I don't know, that strikes me as nonsense. It's precisely the interplay of many factors that lead to an accident - and if any one of them had been different, the outcome might have been different. See Reason's "swiss cheese" model of accidents - all the holes have to line up .
How you can go and designate one of these holes the hole, the "single, simple cause" is beyond me. This doesn't do the complexity of engineering justice. Might help to win cases with juries, but I don't see how it could help to make flying safer.
We don't ask lawyers to do surgery. We don't ask them to design bridges. And we don't ask them to do root cause analysis. We leave all of those things to those who actually know what they're doing in those areas.
So ... I wish it worked like you described.
When we medicalise pregnancy and childbirth, then fill hospitals with profit driven policy, and surgeons who fear malpractice accusations, is it any wonder c-sections can become over used?
Fear of malpractice alone can’t explain it all, as it some other lawyer could demonstrate c-sections are over used and lead to complications.
No, but when they're in a court debating about e.g. doctor's negligence, we do expect them to have a rudimentary understanding of what's going on.
The great thing is, if you pay enough, you'll find an expert being willing to argue anything you want.
The expert more capable of conveying their message will be the one who gets the most credibility, and this often (though unfortunately not always) aligns with the expert telling the factual truth.
That's silly, but if I were playing that game, I'd say the single, simple cause was a failure of Boeing and the CIA to keep abreast of A320new development.
Boeing were caught flat-footed by the launch of he A320neo and, facing a loss of potentially thousands of sales, were forced to quickly develop and release a modified 737 rather than create a new plane altogether.
Corporate espionage would have prevented all this.
I believe Boeing knew exactly what was going on with Airbus. US does corporate espionage to favor domestic companies, and creating a new plane is such a big project that there's no way to miss that.
Pardon my ignorance but I thought the Chinese government was the one doing this sort of thing. Surely the US government does not engage in espionage on behalf of it's companies
Scientific facts aren't the same animal as legal facts. And I'll add not the same as political and engineering facts either. Root cause analysis facts are social and engineering facts.
In real life a incident may be the emergent behaviour enabled by complex circumstances and a certain culture, all culminating in one crystalized point of failure. Think of causal chains: Managment pressures engineers and fires experienced older engineers, engineers are clearly not up to task, do something. Qualitt control might catch it but is circumvented by other managers who fake documents. The thing is not up to speck but wouldn’t have failed if the pilots... etc.
This is what I mean by systemic emergent behaviour. All of these things were wrong or wreckless, but pinning it to one cause isn’t doing reality a favour here.
It is the job of regulators to figure out how to prevent future incidents, and it seems that the EASA will be taking the hardline lead on that as there seems to be a general mistrust of the FAA this side of the pond.
The framing here is obviously from a lawyers perspective. A lawyer that has been very successful at extracting money from companies.
Making the issue appear simple and traceable to a single problem seems like a great way to convince a jury.
Or, an electorate. Maybe oversimplification is the path to popularity.
That "single item" might be the component-failure, that which fell through the aligned holes in the swiss-cheese, or it could be "the single layer of the system that was left out" that would have mitigated or otherwise precluding the class of failure.
One could castigate Boeing for not having a more redundant use of sensors the MAX case, or one could say "Why don't you have 'hackers' as a part of your process, whose job it is to find these classes of problems and raise all hell when they do."
Then again based on the phrasing "single, simple cause" I'm more inclined to say you're on the money. That the lawyer is looking at the component-failure rather than "avoiding non-redundant systems" as a class of problem to solve.
Lawyers aren't interested in the technical minutiae except in as much as it can be useful in communicating intent to the jury.
"Why did you decide to only use one sensor to feed such a critical system?"
"Why did it not occur to anyone to reevaluate the safety rating when the software was changed?"
"Was there any pressure to not do as thorough an analysis as possible?"
What I would do as an attorney is cross examine everyone involved to establish that there was a clear and present intent to put the completion of the product on time ahead of completing the project in total compliance with federal regulations. It's proving intent to the jury that matters. Not arguing over the finer points of aircraft design. In fact, I'd be surprised if anyone with an aviation background would even make it passed voir dire unchallenged.
The goal will be to establish that the problem was cultural and political. An avoidable cascade of engineering failures and regulatory misrepresentations was the result, not the cause.
When you're assigning blame for something like an aircraft crash, what you want to single out is errors which were preventable. So, for instance, icing on critical sensors probably isn't preventable 100%, so that's why we do things like have redundant sensors, algorithms about how to use that sensor data to avoid letting a bad sensor reading cause a big problem, etc. Another thing that isn't preventable is weather, of course, so we engineer things to handle that. But preventable errors, especially ones which we've already learned how to handle in the past, are generally considered unforgivable and worthy of assigning blame. A crash caused by a Russian AA missile isn't really avoidable for a passenger jet, so we don't blame the pilot or the aircraft maker or airline. A crash caused by using a single sensor that's known to ice up and is used for a system that's only there because someone thought it'd be a great idea to slap some oversize engines on an obsolete airframe from the 60s in the wrong position, however, is clearly a preventable error.
(Not an expert, but private pilot, have read many NTSB accident reports).
A forensic engineer's job is to prevent the next accident.
Cases are won on clear, persuasive argument. A simple, single-cause narrative works.
Accidents are avoided by removing or mitigating contributing factors, based on significance and costs.
Put another way: truth and science are not rhetorical activities. Politics and business are.
Boeing survived that.
What they haven't survived is the full process of peeling back the layers of paperwork, and subsequent investigation into what enabled the physical foundation of these crashes to come about.
Considering there was apparently a whistleblower willing to testify that decisions material to enabling the crash were made specifically to meet deadlines by dodging regulator scrutiny, I have the feeling Boeing will have a rough time of it.
It is nonsense. It takes multiple failures to bring down an airliner, and the NTSB accident reports recommend fixing all of them. It's why airliners are so safe today.
The 737MAX issue is no different.
They had three pilot's attempt the scenario, and one of them lost the plane. This never got looked at well enough before. If they had, they wouldn't have been able to certify before their deadline.
"The FAA is adopting a new airworthiness directive (AD) for all Airbus SAS Model A321-251N, A321-252N, A321-253N, A321-271N, A321-272N, A321-251NX, A321-252NX, A321-253NX, A321-271NX, and A321-272NX airplanes. This AD was prompted by analysis of the behavior of the elevator aileron computer (ELAC) L102 that revealed that excessive pitch attitude can occur in certain conditions and during specific maneuvers. This AD requires revising the airplane flight manual (AFM) to incorporate updated procedures and operational limitations, as specified in a European Union Aviation Safety Agency (EASA) AD, which is incorporated by reference. The FAA is issuing this AD to address the unsafe condition on these products."
The failures that take down aircraft will likely involve multiple things going wrong, because the engineers (mechanical, aeronautical, system, software, etc) work hard to ensure a single thing going awry won’t down a plane.
That doesn't get him settlement money, though.
That assumption and the birthday paradox is what leaves people walking funny.
I, for one, hope this plane never flies again.
It is not sufficient to get an unproven platform out there to build up "track record" to prove it is safe. That's ludicrous. That's how you get things blowing up, catching on fire, losing power, throwing turbine blades, what have you.
You have to have your your fundamental analysis done, and if you are integrating with a major system from someone else, you need to bloody coordinate with them, and ideally talk with their Quality department. If your plane is going to be spending a lot of time in Asia, testing how your turbine should up to the atmosphere there is not an unreasonable experiment to run. Expensive? Yes. Difficult to prepare? Yes. Unreasonable? Goodness, no.
The thing that scares the bajeezus out of me, is that I've not once come across anywhere that makes that kind of contact between organizational Quality departments feasible or efficient. In my pursuits, I basically end up having to do end runs around obstacles and become such a subject matter expert, I start asking questions that make other service providers nervous, because they don't know whether they're saying too much. I've spent so much time tearing stuff apart it's just natural to me to do so; but as I'm frequently reminded, I'm apparently not a typical specimen in my craft.
I do consider it evidence of organizational incompetence to state that you're staking your organization's reputation on some other organization that you don't own.
And yes, by the way, we keep potentially dangerous products in use all the time because the benefit of them remaining in service far outweighs the danger. Nearly every single medicine on the market comes with significant, dangerous side effects, but do we pull them all off the shelves and abandon the practice of medicine altogether? No, because that would be stupid.
Still not necessarily an "oh God, ground it", but there is a growing pile of very hard to stomach problems that the aviation industry is having to cope with this year.
Well the plane literally overriding the pilots physical commands of the controls and crashing into the ground killing ~300 people, IMHO is a “serious problem”
"How the Boeing 737 Max Disaster Looks to a Software Developer"
“Ehhh, we’ll patch it in the next release…”? /badum-tish
(Actually a really deep and insightful read. Tx.)
EDIT: What? It's one of the better written articles that actually includes most of the technical details, plus some of the corporate environment related ones. The two articles together are basically guaranteed to contain all the essentials one needs to understand what happened.
This whole disaster has been a great example of the importance of good systems and safety engineering, of effective oversight, and of a good safety culture. What is depressing about it is that the aviation industry worked hard for decades to develop an open and effective safety culture, and Boeing seem to have forgotten a lot of the painful lessons of the past.
Hopefully, if anything good comes out of this situation, it will be a reinforcement of the culture and mindset that has made commercial flight incredibly safe.
The engineers doing the work know what it takes to make a good airplane. Let them do their jobs.
I thought these systems were all fly-by-wire now?
Edit: Don't downvote for asking an honest question, guys. Thanks to the people who actually answered.
Boeing’s recommendation for dealing with a runaway MCAS scenario, in fact, was to cut power to the stabilizer trim motors at just the right moment in a short window of opportunity between cycles of it running, and then have the pilot manually crank the trim by hand turning a wheel that pulls a cable.
With excessive speed, or too much counter-force being put on the stabilizer by pulling back on the stick (because the pilots didn’t cut the electricity fast enough inside the cycle window, leading to the stabilizers forcing the nose down and the pilots needing to counter that to keep above the ground), the wheel can require an enormous, potentially insurmountable amount of force to operate.
Should MAX-8 training include a physical fitness component?
You're not :-) The 737 still has direct mechanical linkages to the control surfaces. Changing that would require completely redesigning the aircraft.
Not training the pilots properly was a feature (cheaper for the airlines), and Boeing deliberately wanted to avoid saying they would actually need the training because that was their whole selling point and the reason for all these weird decisions.
The 373 max was a comparative rush job. When Airbus released the A320neo (the A320 first flew in the late 1980s so already was fly-by-wire), Boeing needed to get a comparable plane out ASAP or else cede several thousands of plane sales to Airbus. There wasn't the time to design a whole new plane, so they pushed the design of the 1960s era 373 as far as they could go. The details of the "risky" changes to accommodate the larger engines (that significantly changed the planes aerodynamic profile) and attempts to compensate for that are already documented elsewhere, but adding fly-by-wire would have only made things more complicated.
Boeing's modern planes (not the legacy 737) have fly by wire where there is still a mechanical connection between the yokes. Thus you have the nice shared feel, but you have the benefits of fly-by-wire.
There have been accidents where fly-by-wire has been part of the problem but there have also been failures of the old mechanical linkage systems. Airliners have had active systems to cancel out unstable modes for a long time (e.g. to suppress "Dutch Roll" on the old 727)
The A320 has particularly been plagued by extreme "human error" situations where people crashed the plane after seemingly trying to crash it. For instance the first passenger flight involved a stunt that resulted in a crash. later on New Zealand regulators who were investigating fly-by-wire glitches tried to provoke the fly-by-wire system into failing when they were approaching a runway and they wound up dead.
Market forces drove Boeing to rush out a more fuel efficient 737. Even absent regulatory incentives, market forces drive them to want to deliver a 737-dimensioned plane, because a huge selling point for the NG and MAX is that they're still compatible with decades' old infrastructure at rarely-upgraded regional airports.
Bolting large enough engines to deliver the market-desired fuel efficiency on the market-desired airframe dimensions of the MAX necessarily required mounting them so far forward that the entire airframe is fundamentally prone to pulling into a stall, and correcting that is why MCAS exists.
Certification costs are far from the only reason Boeing has never sat down and designed a successor for 737, even though they've done so for numerous other planes -- half the problem with the 737 is that its engineering achilles heel (the incredibly low ground clearance) is simultaneously a key feature to a large portion of the customer base. Correcting it means all of those customers finally upgrading their ground infrastructure, which leads to Airbus suddenly being a viable competitor for those routes.
Rushing out the MAX let them shore up their advantage in that market — get the fuel savings AND save on the upgrades you won’t need.
How could the rudder possibly be used to change the angle of attack? Isn't the horizontal stabilizer the only control surface that can do this?
Jail time is the only outcome I will accept.
I'd say some time after the first accident it was reasonably well understood what had happened, and the FAA (and many others!) concluded that it was still safe to fly the plane, as the pilots could easily interrupt the accident chain by doing the right thing quick (as the pilots on the Lion Air flight preceding the accident flight had done).
Why that assessment was wrong is a complicated story that has to be examined carefully.
From what I gather, in aviation safety circles "jail time" is very rarely considered a wise answer. As soon as you threaten jail, people will cover their ass and obstruct investigations. Instead, the goal is and should be to examine the entire system to ensure accidents don't repeat, and by and large, the system works exceedingly well.
To survive a runaway trim, pilots had to know the rollercoaster maneuver and have enough altitude to aerodynamically relieve airloads off the jackscrew so they could manually trim the plane back. If FAA and many others knew this then they should have instantly communicated it to all boeing max pilots. Instead none of that happened.
On the MAX's, the switches only kill all electrical input. So those procedures literally didn't apply.
The root cause here is "Boeing management wanted to get a plane out quick so they didn't lose market share". The way to examine the system and make sure this doesn't repeat (for now...) is to put someone in jail for it. Then the next time that some plane company wants to cut corners and get an unsafe plane out quick, some manager who doesn't want to go to jail will put a stop to it.
Show me the flaw in my logic.
In this case you're proposing to punish the smallest cog in the machine, some middle-manager or executive at Boeing.
It would be just as logical to throw every single American in prison for around 45 minutes (~1 person dead in 737 MAX crashes for every million Americans, 80 years (let's call that life in prison) / 1 million =~ 45 minutes).
After all those are the people responsible for electing the people whose job it was to oversee Boeing. Shouldn't we blame them for their disinterest in the activities of the FAA? Maybe give people who complained about the FAA's rubber-stamp regulatory policy before the 737 MAX parole?
All you'd accomplish by throwing people in jail is to incentivize these companies to restructure decision making to be more diffuse, and make all subsequent air crash investigations much more difficult due to everyone involved being afraid of having made some prison-worthy mistake.
Because the usual argument is that the C-suite and especially the CEO are personally responsible for the successes of a company.
So it's not unreasonable to hold them personally responsible for the failures too - especially when those failures amount to suspected criminal negligence.
This is not the same as assuming guilt. Due process should still apply.
But the risk of personal liability should absolutely be present as a deterrent.
And if some executives don't want to operate in that environment - that's absolutely fine. The system should encourage responsible actors, and allow the removal and punishment of those who prefer to act irresponsibly.
These people make tens or hundreds of millions of dollars in compensation, truly obscene amounts of money compared to the workers they manage. Why should they live risk-free lives when the lives of so many people rest on their decisions in the C-suite office, and their decisions are clearly not made with safety in mind, but rather profit?
Your argument is like claiming that a taxi company owner should go to jail when one of his drivers rapes a passenger, even if there was no way the owner could have known the driver had this propensity. It's totally nonsensical.
The executives at Boeing are the ones ultimately responsible for the decisions that led to these crashes, because they prioritized profits over safety, and directed their engineers to work towards that end. For that, they should go to jail.
But the FAA and Boeing are worse than useless.
We have an drug problem that kills 40,000+/year from overdoses. Over a million people die driving in the world PER YEAR.
A small bit of perspective.
Plane flying used to be much MORE dangerous before the "corrupt" FAA got involved with the airplane companies to regulate things more closely. The 737 MAX has had no US passenger fatalities flying with US licensed pilots. The record of safety in aviation in the last few years within the US has been extremely strong.
Just interesting that big pharma walks free, but Hilary Clinton and the FAA are getting the "lock them up" chants.
As a non-US citizen, I find that comment really disturbing.
> Just interesting that big pharma walks free
"Drugmaker Johnson & Johnson must pay $572m (£468m) for its part in fuelling Oklahoma's opioid addiction crisis, a judge in the US state has ruled."
I understand other states are lining up too.
I won't get into all the reasons - many understandable, many addressable. But one small point - it generally takes a chain of issues (from design to maintenance to PIC) to result in an fatality these days.
Paying fines is not jail time. The big white collar criminals never seem to actually do jail time. Many don't even pay back their bonuses or sell their second homes. A guy selling MJ can get jail time and someone killing 10K people get's a vacation home in the bahamas.
The whole comment is whataboutism, so maybe this was just an intentional red herring.
The safety chain in the US has an absolutely incredible record. And there have been PLENTY of design and other failures along the way even in the US BTW
> If you think folks [...] should be in JAIL
Who is 'folks' here - the entirety of the FAA and boeing? Or more likely just the very few at the top who messed up; those in the FAA who didn't do their job (maybe, maybe not) or those at boeing that took advantage of self-certification to cut corners?
Top boeing executives probably earn millions a year, basically they are paid to make the right decisions. That's key. Seems they didn't.
FAA probably less. Now you mention it, it seems likely FAA's share of the blame is the lesser, maybe.
> which has an incredible safety rate among ALL modes of transit
True, and still does, but we now have a case of 2 planeloads of people dead, and a very major US manufacturer that's... well, I don't know but having 5,000 orders frozen for an unknown time can't be good. If that could have been avoided then it should have.
Those responsible, should there be a penalty? If so, in your view, if not jail then what? There are plenty of people in US jails far more trivial things. Can this be right?
If there's anything that's causing the pharma controversy to stall, it's that the cross section of companies involved have significant non pharmaceutical revenue bases to pull from in funding their defense.
Also, to be quite frank, pharma is getting legislative, not just judicial attention as well. There is a reckoning in the works for quite a few industrial verticals.
However, where things are different with aviation is that every last person on each plane had absolutely no ability to influence what ended up happening. The documentation around the process is also far better and more auditable than the collective sales activity of every actor in the pharmaceutical industry.
Give it time. These things require proof, and proof takes time to collect and sift through.
Do you have facts that say that the probability of this happening in US was 0 ?
What is different about the US? (Other than we had fewer MAX-8 deliveries than the rest of the world)
>What is different about the US?
Thats the question that I asked.
And you even got an answer to your question. The number of deliveries is different. What's your point?
My statement is not a fact ? okay
>And you even got an answer to your question. The number of deliveries is different
And I didn't refute or deny that either.
Those parties continued to assure the public that the aircraft were completely safe until the entire rest of the planet ground the aircraft and the US President ordered the FAA to ground the aircraft.
There was no crashes in Canada or X country , what conclusion can you make from this?
A number of possible answers (and no, pilot skill not the only one - though everyone is focusing on that and boeing).
This issue develops IF the computer gets bad data from a sensor.
Question - would this sort of thing get fixed more quickly in the US?
For the Ethiopian crash we have in days leading up to crash errors in the system - all different flights
* Capt side altimeter erratic, showed a decent and lower level then back to normal.
* During approach at 1000' the aircraft started to roll right with the auto pilot engaged.
* During approach at 8K altimeter rapidly descended and returned to normal - caused autopilot problems.
* During takeoff altitude and vert speed on both PFDs showed erratic indications
For Lion Air in days leading up an increase in warnings. Some excerpts.
* Speed trim fail light and mach trim fail light
* Auto throttle diconnect
* Speed and Alt flag
* Feel diff pressure - fail light illuminated
* Maintenance light illuminated during landing
What's the local situation in terms of check rides, maintenance monitoring and cross checks, airline procedure monitoring etc. Ethiopia has a relatively stronger reputation here.
The memory item in this situation is basically a revert to manual flight. There is a possibility that manual flight is not as common in some countries, particularly if they don't have a large General Aviation pool to pull from. This is a concern in US as well (automation reliance).
The path to getting onto a jet in US is currently different than other places. To be a first officer takes 1,500+ hours and an ATP. That's a pretty high bar.
This is a design issue I think as well -> should Boeing reasonably consider that there may be differences between pilot groups in terms of training pathways. I would suggest obviously yes. Is the FAA at fault because other countries may choose different approaches? That's less clear to me. BTW the FAA did a terrible job for a while with small charter operators in financial distress with bad maintenance for example - so the FAA has blindspots but their Part 121 stuff has a good record so far.
The US system has had some amazing saves -> failures with airport bird control -> capt sully etc. Often these pilots aren't jet fighter pilots but have things like glider or small plane experience that is helpful. So systems break down in US, but saves happen.
My US worries are maintenance given cost pressures and actually Air Traffic Control (given fatigue and some weakening of standards there around new hiring).
Also Southwest certainly did not have all of the indicators at first, because they added some: https://theaircurrent.com/aviation-safety/southwest-airlines...
(note that pretty much nobody used that kind of indicator before, so I don't say that to put blame on Southwest)
It was also my understanding that some alarms including the AoA disagree were optional and for a fee even though probably activated by only needing to switch a bit somewhere in the software. So if Southwest had AoA disagree from the beginning (I don't know), well that's cool, but my interpretation is more like: that's not cool that some other airlines did not have it because of the dubious commercial practices of Boeing.
The design redundancy was the pilot in the loop - ie, in a stab trim situation pilot would follow a memory item. So this meant much less automation protection compared to systems without pilot in loop.
Imagine how many more people choose to drive to their destination? Or who have to keep using older models of plane which pump out more tons of CO2, killing the environment and people who might not even be born yet?
And as much as it fuckin irks me...US better throw them a juicy bailout if necessary. Because one aircraft manufacturer global monopoly would be a epic shitshow.
Boeing and Airbus have to walk away from this alive and roughly equal.
I know I will sound cynical, but if the past is any indication of what's coming, it is entirely possible that a decade from now Airbus and Boeing won't be able to fight for Chinese orders anymore, while Comac will enjoy the ability to fight for every single American and European order...
There is absolutely a huge need worldwide for large passenger aircraft, however, but the answer is very simple: sell Boeing's assets at fire-sale prices to another (probably foreign) company and let them take over. Perhaps Bombardier would like to massively expand? Or what about Mitsubishi? Or Embraer? Any of those companies could take over Boeing's factories and operations in relatively short order and start building new and safer planes.