Data transparency as a safety feature

 

It seems to me that situational awareness of cruise ship passengers is not considered important, I have a problem with that. It is perfectly clear that going on a cruise means an increased level of risk. The risk is larger during a storm than it is during calm summer weather. Passengers need truthful information about the service they are purchasing. Informed choices can’t be made without adequate information. I therefore suggest that the amount of safety-related information available to passengers should be significantly increased.

A good place to start is history (examples here are from Finland as this text is a translation of a Finnish original). In 2005, there was a fire on board the M/S Amorella, the crew extinguished it with firm professionalism. For some reason, there was no press release nor were the shareholders informed through a stock exchange release. The situation on board the ship was over at 22.59, at which point the passengers were allowed back inside. There was a stock exchange release by Viking Line next morning at 09.00, dealing with the rising cost of fuel. Yet there was a fire, it was extinguished, and as always in situations like this, something was learned. In this case the investigation resulted in five recommendations which should have raised discussion among the professionals. To be credible when talking about safety history should be visible, smaller and larger mistakes should be acknowledged, and above all the company should show what was learned and how it is showing up in the everyday activities. To be fair to the Viking Line company, it is not alone in its  amnesia; the Silja Line history shows no memory of this steering-loss incident in 1995, nor does the Tallink history remember this attempt to widen the route near Kustaanmiekka. But there is an amusing mention of how the trade in duty free beer is really picking up.

I made a quick search of the www.costacruise.com web site to see what they tell about safety. Nothing much. The only reference I could find related to occupational safety. From the aviation world, searching www.finnair.com or www.lufthansa.com sites produced little of note either. There was slightly more information on the Viking Line web pages. The page could be found by searching for “safety” in the search field. Safety information on the Tallink Silja web pages was more difficult to find and scantier. Personally, I found the lengthier information on the Viking web pages more reassuring, a sign that safety is being taken seriously.

This situation is slightly strange. At least in the case of airlines, safety work is a significant effort and a never-ending process. One would imagine that the same applies to cruise ships. In both cases, it is next to impossible for a customer to check the real situation. Are the companies afraid of losing customers? Maybe. This could certainly happen if the message is ham-fisted: “If our service fails, you can die”. However, by using some money one can buy a presentation that brings out the facts in a more neutral way. At the same time best experts on aviation or maritime safety are likely to be found outside the companies themselves. If safety thinking is opened up on the Internet, it would be possible to draw in researchers essentially for free to comment on weaknesses. A “no communication” model eliminates this possibility.

Safety must be priority number one in all shipping, especially passenger ships. This should be visible in the organization all the way to the top. The board of directors should include a person with a publicly stated overall responsibility for safety. That person should have sufficient experience and clout to actively question weaknesses in the procedures.

At the other end, the safety organization and procedures should be opened to the passengers at all levels. Let us take the concrete example of a fire which requires evacuation. Should those partying in the disco go to their cabins to get warm clothing? This is an important question, since even an hour of waiting in the cold without adequate clothing can seriously hinder a passenger’s ability to act, and can endanger the evacuation process. Perhaps there are procedures for this, but how are we to know this? We cannot know, since we have not been given any information on what kinds of plans the ship’s crew has.

Locations of ships can be seen here and sea ice conditions can be seen here, weather forecasts can be found here. There is plenty of information on parameters that affect the speed, comfort, and safety of the trip. If the shipping company adds information on the ship’s performance and safety, such as any hazardous substances, narrows on the navigation path, navigational information such as a radar picture, and information from the fire warning system, passengers would have almost the same information as the crew on the bridge. By adding information that normally interests the passengers, such as the opening times of the buffet and an opportunity to reserve seats there, there is enough information to create a mobile application that anyone travelling with a smartphone would want to have available.

Detailed information may not interest everyone, but based on this information it is possible to create an index showing the current safety situation. Currently a large part of the problem is the coarse-grained approach, in which there are just two modes: 1) keep on partying, 2) we are in major trouble. Modern technology and enlightened customers would enable much more fine-grained communication.

An application like this would require a mobile device compatible wireless network that operates inside the ship. When such a network exists, it can also be used to transmit emergency information to the passengers. The report on the Isabella accident of 2001 showed problems when dealing with a multilingual environment.  As soon as instructions had been given in Finnish, the clamor level rose, making it difficult to hear announcements made in other languages. In such circumstances, it would be beneficial to have the information available in written form, in multiple languages. Some people may also find it easier to follow written instructions rather than trying to listen to spoken instructions.

I would distribute almost all of the information in the ship’s systems both inside and outside the ship in a standardized format that allows third-party use and would allow the authorities to maintain real-time situational awareness. Due both to long distances and difficult conditions, it can take hours for help to arrive. Proactive reaction to developing incidents can thus significantly alter the outcome. A culture that values autonomy and self-sufficiency above all must be changed. When and where possible self-sufficiency should be the goal, but in case of a deviation from normal one should prepare, automatically, for the need to receive external assistance by communicating all relevant information .

At some point increasing safety will be limited by rising costs. I would like to see analyses in which these limits are challenged. Estimate the cost of a shipboard Wi-Fi system, balance the cost against the advantages, and make a decision based on this balance. It may be necessary to keep some calculations as trade secrets, but even there it is worthwhile to truly analyze what needs to be secret and what does not.

A functioning safety culture requires acceptance of the fact that mistakes will be made and they must be learned from. However, it is impossible for external parties to assess quality of the safety culture if no information on that culture is openly available.Data transparency  as a safety feature

Data transparency in shipping safety: good or bad idea?

 

Radical transparency is an intriguing school of thought, with the philosophy that the best society is a transparent society. In other words, all data that can be opened should be opened. I find such transparency an interesting concept, and in many cases probably worth aiming for. The key question is: what is a realistic environment in which to begin experimenting with it? I focus here on one tightly restricted area: data transparency in shipping safety. [Finnish version: Click here]

For a slightly perspective on this issue by Niko Porjo, see here.

At the moment,  international standards require large ships to transmit AIS information. At minimum, this information contains, in standardized format, the ship’s identity, location, speed, and bearing. The AIS information is transmitted in the clear and its purpose is to help ships maintain positional awareness of other traffic.  Internet distribution of the data originally raised some controversy, but in practice the controversy is over: the AIS information is public.

It is quite sensible to ask a further question: should even more information from the ships be openly available? There are good reasons to ask this question; above all, in an emergency it would make the passengers active participants rather than passive subjects. It would also help to show up poor safety practices that would remain invisible in a closed environment. The technical problem can be stated quite simply: should the information currently collected by the black box  be available and public (although not necessarily in real time)? More radically, it is technically feasible to make all the information that is available on the bridge available to the public. Should it be made available?

Unfortunately, I tend to arrive at a pessimistic outcome for this specific case.  Openness would benefit the overall system. Unfortunately, it would not benefit any of the individual players, at least in the beginning stages. The problem with transparency in this particular area is that the first adopter ends up taking most of the risk. Although radical transparency is a good concept to aim for, shipping security does not seem like a reasonable platform in which to start experimenting with it.

The authorities cannot be bossed around

In practice, security is defined and enforced by national or international authorities. In a democratic system, it is in principle possible to force the authorities to make good decisions. Unfortunately, in a democratic system this is also painfully difficult in practice. Authorities are dependent on what  legislators decide. Legislation in turn is a slow process, undergoing massive lobbying from established interestes, and requiring a significant push from citizens.  Based on the lukewarm reception these issues are getting, it does not seem that there is any real  political push in this direction.

Laws and directives change most rapidly through major accidents, which lead to security recommendations.  Even then, the new directives may or may not be followed adequately, especially if they require significant amounts of money. Waiting for the authorities to act requires patience and (unfortunately) often new accidents. This path does work, but is not likely to lead to rapid or radical solutions.

Anonymization does not work

In order to balance between data transparency and personal privacy, security-related  information should be anonymized.   Unfortunately, this does not work in the Internet age, where all information (whether correct or not) will be on Twitter within minutes of an accident. The most tragic failure of anonymization is the  Überlingen air accident  of 2002, in which two aircraft collided. The  investigation report concluded that it was a system-wide problem, and no single individual was to blame. Nevertheless, a man who  lost his family in the accident blamed the air traffic controller, found out his identity and home address, and murdered him.

The Überlingen case is extreme, but in an open system there is no automatic mechanism to protect those initially blamed for the accident. It is a serious scenario is that in any accident, the people potentially responsible will be identified immediately, they will be blamed by the media, their personal information will be found immediately, and Internet mobbing could start immediately. The risk may look small now, but already cyber-bullying in South Korea shows that a risk exists. How many people would be willing to work under such circumstances?

Data without metadata is nothing

The technical problems are considerable. The AIS parameters are standardized tightly and are easily understandable.  If more generic information is to be transmitted, then its interpretation becomes problematic. Raw data is just rows of numbers;  processing, interpretation, and displaying are what make it into information.  Someone must do this, must be paid to do it, and must be responsible for quality control.

Some parameters will be considered trade secrets by the shipping companies (or at least in a gray area). Realistically speaking,  any shipping company will either not want to do such an analysis, or will want to keep the results secret. It is certainly possible to force a company to make the raw data available. Without extra incentives, it is barely realistic to expect the company to make the data available in a form which could be easily utilized by competitors.

Transparency benefits the unscrupulous

Transparency is an equalizing safety factor when all parties have the same information on all parties.  If one party stops sharing information, it creates a business advantage for itself (even more so if it begins to distort it). No idealism can change this fact; surveillance and enforcement are needed. The enforcement needs to be global. It can be argued that for technologies such as nuclear energy such a global enforcement system already exists; that is true, but nuclear energy was born in completely different historical circumstances than shipping, and was in fat able to start from a clean table.

Open real-time information also makes piracy easier. More information means more opportunities to plan attacks. Merchant ships near the coast of Somalia will certainly not be willing to participate in experiments in radical transparency.

Terrorism is invoked too easily, but it cannot be ignored. Any transparency model must accept the brutal truth that there are destructive entities. The sinking of a large passenger ship might not even be the worst-case scenario; societies can recover from large losses of life very rapidly, even though the scars are horrible.   A more worrisome scenario might be an  Exxon Valdez-type massive oil leak event next to a nuclear power plant.

What can we do?

Many people reflexively oppose this type of radical transparency, whether with good reason or by knee-jerk reflex. How could they be motivated to at least try?  Even if calculations clearly show that transparency is useful for the whole system in the long run, people are irrational and think in the short run. Given that the early adopters take a risk, how would this risk be compensated to them?  Shipping has a long history and legacy practices which are difficult to overcome. Radical transparency is something that absolutely should be tested in a suitable environment. However, I am forced to conclude that shipping safety is simply not a sensible environment in which to start.  

 

Translate »