Wow. The quote from Capt Ray Miller is particularly telling:
“I have been told by my company . . . that the FAA and Boeing (were) aware of the problems with the spurious rudder inputs but considered them to be more of a nuisance problem than a flight safety issue. I was informed, that so far as everyone was concerned, the rudder hardovers were a problem but that the `industry' felt the losses would be in the acceptable range. I was being mollified into thinking the incident did not happen, and for the `greater good' it would be best not to pursue the matter. In other words I am expendable as are the passengers I am responsible for, because for liability reasons the FAA, Boeing et al cannot retroactively redesign the rudder mechanisms to improve their reliability."
And this was after the fault had not just caused in-flight emergencies, but had already killed people...
I wonder what solutions there are to these liability/blame problems. I have seen a similar case in Australia, where a parking barrier was an extreme danger as it cross over a biking path, and was hard to see until the last minute. It caused a crash that took a mans leg, and the legal proceedings took years. During that time the barrier remained in place, still a danger, because removing it would have admitted fault.
A side note: there is a well-defined value of "acceptable range", i.e. regulators regularly make decisions based on whether the cost of a change would be more than the "statistical value of a human life". (https://www.theglobalist.com/the-cost-of-a-human-life-statis...)
The question is whether, through regulatory capture or negligence, monetary costs are being valued too highly.
To add a human element to this story, I'm from north of Pittsburgh and the crash of flight 427 is one of the events from my childhood that I can determinedly recall. One of my classmates--eight or nine years old--lost her father in that crash. Our class planted a tree outside our middle school with a plaque to memorialize him. I bother saying this only because, while air travel is impressively safe overall (hats off to the FAA and NTSB), it's natural to mentally dismiss a mere ("mere") 132 deaths in the grand scheme of things without pausing to consider the broader ripples such an event has on history.
Boeing rudder issues in the 1990s? How about the 2010s? A KC-135R(Boeing 707 variant) in 2013 crashed of the same issues as the article.[1] The KC-135R is essentially a modified 707 retooled with 737 engines and a beefed up vertical stabilizer to account for the increased power of the engines. This modification of the KC-135R occurred in the 90s and has been plagued with rudder problems ever since. The accident in 2013 was attributed to pilot error, because there are procedures to turn off the PCU if the rudder goes haywire... but why not just fix the problem outright?
While we're bashing Boeing, let us not forget how they tried to swindle taxpayers into buying their tankers... a scandal which led to their CFO going to prison.
Honestly, I can't understand how this was a bad thing given just how dated and stretched-thin the KC-135 fleet was at the time and those problems have only growm worse. The Air Force has been trying to replace thr KC-135 for decades since the newest airframe was produced in 1965 and their entire in-flight refueling logistics rely on these aircraft. Yes, it is unseemly to slip something into a continuing resolution to fund a war effort but when the bureaucratic roadblocks to purchasing something so critically important yet so unsexy as a flying gas station, one has to wonder if the people involved were acting out of good-willed desperation to help avert a massive problem with critical defense infrastructure. While $16 Billion for 100 aircraft may seem exorbitant, it has taken until this past year for the KC-135's replacement to enter servjce at a cost of $179 million per unit. That still beats the inflation adjusted cost of $160m per 767 tanker but think about how !uch money has been wasted on upfit and restoratiom programs for the 60+ year old KC-135 airframes over the 15 years since that "scandal".
Aside from this specific issue, all of aviation works like this.
E.g. the reason the 747 was decommissioned from passenger flight in the US when it was is because they flew it right up to the day that the FAA mandated that they couldn't fly it anymore.
The reason was that they didn't have then-mandatory fuel tank inerting. For something like a decade there were a bunch of planes in the air carrying people that were known to be more likely to explode than some other planes.
Regulatory safety is always a messy combination of new requirement and timed phase-out of old systems.
Same with cars, you can buy a used car today and even use it as a taxi to ferry passengers without it having safety features that would make it illegal to sell as a newly manufactured vehicle.
"E.g. the reason the 747 was decommissioned from passenger flight in the US when it was is because they flew it right up to the day that the FAA mandated that they couldn't fly it anymore."
This reminded me of the Yak-42 jackscrew failure due to a design defect, which caused a crash killing 132 onboard in 1982 [1]. The entire fleet was grounded for more than two years until the full investigation was completed and the defect was fixed. Three design engineers were convicted.
"The investigation concluded that among the causes of the crash were poor maintenance, as well as the control system of the stabilizer not meeting basic aviation standards”
It made me think of the horizontal stabilizer jackscrew jam on Alaska Airlines 261[0], but I misremembered that as a 737 rather than a MD-83. SF radio personality Cynthia Oti was among the passengers.
Maybe the FAA should study how Soviet authorities responded to a crash of a new type of aircraft?
> Operation of the entire fleet of Yak-42 aircraft until the elucidation of the causes of the disaster and the elimination of the identified deficiencies was suspended until 1984.
Aviation has an well known acceptable risk level at around 10^-9 for each issue. That's the number that leads government intervention, pilot procedure designing, aircraft designing and everything else. It's expected to lead to a less than 10^-6 chance of accidents per flight. (Somebody calculated the B783 Max odds on 4*10^-6 yesterday, what is a crazy high level.)
That number has been higher in the past, and is moving into 10^-10 per issue with 10^-7 overall risk right now, with large airplanes in scheduled flight very near that level.
> Somebody calculated the B783 Max odds on 4*10^-6 yesterday, what is a crazy high level.
I think that may have been me (1/250000), but that was based on a couple of generous assumptions - two crashes across 4 flights/day on 350 planes for an average of 365 days. Unfortunately I think a more reasonable flights/day number is 3 or lower - a lot of Max 8s are on longer routes - and the flight day average is almost certainly lower than 365 (which assumes linear deliveries for the past two years, with no days for maintenance).
I had heard of the history of the "rudder hardover" problems with the 737 but have never heard that Boeing was actively subverting the investigation. Assuming it's true, I'd agree that it's appalling behavior, but this post alone doesn't convince me. A lot of complex systems can fail in unlikely ways and it doesn't imply malfeasance that the company was wrong about the cause.
How many times have you investigated a weird, intermittent software or system problem and gone down the wrong path (or paths) because what turned out to be the actual cause seemed so unlikely, even if there were clues that in retrospect you should have given more weight.
I have never hindered any investigative agency, internal or otherwise, attempting to discover flaws in systems I have built. Doing so would be morally abhorrent, and hopefully someday illegal
> Instead, Boeing tried to claim that flight 427 crashed because a pilot had a seizure and depressed the rudder. NTSB investigators dismissed this as ridiculous.
> Boeing had no choice but to carry out the changes, but the company never stopped trying to deflect blame. While the investigation was ongoing, it adopted a philosophy of trying to avoid paying out damages to families of crews because this could be legally interpreted as an admission of responsibility. It had tampered with the PCU from the Colorado Springs crash and repeatedly tried to misdirect the investigation with “alternative” theories.
I do not wish to diminish how serious any tampering with the evidence would have been, or of Boeing's more general attitude of dismissing signs that there was a problem with the equipment, but it is not entirely clear from the article that someone from Boeing removed the Colorado Springs PCU spring and end cap. The article says the item had apparently been in the possession of United Airlines and valve designer/manufacturer Parker Bertea before their absence was noticed. The unit is also described as having been heavily damaged in the crash, to the point where several other parts had to be replaced before it was tested.
That would require more evidence than it sounds like there is. And that's assuming that you subscribe to the motivations put forward in this article. I generally follow Hanlon's razor - "Never ascribe to malice that which can adequately be explained by incompetence". I have a hard time believing that a cover-up in Boeing was orchestrated over several years by a group of people all who didn't care about loss of life. I can easily believe that they didn't take the problem seriously, and that they were biased towards conclusions that weren't their fault.
I worked under a CEO who had worked at Boeing before, and he said before that at times there was a number that a life was worth when making decisions while he worked there, in a conversation about diminishing returns in quality.
Now I’m not sure if he meant that literally and there’s a number in the Boeing employee handbook, but he had a point. He said they could make planes cost twice as much and save a few lives that will be lost one day, but no one would be able to afford flying.
This case definitely seems like that mentality gone wrong, but it’s interesting to realize yes, cost was spared in making your plane/car/boat/train as safe as possible
The NHTSA has a similar number, I believe its in the realm of $2 million per life. Its based off of medical costs and a few other "organic" numbers to estimate what the population as a whole values a life at.
Its morbid but it has to be this way or transportation would be unaffordable.
Sure. But the Ray Miller quote suggests that the issue was not that a modification to make the rudder mechanism more reliable was itself prohibitively expensive from an engineering point of view. Rather, the concern was that making such a modification could open up liability issues, as it would be an acknowledgement that the plane was faulty, and the FAA and Boeing were anxious to avoid being held liable.
> but it’s interesting to realize yes, cost was spared in making your plane/car/boat/train as safe as possible
Isn't it always the case? Driving cars and flying planes is a risky activity (the former much riskier, but still). There are ways to reduce the risks, but millions of people choose to buy cars without most recent safety features. A lot of people choose to drive tired, intoxicated, distracted, under bad weather conditions, while using mobile devices, etc. - knowing it is risky. There could be more safety features in cars - stronger materials, more accident-preventing electronics, enforced speed limits, etc. - but nobody would buy a car that costs $200K and can go only 30 mph, even it'd be super-safe for the driver. So yes, we know we trade some safety for reduced cost (either directly monetary or convenience). There's no surprise there, and there's no surprise manufacturers participate in the balance too. Of course, the consumer can make voluntary decision about accepting risk only if they are informed about the risks - if the risks are purposely concealed from consumers, then it's a problem.
this is a huge discussion and if seen with a cynic eye would lead to troubling results. For example telling someone to pay more for this flight so that is 1/100000 chance of dying becomes 1/1000001 .. this is a field of psychology even. Put this mixed with capitalism, profit etc. Not taking sides. I just find this extremely complex
Yeah, if things had gone just slightly differently. That, and also the company may well have ended and another gained US airline dominance.
I'd like to see a James Burke "Connections" style series on near-misses. What could have been. Another case I like to think about is Sears missing the boat on the Internet. They were catalog based 80 years before Amazon and well could have decimated the industry if a few key decisions were different.
In March 2010, a 29-year-old shift nurse left her job in Atlanta, Georgia and headed to her boyfriend’s house. She was driving her 2005 Chevy Cobalt on a two-lane road as she approached a half-mile downhill straightaway. As the road leveled after the straightaway, she approached an area where some rainwater had accumulated. Shortly after encountering this section of roadway, she apparently lost control of her Cobalt as it hydroplaned across the center line. The rear passenger side of her car was struck by an oncoming Ford Focus, causing the Cobalt to spin off the road and fall 15 feet before landing in a large creek around 7:30 p.m. The impact of the crash broke the nurse’s neck, an injury that led to her death shortly after she arrived at the hospital.
While this tragedy might sound like a typical crash scenario, it was particularly puzzling to the victim’s parents. Why? According to Atlanta magazine, she always wore her seat belt and never had a speeding ticket. So how did she suddenly lose control of her car on that fateful evening? Sadly, this unsettling question remained unanswered until several years later—after many more drivers suffered similar fates.
...
The ignition switch did not meet the mechanical specifications for torque and required less force to turn the key than its designers originally ordered. If the driver’s knee hit the key fob, the car would often turn off, causing stalling at highway speeds and disabling the airbags.
While this tragedy might sound like a typical crash scenario, it was particularly puzzling to the victim’s parents. Why? According to Atlanta magazine, she always wore her seat belt and never had a speeding ticket. So how did she suddenly lose control of her car on that fateful evening? Sadly, this unsettling question remained unanswered until several years later—after many more drivers suffered similar fates.
I don't understand why this paragraph was written this way. Driving highway speeds and hitting a puddle of water seems like a reasonable cause to lose control of a car and result in the crash. I don't understand why this would be puzzling. On the other hand, the lack of airbag deployment would be puzzling.
In my opinion the GM ignition switch thing was over blown.
Getting worn out and sloppy and failing in one of several ways (e.g. turning the car off unexpectedly) is not an atypical failure mode of old ignition switches. The only reason it was a big deal was because wealth-ish people (i.e. not someone driving a 1993 Corolla) driving fairly new (at the time) vehicles died.
Their cover up was somewhat scummy but I don't think it wasn't the kind of thing they should not have had to cover up.
> Investigators discovered upon their arrival that someone had made off with the spring and end cap, but at the time they did not know the significance of this act. The NTSB and Parker Bertea replaced the spring, the end cap, and several other parts that were ruined in the crash and began running tests on the valve. Nothing abnormal was found. Boeing, which had packed the valve for shipping, did not explain why it kept the spring and the end cap. It instead tried to steer the NTSB toward a conclusion that the crash was caused by a wind rotor, a phenomenon similar to a sideways tornado that could sometimes be found along the Rocky Mountains.
Correct. Not to play psychic, but I'm assuming the original poster chose to share this as a friendly reminder that as a general rule, Boeing does not have a track record of placing human lives above their continued corporate profitability.
"If Boeing knew about a problem with the MCAS, they'd have told the FAA and corrected it" is not a hypothesis in-line with their past behavior, should anyone be holding that hypothesis in their minds.
I know these comments are kind of frowned upon on threads talking about an issue like this, but very interesting use of imgur. Effectively a blog post focused on images, which is a very good way of thinking about posts I feel. People love images rather than only words. Has imgur been looking at this? Trying to push it as another big use for its platform?
That was a surprisingly interesting read. I have to admit I was skeptical just because it was hosted on imgur, but both the images/text paint an interesting picture worthy of discussion.
Manufacturers take the blame for this. And they take the blame for things like no global transponder in the loss of the 777 over the Atlantic. Unfortunately the FAA processes, while enlightened in some ways, and firmly grounded in the science of safety, are effectively a strong deterrent for a manufacturer to avoid changing anything in a design.
The result is that many aircraft operate for a very long time with very outdated systems. Replacing designs is prohibitively expensive to prove to the FAA that there will be no corresponding degradation of the system's performance or new safety risk. Unfortunately such a process does not calculate the cost of not replacing the system. No cost is attributed with keeping something that is old and lacking in capability.
The result is that aircraft systems are woefully behind what technology can offer. And this is not just the hardware or the software, it includes the procedures and the overall set of capabilities. The result is that aircraft are being operated to the standards of the 50s, when in fact a much higher standard of crew and aircraft performance is possible. When I say performance I am also talking about safety performance, the ability to operate without harm causing failure.
[+] [-] dang|7 years ago|reply
See https://news.ycombinator.com/item?id=19393741 and https://news.ycombinator.com/item?id=19393715 for more.
[+] [-] jfk13|7 years ago|reply
“I have been told by my company . . . that the FAA and Boeing (were) aware of the problems with the spurious rudder inputs but considered them to be more of a nuisance problem than a flight safety issue. I was informed, that so far as everyone was concerned, the rudder hardovers were a problem but that the `industry' felt the losses would be in the acceptable range. I was being mollified into thinking the incident did not happen, and for the `greater good' it would be best not to pursue the matter. In other words I am expendable as are the passengers I am responsible for, because for liability reasons the FAA, Boeing et al cannot retroactively redesign the rudder mechanisms to improve their reliability."
And this was after the fault had not just caused in-flight emergencies, but had already killed people...
[+] [-] gameswithgo|7 years ago|reply
[+] [-] azernik|7 years ago|reply
The question is whether, through regulatory capture or negligence, monetary costs are being valued too highly.
[+] [-] kibwen|7 years ago|reply
If you'd like to experience a moment of somber horror, Wikipedia has a computer reconstruction of the final moments of the plane based on the recordings recovered from the black box: https://en.wikipedia.org/wiki/File:USAir_Flight_427_Chase.og...
[+] [-] Admiral_C|7 years ago|reply
[+] [-] laen|7 years ago|reply
[1]https://www.amc.af.mil/News/Article-Display/Article/786708/w...
[+] [-] tuna-piano|7 years ago|reply
https://www.washingtonpost.com/archive/opinions/2003/10/06/t...
[+] [-] cc439|7 years ago|reply
Source on KC-46 info and general issues with the agjng KC-135 fleet: https://www.defensenews.com/opinion/commentary/2019/01/16/pe...
[+] [-] syn0byte|7 years ago|reply
[deleted]
[+] [-] avar|7 years ago|reply
E.g. the reason the 747 was decommissioned from passenger flight in the US when it was is because they flew it right up to the day that the FAA mandated that they couldn't fly it anymore.
The reason was that they didn't have then-mandatory fuel tank inerting. For something like a decade there were a bunch of planes in the air carrying people that were known to be more likely to explode than some other planes.
Regulatory safety is always a messy combination of new requirement and timed phase-out of old systems.
Same with cars, you can buy a used car today and even use it as a taxi to ferry passengers without it having safety features that would make it illegal to sell as a newly manufactured vehicle.
[+] [-] rwc|7 years ago|reply
I'm sorry, what? Do you have a source?
[+] [-] rootusrootus|7 years ago|reply
[+] [-] georgecmu|7 years ago|reply
[1] https://en.wikipedia.org/wiki/Aeroflot_Flight_8641
[+] [-] hopler|7 years ago|reply
"The investigation concluded that among the causes of the crash were poor maintenance, as well as the control system of the stabilizer not meeting basic aviation standards”
[+] [-] masonic|7 years ago|reply
[0] https://en.wikipedia.org/wiki/Alaska_Airlines_Flight_261
[+] [-] oldgradstudent|7 years ago|reply
> Operation of the entire fleet of Yak-42 aircraft until the elucidation of the causes of the disaster and the elimination of the identified deficiencies was suspended until 1984.
[+] [-] marcosdumay|7 years ago|reply
That number has been higher in the past, and is moving into 10^-10 per issue with 10^-7 overall risk right now, with large airplanes in scheduled flight very near that level.
[+] [-] DuskStar|7 years ago|reply
I think that may have been me (1/250000), but that was based on a couple of generous assumptions - two crashes across 4 flights/day on 350 planes for an average of 365 days. Unfortunately I think a more reasonable flights/day number is 3 or lower - a lot of Max 8s are on longer routes - and the flight day average is almost certainly lower than 365 (which assumes linear deliveries for the past two years, with no days for maintenance).
[+] [-] hhmc|7 years ago|reply
[+] [-] ams6110|7 years ago|reply
How many times have you investigated a weird, intermittent software or system problem and gone down the wrong path (or paths) because what turned out to be the actual cause seemed so unlikely, even if there were clues that in retrospect you should have given more weight.
[+] [-] mrguyorama|7 years ago|reply
[+] [-] usaphp|7 years ago|reply
> Boeing had no choice but to carry out the changes, but the company never stopped trying to deflect blame. While the investigation was ongoing, it adopted a philosophy of trying to avoid paying out damages to families of crews because this could be legally interpreted as an admission of responsibility. It had tampered with the PCU from the Colorado Springs crash and repeatedly tried to misdirect the investigation with “alternative” theories.
Should not there be some criminal charges?
[+] [-] mannykannot|7 years ago|reply
[+] [-] rkangel|7 years ago|reply
[+] [-] qrbLPHiKpiux|7 years ago|reply
With the size of the defense contract they have with the USG?
[+] [-] matz1|7 years ago|reply
That depends on whether you can convince the court.
[+] [-] nabla9|7 years ago|reply
For crime to happen there has to be criminal activity.
[+] [-] BoorishBears|7 years ago|reply
Now I’m not sure if he meant that literally and there’s a number in the Boeing employee handbook, but he had a point. He said they could make planes cost twice as much and save a few lives that will be lost one day, but no one would be able to afford flying.
This case definitely seems like that mentality gone wrong, but it’s interesting to realize yes, cost was spared in making your plane/car/boat/train as safe as possible
[+] [-] jdsully|7 years ago|reply
Its morbid but it has to be this way or transportation would be unaffordable.
[+] [-] jfk13|7 years ago|reply
That is what I think people find offensive.
[+] [-] smsm42|7 years ago|reply
Isn't it always the case? Driving cars and flying planes is a risky activity (the former much riskier, but still). There are ways to reduce the risks, but millions of people choose to buy cars without most recent safety features. A lot of people choose to drive tired, intoxicated, distracted, under bad weather conditions, while using mobile devices, etc. - knowing it is risky. There could be more safety features in cars - stronger materials, more accident-preventing electronics, enforced speed limits, etc. - but nobody would buy a car that costs $200K and can go only 30 mph, even it'd be super-safe for the driver. So yes, we know we trade some safety for reduced cost (either directly monetary or convenience). There's no surprise there, and there's no surprise manufacturers participate in the balance too. Of course, the consumer can make voluntary decision about accepting risk only if they are informed about the risks - if the risks are purposely concealed from consumers, then it's a problem.
[+] [-] arisAlexis|7 years ago|reply
[+] [-] peteradio|7 years ago|reply
[+] [-] umvi|7 years ago|reply
[+] [-] imglorp|7 years ago|reply
I'd like to see a James Burke "Connections" style series on near-misses. What could have been. Another case I like to think about is Sears missing the boat on the Internet. They were catalog based 80 years before Amazon and well could have decimated the industry if a few key decisions were different.
[+] [-] js2|7 years ago|reply
https://nsc.nasa.gov/resources/case-studies
This one is interesting:
In March 2010, a 29-year-old shift nurse left her job in Atlanta, Georgia and headed to her boyfriend’s house. She was driving her 2005 Chevy Cobalt on a two-lane road as she approached a half-mile downhill straightaway. As the road leveled after the straightaway, she approached an area where some rainwater had accumulated. Shortly after encountering this section of roadway, she apparently lost control of her Cobalt as it hydroplaned across the center line. The rear passenger side of her car was struck by an oncoming Ford Focus, causing the Cobalt to spin off the road and fall 15 feet before landing in a large creek around 7:30 p.m. The impact of the crash broke the nurse’s neck, an injury that led to her death shortly after she arrived at the hospital.
While this tragedy might sound like a typical crash scenario, it was particularly puzzling to the victim’s parents. Why? According to Atlanta magazine, she always wore her seat belt and never had a speeding ticket. So how did she suddenly lose control of her car on that fateful evening? Sadly, this unsettling question remained unanswered until several years later—after many more drivers suffered similar fates.
...
The ignition switch did not meet the mechanical specifications for torque and required less force to turn the key than its designers originally ordered. If the driver’s knee hit the key fob, the car would often turn off, causing stalling at highway speeds and disabling the airbags.
https://nsc.nasa.gov/features/detail/hidden-hazards
Edit: apparently NASA is checking referrer and you can’t follow this link directly. It’s the third case study down the page from the first link.
[+] [-] humblebee|7 years ago|reply
I don't understand why this paragraph was written this way. Driving highway speeds and hitting a puddle of water seems like a reasonable cause to lose control of a car and result in the crash. I don't understand why this would be puzzling. On the other hand, the lack of airbag deployment would be puzzling.
[+] [-] jlv2|7 years ago|reply
[+] [-] dsfyu404ed|7 years ago|reply
Getting worn out and sloppy and failing in one of several ways (e.g. turning the car off unexpectedly) is not an atypical failure mode of old ignition switches. The only reason it was a big deal was because wealth-ish people (i.e. not someone driving a 1993 Corolla) driving fairly new (at the time) vehicles died.
Their cover up was somewhat scummy but I don't think it wasn't the kind of thing they should not have had to cover up.
Edit: should not have
[+] [-] everdev|7 years ago|reply
Is this true?
[+] [-] howard941|7 years ago|reply
[+] [-] fixermark|7 years ago|reply
"If Boeing knew about a problem with the MCAS, they'd have told the FAA and corrected it" is not a hypothesis in-line with their past behavior, should anyone be holding that hypothesis in their minds.
[+] [-] gnud|7 years ago|reply
I think the point here was to show how Boeing has responded to issues in the past.
[+] [-] mzs|7 years ago|reply
What if this MAX thing isn't pitot tube or MCAS software…
[+] [-] jackschultz|7 years ago|reply
[+] [-] Someone1234|7 years ago|reply
[+] [-] atomicbeanie|7 years ago|reply
The result is that many aircraft operate for a very long time with very outdated systems. Replacing designs is prohibitively expensive to prove to the FAA that there will be no corresponding degradation of the system's performance or new safety risk. Unfortunately such a process does not calculate the cost of not replacing the system. No cost is attributed with keeping something that is old and lacking in capability.
The result is that aircraft systems are woefully behind what technology can offer. And this is not just the hardware or the software, it includes the procedures and the overall set of capabilities. The result is that aircraft are being operated to the standards of the 50s, when in fact a much higher standard of crew and aircraft performance is possible. When I say performance I am also talking about safety performance, the ability to operate without harm causing failure.
[+] [-] southern_cross|7 years ago|reply
https://www.seattletimes.com/business/boeing-aerospace/boein...
have apparently been leading to decisions like this:
https://www.seattletimes.com/business/boeing-aerospace/air-f...