Incident: Cashless Tolling System Glitch Sends Erroneous Speeding Notices to Drivers

Published Date: 2019-11-14

Postmortem Analysis
Timeline 1. The software failure incident happened between October 16 and November 3, as mentioned in the article [92428]. 2. Published on 2019-11-14. 3. The incident likely occurred in October or November 2019.
System The software failure incident at the Maryland transportation agency involved the failure of the following system: 1. Deactivation of software at the Hatem bridge toll plaza not being coordinated with the new electronic cashless tolling system [Article 92428].
Responsible Organization 1. Maryland Transportation Authority [92428]
Impacted Organization 1. Drivers who received erroneous speeding notices [Article 92428] 2. Maryland Transportation Authority, which manages Maryland's toll roads and bridges [Article 92428]
Software Causes 1. The failure incident was caused by a "deactivation" of software at the Hatem bridge toll plaza that was not coordinated with a new electronic cashless tolling system, leading to erroneous speeding notices being sent to drivers [92428].
Non-software Causes 1. Lack of coordination between the deactivation of software at the Hatem bridge toll plaza and the implementation of a new electronic cashless tolling system [92428] 2. Implementation of a new electronic cashless toll system without proper testing and coordination with existing systems [92428]
Impacts 1. 22,000 drivers received erroneous speeding notices, causing confusion and frustration among the recipients [Article 92428]. 2. The Maryland Transportation Authority spent approximately $20,600 on mailing out the incorrect violation notices [Article 92428]. 3. The incident led to potential suspension threats for drivers' E-ZPass accounts if they received another violation within a six-month period [Article 92428]. 4. The software failure resulted in wasted taxpayer dollars due to the erroneous notices being sent out [Article 92428].
Preventions 1. Proper coordination and testing between the deactivation of software at the Hatem bridge toll plaza and the implementation of the new electronic cashless tolling system could have prevented the incident [92428]. 2. Conducting thorough quality assurance and testing procedures before sending out automated notices to drivers could have helped catch the mistake before it impacted thousands of individuals [92428]. 3. Implementing a fail-safe mechanism or validation check to ensure that the speed data being used for issuing violations aligns with the correct tolling system could have prevented erroneous speeding notifications from being sent out [92428].
Fixes 1. Coordinating the "deactivation" of software at the Hatem bridge toll plaza with the new electronic cashless tolling system to prevent such errors in the future [Article 92428].
References 1. Kelly Melhem, spokeswoman for the Maryland Transportation Authority [Article 92428] 2. Motorist Tom Adkins [Article 92428] 3. Motorist Donald Rhodes [Article 92428]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident of sending erroneous speeding notices to drivers due to a coordination issue between software systems happened at the Maryland Transportation Authority. The incident occurred at the Hatem bridge toll plaza where the deactivation of software was not coordinated with a new electronic cashless tolling system, leading to the incorrect notices being sent to drivers [92428]. (b) There is no information in the provided article about a similar incident happening at other organizations or with their products and services.
Phase (Design/Operation) design, operation (a) The software failure incident in the article was primarily due to a design issue. The problem arose from a lack of coordination between the deactivation of software at the Hatem bridge toll plaza and the implementation of a new electronic cashless tolling system. This design flaw led to erroneous speeding notices being sent to drivers who would have been considered speeding at the old toll between specific dates [92428]. (b) Additionally, there is an aspect of operation-related failure mentioned in the article. The operation-related failure can be attributed to the misuse of the system by sending out thousands of incorrect speeding notices to drivers, causing confusion and frustration among the recipients. This misuse of the system led to unnecessary costs incurred by the transportation authority [92428].
Boundary (Internal/External) within_system (a) The software failure incident in this case was within_system. The failure occurred due to a "deactivation" of software at the Hatem bridge toll plaza that was not coordinated with a new electronic cashless tolling system, leading to erroneous speeding notices being sent to drivers [92428]. The issue originated from within the system itself, where the lack of coordination between the old and new systems resulted in the incorrect notifications being generated.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in this case was primarily due to non-human actions. The incident occurred because of a "deactivation" of software at the Hatem bridge toll plaza that was not coordinated with a new electronic cashless tolling system, leading to erroneous speeding notices being sent to drivers [92428]. The problem was a result of a lack of coordination between different software systems rather than direct human error. (b) Human actions also played a role in this software failure incident. The decision to deactivate the software at the toll plaza without proper coordination with the new electronic cashless tolling system was a human action that contributed to the failure [92428]. Additionally, the frustration expressed by drivers and the wastage of over $20,000 on sending out erroneous notices by mistake highlight the impact of human decisions on the incident.
Dimension (Hardware/Software) hardware, software (a) The software failure incident in the article was primarily due to a hardware-related issue. The incident occurred because of a "deactivation" of software at the Hatem bridge toll plaza that was not coordinated with a new electronic cashless tolling system [92428]. This hardware-related issue led to the erroneous speeding notices being sent to drivers who passed through the bridge. (b) The software failure incident was also influenced by contributing factors originating in software. The failure was a result of the software deactivation at the toll plaza not being coordinated with the new electronic cashless tolling system, leading to the incorrect speeding notices being sent out to drivers [92428].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident described in the articles is categorized as non-malicious. The incident occurred due to a "deactivation" of software at the Hatem bridge toll plaza that was not coordinated with a new electronic cashless tolling system, leading to erroneous speeding notices being sent to drivers [Article 92428]. The failure was a result of a mistake in the system integration rather than any malicious intent to harm the system.
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident in Article 92428 was primarily due to poor decisions. The incident occurred because a "deactivation" of software at the Hatem bridge toll plaza was not coordinated with a new electronic cashless tolling system, leading to erroneous speeding notices being sent to 22,000 drivers [92428]. This poor decision resulted in confusion and frustration among customers, with one resident mentioning the constant speed trap around the bridge and another driver highlighting the bumper-to-bumper traffic, indicating the unlikelihood of speeding through the toll area [92428]. Additionally, the Maryland Transportation Authority's failure to turn off the system before going live with the cashless toll was criticized as a waste of over $20,000 in taxpayer dollars [92428].
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident in the article was primarily due to development incompetence. The incident occurred because a "deactivation" of software at the Hatem bridge toll plaza was not coordinated with a new electronic cashless tolling system, leading to erroneous speeding notices being sent to drivers [Article 92428]. (b) Additionally, the incident can also be categorized as accidental, as the erroneous speeding notices were sent out mistakenly without proper coordination between the old and new tolling systems, causing confusion and frustration among the drivers [Article 92428].
Duration temporary The software failure incident described in the articles was temporary. The incident occurred due to a "deactivation" of software at the Hatem bridge toll plaza that was not coordinated with a new electronic cashless tolling system, leading to erroneous speeding notices being sent to drivers [Article 92428]. The problem was identified, acknowledged, and subsequently fixed by the Maryland Transportation Authority.
Behaviour omission, value, other (a) crash: The software failure incident in the article did not involve a crash where the system lost state and did not perform any of its intended functions. The issue was related to erroneous speed warnings being sent to drivers due to a coordination problem between the software at the toll plaza and the new electronic cashless tolling system [Article 92428]. (b) omission: The software failure incident can be categorized under omission, as the system omitted to perform its intended functions correctly by sending out incorrect speed warnings to drivers who were not actually speeding on the bridge. This omission led to confusion and frustration among the recipients of the notices [Article 92428]. (c) timing: The timing of the software failure incident was not related to the system performing its intended functions too late or too early. Instead, the issue was about incorrect speed warnings being sent out to drivers due to a coordination problem between the software at the toll plaza and the new electronic cashless tolling system [Article 92428]. (d) value: The software failure incident can be attributed to a value failure, as the system performed its intended functions incorrectly by sending out erroneous speed warnings to drivers, causing confusion and frustration among the recipients of the notices [Article 92428]. (e) byzantine: The software failure incident did not exhibit a byzantine behavior where the system behaved erroneously with inconsistent responses and interactions. The issue was more straightforward, involving the incorrect issuance of speed warnings due to a coordination problem between different components of the tolling system [Article 92428]. (f) other: The software failure incident can be categorized under a coordination failure, where the deactivation of software at the toll plaza was not coordinated with the new electronic cashless tolling system, leading to the erroneous issuance of speed warnings to drivers who were not actually speeding on the bridge. This lack of coordination resulted in the system not functioning as intended and causing confusion among users [Article 92428].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident at the Maryland transportation agency led to 22,000 drivers receiving erroneous speeding notices due to a mistake in the software deactivation at the Hatem bridge toll plaza. The agency spent about $20,600 on mailings to notify the drivers of the violations, which were later confirmed to be incorrect. This resulted in a waste of taxpayer dollars and resources due to the software failure [Article 92428].
Domain transportation (a) The failed system was related to the transportation industry. The Maryland Transportation Authority experienced a software failure at the Hatem bridge toll plaza, which led to erroneous speeding notices being sent to drivers using the Thomas J. Hatem Memorial Bridge [Article 92428].

Sources

Back to List