Leave a comment

Reflections on Max 8: Sophisticated Airplanes and Self-Driving Cars

Would you feel safer flying in a Boeing 737 Max 8—or in the 40-year-old formerly mothballed plane pulled out of retirement to replace it?

Have 40-year-old planes actually been pulled out of retirement and put into service? Probably not. But, since hundreds of Max 8s have been grounded, replacements have had to come from somewhere. Airlines don’t have hundreds of extra planes sitting around. It will take months or years to build new planes. The only alternatives have been to cancel flights, look for older, underused airplanes, and/or reduce routine maintenance in order to keep existing planes constantly flying.

Much of the reporting of the Max 8 issue has been shallow. The idea that air travel is safer now that the “dangerous” Max 8s are grounded ignores the alternatives. “Dangerous” is a relative term when dealing with complex machines and equally complex human beings.

Generally, air travel is very safe. When accidents happen, there are mass casualties, and that draws attention, but such accidents are actually very rare. Airplanes have far better technology than cars, and pilots are much better trained than automobile drivers. The standards are higher.    

The Discovery channel program Mayday provides a wealth of information about aviation issues. Each episode of this program recounts the investigation into a single plane crash. The investigations take months. It takes a long time to decode and analyze what is in the black boxes. There are actually two of these boxes (painted orange)—a cockpit voice recorder and a data recorder that records speed, altitude, control settings, fuel consumption, and dozens of other pieces of information.

In addition, investigators examine the wreckage in minute detail, talk to witnesses, interview air traffic controllers, interview survivors, interview mechanics, review pilot histories, check training procedures and manuals, check maintenance histories and maintenance procedures, look at previous crashes, and even investigate human psychology in areas such as blind spots, distractions, and fatigue.

After months of painstaking investigation and analysis of an accident, the investigators write a report. What often emerges is that a crash had multiple causes. Airplanes have many safety and backup features designed to prevent accidents. If a mechanical problem occurs, pilots are trained to work around the problem and keep the plane flying. If a pilot makes an error, the co-pilot is there to offer a correction, often using a troubleshooting manual, and the plane itself will sound a warning or even override the pilot’s error. Therefore, when there is a plane crash, it is usually caused by a combination of human and mechanical failures. This happens for instance, when a pilot chooses the wrong response to a mechanical problem or when a pilot is confused because more than one thing went wrong at the same time. It is easy to blame pilots for such errors, but modern airplanes are very complex, and pilots often have only minutes or even seconds to diagnose and respond to problems. A complicating factor is that pilots have learned to depend on airplanes’ automated and safety/backup systems and can become complacent. In a crisis, it may take precious time for them to realize there is a problem, take responsibility, analyze the problem, and act.

The Max 8 Accidents

What seems to have happened in the Max 8 crashes in Indonesia and Ethiopia is that a sensor was out of position and gave incorrect data to the airplane’s computer, which triggered an automatic safety response; that is, the airplane computer received data that suggested the plane was about to stall, and so the computer pushed the nose of the plane down to prevent the stall. The pilot’s response should have been to disengage the safety system and fly the plane manually.

The Max 8 is a new plane with many new safety systems to prevent crashes, and that has raised a number of questions. There have been allegations that the pilots were not fully trained to understand these new systems and know how to handle this new technology. There have been suggestions that the training programs themselves were not fully developed and not readily available. Regardless of training, it is undoubtedly true that the pilots had not flown the planes enough to have become experienced in dealing with the new systems. There have also been allegations that there were bugs in the plane’s computer systems and/or design flaws that had not shown up in the testing of the new plane model and that may only have become evident in a few of the many varied situations that airplanes actually fly in. Since both Max 8 crashes occurred in the Third World, there have also been suggestions that that these pilots were less well trained on the new plane than North American pilots, perhaps because of language issues, but that might not be the case either.

As far as I know, while preliminary conclusions have been reached pointing to design faults and inadequate training, the final reports have not yet been written on the two crashes, and so the full answers are not yet fully known.

Even if the same problem brought down both planes, solving the problem is obviously taking considerable time. Overhauling a complex set of operating guidance systems is not an easy process. Fixing one problem might create new ones. Retraining pilots on all of the many things that might go wrong is also a lengthy and complex procedure.    

It is disconcerting to ponder that a computer-controlled system designed to keep the airplane safe might actually have caused it to crash.

Implications for Automobiles

The recent Max 8 crashes and the resulting safety concerns also raise questions for automobile safety.  

Like piloting a modern aircraft, driving a modern automobile requires interaction between human beings and increasingly complex mechanical and computerized machinery. Modern automobiles have self-parking technology, lane departure warnings, automatic braking systems, innumerable sensors, and much more. These systems are designed to make automobiles safer, and in general they do, but they do not necessarily make driving simpler.

And such systems are only the beginning.

Automobile manufacturers are now designing autonomous or self-driving cars, assuring us that this will make us much safer. They tell us that since human error causes most automobile accidents, eliminating human control will eliminate accidents.

This leads to several thoughts.

1. Computerizing cars and adding safety warning, backup, and autonomous systems is reducing accidents in automobiles just as it has done in airplanes, and further innovations will no doubt reduce accidents even further.

2. While in the past most accidents were due to human error, in the future most accidents will be due to computer errors or failures in the interaction between human beings and the computer-controlled machine. The reason most accidents are currently due to human error is because most vehicles are currently controlled by humans. When most vehicles are controlled by computers, most accidents will be caused by mechanical failures and computer problems.

3. Computers are fragile. The life expectancy of a cell phone is two to three years. The life expectancy of a desktop computer is about five years. The lifetime expectancy of a computerized home appliance is five to ten years, about half the lifetime of the non-computerized older appliances. No matter how well the systems work when heavily computerized vehicles are new, how well will they work when they are five to ten years old?

4. Sensors are also fragile. The misalignment of a single sensor might have brought down the Max 8 planes. Like airplanes, autonomous vehicles will only be as reliable as the data they receive. In an automobile, the sensors must correctly measure the position of other vehicles, the edges of highways, and much more. And sensors on vehicles are more vulnerable. What happens if mud or slush or a rock gets splashed or thrown onto a sensor? What happens if a sensor fails?

5. Airplanes rely on radar and airport guidance systems. Automated vehicles must rely on GPS systems and external data, which are more complex and less dependable. There are far more cars on the road than there are airplanes in the sky, and GPS systems are not maintained with the same rigorous attention to detail. What happens if a dog or a rock or a snowbank or something else unexpectedly appears on the highway? What happens if there is a detour? What happens if someone has incorrectly entered the wrong coordinates or other data into a GPS system?

6. Computerized and autonomous vehicles are more expensive. I once had to get rid of a car because a sensor designed to measure evaporation in the gas tank failed and it would have cost too much to replace the sensor and the computer system that monitored it.

7. Will autonomous vehicles have the same level of testing and reliability as airplanes? Can we expect a $100,000 vehicle to be as safe as a $100 million airplane?

8. Airplanes undergo rigorous maintenance and inspection regimes. Pilots are required to inspect and check all systems before takeoff. Can we expect drivers of autonomous vehicles to be as diligent?  

9. There is more congestion and far less reaction time in vehicles. The Max 8 pilots had minutes or seconds to correct their problem. Now imagine if they were flying in close formation with a thousand other planes. That is the situation on most highways.

10. In spite of their automation and sophistication, modern airplanes require the presence of two (and sometimes three) trained pilots. Can automobiles be expected to be so safe that they do not require a human backup system?

11. Pilots learn to depend on the automated and computerized safety systems in airplanes and can become complacent. In a crisis, it often takes precious time for them to realize there is a problem, take responsibility, and act. Drivers of computerized and autonomous automobiles will be tempted to also become complacent. Will a human being who becomes conditioned to just being along for the ride be able to react in time when a problem arises?

12. One of the factors in the Max 8 crashes seems to have been that the pilots were not fully trained on how to monitor and troubleshoot the problems in their highly sophisticated aircraft. As automobiles become ever complex, they will require far more and better driver training, not less.

13. When an airplane crashes, investigators spend months investigating every facet of the crash and determining ways to make airplanes safer so that similar accidents do not happen again. No matter how complex vehicles become, there is no way that experts can devote the same level of investigation into vehicle crashes. It is probably unrealistic to expect vehicle travel to ever be as safe as air travel.

14. Technology has generally made us safer. Computerized and automated systems on automobiles will make them safer and reduce accidents. But complex machines can break down just as easily as complex human beings. As much as we want to believe it, there is no person or machine or computer than can guarantee safety and eliminate all risk.

A version of this article was published in the summer 2019 issue of Collision Quarterly

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: