Report and PowerPoint
Ethics Report Group 12 – Remote Caregiver Interface
March 11, 2020 Members:
Nada Lahjouji Sadaf Sarwari
Case #1 - Apollo 1
What Happened in the Apollo 1 Disaster? On January 27, 1967, astronauts Vigil Grissom, Edward White, and Roger Chaffee participated in a pre-flight test session in preparation for the first manned Apollo mission scheduled to take place on February 21, 1967. Unfortunately, a fire in the Command Module (CM) during this test led to the deaths of all three of the astronauts. Investigation showed that White attempted to open the escape hatch but was unable to do so; the primary cause of death was determined to be carbon monoxide poisoning.
Many conditions could have led to this incident. Although the exact source of the fire is not known, it is very likely that it was caused by a combination of an electrical short, an unstable atmospheric environment, the presence of highly combustible materials in the CM, the design of the hatch, and mismanagement in NASA. The most sound hypothesis, however, is that the fire was started because of the presence of an exposed wire under an astronaut’s seat, which interacted with the highly flammable pure oxygen present in the capsule (Chaikin, 2016).
What Ethical Violations Occurred? Listed below are the canons and rules of practice from the National Society of Professional Engineers (NSPE) official code of ethics that were violated in the Apollo 1 disaster as well as a description of the situation(s) that led to each violation. The violations are drawn from a summary of the disaster as detailed in NASA’s records (NASA, 1967).
Canon 1, Rule of Practice a 1) Hold paramount the safety, health, and welfare of the public. a) If engineers' judgment is overruled under circumstances that endanger life or property, they shall notify their employer or client and such other authority as may be appropriate.
As stated in NASA’s investigation report, the Apollo team failed to give adequate attention to certain mundane but equally vital questions of crew safety. The Board’s investigation revealed many deficiencies in design and engineering, manufacture, and quality control. Certain conditions were overlooked that caused the fire:
● A sealed cabin, pressurized with pure oxygen atmosphere ● An extensive distribution of combustible materials in the cabin
These choices were not made arbitrarily; NASA headquarters had agreed on putting 15 psi (pound-force per square inch) of pure oxygen in the small space capsule that held the astronauts, knowing that this was an extremely flammable environment. They continued with the Apollo program despite the obvious violations this constituted. Rather than caring about the well-being and safety of the astronauts, NASA only reported the technical aspects of the project over the potential risk of their choices to the government and the public.
Canon 1, Rule of Practice f 1) Hold paramount the safety, health, and welfare of the public. f) Engineers having knowledge of any alleged violation of this Code shall report thereon to appropriate professional bodies and, when relevant, also to public authorities, and cooperate with the proper authorities in furnishing such information or assistance as may be required.
As stated above, the entire Apollo 1 team as well as the headquarters of NASA were aware of the circumstances under which the capsule was built and subjected to. This knowledge was not shared with the public and the governmental body overarching NASA, but was rather masked as being technical requirements necessary for the mission despite the potential danger to the astronauts. However, many investigation reports state that NASA had “overlooked” these details rather than “hid” them. This means that NASA’s actions were not premeditated, but were the product of neglect and naivete; NASA had never encountered a problem with the same oxygen and pressure settings when testing them with previous projects, and therefore did not suspect the gravity of these circumstances. Despite this, the ethical violation that NASA completely disregarded the safety of the astronauts still remains.
How Could the Disaster Have Been Avoided? Overall, the Apollo 1 disaster was thought not to be a premeditated or intentional violation of ethics, but rather an incident born out of neglect and severe overlook of safety measures. This disaster could therefore have been avoided first and foremost by:
● Emphasizing safety over meeting space mission deadlines and over solving problems quickly and easily: NASA headquarters decided on and approved conditions such as high pressurized pure oxygen in the main capsule knowing that this would cause the environment to be extremely flammable. This decision was made in order to solve the problem of the environmental control system of the capsule, which would provide the astronauts with a breathable atmosphere despite the high combustibility. This should not have been passed considering the risk of fire it constituted for the astronauts. Taking more time to find solutions to problems that jeopardize the safety of employees is therefore a sound choice which could have prevented the Apollo 1 fire.
● Conduct intensive testing regardless of precedents: Another underlying reason for the Apollo 1 fire was the fact that the circumstances which had caused the fire had been tested beforehand in other projects, such as the Mercury project. After having tested these conditions for an extended period of time, NASA did not see a reason to review their initial pressure and oxygen settings and instead ran Apollo 1 based on those calculations. If they had tested the environmental control system regardless of precedent tests, they would have discovered the faultiness of the system and prevented the fire.
● Have more external oversight of NASA operations: Lastly, NASA’s neglect and overlooking of the astronauts’ safety was just as overlooked by overarching authorities. Although the numbers and conditions were reported by NASA, they were not held
responsible or questioned for them by any other agency; therefore, they proceeded with the project, thus causing the Apollo 1 fire. A stricter and more rigid oversight of NASA operations by external factors would have undoubtedly prevented the incident, as this would have held NASA accountable for the lack of safety and health measures taken.
Case #2 - Bhopal Disaster
What Happened in the Bhopal Disaster? The Bhopal disaster is considered the world’s worst industrial disaster. On December 2, 1984, the US-owned multinational company Union Carbide accidentally released about thirty tons of a poisonous gas called methyl isocyanate at its pesticide plant in Bhopal, India. Because the plant was in the center of a large number of impoverished towns, it affected the more than 600,000 residents of those areas. The gas cloud permeated the atmosphere throughout the night and stayed very close to the ground, which caused such conditions as blindness and death on many occasions.
The death toll has been very hard to place, but figures now put the overall death count at around 15,000 as a direct result of this disaster. Even today, many people who were exposed to the gas have had children with physical and mental disabilities. Although residents of the city have petitioned for the site to be cleaned, after Dow Chemical took over Union Carbide in 2001, these efforts slowed down. Many groups have reported that the hazardous waste is buried under ground, and to this day the area is deemed contaminated (Taylor, 2014).
What Ethical Violations Occurred? Listed below are the canons and rules of practice from the National Society of Professional Engineers (NSPE) official code of ethics that were violated in the Bhopal disaster as well as a description of the situation(s) that led to each violation. The violations are drawn from the official report following the disaster as detailed in The New York Times (Diamond, 1985).
Canon 1, Rule of Practice a 1) Hold paramount the safety, health, and welfare of the public. a) If engineers' judgment is overruled under circumstances that endanger life or property, they shall notify their employer or client and such other authority as may be appropriate.
The initial leak was discovered at 11:30 pm on the night of December 2, 1984. When the supervisor was informed of it, he assumed it was a water leak and decided he would deal with it after his break. By the time his break was over, the chemical reaction had taken place and the situation quickly ran out of control. Not only did this supervisor have an ethical responsibility to “hold paramount the safety, health, and welfare of the public” by actively investigating the leak instead of waiting until after his break to do it, but the workers who informed their supervisor of this leak also should have notified other members of management of the worrisome leak after being told by their supervisor that he was not too concerned about it.
Canon 1, Rule of Practice e 1) Hold paramount the safety, health, and welfare of the public. e) Engineers shall not aid or abet the unlawful practice of engineering by a person or firm.
The Bhopal plant did not have a computer system that could alert staff about leaks. Management actually relied on workers to sense if a gas was leaking by seeing if their eyes watered; if a worker felt his eyes watering, only then would he report a potential gas leak to his supervisor. This practice is a blatant violation of the rule of practice given above because it is morally wrong to ask for workers to put their health and lives at risk as a way to test if the plant is experiencing a gas leak. In addition, the “safety, health, and welfare of the public” is compromised as well as this gruesome “detection mechanism” is obviously not as reliable as a sensitive, automated machine would be at determining if a gas leak is occurring; if a worker does not notice his eyes watering until two minutes before the gas seeps out of the facility, for instance, it may very well be too late for the plant to take appropriate corrective actions.
Canon 1, Rule of Practice f 1) Hold paramount the safety, health, and welfare of the public. f) Engineers having knowledge of any alleged violation of this Code shall report thereon to appropriate professional bodies and, when relevant, also to public authorities, and cooperate with the proper authorities in furnishing such information or assistance as may be required.
Months earlier, the plant managers had shut down the refrigeration unit that kept methyl isocyanate cool and lessened the chance of potential chemical reactions. Among the reasons for this shutdown was to save electricity; this was a direct violation of plant procedures as the chemical was specifically required to be contained in a refrigeration unit that was kept on at all times. If this unit had been running, it is estimated that it would have taken two days instead of two hours for the methyl isocyanate reaction to produce the conditions that caused the gas leak, which would have given the plant workers sufficient time to address the issue.
Plant procedures specifically required that in case of an emergency, large spare tanks should be used to hold the dangerous gas in order to avert a major disaster; that is, the gas that was causing the emergency had to be moved into these larger, safer tanks to ensure no chemical reactions would occur. However, workers reported that these spare tanks often were not left empty as instructed; thus, on the night of the accident, there was nowhere for the workers to move the gas when they first noticed that the leak was occurring.
Although an inspection report in 1982 said that the Bhopal plant needed a better water spray system to help in the case of a chemical leak, this warning was dismissed as “sufficiently addressed.” As a result, on the night of the gas leak, this system ultimately failed to contain the methyl isocyanate.
The tank of methyl isocyanate that caused the disaster was 87% full--the manual for the Bhopal plant stated that any tank holding this gas should never be more than 60% capacity.
The three main safety systems at the plant were not properly equipped to deal with the situation that occurred on the night of December 2, 1984--one of the systems was inoperable and had been for a long time, and the other had been declared out of service several weeks prior to the incident.
Because the equipment at the plant was known to not report accurate information, the methyl isocyanate supervisor on duty the night of the disaster ignored the warning on the gauge of the tank that showed the pressure in that tank had increased by five times over one hour.
Each of the conditions described above show how many violations the Bhopal plant committed that fall into this canon and rule of practice. The primary issue in every case listed is the fact that there was at least one person who was aware--or who should have made a higher authority aware--of the malpractices and safety breaches occurring at the facility. Although unfortunately the immediate “professional bodies” in this case were often the perpetrators of these violations, as they disregarded safe practices to save time and money, there is an implicit responsibility to report such infractions to the highest authorities that ideally should deal with such situations.
It is important to note, however, that because many of these workers did not have proper training or education and were assigned tasks that they were not equipped to fulfill (described in detail below), it is understandable that in such a new, overwhelming environment such workers would feel obliged to obey the “higher authorities” without questioning them, as they were the ones who gave them the job to begin with. There is also a cultural component of this “obedience”, as unfortunately factors such as socio-economic status in India lead to those who are not as well-off or not in a position of authority--like the workers at this plant--to not be taken as seriously even if they were to report such violations. Thus, though there did exist ethical and moral responsibilities for both the workers and supervisors at this plant, it is the supervisory and managerial staff that ultimately should have reported to the higher authorities instead of brushing such violations off as minor.
Canon 2, Rule of Practice a 2) Perform services only in areas of their competence a) Engineers shall undertake assignments only when qualified by education or experience in the specific technical fields involved.
The gas leak is purported to have started about two hours after a worker who did not have proper industry training was told by his supervisor to wash out a pipe that was known to not be sealed well; this is significant because it is likely that this water reacted with the methyl isocyanate, which led to a chain reaction that culminated in the gas leaking out uncontrollably into the environment.
Although it began as a thriving industry, over the years the Bhopal plant began losing money as talented workers became disillusioned by the company’s falling safety standards and left. Thus, the plant faced budget reductions and started hiring employees that did not meet proper training levels for their positions. In addition, staff were cut, and instead of the recommended 12 employees at the methyl isocyanate plant on the night of the accident, there were only six.
Ultimately, saving money became more important than worker or public safety.
Both situations described above fit into this canon and rule of practice because they represent how dangerous an otherwise potentially manageable gas leak became when people who lacked proper expertise to handle the plant equipment were hired and told to take charge of some of the plant’s most sensitive operations. Because these workers were also not explicitly informed by their supervisors of the gravity of their tasks and how to respond in the case of an emergency, the already-large information gap was compounded and cultivated an environment ripe for this tragic disaster.
Canon 3, Rule of Practice a 3) Issue public statements only in an objective and truthful manner a) Engineers shall be objective and truthful in professional reports, statements, or testimony. They shall include all relevant and pertinent information in such reports, statements, or testimony, which should bear the date indicating when it was current.
There was no widespread education initiative to address how the public should respond in the case of an emergency. On the night the gas leak occurred, an alarm did sound, but it was so similar to the sound of the approximately 20 practice drills administered on a weekly basis in the area that no one paid heed to the warning. This situation represents a violation of the canon and rule of practice above because the plant had a moral obligation to “...include all relevant and pertinent information” in statements to the public about the potential danger of such emergencies as a gas leak; in this case, there was never a statement issued to the public of the work this plant did and the hazards that it brought. Thus, the plant failed to fulfill its ethical responsibility to keep the public informed and up-to-date about its practices.
How Could the Disaster Have Been Avoided? As described above, there were a host of violations that ultimately led to this disaster. However, the points below summarize the primary precautions and practices that should have been taken and performed in order to prevent this tragedy:
● Place more accountability at the supervisory level: Overall, the violations were reported; it was the supervisory staff that failed to properly act on these warnings. Unfortunately, as described above there is a lot of corruption and abuse of power that permeates these levels of authority. Thus, if there was a mechanism in place that could override these individuals and cause them to be held directly responsible for their actions, there would be more pressure put on them to perform their tasks properly and ethically--especially if their own jobs and salaries were at stake.
● Implement relevant technology at the facility: The reports following the disaster described the lack of proper working equipment at the facility. There was no lack of technology, as sister companies of Union Carbide in such locations as the United States did have this technology in place. Thus, if the company had taken the important action of fixing and implementing these technologies in the Bhopal facility instead of working
with broken or non-existent machinery, it is likely that the plant would have had better, safer working conditions that could have prevented such a large-scale disaster.
● Emphasize industry training after hiring: In such highly populated places as India where there will always be jobs to fill and people ready to fill them, it is likely that the practice of people without the necessary qualifications for a job being hired will continue. Thus, it is vital to emphasize training upon hiring to ensure that all workers meet the necessary qualifications to do the jobs they have been hired to do and to ensure they know what to do in cases of emergency. Although the workers at the Bhopal plant were given basic training, they were not given the holistic overview of the plant’s machinery and what the plant is responsible for; it is necessary to provide this education so that all workers can take the actions necessary in case disaster strikes.
● Disseminate information to the public about the plant and its emergency procedures: One of the most essential components about maintaining a facility that deals with toxic materials is to explicitly and clearly disseminate information to the public about what the facility does, how it could pose a risk to the public in case of a disaster, and how the public should react should a disaster occur. If this was emphasized by the Bhopal plant when it was built, then with this increased awareness perhaps many more lives could have been saved.
Case #3 - Remote Caregiver Interface
Although our remote caregiver interface is a pure software-based project primarily driven by our own API and information produced from the other groups in our class rather than an outside source, there are still some issues to remain cautious of as we implement our website.
Because our website is hosted by the external third-party vendor Bluehost, by default our domain and all associated information will be vulnerable to any cyber-attacks aimed at that popular, well-renowned company. In addition, in the ideal, “real-life” setting, our application will be handling data related to patients, including information from previous hospital visits, records of the number of times they have fallen, and inventory of the foods in their pantries. This information is sensitive as it can be used to determine such factors as location and health status of the individual, and these qualities could potentially make our application a target of data breaches.
Since our application is hosted online, any device that accesses our application that is infected by a virus or is a victim of any other cybersecurity attack directly endangers our own website if this “infection” has the capacity to track the user’s browser history and/or collect usernames and passwords. These concerns may not be too relevant while we use mock data to populate our application instead of pulling from real data, but they are vital security threats to keep in mind moving forward in order to handle sensitive information securely and not violate our caregiver-patient trust.
In order to protect both ourselves and our caregivers and patients, we will take precautions to ensure our devices that we use to deploy our application are backed by the latest antivirus software tools. This includes not only downloading the protections from malware necessary but also simply making sure our platforms are running the latest version of the operating system that is available, since every update almost always includes patches to fix existing software vulnerabilities. This will make it much more difficult for our application to be exploited.
We will also perform frequent backup of our data in the application and research and implement the mechanisms required to keep our backend database on Bluehost secure. In the case of a disruption, we will make sure that we have methods in place to safely and securely perform system recovery.
References
Chaikin, A. (2016, November). Apollo’s Worst Day. Air & Space Magazine, Retrieved from https://www.airspacemag.com/history-of-flight/apollo-fire-50-years-180960972/
Diamond, S. (1985, January 28). The Bhopal Disaster: How It Happened. The New York Times, Retrieved from https://www.nytimes.com/1985/01/28/world/the-bhopal-disaster-how-it-happened.html
NASA. (1967, January 27). Apollo 1: The Fire. Retrieved from https://history.nasa.gov/SP-4029/Apollo_01a_Summary.htm
Taylor, A. (2014, December 2). Bhopal: The World’s Worst Industrial Disaster, 30 Years Later. Retrieved from https://www.theatlantic.com/photo/2014/12/bhopal-the-worlds-worst-industrial-disaster-30-y ears-later/100864/
Vyas, Kashyap. (2018, November 19). 23 Engineering Disaster of All Time. Retrieved from https://interestingengineering.com/23-engineering-disasters-of-all-time