10
Fri, Jan

The 737-Max Tragedies: Who to Blame?

LOS ANGELES

GELFAND’S WORLD--The aftermath of two 737 crashes in a fraction of a year leads to questions ranging from journalism to engineering. What strikes me at this point is that there may be a question about computer software that is being missed. 

As to journalism, the two online sources worth reading (at least for the layman) are Patrick Smith's blog Ask the Pilot [http://www.askthepilot.com/ethiopian-737max-crash/] and the columns by James Fallows in the online version of the Atlantic. Smith is a commercial pilot who has been flying the big jets for years and has authored a couple of books aimed at the nervous or curious flyer. His basic shtick is that flying is incredibly safe compared to activities such as driving or avoiding being killed by a gun shot. 

Fallows is a conscientious journalist who also has an interest in flying (enough to own and operate his own airplane) and who therefore can interpret a lot of the technical wording that most other news reporters get hung up on. He knows the difference between a stabilizer and a pitot tube. 

The first thing that Smith tells his readers after an airline accident is that we should be patient about learning the cause. He was one of the first to suggest that the Malaysian jet that disappeared over the Indian Ocean might never be found and that the world would be left with speculation at best about the cause. Now, several years later, his prediction has, so far, been correct. 

His blog is accompanied by a comment section which generally includes additional information provided by professional pilots. Smith and his readers have generally been careful to separate known fact from speculation and take pains to distinguish reasonable speculation from wild guessing. 

Fallows is also careful about jumping to conclusions, taking a similarly cautionary approach to pointing the finger. 

And Smith and Fallows will routinely remind their readers that we should be careful about believing everything we read in the mass media. That's because run of the mill reporters (and news channels) don't always show technical expertise, and they deal with inadequate information during the most newsworthy first hours after an incident. It can be a year or more before the final accident report, and sometimes there are surprises or unanswered questions. 

In the few days following the second crash, the news media -- notably the Seattle Times and the New York Times -- have laid out a plausible argument for how these crashes occurred that is damning not only to Boeing but possibly even to the Trump administration. 

The more surprising part is that both Smith and Fallows are not disputing the plausibility of the newspaper suggestions. That's because Boeing knew about a design problem in the new version of the 737 that might have explained the first crash. Smith had already discussed that design issue in an earlier column (see the link above). Fallows has provided a link to confidential reports provided to the federal government by commercial airline pilots that reported problems with the 737 Max control systems well before the second crash. 

Boeing had already promised a fix to the problem a while back, but it supported keeping the planes in the air while they got things sorted out. It's clear from reading the Fallows columns and the Seattle Times that the FAA was too easy on Boeing starting from the time before the airplane was certified to fly. 

Another issue: It is speculated that Boeing and the FAA might have come out with the fix and certified it earlier had not the government shutdown intervened. That's the knock on Trump and his putative part in the deaths of nearly 200 people. 

Corporate Greed Played a Part 

Here's where the engineering and design issues come in. Boeing introduced the 737 half a century ago. It was the small 2-engine airplane in a fleet that had included craft with 4 engines (the 707) and 3 engines (the 727). Southwest Airlines figured out how to save a lot of money by relying exclusively on the 737. It was economical to fly, and Southwest didn't have to train its pilots on multiple aircraft. The 737 also turned out to be incredibly safe when operated by a carrier like Southwest. 

Over the years, Boeing found it possible to build larger and larger versions of that original airplane by stretching it out. These design changes came with larger engines but things still worked fine. 

The recent changes that mark the 737 Max go well beyond the earlier evolution of the airframe. In order to improve fuel economy while allowing for more passengers, Boeing had to go to an even larger engine. This resulted in another problem because the 737 is built low to the ground. You can't just make an airplane a yard higher and expect it to behave like it did before. Instead, to keep these larger engines high enough above the ground, Boeing moved them further forward and higher. This was the first of the two changes that -- according to the newspaper accounts -- led to the two fatal crashes. 

 Think of an airplane like a teeter-totter. It rotates up and down around a center of mass. We don't think about this very much while flying, because we only notice that the thing is tilting up, down, or sideways. But to the aeronautical engineer, the way that rotation occurs is important. An airplane has to stay in the air, and to do this, depending on the speed, it can't point its nose up too high. The aviation people refer to the critical point where the airplane doesn't have enough lift to maintain stability with the word stall, and that is a function of how high the nose is pointing -- what is referred to in aeronautics as the angle of attack. That word doesn't mean the same thing as your car stalling. The airplane's engines can be working just fine. It's the flying characteristics that are in question. 

So, here's the rub. That design change of moving the engines forward and upwards made the nose rise under flying conditions where it wouldn't have happened in earlier 737 versions. In other words, the 737 Max is susceptible to aerodynamic stall under conditions that a previous 737 version would not be. 

And this is where corporate greed comes in. One big selling point for the 737 was that airlines didn't have to do a lot of pilot retraining while moving to larger sizes. The earlier editions apparently tend to fly pretty much the same way. Boeing continued to push this selling point while merchandising the new version. 

And that may have resulted in the deaths of hundreds of passengers. 

In order to make the new 737 Max like the earlier versions in flying characteristics, Boeing created a computer routine that would try to counteract that rising nose and thereby prevent a dangerous stall. In the first crash, the problem seems to have been that the computer program was getting incorrect information from one of the airplane's sensors, and this led the computer program to push the nose down when it really should not have done so. 

And in the case of the earlier crash, repeated attempts by the captain and first officer to pull the nose back up to a stable flying condition were met with repeated instances of the computer program fighting them and pushing the nose back down. The result was the plane seesawing from downwards to nearly level flight to downwards until there was no more altitude remaining. 

So far, the argument is that the software did what it was supposed to do, but what it was supposed to do turned out to be lethal. 

As several of Patrick Smith's correspondents have pointed out, it would have been possible to design the computer program in a way that allowed the pilots better control. For example, it has been suggested that the system should not be able to repeat its nose-down maneuver more than once. Another fix would be to force the program to consider not just one, but two of the sensors that tell whether the nose is pointing too high. It turns out that there are two such sensors, but in the earlier crash, one was malfunctioning, and the program was written so as only to consider the input from that one. 

If the computer program does what is specified, then it should be fairly easy to fix. In fact, Boeing claims that it will be coming out with the new program within weeks.  

But what if there was also a software bug in there somewhere that hasn't been discovered yet? This is the more chilling possibility. In most computer software applications, there are plenty of opportunities to discover mistakes that make the program run improperly (such mistakes are known as "bugs" in programmer jargon). Maybe the payroll doesn't print out properly, or the ability of the customer to buy paper towels online fails. In such cases, people make angry telephone calls, but those people do not end up dying in a crash. 

In general, software bugs leave a trail. That trail consists of program errors or general failures that result in complaints to the help desk. It may take days or weeks of struggle on the part of the programmers, but the fixit guys generally have the opportunity to repeat and recreate the conditions that led to the failure. 

That's not going to be as easy to do when it comes to an airplane crash. The data to be analyzed are fairly limited -- the recordings of communications between the ground and the flight, the data and voice recordings, and whatever other radar and satellite records can be recovered. That's a lot different from the programmer being able to run the program again and again under real world conditions. 

So, let's suppose that there is some bug in the computer software that drives the 737 Max. It's a little hard to know just exactly what conditions need to happen to induce a serious malfunction. The programmers and their supervisors will have to revisit every possible glitch that they have already considered, not because some bug is necessarily present, but because the politics of bringing back the 737 Max are now too complicated to do otherwise. 

Is this aircraft a kluge? 

In computer industry parlance, the term Kluge refers to a design that has flaws and requires patches to keep it running. Is the 737 Max a kluge, with an inherent instability problem, or is it just a slightly different kind of aircraft that flies a little differently than its predecessors? In the latter case, the 737 Max will eventually be brought to acceptable workability through a modest set of programming changes and additional requirements for pilot training. The best case scenario is that the nose-up/nose-down issues wouldn't have been that serious had the operating systems simply told the pilots of the situation and had not been built to take control away from the human flier.

 

(Bob Gelfand writes on science, culture, and politics for CityWatch. He can be reached at [email protected])

-cw