Hacker News new | past | comments | ask | show | jobs | submit login
Boeing's Crashes Expose Systemic Failings (spiegel.de)
195 points by CaptainZapp 48 days ago | hide | past | web | favorite | 129 comments



> What's more, over the course of his 55 years in the profession, he [lawyer Marc Moller] [has] learned that every plane crash can be traced back to a single, simple cause.

I don't know, that strikes me as nonsense. It's precisely the interplay of many factors that lead to an accident - and if any one of them had been different, the outcome might have been different. See Reason's "swiss cheese" model of accidents - all the holes have to line up [1].

How you can go and designate one of these holes the hole, the "single, simple cause" is beyond me. This doesn't do the complexity of engineering justice. Might help to win cases with juries, but I don't see how it could help to make flying safer.

[1] https://en.wikipedia.org/wiki/Swiss_cheese_model


Forgive me a great deal of cynicism here. I suspect that a more accurate statement is "he learned that it works well for him to argue that every plane crash can be traced back to a single, simple cause."

We don't ask lawyers to do surgery. We don't ask them to design bridges. And we don't ask them to do root cause analysis. We leave all of those things to those who actually know what they're doing in those areas.


Yeah, but the work of lawyers has often forced industries to do things differently, even when the best science says they shouldn't do it that way. For example, lawsuits over botched baby deliveries that argued "you should have c[aesarean]-sectioned" resulted in extreme overuse of the procedure in the US, with higher resultant risks.

So ... I wish it worked like you described.


I suspect the reasons for increased c-sections are manifold.

When we medicalise pregnancy and childbirth, then fill hospitals with profit driven policy, and surgeons who fear malpractice accusations, is it any wonder c-sections can become over used?

Fear of malpractice alone can’t explain it all, as it some other lawyer could demonstrate c-sections are over used and lead to complications.


I don't think the parent is arguing malpractice fear explains it all. But clearly, that fear is a significant element in many decisions.


We don't ask lawyers to do surgery

No, but when they're in a court debating about e.g. doctor's negligence, we do expect them to have a rudimentary understanding of what's going on.


Generally, they find, and pay for an expert to argue whatever point they want.

The great thing is, if you pay enough, you'll find an expert being willing to argue anything you want.


Yes, but that works for both parties, though.

The expert more capable of conveying their message will be the one who gets the most credibility, and this often (though unfortunately not always) aligns with the expert telling the factual truth.


> learned that every plane crash can be traced back to a single, simple cause.

That's silly, but if I were playing that game, I'd say the single, simple cause was a failure of Boeing and the CIA to keep abreast of A320new development.

Boeing were caught flat-footed by the launch of he A320neo and, facing a loss of potentially thousands of sales, were forced to quickly develop and release a modified 737 rather than create a new plane altogether.

Corporate espionage would have prevented all this.


> Corporate espionage would have prevented all this.

I believe Boeing knew exactly what was going on with Airbus. US does corporate espionage to favor domestic companies, and creating a new plane is such a big project that there's no way to miss that.


> US does corporate espionage to favor domestic companies, and creating a new plane is such a big project that there's no way to miss that.

Pardon my ignorance but I thought the Chinese government was the one doing this sort of thing. Surely the US government does not engage in espionage on behalf of it's companies


Friend of mine pointed out.

Scientific facts aren't the same animal as legal facts. And I'll add not the same as political and engineering facts either. Root cause analysis facts are social and engineering facts.


You don't need to be able to analyze causes in order to count them.


No, but if you want to prevent future incidents, it usually helps to have a more systemic view of failure. E.g. questions like: “what kind of management lead to decisions that made such misbehaviour possible?” are usually completely uninteresting for a lawyer, as they either play a legal role or not.

In real life a incident may be the emergent behaviour enabled by complex circumstances and a certain culture, all culminating in one crystalized point of failure. Think of causal chains: Managment pressures engineers and fires experienced older engineers, engineers are clearly not up to task, do something. Qualitt control might catch it but is circumvented by other managers who fake documents. The thing is not up to speck but wouldn’t have failed if the pilots... etc.

This is what I mean by systemic emergent behaviour. All of these things were wrong or wreckless, but pinning it to one cause isn’t doing reality a favour here.


And that's all well and good ... but his role isn't about preventing future incidents, it's seeking restitution for the victims and their families, nothing more, nothing less.

It is the job of regulators to figure out how to prevent future incidents, and it seems that the EASA will be taking the hardline lead on that as there seems to be a general mistrust of the FAA this side of the pond.


No. But I've (as an amateur) looked at crash investigation reports, and they usually state more than one cause.


I also wanted to mention this after reading the paragraph, but it is a pretty unimportant side note in the article.

The framing here is obviously from a lawyers perspective. A lawyer that has been very successful at extracting money from companies.

Making the issue appear simple and traceable to a single problem seems like a great way to convince a jury.


> Making the issue appear simple and traceable to a single problem seems like a great way to convince a jury.

Or, an electorate. Maybe oversimplification is the path to popularity.


Telling a good story. Sometimes that means oversimplifying.


I think, as a lawyer, he's using the phase a "simple cause" to mean "a singular responsibility, culpability, and liability."


Probably. Goes to show that the lawyer representing the victims and the safety folks (NTSB etc.) trying to make sure an accident does not repeat have very different goals, incentives, ways of thinking, etc.


Given how vague the language is, I don't know that we can necessarily draw a conclusion.

That "single item" might be the component-failure, that which fell through the aligned holes in the swiss-cheese, or it could be "the single layer of the system that was left out" that would have mitigated or otherwise precluding the class of failure.

One could castigate Boeing for not having a more redundant use of sensors the MAX case, or one could say "Why don't you have 'hackers' as a part of your process, whose job it is to find these classes of problems and raise all hell when they do."

Then again based on the phrasing "single, simple cause" I'm more inclined to say you're on the money. That the lawyer is looking at the component-failure rather than "avoiding non-redundant systems" as a class of problem to solve.


The single simple cause he may be alluding to is greed.

Lawyers aren't interested in the technical minutiae except in as much as it can be useful in communicating intent to the jury.

"Why did you decide to only use one sensor to feed such a critical system?"

"Why did it not occur to anyone to reevaluate the safety rating when the software was changed?"

"Was there any pressure to not do as thorough an analysis as possible?"

What I would do as an attorney is cross examine everyone involved to establish that there was a clear and present intent to put the completion of the product on time ahead of completing the project in total compliance with federal regulations. It's proving intent to the jury that matters. Not arguing over the finer points of aircraft design. In fact, I'd be surprised if anyone with an aviation background would even make it passed voir dire unchallenged.


Yes. He's certainly not going to approach this like an engineer going bug hunting.

The goal will be to establish that the problem was cultural and political. An avoidable cascade of engineering failures and regulatory misrepresentations was the result, not the cause.


Yeah, I think the language used there just isn't being that precise, by engineering standards, that's all.

When you're assigning blame for something like an aircraft crash, what you want to single out is errors which were preventable. So, for instance, icing on critical sensors probably isn't preventable 100%, so that's why we do things like have redundant sensors, algorithms about how to use that sensor data to avoid letting a bad sensor reading cause a big problem, etc. Another thing that isn't preventable is weather, of course, so we engineer things to handle that. But preventable errors, especially ones which we've already learned how to handle in the past, are generally considered unforgivable and worthy of assigning blame. A crash caused by a Russian AA missile isn't really avoidable for a passenger jet, so we don't blame the pilot or the aircraft maker or airline. A crash caused by using a single sensor that's known to ice up and is used for a system that's only there because someone thought it'd be a great idea to slap some oversize engines on an obsolete airframe from the 60s in the wrong position, however, is clearly a preventable error.


"It's difficult to get a man to understand something when his salary depends on his not understanding it."


The quote from Marc Moller seems counter to what I have seen as the prevailing thought regarding aviation accidents, which is: accidents are the result of a "chain" of failures; if any link in the chain does not occur the accident can be avoided. It is easy to say "software bug" or some single thing caused this failure, but there are many other factors that need to be considered: a/c certification requirements, training requirements (sim time, transitioning to new variants of an a/c), design philosophy for the Max, etc...

(Not an expert, but private pilot, have read many NTSB accident reports).


A lawyer's job is to win the case.

A forensic engineer's job is to prevent the next accident.

Cases are won on clear, persuasive argument. A simple, single-cause narrative works.

Accidents are avoided by removing or mitigating contributing factors, based on significance and costs.

Put another way: truth and science are not rhetorical activities. Politics and business are.


Note that the aviation industry (as you are likely aware) operates on a blameless basis in the interest of preventing a repeat of the same tragedy. That part has come and gone. The cooperation has happened. The investigation has been conducted, the physical, objective nature of the issue; it's implementation, and the physical chain of events that led to the crashes is established.

Boeing survived that.

What they haven't survived is the full process of peeling back the layers of paperwork, and subsequent investigation into what enabled the physical foundation of these crashes to come about.

Considering there was apparently a whistleblower willing to testify that decisions material to enabling the crash were made specifically to meet deadlines by dodging regulator scrutiny, I have the feeling Boeing will have a rough time of it.


> that strikes me as nonsense

It is nonsense. It takes multiple failures to bring down an airliner, and the NTSB accident reports recommend fixing all of them. It's why airliners are so safe today.

The 737MAX issue is no different.


Actually, they've been required to completely rearchitect the computer system due to being able to prove in an engineering simulator that a certain combo of single event upsets could end up causing loss of the aircraft.

They had three pilot's attempt the scenario, and one of them lost the plane. This never got looked at well enough before. If they had, they wouldn't have been able to certify before their deadline.

https://www.seattletimes.com/business/boeing-aerospace/a-lac...


It's different in that it starts to look as though there was a fairly concerted effort to keep the planes flying even though it was known to have a pretty big flaw.


the flawed product was rushed to market to "beat" Airbus there, but hey it's only ~350 people killed, and weeks of delay to ground the fleet. Sorry Boeing, you messed up hard. Personally I don't care to fly, but I sure as F am not getting on your planes. Fish rot from the head down, and I see that in this tragic case.


I guess you won't fly Airbus either, as they were recently slapped with an AD to address pitch instability problems.

"The FAA is adopting a new airworthiness directive (AD) for all Airbus SAS Model A321-251N, A321-252N, A321-253N, A321-271N, A321-272N, A321-251NX, A321-252NX, A321-253NX, A321-271NX, and A321-272NX airplanes. This AD was prompted by analysis of the behavior of the elevator aileron computer (ELAC) L102 that revealed that excessive pitch attitude can occur in certain conditions and during specific maneuvers. This AD requires revising the airplane flight manual (AFM) to incorporate updated procedures and operational limitations, as specified in a European Union Aviation Safety Agency (EASA) AD, which is incorporated by reference. The FAA is issuing this AD to address the unsafe condition on these products."

http://rgl.faa.gov/Regulatory_and_Guidance_Library/rgad.nsf/...


In the world of avionics, the concept of a “single point failure” is widely known and greatly focused on eliminating.

The failures that take down aircraft will likely involve multiple things going wrong, because the engineers (mechanical, aeronautical, system, software, etc) work hard to ensure a single thing going awry won’t down a plane.


For decades accident analysis stopped at the component part. Nowadays it may extend to organizational issues. Even more recent safety paradigms stretch to complex links between product, organizational, business, governmental contexts. Depending on how Moller has worked in the past he could mean a lawyer's language of culpability or an outdated view of safety.


I mean, if the crashes were due to a single cause, that cause should probably be either the failure of the last backstop, or the failure that started the chain. IMO the start of the chain would be the AOA sensor failure, and the last backstop would be the pilots running through the stab trim runaway checklist...

That doesn't get him settlement money, though.


The journalist writing the article may have distorted what he said. Is their a dogma of accident investigation that says there is always a root cause, or is it just a conventional way of working? There are certainly domains in which root cause analysis is inappropriate—psychiatry, for example.

https://en.wikipedia.org/wiki/Root_cause_analysis


What if every accident shares one common hole among all the holes that aligned, and had that hole been eliminate then none of the accidents would have occurred?


Well the probability of having two or more independent, crash resulting faults occur at the same time is remarkably low.


> independent

That assumption and the birthday paradox is what leaves people walking funny.


> Bickeböller's complaint endangered the planned inauguration of the 787, which had already been delayed due to technical difficulties. The problems identified by the engineer, however, weren't addressed by Boeing, which is why he turned to EASA in June. [...] In those papers, it states that management and top executives at Boeing had ordered that the coordination problems with the company's suppliers be "closed." The reason: "to get the 787 production certificate."

I, for one, hope this plane never flies again.


We're talking about the 787 here, not the 737 variant that's falling out of the sky. Despite initial teething issues (something all big systems like this have to some extent) the 787 has gone on to be a successful design. To say "I, for one, hope this plane never flies again" is an overreaction, especially since said problems have been fixed and the plane is in service without the issue popping up.


If those are teething issues, I'm scared to find out what you'd consider to be a serious problem.


Per TFA QA wasn't definitively being done not because they were too stupid to want it done but because of coordination issues with the suppliers because it was a new plane and they didn't have the process down yet. That is almost by definition teething issues. It takes some serious mental gymnastics to say with a straight face that coordination issues with suppliers when a product is first being made are not "teething issues." Sure, it points to systemic incompetency on some level but to say "I, for one, hope this plane never flies again." when the plane now has a proven track record of not being crap is an overreaction, to say the least.


My issue as a Quality Assurance practitioner, is that this excuse (coordination issues) quite literally pops up everywhere, and one of the first skills you need to master to get anywhere with a business is to nip that attitude in the bud. No one will let you have the license to test what needs to be tested unless you are willing to hold up the entire project until you get your results/questions answered.

It is not sufficient to get an unproven platform out there to build up "track record" to prove it is safe. That's ludicrous. That's how you get things blowing up, catching on fire, losing power, throwing turbine blades, what have you.

You have to have your your fundamental analysis done, and if you are integrating with a major system from someone else, you need to bloody coordinate with them, and ideally talk with their Quality department. If your plane is going to be spending a lot of time in Asia, testing how your turbine should up to the atmosphere there is not an unreasonable experiment to run. Expensive? Yes. Difficult to prepare? Yes. Unreasonable? Goodness, no.

The thing that scares the bajeezus out of me, is that I've not once come across anywhere that makes that kind of contact between organizational Quality departments feasible or efficient. In my pursuits, I basically end up having to do end runs around obstacles and become such a subject matter expert, I start asking questions that make other service providers nervous, because they don't know whether they're saying too much. I've spent so much time tearing stuff apart it's just natural to me to do so; but as I'm frequently reminded, I'm apparently not a typical specimen in my craft.


The problem is expecting suppliers to do QA and judge whether something is fit for your purpose. Regardless of whatever indemnity the supplier provides it will always be your name on the product, and you should be solely responsible for ensuring the product meets your requirements.

I do consider it evidence of organizational incompetence to state that you're staking your organization's reputation on some other organization that you don't own.


They're fixed now, is the point. It wouldn't make sense to pull 787s now because the problems are fixed and it would throw global air travel into chaos and disarray (since this plane is now so widely used).


Wot? Potentially-dangerous planes must be kept flying, because air-travel chaos and widely-used-ness?


You seem to have missed the multiple times that it was mentioned that the "potential problems" have been fixed.

And yes, by the way, we keep potentially dangerous products in use all the time because the benefit of them remaining in service far outweighs the danger. Nearly every single medicine on the market comes with significant, dangerous side effects, but do we pull them all off the shelves and abandon the practice of medicine altogether? No, because that would be stupid.


I think you missed the point. "They're fixed now" != "potentially dangerous". (Unless you define all planes to be "potentially dangerous". But if you ground all such planes, you don't have an air travel industry at all.)


They (787's) aren't necessarily all fixed. And in fact, I recall reading somewhere that the fix was to ensure that a 787 could not fly with any more than 1 of the batch of engines that has a penchant for premature turbine failure due to the high sulfur content of the atmosphere where the turbine blades were manufactured.

Still not necessarily an "oh God, ground it", but there is a growing pile of very hard to stomach problems that the aviation industry is having to cope with this year.

https://www.theengineer.co.uk/rolls-royce-problems-trent-100...


>...a serious problem

Well the plane literally overriding the pilots physical commands of the controls and crashing into the ground killing ~300 people, IMHO is a “serious problem”

https://m.youtube.com/watch?v=3m5qxZm_JqM


I didn't look at your link, but if you're talking about the 737MAX, the OP isn't talking about that, he's talking about the 787. AFAIK, the "teething issues" the 787 had were about some batteries catching fire.


Please click the link


No, I can't watch anything that has sound at work. Please don't post links for videos unless you're going to provide a transcription or something, as I'm sure me watching the video without any sound isn't going to get me anywhere.


This is probably the best piece I've read about this:

"How the Boeing 737 Max Disaster Looks to a Software Developer"

https://spectrum.ieee.org/aerospace/aviation/how-the-boeing-...


How the Boeing 737 Max Disaster Looks to a Software Developer

“Ehhh, we’ll patch it in the next release…”? /badum-tish

(Actually a really deep and insightful read. Tx.)



Obligatory further reading repost.

https://www.seattletimes.com/seattle-news/times-watchdog/the...

EDIT: What? It's one of the better written articles that actually includes most of the technical details, plus some of the corporate environment related ones. The two articles together are basically guaranteed to contain all the essentials one needs to understand what happened.


The Seattle times has had some of the best reporting on this, presumably because they have been covering aviation for a long time. I've found some of the tech press have (not surprisingly) treated it too much as a technical issue in the sense of it being about broken software or hardware.

This whole disaster has been a great example of the importance of good systems and safety engineering, of effective oversight, and of a good safety culture. What is depressing about it is that the aviation industry worked hard for decades to develop an open and effective safety culture, and Boeing seem to have forgotten a lot of the painful lessons of the past.

Hopefully, if anything good comes out of this situation, it will be a reinforcement of the culture and mindset that has made commercial flight incredibly safe.


I saw this documentary about issues with the 787 back in 2014, and it was clear that something was massively wrong at Boeing:

https://www.youtube.com/watch?v=rvkEpstd9os

The engineers doing the work know what it takes to make a good airplane. Let them do their jobs.


> By the end, the planes had gained so much speed and were descending so steeply that the pilots would have had to possess superhuman strength to counter the pressure on the horizontal stabilizer trim.

I thought these systems were all fly-by-wire now?

Edit: Don't downvote for asking an honest question, guys. Thanks to the people who actually answered.


The 737 series, including the MAX, has mechanical linkages to the control surfaces.

Boeing’s recommendation for dealing with a runaway MCAS scenario, in fact, was to cut power to the stabilizer trim motors at just the right moment in a short window of opportunity between cycles of it running, and then have the pilot manually crank the trim by hand turning a wheel that pulls a cable.

With excessive speed, or too much counter-force being put on the stabilizer by pulling back on the stick (because the pilots didn’t cut the electricity fast enough inside the cycle window, leading to the stabilizers forcing the nose down and the pilots needing to counter that to keep above the ground), the wheel can require an enormous, potentially insurmountable amount of force to operate.


Yes. Truly terrible. And, possibly the pilots could turn the wheel if both collaborated on it - but then, who pulls back the control column to keep the elevator up? Terrible terrible situation.


And how long can you hold it at max effort?

Should MAX-8 training include a physical fitness component?


There was a video circling around of pilots flying the MAX in a simulator, and reproducing the failure conditions; they were unable to physically hold the trim wheel to counteract the system.


It absolutely should, so that only strong men can possibly pass. Then, since this is absolutely sexist and prevents female (or less-strong men) from flying the plane, either the plane should be non-certified, or Boeing should have to pay full lifetime salaries for any not-strong-enough pilots who want to file a claim that they can't fly this plane.


My understanding is that the 737 does not use Fly by wire [1] and if I remember correctly it's because they wanted to piggyback on the original 737 certification. I could be wrong.

1: https://www.quora.com/Does-the-737-MAX-family-use-fly-by-wir...


> I could be wrong.

You're not :-) The 737 still has direct mechanical linkages to the control surfaces. Changing that would require completely redesigning the aircraft.


What's the motivation for this? Regulatory, I get that. But why use direct mechanical linkage in an era where fly-by-wire would probably be faster/safer/etc?


Cost. Not just cost of manufacture/design, but billing it as cheap because you won't have to retrain all your old 737 pilots.

Not training the pilots properly was a feature (cheaper for the airlines), and Boeing deliberately wanted to avoid saying they would actually need the training because that was their whole selling point and the reason for all these weird decisions.


Because the plane would have certainly then required expensive/time consuming re-certification and expensive/time consuming (for the airlines) retraining of pilots, which Boeing was trying to avoid with the max. Keep in mind, the 737 originally flew in the late 60s. It's obviously now a very different aircraft, but if they were going to go fly-by-wire and require re-certification, they'd have designed a whole new aircraft (something a lot of people would have preferred even before the crashes).

The 373 max was a comparative rush job. When Airbus released the A320neo (the A320 first flew in the late 1980s so already was fly-by-wire), Boeing needed to get a comparable plane out ASAP or else cede several thousands of plane sales to Airbus. There wasn't the time to design a whole new plane, so they pushed the design of the 1960s era 373 as far as they could go. The details of the "risky" changes to accommodate the larger engines (that significantly changed the planes aerodynamic profile) and attempts to compensate for that are already documented elsewhere, but adding fly-by-wire would have only made things more complicated.


I'm not a pilot, but from what I have read many pilots actually prefer mechanical linkage to the control surfaces. Sullenberger even indirectly blamed fly-by-wire systems (in this case the lack of a link between pilot and copilot controls) for the crash of Air France 447: https://www.cbsnews.com/news/air-france-flight-447s-lessons-...


One of the most popular features of Boeing aircraft is that there is a mechanical linkage between the yokes of the pilot and copilot.

Boeing's modern planes (not the legacy 737) have fly by wire where there is still a mechanical connection between the yokes. Thus you have the nice shared feel, but you have the benefits of fly-by-wire.

There have been accidents where fly-by-wire has been part of the problem but there have also been failures of the old mechanical linkage systems. Airliners have had active systems to cancel out unstable modes for a long time (e.g. to suppress "Dutch Roll" on the old 727)

The A320 has particularly been plagued by extreme "human error" situations where people crashed the plane after seemingly trying to crash it. For instance the first passenger flight involved a stunt that resulted in a crash. later on New Zealand regulators who were investigating fly-by-wire glitches tried to provoke the fly-by-wire system into failing when they were approaching a runway and they wound up dead.


Yeah, the regulatory incentives seem to be a substantial factor here.


Not really.

Market forces drove Boeing to rush out a more fuel efficient 737. Even absent regulatory incentives, market forces drive them to want to deliver a 737-dimensioned plane, because a huge selling point for the NG and MAX is that they're still compatible with decades' old infrastructure at rarely-upgraded regional airports.

Bolting large enough engines to deliver the market-desired fuel efficiency on the market-desired airframe dimensions of the MAX necessarily required mounting them so far forward that the entire airframe is fundamentally prone to pulling into a stall, and correcting that is why MCAS exists.

Certification costs are far from the only reason Boeing has never sat down and designed a successor for 737, even though they've done so for numerous other planes -- half the problem with the 737 is that its engineering achilles heel (the incredibly low ground clearance) is simultaneously a key feature to a large portion of the customer base. Correcting it means all of those customers finally upgrading their ground infrastructure, which leads to Airbus suddenly being a viable competitor for those routes.


So if the A320neo isn't suitable for a large portion of the customer base, how is it a competitor to the 737MAX 8?


It was significantly more fuel efficient on the sorts of routes the non-MAX 737 dominated, to the point where airlines and airports were starting to redo their infrastructure to accommodate it because the fuel savings were cheaper in the long run.

Rushing out the MAX let them shore up their advantage in that market — get the fuel savings AND save on the upgrades you won’t need.


The plane in question is the 737 Max, which is the renewed version of the 737 series that started production in 1968. The whole family of planes does not have fly-by-wire.


The article explains this further...


> Boeing developed a software program that constantly monitored the angle of attack. As soon as this angle became too risky, the Maneuvering Characteristics Augmentation System (MCAS) would automatically lower the plane's nose without the pilot having to do anything at all. To do so, it doesn't manipulate the rudder, but the horizontal stabilizer trim, the most forceful control surface on the entire aircraft.

How could the rudder possibly be used to change the angle of attack? Isn't the horizontal stabilizer the only control surface that can do this?


It's the horizontal stabilizer. Which has two parts. The control surfaces controlled by the pilots yoke. And the trim system which adjusts the entire horizontal stabilizer. MCAS uses the trim motors.


It should say elevator, not rudder. I think it's just a typo.


It's obvious to me neither the FAA nor Boeing attempted to accurately replicate the first crash scenario, because this could have wholly averted the second crash. As soon as the planes were grounded, we were getting all sorts of reports about the stablizer being too hard to move and basically an unrecover situation.

Jail time is the only outcome I will accept.


How is it obvious to you that they didn't investigate the first crash sufficiently?

I'd say some time after the first accident it was reasonably well understood what had happened, and the FAA (and many others!) concluded that it was still safe to fly the plane, as the pilots could easily interrupt the accident chain by doing the right thing quick (as the pilots on the Lion Air flight preceding the accident flight had done).

Why that assessment was wrong is a complicated story that has to be examined carefully.

From what I gather, in aviation safety circles "jail time" is very rarely considered a wise answer. As soon as you threaten jail, people will cover their ass and obstruct investigations. Instead, the goal is and should be to examine the entire system to ensure accidents don't repeat, and by and large, the system works exceedingly well.


"as the pilots could easily interrupt the accident chain" -- No they couldn't!

To survive a runaway trim, pilots had to know the rollercoaster maneuver and have enough altitude to aerodynamically relieve airloads off the jackscrew so they could manually trim the plane back. If FAA and many others knew this then they should have instantly communicated it to all boeing max pilots. Instead none of that happened.


This jives with what I've seen from blancolirio, MentourPilot and others sources. The pilots should've had memory items to disable automation control of trim for the duration of the flight rather than all electric control of trim (including yoke-mounted switches), because aerodynamic forces were too large and altitude was too low to manually spin the trim wheels. I do hope Ralph Nader sues the pants off Boeing for murdering his goddaughter through negligent homicide. The FAA is also culpable for failing to oversee self-certification properly and getting too cozy (regulatory capture) with Boeing. As a consequent, equipment models including the whole line of 737 NG (-600 to -900; 2010 Ducommun structural parts scandal), 787 Dreamliner failures and 737 Max 8 and 9 are models I would not step foot on without a gun to my head.


I have read some of the earlier reports that they changed how the electric trim works. On earlier 737's, there were two switches: one to kill automated input, one to kill all electrical input.

On the MAX's, the switches only kill all electrical input. So those procedures literally didn't apply.


I've never quite understood that argument that only little people benefit from jail time and important people do not. Surely if we can put someone in jail for a year for having a forbidden plant in their pocket then we could put someone in jail for - how about a week? Three days? An hour? - for choosing to cut corners on safety and smashing two planes full of people into jelly?

The root cause here is "Boeing management wanted to get a plane out quick so they didn't lose market share". The way to examine the system and make sure this doesn't repeat (for now...) is to put someone in jail for it. Then the next time that some plane company wants to cut corners and get an unsafe plane out quick, some manager who doesn't want to go to jail will put a stop to it.

Show me the flaw in my logic.


This idea that there's one guy or set of people to be found whose fault it is that you have a systemic problem is so uniquely American.

In this case you're proposing to punish the smallest cog in the machine, some middle-manager or executive at Boeing.

It would be just as logical to throw every single American in prison for around 45 minutes (~1 person dead in 737 MAX crashes for every million Americans, 80 years (let's call that life in prison) / 1 million =~ 45 minutes).

After all those are the people responsible for electing the people whose job it was to oversee Boeing. Shouldn't we blame them for their disinterest in the activities of the FAA? Maybe give people who complained about the FAA's rubber-stamp regulatory policy before the 737 MAX parole?

All you'd accomplish by throwing people in jail is to incentivize these companies to restructure decision making to be more diffuse, and make all subsequent air crash investigations much more difficult due to everyone involved being afraid of having made some prison-worthy mistake.


The simple answer is to make the entire C-suite criminally liable - collectively and individually.

Because the usual argument is that the C-suite and especially the CEO are personally responsible for the successes of a company.

So it's not unreasonable to hold them personally responsible for the failures too - especially when those failures amount to suspected criminal negligence.

This is not the same as assuming guilt. Due process should still apply.

But the risk of personal liability should absolutely be present as a deterrent.

And if some executives don't want to operate in that environment - that's absolutely fine. The system should encourage responsible actors, and allow the removal and punishment of those who prefer to act irresponsibly.


I'd recommend using monetary penalties, including clawbacks, for motivational purposes. I suspect jail isn't quite the same level of deterrent as money for people who value those extra 0s on their net worth. Civil litigation is easier to win, too.


I would kinda like to see them get bullets in their heads. That's what China does to corporate executives convicted of corruption.

These people make tens or hundreds of millions of dollars in compensation, truly obscene amounts of money compared to the workers they manage. Why should they live risk-free lives when the lives of so many people rest on their decisions in the C-suite office, and their decisions are clearly not made with safety in mind, but rather profit?


Yup, jail or prosecute them all. Maybe some of the lower-level people will want to cut plea deals to limit their exposure. We need to apply pressure to get people to flip.


Actually, that idea is pretty interesting--throwing a whole group of people in jail for some trivial amount of time. A symbolic slap on the wrist, but maybe at scale it would actually cause some group shame without resorting to draconian collective punishment.


The voters elected people whose job it was to oversee Boeing, but those elected people failed at their jobs. Why should the voters be held responsible for that? It's not the voters' job to oversee Boeing, that's why they elected people to choose other people to run that agency. The whole purpose of representative democracy is that laypeople aren't qualified, nor do they have the time, to make every decision collectively needed to run a society, so they select qualified people to do that full-time for them. If those people can't do the job properly, or do an especially negligent job of it, they can rightfully be punished or even prosecuted.

Your argument is like claiming that a taxi company owner should go to jail when one of his drivers rapes a passenger, even if there was no way the owner could have known the driver had this propensity. It's totally nonsensical.

The executives at Boeing are the ones ultimately responsible for the decisions that led to these crashes, because they prioritized profits over safety, and directed their engineers to work towards that end. For that, they should go to jail.


Jailtime for those in management who are responsible for cover-ups and cut corners. Not jailtime for those who actually design and handle the equipment.


I would not be so hard on the investigation of the first crash, they take time, and the second crash happened before the end of the first one.


Nope. They should have grounded the literally brand-new, undocumented-feature aircraft immediately.

But the FAA and Boeing are worse than useless.


Wow.

We have an drug problem that kills 40,000+/year from overdoses. Over a million people die driving in the world PER YEAR.

A small bit of perspective.

Plane flying used to be much MORE dangerous before the "corrupt" FAA got involved with the airplane companies to regulate things more closely. The 737 MAX has had no US passenger fatalities flying with US licensed pilots. The record of safety in aviation in the last few years within the US has been extremely strong.

Just interesting that big pharma walks free, but Hilary Clinton and the FAA are getting the "lock them up" chants.


> The 737 MAX has had no US passenger fatalities flying with US licensed pilots

As a non-US citizen, I find that comment really disturbing.

> Just interesting that big pharma walks free

"Drugmaker Johnson & Johnson must pay $572m (£468m) for its part in fuelling Oklahoma's opioid addiction crisis, a judge in the US state has ruled."

https://www.bbc.co.uk/news/business-49452373

I understand other states are lining up too.


US / FAA airlines, particularly on a per passenger mile flown basis (which for US carriers is a huge number) are incredibly safe - both against other modes of transit and same mode in a number of other countries.

I won't get into all the reasons - many understandable, many addressable. But one small point - it generally takes a chain of issues (from design to maintenance to PIC) to result in an fatality these days.

Paying fines is not jail time. The big white collar criminals never seem to actually do jail time. Many don't even pay back their bonuses or sell their second homes. A guy selling MJ can get jail time and someone killing 10K people get's a vacation home in the bahamas.


As a human being (that happens to be a US citizen), I find OP's comment really disturbing.

The whole comment is whataboutism, so maybe this was just an intentional red herring.


If you think folks who have a record in the US (where they can enforce regulations around maintenance, training, ATC, airport design) should be in JAIL for creating a system which has an incredible safety rate among ALL modes of transit I find that disturbing. Seriously - we need MORE folks attracted to public service, not going to jail because armchair quarterbacks on the internet are upset.

The safety chain in the US has an absolutely incredible record. And there have been PLENTY of design and other failures along the way even in the US BTW


Pick this apart why don't we. (edit: that came across rude, sorry)

> If you think folks [...] should be in JAIL

Who is 'folks' here - the entirety of the FAA and boeing? Or more likely just the very few at the top who messed up; those in the FAA who didn't do their job (maybe, maybe not) or those at boeing that took advantage of self-certification to cut corners?

Top boeing executives probably earn millions a year, basically they are paid to make the right decisions. That's key. Seems they didn't.

FAA probably less. Now you mention it, it seems likely FAA's share of the blame is the lesser, maybe.

> which has an incredible safety rate among ALL modes of transit

True, and still does, but we now have a case of 2 planeloads of people dead, and a very major US manufacturer that's... well, I don't know but having 5,000 orders frozen for an unknown time can't be good. If that could have been avoided then it should have.

Those responsible, should there be a penalty? If so, in your view, if not jail then what? There are plenty of people in US jails far more trivial things. Can this be right?


So... You're not keeping up with the news are you?

If there's anything that's causing the pharma controversy to stall, it's that the cross section of companies involved have significant non pharmaceutical revenue bases to pull from in funding their defense.

Also, to be quite frank, pharma is getting legislative, not just judicial attention as well. There is a reckoning in the works for quite a few industrial verticals.

However, where things are different with aviation is that every last person on each plane had absolutely no ability to influence what ended up happening. The documentation around the process is also far better and more auditable than the collective sales activity of every actor in the pharmaceutical industry.

Give it time. These things require proof, and proof takes time to collect and sift through.


Any reason you think that this crashes would not have ever happened in US? Before the first crash the pilots did not even known abut MCAS existence so I am not sure why you think that US pilots are extraordinary, I assume that not all MAX pilots are ex fighter pilots with super skills and whatever you imagine that makes ALL US pilots superior to the rest of the world.


So is it merely luck that this crashes doesn't happen in US ?


The majority of the delivered ones were so outside the US https://en.wikipedia.org/wiki/List_of_Boeing_737_MAX_orders_...


IMO yes, but even if US pilots are in average 10x better there still was a chance that you would fly with a 1x pilot and because he would have followed the checklist and crash the plane.

Do you have facts that say that the probability of this happening in US was 0 ?


I don't think anyone insinuating that the probability of this happening in US was 0 but the fact remain that the number of crash so far is 0.


The fact is, Greece also has 0 crashes. Your statement doesn't make any sense.

What is different about the US? (Other than we had fewer MAX-8 deliveries than the rest of the world)


Which of my statement doesn't make any sense ?

>What is different about the US?

Thats the question that I asked.


"fact remain that the number of crash so far is 0" makes zero sense.

And you even got an answer to your question. The number of deliveries is different. What's your point?


> "fact remain that the number of crash so far is 0" makes zero sense

My statement is not a fact ? okay

>And you even got an answer to your question. The number of deliveries is different

And I didn't refute or deny that either.


As far as I remember no Greek airlines (p.e. Aegean) have MAX-8s.


Well, except for the major airlines, Boeing, and the FAA were saying pretty much that after the first crash, with absolutely no technical basis for saying it.

Those parties continued to assure the public that the aircraft were completely safe until the entire rest of the planet ground the aircraft and the US President ordered the FAA to ground the aircraft.


Do you even studied statistics?

There was no crashes in Canada or X country , what conclusion can you make from this?


This is a good question.

A number of possible answers (and no, pilot skill not the only one - though everyone is focusing on that and boeing).

Maintenance.

This issue develops IF the computer gets bad data from a sensor.

Question - would this sort of thing get fixed more quickly in the US?

For the Ethiopian crash we have in days leading up to crash errors in the system - all different flights

* Capt side altimeter erratic, showed a decent and lower level then back to normal.

* During approach at 1000' the aircraft started to roll right with the auto pilot engaged.

* During approach at 8K altimeter rapidly descended and returned to normal - caused autopilot problems.

* During takeoff altitude and vert speed on both PFDs showed erratic indications

For Lion Air in days leading up an increase in warnings. Some excerpts.

* Speed trim fail light and mach trim fail light * Auto throttle diconnect * Speed and Alt flag * Feel diff pressure - fail light illuminated * Maintenance light illuminated during landing

Regulatory regime

What's the local situation in terms of check rides, maintenance monitoring and cross checks, airline procedure monitoring etc. Ethiopia has a relatively stronger reputation here.

Training

The memory item in this situation is basically a revert to manual flight. There is a possibility that manual flight is not as common in some countries, particularly if they don't have a large General Aviation pool to pull from. This is a concern in US as well (automation reliance).

The path to getting onto a jet in US is currently different than other places. To be a first officer takes 1,500+ hours and an ATP. That's a pretty high bar.

This is a design issue I think as well -> should Boeing reasonably consider that there may be differences between pilot groups in terms of training pathways. I would suggest obviously yes. Is the FAA at fault because other countries may choose different approaches? That's less clear to me. BTW the FAA did a terrible job for a while with small charter operators in financial distress with bad maintenance for example - so the FAA has blindspots but their Part 121 stuff has a good record so far.

The US system has had some amazing saves -> failures with airport bird control -> capt sully etc. Often these pilots aren't jet fighter pilots but have things like glider or small plane experience that is helpful. So systems break down in US, but saves happen.

My US worries are maintenance given cost pressures and actually Air Traffic Control (given fatigue and some weakening of standards there around new hiring).


In all seriousness, i believe the reason why many think the crashes would not have happened in the US is because Southwest and others all ordered the planes with redundant sensors (in the area where it pertains to these crashes) whereas many overseas airlines did not.


It was my understanding that such redundancy for automation purposes did not even exist, and that despite having 2 AoA sensors only one was selected before a flight, with the computer switching the one to be used between each flight.

Also Southwest certainly did not have all of the indicators at first, because they added some: https://theaircurrent.com/aviation-safety/southwest-airlines... (note that pretty much nobody used that kind of indicator before, so I don't say that to put blame on Southwest)

It was also my understanding that some alarms including the AoA disagree were optional and for a fee even though probably activated by only needing to switch a bit somewhere in the software. So if Southwest had AoA disagree from the beginning (I don't know), well that's cool, but my interpretation is more like: that's not cool that some other airlines did not have it because of the dubious commercial practices of Boeing.


Correct - limited / no redundancy tech side.

The design redundancy was the pilot in the loop - ie, in a stab trim situation pilot would follow a memory item. So this meant much less automation protection compared to systems without pilot in loop.


But did the checklist had the correct instructions on what to do in the case the extra alarm light would turn on? I think since MCAS was not disclosed there must not have been mentioned in the checklists either


The checklist for runaway stab trim is the same with MCAS -> but more likely and so a much more critical issue. Boeing should have updated pilots for sure - BUT many MCAS events may have occurred and been saved by the existing checklist which overlaps the issue.


And, the grounding of these planes probably indirectly causes more deaths than keeping them flying.

Imagine how many more people choose to drive to their destination? Or who have to keep using older models of plane which pump out more tons of CO2, killing the environment and people who might not even be born yet?


At this rate they're getting a US bailout. I don't recall Boeing positive anything recently.

And as much as it fuckin irks me...US better throw them a juicy bailout if necessary. Because one aircraft manufacturer global monopoly would be a epic shitshow.

Boeing and Airbus have to walk away from this alive and roughly equal.


Don't worry, the duopoly will soon die. Comac is coming with the C919 and C929, and with a huge captive domestic market they are bound to succeed (given enough time).

I know I will sound cynical, but if the past is any indication of what's coming, it is entirely possible that a decade from now Airbus and Boeing won't be able to fight for Chinese orders anymore, while Comac will enjoy the ability to fight for every single American and European order...


No, they don't. Boeing should not be able to continue as a company, especially with its current management.

There is absolutely a huge need worldwide for large passenger aircraft, however, but the answer is very simple: sell Boeing's assets at fire-sale prices to another (probably foreign) company and let them take over. Perhaps Bombardier would like to massively expand? Or what about Mitsubishi? Or Embraer? Any of those companies could take over Boeing's factories and operations in relatively short order and start building new and safer planes.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: