Tag Archives: accident

South Korean ferry accident

The way the South Korean ferry disaster is being handled in public is wrong. CNN reports that the South Korean President has stated that the “Actions of sunken ferry captain ‘akin to murder’”. Wrong, wrong, wrong.

What does she want to achieve? Revenge the dead on the captain and the crew? I can see how anger can be the reaction of those that have lost their loved ones, but does it have to be the reaction of the president? I would hazard a guess that contrary to the mental image I got from the president’s reported statement, there was no malice involved.

I can only imagine the sorrow felt by those close to the events. I claim to have an understanding of how South Koreans in general might feel, as a similar incident did occur here in Finland (see MS Estonia). What I can’t fathom is why is the press effectively asking the question “who is responsible?”, when they most definitely should be asking “why did this happen and how can the system be fixed?”.

An accident like this is almost certainly the result of several mistakes that should have been caught long before things got past the point where someone was in danger. The investigation needs to look past the mistakes that were made, it must find out why was it possible to make such mistakes.

Image 1. Emblem of KMST. According to its website: The balance scale symbolizes fair judgment. The navigating vessel depicts maritime safety, and blue waves represent clean and peaceful oceans

There seems to be a South Korean maritime accident investigation organisation that is actively investigating, for example here. It’s english name “Korea Maritime Safety Tribunal” does not have a good ring to it, but a quote from one of the investigation reports is right on the money:

“This investigation was conducted in conformity with the law to improve safety of shipping by investigating marine casualties and other incidents (Act on the Investigation and Inquiry into Marine Accidents). According to the said Act, the sole objective of this investigation is to prevent future accidents and malfunctions through the ascertainment of its causes and circumstances. This investigation does not serve to ascertain fault, liability or claims. This report should not be used in court proceedings or proceedings of the Maritime Board.”

This is the spirit in which the investigation must be approached. If blame is being dished out people will shut up and will not co-operate. Yet co-operation and change is what is needed to improve the system.

Talvivaara 5: What is going on?


We have a firm policy of never publishing any “agitprop” material. I will circumvent the rule by posting a propaganda piece I helped write, but providing skeptical commentary. In effect, I will argue against myself.

PDF version of the official piece: What is causing the environmental damage in Talvivaara.  More blog posts on Talvivaara (Finnish only): Talvivaara


By the Kainuu District of the Finnish Association for Nature Conservation (Suomen Luonnonsuojeluliitto). 

The environmental problems of the Talvivaara mine are difficult to summarize briefly. They are systemic, and made worse by the actions of the authorities (in this case the Kainuu ELY Center, in charge of monitoring the mine). The Talvivaara mine has caused excessive environmental damage; the ELY Center has repeatedly approved this damage; whenever challenged in court, its decisions have been found to be invalid. However, these court rulings come almost a year after the fact, and are irrelevant because Talvivaara has done so much more ELY-approved damage in the meantime. The system has become a monster.

Commentary: Obviously “monster” is agitprop. But other than that, the later analysis shows that the basic mechanism seems to be true. The system is definitely in a self-perpetuating feedback loop, which is difficult to stop.

In practice Talvivaara has never achieved a “normal” mode of operation. All of the wastewater treatment has happened in violation of the original environmental permit, issued in 2007. This has created chronic problems, which has led to a loop of repeated and uncontrollable acute problems. The ELY Center is actively collaborating in the damage by refusing to sanction the mine in any meaningful way.

Commentary: “Active collaboration” is agitprop. But certainly the actions of the ELY Center are not making the situation easier.

The mine started with the premise of a closed water circuit, in which a water-purification plant ensures that no wastewater is emitted into the environment. Such a plant  was already a requirement in the environmental permit in 2007. As of 2013, Talvivaara has no plant, and is emitting 1.3 million cubic meters of wastewater per year.  Instead of purification, the wastewater is neutralized by adding lime to the acidic water, and precipitating some of the toxic metals in a gypsum pond. This creates sulphate salts. The salt water is then diverted into ponds and rivers. The sulphates have already permanently contaminated several small lakes near the mine, and are proceeding downstream toward larger bodies of water.

Commentary: The basic mechanism is true. No water purification is being done, although the permit requires a plant to be built at some point.  Neutralization of an acid with lime produces salts, which contaminate fresh water. Rises in sulphate levels have been measured in lakes tens of kilometers away. However, there is legitimate dispute how significant that rise is, the amount of damage that has actually happened, and how permanent it is. We simply do not know yet.

The Vaasa Administrative Court of Finland made two significant rulings against the Kainuu ELY Center last week. In early 2012, the ELY Center decided that despite the environmental damage the mine was chronically causing, there was no need to shut it down. The Administrative Court has now ruled that the damage was significant, and extreme measures should have been considered.

Commentary: This may be reading too much into the decision. Technically speaking, the Court simply decided that the ELY Center decision was invalid, and has to be reconsidered. The amount of damage as such was not assessed by the Court; they ruled that the damage assessment made by the ELY Center was insufficient. 

In June 2012, Talvivaara invoked a “state of emergency” under Article 62 of the Environmental Protection Act, which allows permits to be temporarily bypassed in case of a natural catastrophe. Talvivaara then diverted its wastewater past the gypsum pond, bypassing a crucial step in the cleaning process. The ELY Center approved the diversion. The Administrative Court has now ruled that in fact there was no state of emergency.

Commentary: These facts are not in dispute. The criteria for invoking Article 62 are quite stringent, and they were not fulfilled. 

In both cases, the Administrative Court invalidated the decisions of the ELY Center. Unfortunately, this shows a fundamental breakdown in the system: coming almost a year after the fact, these rulings are essentially irrelevant. The damage that the ELY Center helped to create can no longer be undone, since so much new damage has been done in the meantime.

Commentary: Calling the rulings “irrelevant” is extreme, but little can be done to correct the damage. The situation is analyzed (in Finnish) in Talvivaara 4. The diagram below shows some features, even though it is in Finnish. Orange lines refer to technical problems; red lines refer to emergency solutions; red lines crossed over refer to emergency solutions that have been declared illegal. This is the simplest possible diagram that captures even some of the key problems. 


There have been four further states of emergency (August 2012, November 2012, January 2013, and February 2013).  Most seriously, there was a massive leak in the gypsum pond in November, which has made the pond unusable (it also leaked in 2008 and 2010). It appears that Talvivaara illegally diverted one million cubic meters of highly polluted and acidic metal raffinate into the gypsum pond, contributing to the leak. The authorities are investigating this.

Commentary: These facts are not in dispute. The breakdown of the gypsum pond (Kipsi-allas) in the diagram above in particular is a serious issue, since it makes it very difficult to achieve normal operations.

It has also emerged that Talvivaara has no water-management plan, which was a key requirement in the 2007 environmental permit. Talvivaara has blamed rainy weather in 2012 for its problems; however, rainfall was never considered in the design and risk analysis of the mine. There also seem to be fundamental problems in the bioleaching process, according to an external report.

Commentary: Not in dispute. The problems in the water and risk management are described for example in the February 15 independent commission report  (Talvivaara-selvitys, Finnish only).  The external report was done by SRK Consulting. 

Company management has stated that the situation is almost under control. However, the same message has been repeated since the mine began operations, and Talvivaara has a track record of unreliable statements about its water management.

Commentary: Agitprop. The positive messages from the company are certainly true. Whether they are unreliable depends on whom one chooses to trust. However, the Talvivaara-selvitys did note that the problems with the water management are serious.

Even more worryingly, the mine now plans to almost triple its operations, and to begin extracting uranium from the ore. (The presence of uranium has been known since the 1960’s, but was conveniently forgotten by Talvivaara and the authorities in order to avoid public backlash when the mine was started).  Based on the past track record of the company, this sounds like a recipe for disaster.

Commentary: Agitprop, in particular “conveniently forgotten”. In general, whenever an environmental organization mentions the word “uranium”, one can expect a torrent of antinuclear propaganda. However, the propaganda value is not pursued deeply here, and it is true that uranium was never mentioned when the mine was first built.  The last question is phrased in a rhetorical way, but is a valid question. If a company seems completely unable to control its operations, is it a good idea to allow it to triple those operations? 

Conclusions of the commentary: Most of the facts mentioned here are not in dispute. Some of the readings of the court decisions may be biased. Claiming that the ELY Center is actively collaborating in causing the environmental damage is certainly propagandistic. However, the actions of the ELY Center certainly are not helping. It is debatable whether the situation in Talvivaara is quite as apocalyptic as suggested here, but it is certainly not under control. Overall, the rhetorical tone clearly marks this as a propaganda text, but I would argue that there are no serious distortions, and that the interpretation is more or less supported by the facts.  

Acknowledgments: Many people contributed to the text, including Johan Heino, Janne Kumpulainen, and Pertti Sundqvist.


Accident information comparisons


Safety and accident related information is available at the websites of airlines, but you will find more of it if you use Google. There were also a couple of interesting peculiarities in the data, where it seems possible that the airline was hiding information. See also Part 1, this post is part of our “Is aviation safety a shameful thing?” project.

In this part two I will compare the number of safety/accident related links that were found by the airline’s own search to the number found by Google when it was limited to the website in question. Both link counts are also analyzed against against information about the airlines and their home countries. The intention is to find out how open airlines are with this information. Absolute numbers show how much information is available, relative numbers show how well it can be found with the search provided by the airline and might give a hint about how desirable it is to the airline to show that information. Comparison with other data might reveal factors that are common to airlines with high or low number of links.

I searched through 46 airlines. Figure 1 shows the raw link counts. The x-axis shows how many links were found and the y-axis shows the number of airlines that had that count. The large blue and orange bars at x=0 show that for many airlines the homepage was a poor choice for finding safety or accident info.

On the other hand Google is able to find information (yellow and green bars) on both subjects and in some cases quite a lot of it. It should be noted that I only counted to 10, if there were more links I ignored them. This document of the raw data shows in more detail which links were accepted to this data set.

Links to anything that the passengers would find out during the trip, such as pre-flight safety announcements, were rejected. Another category that was not accepted were links to insurance terms and conditions.The reason being that I am interested in what “extra” information is available at the website.

Figure 1. Number of links found for both searches and words.

I’d like to be a little cautious when making conclusions based on this data, mainly due to the low number of airlines, but also due to the data gathering process. Namely it was done by me alone without much help. In my experience this leads to a less rigorous result than a group effort. But one thing seems to be pretty certain: Google is better in finding this information than the search functions on the airline web sites.

This is true even if those 12 airlines that didn’t have a search are removed from the zero column. For the whole set, when the number of links found for one airline by one search is summed; Google finds more links in 39 cases while in only two cases the homepage search returns more results (Qantas 5 vs. 4 and Czech Airlines 7 vs. 5)

At least one of the airlines uses Google to power their search (US Airways). This offers an interesting comparison: US Airways homepage search found 3 safety and 1 accident related link, while the general google search found 1 safety and 7 accident related links.

While I was not logged in to my Google account, it is possible that Google had picked up on the fact that the same computer had been intensely searching for accident info for several days and used this knowledge to show what was most interesting to me.

A more sinister explanation is that the results by the search provided at the homepage have been filtered not to include what I was looking for. Searching the US airways site with the site’s search for “1549” gives (18 March 2012 ) one result about a general chronology of the airline and tells that some results have been omitted. If one includes those, four more links to the same chronology are included. It is still possible that this is a result of some more general decision not to include parts of the web site in the site search, but I’d say there is a good possibility that this is intentional.

In the case of Kenya Airways, Google search gave two links to the accident of KQ 507 but when I followed those links they gave a 404 (i.e page not found). This could be due to several reasons and need not be intentional. The accident was mentioned in an annual report.

Table 1. Mean and median number of links found Google for different sub populations


Table 1 shows the mean and median number of links found by google for different sub populations. “Whole set” includes all the airlines, while “Google and Homepage” includes only those cases where both searches were available and “Google only” includes only the cases where there was no homepage search.

In all cases there are more links related to safety than to accidents, but the difference is not massive. Results for the word “Safety” show no definite differences between the populations. For “Accident” airlines with their own search show more info. This difference could be explained if the airlines with no homepage search had had fewer accidents, but in only 3 cases out of 12 I couldn’t find a fatal accident in the history of the airline. Four out of the 12 airlines without homepage search function are low cost airlines which might have less expansive websites and therefore less information. This result is similar to what Jakke saw in his analysis of airline homepages.

I compared the link counts against a data set ( or here ) with info on

  • number of employees
  • number of yearly passengers
  • revenue
  • year the airline was founded
  • GDP (PPP) per capita of the airlines home country
  • global integrity report overall score of home country
  • corruption perception index
  • IATA membership
  • date of latest accident

It was difficult to find all the data for all the airlines so there are some gaps. The data is also unreferenced and from various sources. Some plots with very short description are available here. There is a modest correlation between the date of latest non fatal accident and total number of links found,  which just might be significant. There is also a modest correlation between the Global Integrity Report overall score and total number of links. But the plots show that in addition to the set being quite small there might be other data related difficulties that make this type of analysis less trustworthy.

Overall the small numbers in table 1 suggest that openness is not the approach chosen for these subjects. Further, there is accident related information at many airline websites but you might not find all of it with the search provided by the airline.

In the third part of this series I will attempt to rate the links and see if any info comes out of that

Data transparency as a safety feature


It seems to me that situational awareness of cruise ship passengers is not considered important, I have a problem with that. It is perfectly clear that going on a cruise means an increased level of risk. The risk is larger during a storm than it is during calm summer weather. Passengers need truthful information about the service they are purchasing. Informed choices can’t be made without adequate information. I therefore suggest that the amount of safety-related information available to passengers should be significantly increased.

A good place to start is history (examples here are from Finland as this text is a translation of a Finnish original). In 2005, there was a fire on board the M/S Amorella, the crew extinguished it with firm professionalism. For some reason, there was no press release nor were the shareholders informed through a stock exchange release. The situation on board the ship was over at 22.59, at which point the passengers were allowed back inside. There was a stock exchange release by Viking Line next morning at 09.00, dealing with the rising cost of fuel. Yet there was a fire, it was extinguished, and as always in situations like this, something was learned. In this case the investigation resulted in five recommendations which should have raised discussion among the professionals. To be credible when talking about safety history should be visible, smaller and larger mistakes should be acknowledged, and above all the company should show what was learned and how it is showing up in the everyday activities. To be fair to the Viking Line company, it is not alone in its  amnesia; the Silja Line history shows no memory of this steering-loss incident in 1995, nor does the Tallink history remember this attempt to widen the route near Kustaanmiekka. But there is an amusing mention of how the trade in duty free beer is really picking up.

I made a quick search of the www.costacruise.com web site to see what they tell about safety. Nothing much. The only reference I could find related to occupational safety. From the aviation world, searching www.finnair.com or www.lufthansa.com sites produced little of note either. There was slightly more information on the Viking Line web pages. The page could be found by searching for “safety” in the search field. Safety information on the Tallink Silja web pages was more difficult to find and scantier. Personally, I found the lengthier information on the Viking web pages more reassuring, a sign that safety is being taken seriously.

This situation is slightly strange. At least in the case of airlines, safety work is a significant effort and a never-ending process. One would imagine that the same applies to cruise ships. In both cases, it is next to impossible for a customer to check the real situation. Are the companies afraid of losing customers? Maybe. This could certainly happen if the message is ham-fisted: “If our service fails, you can die”. However, by using some money one can buy a presentation that brings out the facts in a more neutral way. At the same time best experts on aviation or maritime safety are likely to be found outside the companies themselves. If safety thinking is opened up on the Internet, it would be possible to draw in researchers essentially for free to comment on weaknesses. A “no communication” model eliminates this possibility.

Safety must be priority number one in all shipping, especially passenger ships. This should be visible in the organization all the way to the top. The board of directors should include a person with a publicly stated overall responsibility for safety. That person should have sufficient experience and clout to actively question weaknesses in the procedures.

At the other end, the safety organization and procedures should be opened to the passengers at all levels. Let us take the concrete example of a fire which requires evacuation. Should those partying in the disco go to their cabins to get warm clothing? This is an important question, since even an hour of waiting in the cold without adequate clothing can seriously hinder a passenger’s ability to act, and can endanger the evacuation process. Perhaps there are procedures for this, but how are we to know this? We cannot know, since we have not been given any information on what kinds of plans the ship’s crew has.

Locations of ships can be seen here and sea ice conditions can be seen here, weather forecasts can be found here. There is plenty of information on parameters that affect the speed, comfort, and safety of the trip. If the shipping company adds information on the ship’s performance and safety, such as any hazardous substances, narrows on the navigation path, navigational information such as a radar picture, and information from the fire warning system, passengers would have almost the same information as the crew on the bridge. By adding information that normally interests the passengers, such as the opening times of the buffet and an opportunity to reserve seats there, there is enough information to create a mobile application that anyone travelling with a smartphone would want to have available.

Detailed information may not interest everyone, but based on this information it is possible to create an index showing the current safety situation. Currently a large part of the problem is the coarse-grained approach, in which there are just two modes: 1) keep on partying, 2) we are in major trouble. Modern technology and enlightened customers would enable much more fine-grained communication.

An application like this would require a mobile device compatible wireless network that operates inside the ship. When such a network exists, it can also be used to transmit emergency information to the passengers. The report on the Isabella accident of 2001 showed problems when dealing with a multilingual environment.  As soon as instructions had been given in Finnish, the clamor level rose, making it difficult to hear announcements made in other languages. In such circumstances, it would be beneficial to have the information available in written form, in multiple languages. Some people may also find it easier to follow written instructions rather than trying to listen to spoken instructions.

I would distribute almost all of the information in the ship’s systems both inside and outside the ship in a standardized format that allows third-party use and would allow the authorities to maintain real-time situational awareness. Due both to long distances and difficult conditions, it can take hours for help to arrive. Proactive reaction to developing incidents can thus significantly alter the outcome. A culture that values autonomy and self-sufficiency above all must be changed. When and where possible self-sufficiency should be the goal, but in case of a deviation from normal one should prepare, automatically, for the need to receive external assistance by communicating all relevant information .

At some point increasing safety will be limited by rising costs. I would like to see analyses in which these limits are challenged. Estimate the cost of a shipboard Wi-Fi system, balance the cost against the advantages, and make a decision based on this balance. It may be necessary to keep some calculations as trade secrets, but even there it is worthwhile to truly analyze what needs to be secret and what does not.

A functioning safety culture requires acceptance of the fact that mistakes will be made and they must be learned from. However, it is impossible for external parties to assess quality of the safety culture if no information on that culture is openly available.Data transparency  as a safety feature

Data transparency in shipping safety: good or bad idea?


Radical transparency is an intriguing school of thought, with the philosophy that the best society is a transparent society. In other words, all data that can be opened should be opened. I find such transparency an interesting concept, and in many cases probably worth aiming for. The key question is: what is a realistic environment in which to begin experimenting with it? I focus here on one tightly restricted area: data transparency in shipping safety. [Finnish version: Click here]

For a slightly perspective on this issue by Niko Porjo, see here.

At the moment,  international standards require large ships to transmit AIS information. At minimum, this information contains, in standardized format, the ship’s identity, location, speed, and bearing. The AIS information is transmitted in the clear and its purpose is to help ships maintain positional awareness of other traffic.  Internet distribution of the data originally raised some controversy, but in practice the controversy is over: the AIS information is public.

It is quite sensible to ask a further question: should even more information from the ships be openly available? There are good reasons to ask this question; above all, in an emergency it would make the passengers active participants rather than passive subjects. It would also help to show up poor safety practices that would remain invisible in a closed environment. The technical problem can be stated quite simply: should the information currently collected by the black box  be available and public (although not necessarily in real time)? More radically, it is technically feasible to make all the information that is available on the bridge available to the public. Should it be made available?

Unfortunately, I tend to arrive at a pessimistic outcome for this specific case.  Openness would benefit the overall system. Unfortunately, it would not benefit any of the individual players, at least in the beginning stages. The problem with transparency in this particular area is that the first adopter ends up taking most of the risk. Although radical transparency is a good concept to aim for, shipping security does not seem like a reasonable platform in which to start experimenting with it.

The authorities cannot be bossed around

In practice, security is defined and enforced by national or international authorities. In a democratic system, it is in principle possible to force the authorities to make good decisions. Unfortunately, in a democratic system this is also painfully difficult in practice. Authorities are dependent on what  legislators decide. Legislation in turn is a slow process, undergoing massive lobbying from established interestes, and requiring a significant push from citizens.  Based on the lukewarm reception these issues are getting, it does not seem that there is any real  political push in this direction.

Laws and directives change most rapidly through major accidents, which lead to security recommendations.  Even then, the new directives may or may not be followed adequately, especially if they require significant amounts of money. Waiting for the authorities to act requires patience and (unfortunately) often new accidents. This path does work, but is not likely to lead to rapid or radical solutions.

Anonymization does not work

In order to balance between data transparency and personal privacy, security-related  information should be anonymized.   Unfortunately, this does not work in the Internet age, where all information (whether correct or not) will be on Twitter within minutes of an accident. The most tragic failure of anonymization is the  Überlingen air accident  of 2002, in which two aircraft collided. The  investigation report concluded that it was a system-wide problem, and no single individual was to blame. Nevertheless, a man who  lost his family in the accident blamed the air traffic controller, found out his identity and home address, and murdered him.

The Überlingen case is extreme, but in an open system there is no automatic mechanism to protect those initially blamed for the accident. It is a serious scenario is that in any accident, the people potentially responsible will be identified immediately, they will be blamed by the media, their personal information will be found immediately, and Internet mobbing could start immediately. The risk may look small now, but already cyber-bullying in South Korea shows that a risk exists. How many people would be willing to work under such circumstances?

Data without metadata is nothing

The technical problems are considerable. The AIS parameters are standardized tightly and are easily understandable.  If more generic information is to be transmitted, then its interpretation becomes problematic. Raw data is just rows of numbers;  processing, interpretation, and displaying are what make it into information.  Someone must do this, must be paid to do it, and must be responsible for quality control.

Some parameters will be considered trade secrets by the shipping companies (or at least in a gray area). Realistically speaking,  any shipping company will either not want to do such an analysis, or will want to keep the results secret. It is certainly possible to force a company to make the raw data available. Without extra incentives, it is barely realistic to expect the company to make the data available in a form which could be easily utilized by competitors.

Transparency benefits the unscrupulous

Transparency is an equalizing safety factor when all parties have the same information on all parties.  If one party stops sharing information, it creates a business advantage for itself (even more so if it begins to distort it). No idealism can change this fact; surveillance and enforcement are needed. The enforcement needs to be global. It can be argued that for technologies such as nuclear energy such a global enforcement system already exists; that is true, but nuclear energy was born in completely different historical circumstances than shipping, and was in fat able to start from a clean table.

Open real-time information also makes piracy easier. More information means more opportunities to plan attacks. Merchant ships near the coast of Somalia will certainly not be willing to participate in experiments in radical transparency.

Terrorism is invoked too easily, but it cannot be ignored. Any transparency model must accept the brutal truth that there are destructive entities. The sinking of a large passenger ship might not even be the worst-case scenario; societies can recover from large losses of life very rapidly, even though the scars are horrible.   A more worrisome scenario might be an  Exxon Valdez-type massive oil leak event next to a nuclear power plant.

What can we do?

Many people reflexively oppose this type of radical transparency, whether with good reason or by knee-jerk reflex. How could they be motivated to at least try?  Even if calculations clearly show that transparency is useful for the whole system in the long run, people are irrational and think in the short run. Given that the early adopters take a risk, how would this risk be compensated to them?  Shipping has a long history and legacy practices which are difficult to overcome. Radical transparency is something that absolutely should be tested in a suitable environment. However, I am forced to conclude that shipping safety is simply not a sensible environment in which to start.