A Blog by Jonathan Low

 

Mar 12, 2019

Does the Second 737 Max Crash Raise Questions About Airplane Automation?

The perfect is the enemy of the good. JL

Konstantin Kokaes reports in MIT Technology Review:

A third of the commercial airplanes in the sky at any given moment are Boeing 737s: it is the best-selling jetliner in history. The brief history of the 737 Max raises the question of whether Boeing made mistakes in pursuit of efficiency. Did more efficient engines and the changes they necessitated to the airplane’s automation systems compromise the aircraft’s safety? New air-safety technologies don't always make airplanes safer. Each new automatic device might solve some problems only to introduce new, more subtle ones. Instead of improving safety, innovations can allow airlines “to run greater risks in search of increased performance.”
As you read this, over a million people are in flight. Close to a third of the commercial airplanes in the sky at any given moment are Boeing 737s: it is the best-selling jetliner in history. The 737 has safely carried over 20 billion passengers on long trips and on short ones. That legacy of safety is now under scrutiny as the 737 Max, the newest variant of the jetliner, has crashed twice in rapid succession.
Ethiopian Airlines Flight 302 crashed on Sunday, a few minutes after taking off from Addis Ababa, killing all 157 people on board. It was the second such tragedy in five months, following an October crash in Indonesia that killed all 189 passengers and crew on Lion Air Flight 610. Airlines and regulators around the world have now grounded the model—though Boeing and the US government insist that it is safe.The brief history of the 737 Max raises the question of whether Boeing made mistakes in its pursuit of efficiency. America’s Federal Aviation Administration (FAA) and other regulators will also have questions to answer about their oversight of the way changes to the plane were communicated to pilots.
As of the time of writing, it is impossible to definitively say if the two airplanes crashed for the same reasons. According to a preliminary report released by the Indonesian air safety investigative agency, Lion Air 610 crashed because a faulty sensor erroneously reported that the airplane was stalling. The false report of a stall triggered an automated system that tried to point the aircraft’s nose down so that it could gain enough speed to fly safely. The pilots fought the automated system, trying to pull the nose back up. They lost.
The 737 Max has bigger engines than the original 737, which make it 14% more fuel efficient than the previous generation. As the trade publication Air Current explains, the position and shape of the new engines changed how the aircraft handles, giving the nose a tendency to tip upward in some situations, which could cause the plane to stall. The new “maneuvering characteristics augmentation system” was designed to counteract that tendency.
Did these more efficient engines—and the changes they necessitated to the airplane’s automation systems—compromise the aircraft’s safety? As sociologist Charles Perrow wrote in his classic 1984 book Normal Accidents, new air-safety technologies don't always make airplanes safer, even if they work just as well as they are supposed to. Instead of improving safety, innovations can allow airlines “to run greater risks in search of increased performance.”
A high-ranking Boeing official told the Wall Street Journal that “the company had decided against disclosing more details to cockpit crews due to concerns about inundating average pilots with too much information—and significantly more technical data—than they needed or could digest.”
But what good is a safety system that’s too intricate for highly trained professional airline pilots to understand? Each new automatic device, Perrow wrote, might solve some problems only to introduce new, more subtle ones. Make the system too complicated, he said, and it’s inevitable that regulators will lose track of which pilots had been told what, and that some pilots will get confused about which procedures to follow. It didn’t, he said, make much sense to blame pilots in cases like this. Pilot error, he said, “is a convenient catch-all.” But it’s the complexity of the system that’s really to blame.
The Lion Air crash—and the news that some pilots may not have been given all the information they needed about the new systems on board—caused an uproar among those who fly the 737 Max. As the Seattle Times reported, one American Airlines pilot wondered: “I’ve been flying the MAX-8 a couple times per month for almost a year now, and I’m sitting here thinking, what the hell else don’t I know about this thing?”
Investigators recovered Ethiopian 302’s voice and data recorders—the so-called black boxes—on Monday afternoon. This will help them determine the cause of the crash. Following the earlier crash in Indonesia, the FAA issued an airworthiness directive that set in place new procedures for disengaging the plane’s automated systems if pilots have reason to believe that erroneous sensor readings are causing the autopilot to force the plane’s nose down.
On Monday, after the crash in Ethiopia, Boeing released a statement vouching for the safety of the 737 Max. But that same statement also announced a software update that would make the flight control software better able to cope with erroneous sensor inputs.
The remarkable safety record of commercial airliners is an achievement of bureaucracy rather than technology. Airplanes are not safe because they are made of strong materials, nor because the computers that help fly them are so sophisticated. They are safe because of an elaborate international system of regulation that, with scores of checklists and reams of systematized procedures, makes “Safety first” not a slogan but a reality.
That system is now showing signs of strain.
Politics should have nothing to do with an airplane’s ability to fly. The 69 airlines around the world that have taken delivery of 737 Max planes should find them all to be equally safe: those in China should be no more safe or less safe than those in the US.
However, within a day of the crash, 23 airlines had grounded their 737 Max fleets. None of these are American-flagged. China was the first country to ground them all. By contrast, the FAA issued a “Continued Airworthiness Notification to the International Community”: a proactive announcement vouching for the safety of the American-made 737, even though, as Boeing itself has said, the cause of the crash remains uncertain.
This demonstrates a fracturing of technocratic consensus. The last time something similar happened, in 2013, the international aviation community grounded all Boeing 787s until problems with the airplane’s batteries could be resolved. Times are different now. Taking things at face value, maybe China is showing an abundance of caution, and the FAA is not jumping to conclusions. But it sure looks as if China is taking the chance to undermine confidence in its global rival, while the US government is doing what it can to protect America’s largest exporter, which is an important source of manufacturing jobs.
Each year, airspace grows more crowded as more and more people fly, and as drones of various sizes grow in popularity. Commercial air travel has remained so safe, in part, because a thorough infrastructure of investigation makes it possible to learn from mistakes, and thus avoid repeating them.
At the time of writing, investigators have not definitively ruled on the causes of either 737 Max crash. It sadly appears, however, that the lessons from Lion Air 610 were not learned in time to prevent the crash of Ethiopian 302. Hopefully the particular problem of this automated anti-stall device causing a plane to nosedive will be solved by the changes Boeing and aviation regulators are currently in the process of implementing.
Nevertheless, even in the best case, the cycle will surely continue. As Perrow wrote, “The hard core of system accidents, while small, will probably not get smaller. This is because with each new advance in equipment or training, the pressures are to push the system to its limits.”

0 comments:

Post a Comment