and
vii) Make major changes in how the company uses and disposes of plastic and other non-food waste to urgently address a problem on multiple vessels concerning illegal discharges of plastic mixed with other garbage."

Plus, Princess Cruise Line will remain on probation for three more years. The third-party auditor suggests that the court doesn't trust the company and its executives to accurately report progress and corrective actions toward the deadlines. That's good given the light fines (as a percentage of the company's profits).

Cruise customers have already shared their views. According to the Cruise Critic website:

"... SO DISAPPOINTED IN Carnival/Princess... NOT acceptable!!! I just went on a 12 day cruise on the Star Princess last month. I feel betrayed reading this. I had such a great time too. To intentionally break pollution laws means no integrity and shoddy business practice. I want to slap someone."
-- Marykay8

" Well now we know why they have increased some pricing, including some drink packages by 40%. Got to get more from the passengers to pay their fine. The customer always pays more in these scenarios."
-- KYwildcatfanone

"Let's hope this will finally get Carnival Corp. to ensure all of its ships adhere to environmental regulations. But in the big scheme of things, $20 million is just a minuscule amount on a company that had $3.2 billion in net income."
-- GeoHerb

More discussion by customers is available here. Clearly, cruise customers want the pollution stopped, executives held accountable, and the company to change its behavior.

A search of both the Carnival Corporation and Princess Cruises websites at press time failed to find any press releases or mention of the latest fine. The Miami Herald published a brief statement by Arnold Donald, the company's Chief Executive Officer, who appeared in court:

"Donald spoke on behalf of Carnival Corp. "I sincerely regret this case," he said. "In my role as CEO I do take responsibility for the problems we have. I am extremely disappointed that we’ve had them. I know you have reservations about our commitment and who we are. I want you to know we are fully committed." Donald was the only executive who spoke at the hearing."

Fully committed? The proof will be in the company's future actions -- not words -- to fully, consistently, and faithfully comply with the latest settlement agreement and clean up its pollution mess. Will it? What action will the board of directors take? Which executives will be disciplined? Which senior executives will resign? Will more whistle blowers come forward? Lots more news to come.

As the internet has evolved, the user testing and market research practices have also evolved. This may surprise consumers. TechCrunch reported that many popular Apple mobile apps record everything customers do with the apps:

"Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers."

So, customers' entire app sessions and activities have been recorded. Of course, marketers need to understand their customers' needs, and how users interact with their mobile apps, to build better products, services, and apps. However, in doing so some apps have security vulnerabilities:

"The App Analyst... recently found Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 20,000 profiles."

Not good for a couple reasons. First, sensitive data like payment information (e.g., credit/debit card numbers, passport numbers, bank account numbers, etc.) should be masked. Second, when sensitive information isn't masked, more data security problems arise. How long is this app usage data archived? What employees, contractors, and business partners have access to the archive? What security methods are used to protect the archive from abuse?

In short, unauthorized persons may have access to the archives and the sensitive information contained. For example, market researchers probably have little or no need to specific customers' payment information. Sensitive information in these archives should be encrypted, to provide the best protection from abuse and from data breaches.

Sadly, there is more bad news:

"Apps that are submitted to Apple’s App Store must have a privacy policy, but none of the apps we reviewed make it clear in their policies that they record a user’s screen... Expedia’s policy makes no mention of recording your screen, nor does Hotels.com’s policy. And in Air Canada’s case, we couldn’t spot a single line in its iOS terms and conditions or privacy policy that suggests the iPhone app sends screen data back to the airline. And in Singapore Airlines’ privacy policy, there’s no mention, either."

So, the app session recordings were done covertly... without explicit language to provide meaningful and clear notice to consumers. I encourage everyone to read the entire TechCrunch article, which also includes responses by some of the companies mentioned. In my opinion, most of the responses fell far short with lame, boilerplate statements.

All of this is very troubling. And, there is more.

The TechCrunch article didn't discuss it, but historically companies hired testing firms to recruit user test participants -- usually current and prospective customers. Test participants were paid for their time. (I know because as a former user experience professional I conducted such in-person test sessions where clients paid test participants.) Things have changed. Not only has user testing and research migrated online, but companies use automated tools to perform perpetual, unannounced user testing -- all without compensating test participants.

While change is inevitable, not all change is good. Plus, things can be done in better ways. If the test information is that valuable, then pay test participants. Otherwise, this seems like another example of corporate greed at consumers' expense. And, it's especially egregious if data transmissions of the recorded app sessions to developers' servers use up cellular data plan capacity consumers paid for. Some consumers (e.g., elders, children, the poor) cannot afford the costs of unlimited cellular data plans.

After this TechCrunch report, Apple notified developers to either stop or disclose screen recording:

"Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity... We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary..."

Good. That's a start. Still, user testing and market research is not a free pass for developers to ignore or skip data security best practices. Given these covert recorded app sessions, mobile apps must be continually tested. Otherwise, some ethically-challenged companies may re-introduce covert screen recording features. What are your opinions?

Important updates about the gigantic Marriott-Starwood data breach. The incident received more attention after security experts said that China's intelligence agencies may have been behind the cyberattack, which also targeted healthcare insurance companies.

Earlier this month, Marriott announced a lower number of guests affected:

"Working closely with its internal and external forensics and analytics investigation team, Marriott determined that the total number of guest records involved in this incident is less than the initial disclosure... Marriott now believes that the number of potentially involved guests is lower than the 500 million the company had originally estimated [in November, 2018]. Marriott has identified approximately 383 million records as the upper limit for the total number of guest records that were involved...

The announcement also said that fewer than 383 million different persons were affected because its database contained multiple records for the same guests. The announcement also stated that about:

"... 5.25 million unencrypted passport numbers were included in the information accessed by an unauthorized third party. The information accessed also includes approximately 20.3 million encrypted passport numbers... Marriott now believes that approximately 8.6 million encrypted payment cards were involved in the incident. Of that number, approximately 354,000 payment cards were unexpired as of September 2018..."

This is mixed news. Fewer breach victims is good news. The bad news: multiple database records for the same guests, and unencrypted passport numbers. Better, stronger data security always includes encrypting sensitive information. The announcement did not explain why some data was encrypted and some wasn't.

The hotel chain said that it will terminate its Starwood reservations database at the end of the year, and continue its post-breach investigation:

"While the payment card field in the data involved was encrypted, Marriott is undertaking additional analysis to see if payment card data was inadvertently entered into other fields and was therefore not encrypted. Marriott believes that there may be a small number (fewer than 2,000) of 15-digit and 16-digit numbers in other fields in the data involved that might be unencrypted payment card numbers. The company is continuing to analyze these numbers to better understand if they are payment card numbers and, if they are payment card numbers, the process it will put in place to assist guests."

Also, the hotel chain admitted during its January 4th announcement that it still wasn't fully ready to help affected guests:

"Marriott is putting in place a mechanism to enable its designated call center representatives to refer guests to the appropriate resources to enable a look up of individual passport numbers to see if they were included in this set of unencrypted passport numbers. Marriott will update its designated website for this incident (https://info.starwoodhotels.com) when it has this capability in place."

In related news, about 150 former guests have sued Marriott. Vox reported that a class-action lawsuit:

"... was filed Maryland federal district court on January 9, claims that Marriott did not adequately protect guest information before the breach and, once the breach had been discovered, “failed to provide timely, accurate, and adequate notice” to guests whose information may have been obtained by hackers... According to the suit, Marriott’s purchase of the Starwood properties is part of the problem. “This breach had been going on since 2014. In conducting due diligence to acquire Starwood, Marriott should have gone through and done an accounting of the cybersecurity of Starwood,” Amy Keller, an attorney at DiCello Levitt & Casey who is representing the Marriott guests, told Vox... According to a December report by the Wall Street Journal, Marriott could have caught the breach years earlier."

At least one other class-action lawsuit has been filed by breach victims.

A gigantic data breach at Marriott International affects about 500 million customers who have stayed at its Starwood network of hotels in the United States, Canada, and the United Kingdom. Marriott International announced the data breach on Friday, November 30th, and set up a website for affected Starwood guests.

According to its breach announcement, an "internal security tool" discovered the breach on September 8, 2018. The initial data breach investigation determined that unauthorized persons accessed its registration database as far back as 2014, and had both copied and encrypted information before removing it. Marriott engaged security experts, the information was partially decrypted on November 19, 2018, and the global hotel chain determined that the information was from its Starwood guest reservation database.

The Starwood hotels network includes brands such as W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Le Méridien Hotels & Resorts, Four Points by Sheraton, and more. Marriott has not finished decrypting all information, so there may be future updates from the breach investigation.

For 327 million guests, the personal data items stolen included a combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some guests, the information stolen also included payment card numbers and payment card expiration dates. While Marriott said the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128), its warned that it doesn't yet know if the encryption keys (needed to decrypt payment information) were also stolen.

For 173 million guests, fewer personal data items were stolen included, "name and sometimes other data such as mailing address, email address, or other information." Marriott International said its Marriott-branded hotels were not affected since they use a different reservations database on a different server.

Marriott said it has notified law enforcement, is working with law enforcement, and has begun to notify affected guests via email. The hotel chain will offer affected guests in select countries one year of free enrollment in the WebWatcher program which, "monitors internet sites where personal information is shared and  an alert to the consumer if evidence of the consumer’s personal information is found." WebWatcher will not be offered to all affected guests. Eligible guests should read the fine print, which the Starwood breach site summarized:

"Due to regulatory and other reasons, WebWatcher or similar products are not available in all countries. For residents of the United States, enrolling in WebWatcher also provides you with two additional benefits: (1) a Fraud Loss Reimbursement benefit, which reimburses you for out-of-pocket expenses totaling up to $1 million in covered legal costs and expenses for any one stolen identity event. All coverage is subject to the conditions and exclusions in the policy; and (2) unlimited access to consultation with a Kroll fraud specialist. Consultation support includes showing you the most effective ways to protect your identity, explaining your rights and protections under the law, assistance with fraud alerts, and interpreting how personal information is accessed and used..."

The seriousness of this data breach cannot be overstated. First, it went undetected for a very long time. Marriott needs to explain that and the changes it will implement with an improved "internal security tool" so this doesn't happen again. Second, 500 million is an awful lot of affected customers. An awful lot. Third, breach CNN Business reported:

"Because the hack involves customers in the European Union and the United Kingdom, the company might be in violation of the recently enacted General Data Protection Regulation (GDPR). Mark Thompson, the global lead for consulting company KPMG's Privacy Advisory Practice, told CNN Business that hefty GDPR penalties will potentially be slapped on the company. "The size and scale of this thing is huge," he said, adding that it's going to take several months for (EU) regulators to investigate the breach."

Fourth, the data items stolen are sufficient to cause plenty of damage. Security experts advise affected customers to change their Starwood passwords, check the answers.Kroll.com breach site next week to see if their information was compromised/stolen, sign up for credit monitoring (if they don't already have it), watch their payment or bank accounts for fraudulent entries, and consider an early renewal if your passport number was compromised/stolen. Fifth, companies usually arrange free credit monitoring for breach victims for one or two years. So far, Marriott hasn't done this. Maybe it will. If not, Marriott needs to explain why.

Sixth, breach notification of affected guests via email seems sketchy... like Marriott is trying to cut corners and costs. History is littered with numerous examples of skilled spammers and cybercriminals using faked or spoofed email to trick consumers into revealing sensitive personal and payment information. It will be interesting to see how Marriott's breach notification via email works and manages this threat.

Seventh, lawsuits and other investigations have already begun. ZDNet reported:

"... two Oregon men sued international hotel chain Marriott for exposing their data. Their lawsuit was followed hours later by another one filed in the state of Maryland. Both lawsuits seek class-action status. While plaintiffs in the Maryland lawsuit didn't specify the amount of damages they were seeking from Marriott, the plaintiffs in the Oregon lawsuit want $12.5 billion in costs and losses. his should equate to $25 for each of the 500 million users who had their personal data stolen from Marriott's serv ers... The Maryland lawsuit was filed by Baltimore law firm Murphy, Falcon & Murphy..."

Bloomberg BNA announced:

"The Massachusetts, New York and Illinois state attorneys general quickly announced they would examine the hack. Connecticut George Jepsen (D) is also looking into the matter, a spokesman told Bloomberg Law."

Eighth, the breach site's website address unnecessarily vague: answers.kroll.com. Frankly, a website address like "starwood-breach.kroll.com" or "marriott-breach.kroll.com" would have been better. (The combination of email notification and vague website name seems eerily similar to the post-breach clusterf--k by Equifax's poorly implemented breach site.) Maybe this vague address was a temporary quick fix, and Marriott will host a comprehensive breach-status site later on one of its servers. That would be better and clearer for affected customers, who probably are unfamiliar with Kroll. Readers of this blog probably first encountered Kroll after IBM Inc. contracted it to help implement IBM's post-breach response in 2007.

The Starwood breach notice appears within the news section of Marriott.com site. Also, Marriott's post-breach notice included overlays on both the home page and the Starwood landing page within the Marriott.com site. This is a good start, but a better implementation would insert a link directly into the webpages, since the overlays don't render well in all browsers on all devices. (Marriott: you did test this before deployment?) Example: people with pop-up blockers may miss the breach notice in the overlays. And, a better implementation would link to the news story's detail page within the Marriott.com site -- not directly to the vague answers.kroll.com site.

Last, some questions remain about the post-breach response:

• Why email notices to breach victims? Hopefully, there are more reasons than simply saving postal mailing costs.
• Why no credit monitoring offers to breach victims?
• What data in the Starwood reservations database was altered by the attackers? That data was encrypted by the attackers suggests that the attackers had sufficient time, resources, and skills to modify or alter database records. Marriott needs to explain what it is doing about this.
• When will Marriott host a breach site on one of its servers? No doubt, there will be follow-up news, more questions by breach victims, and breach investigation updates. A dedicated breach site on one of its servers seems best. Leaning too much on Kroll is not good.
• Why did the intrusion go undetected for so long? Marriott needs to explain this and the post-breach fix so guests are reassured it won't happen again.
• Is the main Marriott reservations database also vulnerable? Guests for other brands weren't affected since a separate reservations database was used. Maybe this is because the main Marriott reservations database and server are better protected, or cybercriminals haven't attacked it (yet). Guests deserve comprehensive answers.
• Why the website overlaps/pop-ups and not static links?
• What changes (e.g., software upgrades, breach detection tools, employee training, etc.) will be implemented so this doesn't happen again?

Having blogged about data breaches for 11+ years, these types of questions often arise. None are unreasonable questions. Answers will help guests feel comfortable with using Starwood hotels. Plus, Marriott has an obligation to fully inform guests directly at its website, and not lean on Kroll. What do you think?

Experts predict that there will be 10 million self-driving cars on the roads by 2020. Any outstanding issues need to be resolved before then. One outstanding issue is the "trolley problem" - a situation where a fatal vehicle crash can not be avoided and the self-driving car must decide whether to save the passenger or a nearby pedestrian. Ethical issues with self-driving cars are not new. There are related issues, and some experts have called for a code of ethics.

Like it or not, the software in self-driving cars must be programmed to make decisions like this. Which person in a "trolley problem" should the self-driving car save? In other words, the software must be programmed with moral preferences which dictate which person to sacrifice.

The answer is tricky. You might assume: always save the driver, since nobody would buy self-driving car which would kill their owners. What if the pedestrian is crossing against a 'do not cross' signal within a crosswalk? Does the answer change if there are multiple pedestrians in the crosswalk? What if the pedestrians are children, elders, or pregnant? Or a doctor? Does it matter if the passenger is older than the pedestrians?

To understand what the public wants -- expects -- in self-driving cars, also known as autonomous vehicles (AV), researchers from MIT asked consumers in a massive, online global survey. The survey included 2 million people from 233 countries. The survey included 13 accident scenarios with nine varying factors:

1. "Sparing people versus pets/animals,
2. Staying on course versus swerving,
3. Sparing passengers versus pedestrians,
4. Sparing more lives versus fewer lives,
5. Sparing men versus women,
6. Sparing the young versus the elderly,
7. Sparing pedestrians who cross legally versus jaywalking,
8. Sparing the fit versus the less fit, and
9. Sparing those with higher social status versus lower social status."

Besides recording the accident choices, the researchers also collected demographic information (e.g., gender, age, income, education, attitudes about religion and politics, geo-location) about the survey participants, in order to identify clusters: groups, areas, countries, territories, or regions containing people with similar "moral preferences."

Newsweek reported:

"The study is basically trying to understand the kinds of moral decisions that driverless cars might have to resort to," Edmond Awad, lead author of the study from the MIT Media Lab, said in a statement. "We don't know yet how they should do that."

And the overall findings:

"First, human lives should be spared over those of animals; many people should be saved over a few; and younger people should be preserved ahead of the elderly."

These have implications for policymakers. The researchers noted:

"... given the strong preference for sparing children, policymakers must be aware of a dual challenge if they decide not to give a special status to children: the challenge of explaining the rationale for such a decision, and the challenge of handling the strong backlash that will inevitably occur the day an autonomous vehicle sacrifices children in a dilemma situation."

The researchers found regional differences about who should be saved:

"The first cluster (which we label the Western cluster) contains North America as well as many European countries of Protestant, Catholic, and Orthodox Christian cultural groups. The internal structure within this cluster also exhibits notable face validity, with a sub-cluster containing Scandinavian countries, and a sub-cluster containing Commonwealth countries.

The second cluster (which we call the Eastern cluster) contains many far eastern countries such as Japan and Taiwan that belong to the Confucianist cultural group, and Islamic countries such as Indonesia, Pakistan and Saudi Arabia.

The third cluster (a broadly Southern cluster) consists of the Latin American countries of Central and South America, in addition to some countries that are characterized in part by French influence (for example, metropolitan France, French overseas territories, and territories that were at some point under French leadership). Latin American countries are cleanly separated in their own sub-cluster within the Southern cluster."

The researchers also observed:

"... systematic differences between individualistic cultures and collectivistic cultures. Participants from individualistic cultures, which emphasize the distinctive value of each individual, show a stronger preference for sparing the greater number of characters. Furthermore, participants from collectivistic cultures, which emphasize the respect that is due to older members of the community, show a weaker preference for sparing younger characters... prosperity (as indexed by GDP per capita) and the quality of rules and institutions (as indexed by the Rule of Law) correlate with a greater preference against pedestrians who cross illegally. In other words, participants from countries that are poorer and suffer from weaker institutions are more tolerant of pedestrians who cross illegally, presumably because of their experience of lower rule compliance and weaker punishment of rule deviation... higher country-level economic inequality (as indexed by the country’s Gini coefficient) corresponds to how unequally characters of different social status are treated. Those from countries with less economic equality between the rich and poor also treat the rich and poor less equally... In nearly all countries, participants showed a preference for female characters; however, this preference was stronger in nations with better health and survival prospects for women. In other words, in places where there is less devaluation of women’s lives in health and at birth, males are seen as more expendable..."

This is huge. It makes one question the wisdom of a one-size-fits-all programming approach by AV makers wishing to sell cars globally. Citizens in clusters may resent an AV maker forcing its moral preferences upon them. Some clusters or countries may demand vehicles matching their moral preferences.

The researchers concluded (emphasis added):

"Never in the history of humanity have we allowed a machine to autonomously decide who should live and who should die, in a fraction of a second, without real-time supervision. We are going to cross that bridge any time now, and it will not happen in a distant theatre of military operations; it will happen in that most mundane aspect of our lives, everyday transportation. Before we allow our cars to make ethical decisions, we need to have a global conversation to express our preferences to the companies that will design moral algorithms, and to the policymakers that will regulate them... Our data helped us to identify three strong preferences that can serve as building blocks for discussions of universal machine ethics, even if they are not ultimately endorsed by policymakers: the preference for sparing human lives, the preference for sparing more lives, and the preference for sparing young lives. Some preferences based on gender or social status vary considerably across countries, and appear to reflect underlying societal-level preferences..."

And the researchers advised caution, given this study's limitations (emphasis added):

"Even with a sample size as large as ours, we could not do justice to all of the complexity of autonomous vehicle dilemmas. For example, we did not introduce uncertainty about the fates of the characters, and we did not introduce any uncertainty about the classification of these characters. In our scenarios, characters were recognized as adults, children, and so on with 100% certainty, and life-and-death outcomes were predicted with 100% certainty. These assumptions are technologically unrealistic, but they were necessary... Similarly, we did not manipulate the hypothetical relationship between respondents and characters (for example, relatives or spouses)... Indeed, we can embrace the challenges of machine ethics as a unique opportunity to decide, as a community, what we believe to be right or wrong; and to make sure that machines, unlike humans, unerringly follow these moral preferences. We might not reach universal agreement: even the strongest preferences expressed through the [survey] showed substantial cultural variations..."

Several important limitations to remember. And, there are more. It didn't address self-driving trucks. Should an AV tractor-trailer semi  -- often called a robotruck -- carrying $2 million worth of goods sacrifice its load (and passenger) to save one or more pedestrians? What about one or more drivers on the highway? Does it matter if the other drivers are motorcyclists, school buses, or ambulances?

What about autonomous freighters? Should an AV cargo ship be programed to sacrifice its $80 million load to save a pleasure craft? Does the size (e.g., number of passengers) of the pleasure craft matter? What if the other craft is a cabin cruiser with five persons? Or a cruise ship with 2,000 passengers and a crew of 800? What happens in international waters between AV ships from different countries programmed with different moral preferences?

Regardless, this MIT research seems invaluable. It's a good start. AV makers (e.g., autos, ships, trucks) need to explicitly state what their vehicles will (and won't do). Don't hide behind legalese similar to what exists today in too many online terms-of-use and privacy policies.

Hopefully, corporate executives and government policymakers will listen, consider the limitations, demand follow-up research, and not dive headlong into the AV pool without looking first. After reading this study, it struck me that similar research would have been wise before building a global social media service, since people in different countries or regions having varying preferences with online privacy, sharing information, and corporate surveillance. What are your opinions?

California-based Uber Technologies, Inc. has agreed to pay $148 million to settle lawsuits by several states' attorneys general regarding the ride-sharing service's massive data breach in 2016 where hackers stole information about 57 million Uber customers and drivers worldwide, including 600,000 U.S. driver's license numbers. The breach problems were compounded by allegations that Uber paid the hackers $100,000 for their silence, and by the company's failure to notify both state agencies and affected consumers about the breach.

Josh Shapiro, the Attorney General (AG) for the State of Pennsylvania, announced on the Wednesday the settlement agreement including a coalition of 51 state AGs:

"In November 2016, Uber learned that hackers had gained access to some personal information Uber maintains about its drivers, including drivers’ license information for about 600,000 drivers nationwide. Instead of reporting the breach to law enforcement and impacted individuals, Uber tracked down the hackers and obtained assurances that the hackers deleted the information – and made payments to ensure their silence... Since some of the compromised information – specifically driver’s license numbers – is considered personally identifiable information (PII), Uber was required to notify impacted individuals under the Pennsylvania Breach of Personal Information Notification Act. However, Uber failed to report the breach until November 2017."

13,500 Uber drivers in Pennsylvania were affected by the breach. Pennsylvania's share of the total payment is $5.7 million. Each Uber driver in Pennsylvania will receive $100.

48 states have data breach notification laws requiring various levels of notifications to both state officials and affected consumers, who need notice in order to take action to protect themselves and their sensitive personal and payment information.

Massachusetts' share of the total payment is $7.1 million, of which $6.5 million will be distributed to the Commonwealth’s General fund and $600,000 will be used to assist consumers and businesses. Massachusetts AG Maura Healey said:

"Uber failed to immediately report this data breach and tried to pay hush money to hackers. This settlement should be a lesson to other businesses that consumers have a right to know when their personal information has been compromised."

California's share of the total payment is $26 million. California AG  Xavier Becerra said:

"Uber’s decision to cover up this breach was a blatant violation of the public’s trust. The company failed to safeguard user data and notify authorities when it was exposed. Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law. Companies in California and throughout the nation are entrusted with customers’ valuable private information. This settlement broadcasts to all of them that we will hold them accountable to protect their data."

San Francisco District Attorney George Gascon said:

"We wholeheartedly support innovative business models, but new ways of engaging in business cannot come at the expense of public safety or consumer privacy. This settlement today demonstrates what happens when all of us in law enforcement work together. My office will continue to collaborate closely with the Attorney General to protect consumers both in San Francisco, and the rest of California."

Terms of the settlement agreement require Uber and its executives to:

"1. Implement and maintain robust data security practices.
2. Comply with state laws in connection with its collection, maintenance, and safeguarding of personal information, as well as reporting of data security incidents.
3. Accurately and honestly represent data security and privacy practices to better ensure transparency in how the company’s driver and customer information is safeguarded.
4. Develop, implement, and maintain a comprehensive information security program with an executive officer who advises key executive staff and Uber’s Board of Directors.
5. Report any data security incidents to states on a quarterly basis for two years.
6. Maintain a Corporate Integrity Program that includes a hotline to report misconduct, quarterly reports to the board, implementation of privacy principles, and an annual code of conduct training".

Uber and its executives have a long history of sketchy behavior including the 'Greyball' worldwide program by executives to thwart code enforcement inspections by governments, dozens of employees fired or investigated for sexual harassment, a lawsuit describing how the company's mobile app allegedly scammed both riders and drivers, and privacy abuses with the 'God View' tool.

This breach settlement is another reminder that Uber and its executives deserve close monitoring and supervision.

Many police departments use automated license plate reader (ALPR or LPR) technology to monitor the movements of drivers and their vehicles. The surveillance has several implications beyond the extensive data collection.

The Voice of San Diego reported that the San Diego Police Departments shares its database of ALPR data with many other agencies:

"SDPD shares that database with the San Diego sector of Border Patrol – and with another 600 agencies across the country, including other agencies within the Department of Homeland Security. The nationwide database is enabled by Vigilant Solutions, a private company that provides data management and software services to agencies across the country for ALPR systems... A memorandum of understanding between SDPD and Vigilant stipulates that each agency retains ownership of its data, and can take steps to determine who sees it. A Vigilant Solutions user manual spells out in detail how agencies can limit access to their data..."

San Diego's ALPR database is fed by a network of cameras which record images plus the date, time and GPS location of the cars that pass by them. So, the associated metadata for each database record probably includes the license plate number, license plate state, vehicle owner, GPS location, travel direction, date and time, road/street/highway name or number, and the LPR device ID number.

Information about San Diego's ALPR activities became public after a data request from the Electronic Frontier Foundation (EFF), a digital privacy organization. ALPRs are a popular tool, and were used in about 38 states in 2014. Typically, the surveillance collects data about both criminals and innocent drivers.

There are several valid applications: find stolen vehicles, find stolen license plates, find wanted vehicles (e.g., abductions), execute search warrants, find parolees, and find wanted parolees. Some ALPR devices are stationary (e.g., mounted on street lights), while others are mounted on (marked and unmarked) patrol cars. Both deployments scan moving vehicles, while the latter also facilitates the scanning of parked vehicles.

Earlier this year, the EFF issued hundreds of similar requests across the country to learn how law enforcement currently uses ALPR technology. The ALPR training manual for the Elk Grove, Illinois PD listed the data archival policies for several states: New Jersey - 5 years, Vermont - 18 months, Utah - 9 months,  Minnesota - 48 hours, Arkansas - 150 days, New Hampshire - not allowed, and California - no set time. The document also stated that more than "50 million captures" are added each month to the Vigilant database. And, the Elk Grove PD seems to broadly share its ALPR data with other police departments and agencies.

The SDPD website includes a "License Plate Recognition: Procedures" document (Adobe PDF), dated May 2015, which describes its ALPR usage and policies:

"The legitimate law enforcement purposes of LPR systems include the following: 1) Locating stolen, wanted, or subject of investigation vehicles; 2) Locating witnesses and victims of a violent crime; 3) Locating missing or abducted children and at risk individuals.

LPR Strategies: 1) LPR equipped vehicles should be deployed as frequently as possible to maximize the utilization of the system; 2) Regular operation of LPR should be considered as a force multiplying extension of an officer’s regular patrol efforts to observe and detect vehicles of interest and specific wanted vehicles; 3) LPR may be legitimately used to collect data that is within public view, but should not be used to gather intelligence of First Amendment activities; 4) Reasonable suspicion or probable cause is not required for the operation of LPR equipment; 5) Use of LPR equipped cars to conduct license plate canvasses and grid searches is encouraged, particularly for major crimes or incidents as well as areas that are experiencing any type of crime series... LPR data will be retained for a period of one year from the time the LPR record was captured by the LPR device..."

The document does not describe its data security methods to protect this sensitive information from breaches, hacks, and unauthorized access. Perhaps most importantly, the 2015 SDPD document describes the data sharing policy:

"Law enforcement officers shall not share LPR data with commercial or private entities or individuals. However, law enforcement officers may disseminate LPR data to government entities with an authorized law enforcement or public safety purpose for access to such data."

However, the Voice of San Diego reported:

"A memorandum of understanding between SDPD and Vigilant stipulates that each agency retains ownership of its data, and can take steps to determine who sees it. A Vigilant Solutions user manual spells out in detail how agencies can limit access to their data... SDPD’s sharing doesn’t stop at Border Patrol. The list of agencies with near immediate access to the travel habits of San Diegans includes law enforcement partners you might expect, like the Carlsbad Police Department – with which SDPD has for years shared license plate reader data, through a countywide arrangement overseen by SANDAG – but also obscure agencies like the police department in Meigs, Georgia, population 1,038, and a private group that is not itself a police department, the Missouri Police Chiefs Association..."

So, the accuracy of the 2015 document is questionable, it it isn't already obsolete. Moreover, what's really critical are the data retention and sharing policies by Vigilant and other agencies.

TechCrunch reported:

"The cause of the fatal crash of an Uber self-driving car appears to have been at the software level, specifically a function that determines which objects to ignore and which to attend to, The Information reported. This puts the fault squarely on Uber’s doorstep, though there was never much reason to think it belonged anywhere else.

Given the multiplicity of vision systems and backups on board any given autonomous vehicle, it seemed impossible that any one of them failing could have prevented the car’s systems from perceiving Elaine Herzberg, who was crossing the street directly in front of the lidar and front-facing cameras. Yet the car didn’t even touch the brakes or sound an alarm. Combined with an inattentive safety driver, this failure resulted in Herzberg’s death."

The TechCrunch story provides details about which software subsystem the report said failed.

Not good.

So, the autonomous or self-driving cars are only as good as the software they're programmed with (including maintenance). Anyone who has used computers during the last couple decades probably has experienced software glitches, bugs, and failures. It happens.

This latest incident suggests self-driving cars aren't yet ready. what do you think?

In the near future, what you post on social media sites (e.g., Facebook, Instagram, Pinterest, etc.) could affect the price you pay for airline tickets. How's that?

First, airlines already use what the travel industry calls "dynamic pricing" to vary prices by date, time of day, and season. We've all seen higher ticket prices during the holidays and peak travel times. The Telegraph UK reported that airlines want to extend dynamic pricing to set fares by person:

"... the advent of setting fares by the person, rather than the flight, are fast approaching. According to John McBride, director of product management for PROS, a software provider that works with airlines including Lufthansa, Emirates and Southwest, a number of operators have already introduced dynamic pricing on some ticket searches. "2018 will be a very phenomenal year in terms of traction," he told Travel Weekly..."

And, there was a preliminary industry study about how to do it:

" "The introduction of a Dynamic Pricing Engine will allow an airline to take a base published fare that has already been calculated based on journey characteristics and broad segmentation, and further adjust the fare after evaluating details about the travelers and current market conditions," explains a white paper on pricing written by the Airline Tariff Publishing Company (ATPCO), which counts British Airways, Delta and KLM among its 430 airline customers... An ATPCO working group met [in late February] to discuss dynamic pricing, but it is likely that any roll out to its customers would be incremental."

What's "incremental" mean? Experts say first step would be to vary ticket prices in search results at the airline's site, or at an intermediary's site. There's virtually no way for each traveler to know they'd see a personal price that's higher (or lower) from prices presented to others.

With dynamic pricing per person, business travelers would pay more. And, an airline could automatically bundle several fees (e.g., priority boarding, luggage, meals, etc.) for its loyalty program members into each person's ticket price, obscuring transparency and avoiding fairness. Of course, airlines would pitch this as convenience, but alert consumers know that any convenience always has its price.

Thankfully, some politicians in the United States are paying attention. The Shear Social Media Law & Technology blog summarized the situation very well:

"[Dynamic pricing by person] demonstrates why technology companies and the data collection industry needs greater regulation to protect the personal privacy and free speech rights of Americans. Until Silicon Valley and data brokers are properly regulated Americans will continue to be discriminated against based upon the information that technology companies are collecting about us."

Just because something can be done with technology, doesn't mean it should be done. What do you think?

The United States has a problem: the number of international visitors is declining. What are companies doing to counter this, lost revenues, and other negative impacts? Bloomberg reported (bold emphasis added):

"... 10 business associations, including the U.S. Chamber of Commerce and the National Restaurant Association, have created a travel industry group aimed at reversing the growing unpopularity of the U.S. as a vacation destination. So [last week], some of its biggest players unveiled the "Visit U.S. Coalition" to spur the Trump administration into enacting friendlier visa and border-security policies at a time when federal agencies are doing the opposite... Since 2015, the U.S. and Turkey have been the only places among the top dozen global travel destinations to experience a decline in inbound visitors, a time when other nations such as Australia, Canada, China and the United Kingdom have marked sizable gains..."

Foreign visitors spend their travel money here, which helps businesses in the USA. The amount of the travel decline is measurable:

"... the Commerce Department reported a 3.3 percent drop in traveler spending for last year, through November, the equivalent of $4.6 billion in losses and 40,000 jobs. The U.S. share of international long-haul travel fell to 11.9 percent last year, from 13.6 percent in 2015, according to the U.S. Travel Association, a slippage the group said equates to 7.4 million visitors and $32.2 billion in spending."

According to its website, the Visit U.S. Coalition includes the following founding members: American Gaming Association, American Hotel & Lodging Association, American Society of Association Executives, Asian American Hotel Owners Association, International Association of Exhibitions and Events, National Restaurant Association, National Retail Federation, Society of Independent Show Organizers, the U.S. Chamber of Commerce, and the U.S. Travel Association.

What does this mean? What might the consequences be?

First, if the foreign tourism decline continues, experience tells us that after prolonged revenue losses, affected industries (e.g., hotels, transportation, restaurants, retail shopping, etc.) and companies will layoff or terminate workers. Not good for workers. Not good for the United States economy.

Second, it's great that several companies have organized together into groups... trade associations for several industries; and then several trade associations organized into a coalition... what you might call an uber-trade association... to highlight their concerns, remain competitive, and advocate for their interests. You'd expect any administration which promised to be pro-business would listen these concerns.

Third, the freedom to organize is an important part of a democracy, and a competitive marketplace. Workers want this freedom, too. Sadly, too many corporate executives and politicians deny workers the same freedoms they want their businesses to enjoy. You've probably heard the claim: "corporations are people, my friend." I guess they are a special class of people with more freedom than flesh-and-blood persons.

What do you think of the foreign visitor travel decline?

Inc. Magazine warned in 2016, "ready or not, companies will soon be tracking your emotions." Most Facebook users already knows this. Also in 2016, the social networking site expanded several reaction buttons beyond its (in)famous "Like" button to cover several emotions (e.g., "Love," "Haha," "Wow," "Sad," "Angry"):

Maybe you have used these reaction buttons. Companies do this because effective marketing appeals to emotions instead of reason.

Now, a popular cruise line has taken things a step further. Cruise Critic, a popular travel site, announced:

"... Royal Caribbean has teamed up with CPP-The Myers-Briggs Company to launch a quiz that offers cruise recommendations based on your personality type. The assessment tool, found on MyAdventurePersonality.com, asks users 13 questions as they pertain to personal behavior and preferences... Once the results are calculated, users will be designated a travel personality type, such as Expert Adventure Planner, Laidback Wanderer and Spontaneous Sightseer. They also will receive an itinerary recommendation best suited for their type, with planning tips."

What is the Myers'Briggs assessment tool? The Myers-Briggs Foundation site explains:

"The purpose of the Myers-Briggs Type Indicator^® (MBTI^®) personality inventory is to make the theory of psychological types described by C. G. Jung understandable and useful in people's lives. The essence of the theory is that much seemingly random variation in the behavior is actually quite orderly and consistent, being due to basic differences in the ways individuals prefer to use their perception and judgment... In developing the Myers-Briggs Type Indicator [instrument], the aim of Isabel Briggs Myers, and her mother, Katharine Briggs, was to make the insights of type theory accessible to individuals and groups... The identification of basic preferences of each of the four dichotomies specified or implicit in Jung's theory. The identification and description of the 16 distinctive personality types that result from the interactions among the preferences."

Indeed, this assessment tool became very accessible. The Seattle Times reported in 2013:

"Chances are you’ve taken the Myers-Briggs Type Indicator (MBTI), or will. Roughly 2 million people a year do. It has become the gold standard of psychological assessments, used in businesses, government agencies and educational institutions... More than 10,000 companies, 2,500 colleges and universities and 200 government agencies in the United States use the test... It’s estimated that 50 million people have taken the Myers-Briggs personality test since the Educational Testing Service first added the research to its portfolio in 1962... Organizations administer the MBTI assessment to employees in one of two ways. They either pay for someone in their human-resources department to become certified, then pay the materials costs each time employees take the test. Or, they contract with certified, independent training consultants or leadership coaches."

The travel quiz uses different and fewer (13 versus ~ 88) forced-choice questions than the MBTI. Plus, the travel quiz categorizes consumers into four travel personality types (versus 16 types by the MBTI). And, the MBTI tool is administered by certified professionals in an ethical manner. So, consumers shouldn't assume that the travel quiz is as rigorous as the MBTI. Admittedly, MyAdventurePersonality may add more questions and/or types in the future.

If you are considering the travel quiz, wise consumers always read the fine print, first. The MyAdventurePersonality site uses the same legal and privacy policies as the core Royal Caribbean cruise line site. So, consumers should know that whatever they submit to the travel quiz will probably be freely shared with other entities, since the Royal Caribbean Privacy Policy does not state any limitations.

The MyAdventurePersonality site may be a marketing gimmick to attract new customers and/or better target e-mail marketing campaigns to current and prospective cruise travelers.

Me? After 28 cruise ship vacations (with many on Royal Caribbean ships) to many areas of the planet, I know my travel needs and preferences very well. So, I doubt the quiz will tell me something I don't already know.

What do you think? Should companies uses these types of quizzes?