Airbus Faces Charges Over 2009 Rio-Paris Crash

mayberry42 writes "A French judge filed preliminary manslaughter charges Thursday against Airbus over the 2009 crash of an Air France jet — opening a rare criminal investigation against a corporate powerhouse. The order from Judge Sylvie Zimmerman targeting the European planemaker centers on the June 2009 crash into the Atlantic of an Airbus A330 bound for Paris from Rio de Janeiro, killing all 228 people on board."

What happens if they're found guilty?

[MrEricSir]

Forgive me for not knowing much about French law, but what happens if a corporation is found guilty of manslaughter?

Can specific people be held accountable, is there a fine against the company, etc?

Re:What happens if they're found guilty?

[cappp]

I'm assuming the French law is similar to the UK one in that the outcome is pretty much financial with a dash of policy change. Corporate Manslaughter in the UK is governed by the Corporate Manslaughter and Corporate Homicide Act 2007 which notes that:

A court before which an organisation is convicted of corporate manslaughter or corporate homicide may make an order (a “remedial order”) requiring the organisation to take specified steps to remedy—

(a)the breach mentioned in section 1(1) (“the relevant breach”);
(b)any matter that appears to the court to have resulted from the relevant breach and to have been a cause of the death;
(c)any deficiency, as regards health and safety matters, in the organisation's policies, systems or practices of which the relevant breach appears to the court to be an indication.

There is however no personal responsibility assigned i.e. the employees aren't found guilty of aiding or abetting.

Re:What happens if they're found guilty?

[arivanov]

First, it is not. French law is Napoleonic law and it is extremely strict on the concept of "innocent until proven guilty". The Blair style playing fast and lose with it and declaring all management guilty until proven innocent in an H&S case as per UK H&S legislation is impossible there. No comment who exactly sponsored Blair to push that one.

Second, for the time being the charge is mostly a formality. This allows resources to continue to be allocated to the case. Otherwise it would have had to go on the cold case shelf. This way the French government can subsidize the search for the black boxes without getting into the usual Boeing vs Airbus or Air France vs the rest of the world subsidies debate. Granted the money in this case is 20-30M so it is a fraction of the usual sums discussed in the context of Airbus or Air France subsidies, but it is money none the less. Additionally, there are resources you cannot buy officially with money like military vessel involvement. This allows these resources to continue being allocated to the case.

Re:What happens if they're found guilty?

[cappp]

Found it. Seems the French are tougher than their British neighbours. According to the government memo I found the following:

Articles 131-37 to 131-39 of the Penal Code define ten types of penalty specific to legal entities:8 fine, dissolution (for the most serious offences9), prohibition to exercise certain activities for a certain period (especially for the offences of torture and barbarity10), placement under judicial supervision, closure of the establishment for a given period, disqualification from public tenders, prohibition to make a public appeal for funds, prohibition to draw unauthorised cheques or to use payment cards, and confiscation of the thing used or intended for commission of the offence or of the proceeds of the offence.

Re:What happens if they're found guilty?

[mijelh]

their legal system is much less innocent until proven guilty than ours

People in Guantanamo may differ.

Re:What happens if they're found guilty?

[Coren22]

There are US citizens in Gitmo?

Re:Double engine?

[acid06]

It says it's an A330, a quick Wikipedia search will give you the answer you want.

By the way, they don't know what happened. They never found the black box or anything like that. So no scaremongering regarding "limits of human engineering", please. The first suspect is and always will be pilot error or mechanical failure (or a combination of the two).

Re:Double engine?

[zonky]

Operating too close to limits has long been the suggestion: http://trueslant.com/milesobrien/2009/06/08/the-coffin-corner-and-a-mesoscale-maw/

Watch the NOVA episode

[$RANDOMLUSER]

NOVA ran an episode recently about the all manner of crazy coincidences piled on top of each other - one storm hiding behind another, supercooled water plugging all the pilot tubes, fly-by-wire software that wasn't quite ready for a "no airspeed" input, pilot tube upgrades scheduled but not yet performed...

Sometimes airplanes crash. Proving criminal (I'm assuming negligence) behavior is going to be tricky, at least until they find the black boxes and can prove what caused the crash.

It shouldn't of happened so they are in court

[FlyingGuy]

This is the result of a computer controlled fly-by-wire airplane having a cascade failure.

Glass cockpits are pretty and they really take a load of the pilot for a lot of things, but there is such a thing as to much of a good thing

If it is every factually determined what little chunk of silicone or line of code brought airplane down it will be studied in depth and hopefully they designers will learn something. But one thing is clear, in their rush to make everything digital and get those damn pesky analog instruments the hell out of there, they have taken away many of the pilots most reliable tools to do the one thing they are there to do which is fly the fucking airplane!

There are two ways to fly an airplane, by reference to the ground or using instruments.

In the middle of the night, over the ocean, in a storm you do not have reference to the ground so you have to use your instruments, that is if they work.

To keep a plane in the air, without reference to the ground / horizon a pilot needs a very few things and the are:

• Attitude Indicator aka an Artificial Horizon
• Altimeter
• Air Speed Indicator

Now even without an airspeed indicator, most or the presumptions were a frozen and clogged pilot tube, you can still get a good clue about airspeed with nothing more then throttle setting. The attitude indicator tells you climb and dive left or right bank and the altimeter is obvious. With everything else dark, a pilot should be able to keep a plane in the air.

My educated guess is that when the whole interconnected and interdependent system went down they lost the ability to control the engines and the ability to move the aircraft's control surfaces and after that it was just over.

This is why Boeing for years always ran a hybrid system. The basic control over the airplane was not interdependent on anything and were separate systems that would accept input from the flight computer and make things like autopilot and all that possible while still keeping everything independent from all the other systems. It made for a pain in the ass system but the flight computer taking a shit would not keep the pilot from controlling the engines or other critical systems.

Unfortunately pilots listened to anymore and neither are engineers. MBA's are running airlines now and all they care about is reducing the head count, cramming more people into the planes and increasing the buck made per mile so they can get 8 figure salaries. This is why Boeing's trusted and proven hybrid system is in it's last throws or is gone completely because AIRBUS sells the bling baby and no CEO wants to be caught short on bling baby!

Re:It shouldn't of happened so they are in court

[Richard_at_work]

This issue has nothing to do with fly-by-wire or glass cockpits, it has everything to do with false and misleading information being presented while the aircrew is in a situation where they cannot easily determine that said information is false, nor determine the correct information.

Take for example Birgenair Flight 301, a Boeing 757 (which is non-FBW, non-glass cockpit - a traditionly controlled aircraft in every sense of the word) - during a routine wash before the flight took off, a ground crew member taped over the pitot static ports to prevent damage. However, he never removed the tape before handing the aircraft over to the air crew, and they never spotted it during their preflight walk.

The aircraft took off, but it wasnt untila couple of minutes into the flight that the errors in the information compounded themselves, resulting in errant readings being presented to both the pilots and the autopilot - the autopilot eventually gave up and disconnected, and the pilots could not orientated themselves even when presented with obviously wrong information (their airspeed indicators gave a speed of 200 KIAS and falling, even with increased application of throttle).

5 minutes into the flight, the aircraft crashed into the sea.

The flight was a night flight - the aircrew had no external points of reference to fix on, and thus could not orientate themselves as to the correct pitch, yaw or speed of the aircraft. They were essentially doomed once they took off.

This Airbus crash is very similar - a pitot static system with known flaws (already identified by Airbus and due to be changed out by Air France) failed at a time when the aircrew had no external reference points (they were in a dense storm front, they had no horizon or other reference points) and the computer systems gave up.

Note that even with Airbus aircraft, the computers can be overridden - and they themselves know when they are talking bollocks, and will regress into various modes of flight control assistance. One of the messages given out by the aircraft over the maintenance link was that the aircraft systems had regressed into Direct Law - or in other words, the computers took themselves out of the decision making process and started acting as a direct messenger between the control inputs by the pilots and the flight surfaces.

Your "Boeings system is trusted and Airbuses is not" is common fud and bullshit in the aviation industry and the aviation enthusiast following - its not absolutely no basis in fact and Airbuses control system can fail safe in just the same way as Boeings - the difference is that in standard control law (Normal Law), Airbus provides several flight protection measures, including alpha protection, bank protection and airframe stress protection. Boeing also provide these, but to a lesser extent - however, both systems can either fail back to or be deliberately put into a direct stick-to-surface control mode.

Re:It shouldn't of happened so they are in court

[Jester99]

There was a NOVA episode about this crash (an earlier commenter linked to it, but here it is again: http://www.pbs.org/wgbh/nova/space/crash-flight-447.html).

I won't go into the findings of the NOVA team, but I will point out that your educated guess is completely wrong.

The airbus does have a considerably more advanced and automated autopilot system than Boeing provides. However, that only is engaged during "Normal Law" flight. When any of the sensors on the plane detect a fault, an alarm chimes, and the system informs the pilot that "Alternate Law" is engaged. In Alternate Law mode, the pilot is allowed to use the full control capabilities of the plane, not the restricted range that the sensors believe to be safe.

After alternate law engaged, the pilot can control the engines, and all control surfaces to whatever degree of capability he'd like. The plane in question definitely switched to Alt. Law mode; this fact was radio broadcast back to the Airbus HQ shortly before the plane disappeared. There's a high probability that the pilot was mislead by weather radar readings that said that he could shoot through a "hole" between two storm clouds, but which masked the fact that there was a third (much larger) storm further beyond. Once he was stuck in the middle of all those storms, it was game over.

The pilot and the passengers were not at the mercy of an autopilot that refused to allow corrective action; it is probable that bad data presented to the pilot did not allow him to correctly act.

Re:It shouldn't of happened so they are in court

[CaptainZapp]

Yeah, the plane that Captain Sullenberger landed on the Hudson without any engines didn't have a glass..

Er, wait!

That was an airbus 320, er, nervermind.

But the GP's icing on the cake is the introductory statement:

This is the result of a computer controlled fly-by-wire airplane having a cascade failure.

Er; right. Theories abound and nobody has any hard facts, except, aparently, the GP dude.

Sounds like a Boeing shill to me.

Re:It shouldn't of happened so they are in court

[Richard_at_work]

There was a cascade failure - the aircraft was sending maintenance messages to its maintenance base at the time of the crash, which told Airbus quite a bit of information, including the fact that the computers had decided to exclude themselves from decision making (which is extremely serious).

Another thing to note is that the Hudson A320 was still in Alternate Law when it ditched (none of the failures were severe enough to push the computers to take themselves out of the loop, and neither pilot took the measures necessary to do that manually) - the pilots had assistance from the computers to land the aircraft and they still managed to land their plane safely! How could that be if the Airbus system is so unsafe?

Re:It shouldn't of happened so they are in court

[petermgreen]

It looks to me like he simply missed out the word "aren't". It's pretty easy to skip words accidentally if you are posting in a rush and your typing speed is slower than your thinking speed.

Re:It shouldn't of happened so they are in court

[tweak13]

the aircrew had no external points of reference to fix on, and thus could not orientate themselves as to the correct pitch, yaw or speed of the aircraft.

Bullshit.

Let's assume a complete and total failure of the pitot static system. That takes out 3 instruments: airspeed, altimeter, and vertical speed indicators. Everything else would be fine. Yes, it's true they had no direct measure of the aircraft's speed but they still should have had a working attitude indicator. That would have given them pitch and roll information, and I'm sure there would have been at least some form of skid/slip indication which would have provided yaw information. Engine instruments should have also continued to work normally.

Now, let's talk about how the information they had was enough to keep them alive even in zero visibility. Since their engine instruments were indicating normal performance, and they had pitch and roll information from the attitude indicator, all they needed to do was place the aircraft in a typical climb attitude. This would have resulted in a normal climb, with an airspeed indication that was decidedly not normal.

At this point, it's up to the pilot to decide which of the instruments depicting this impossible situation are wrong. Their situation was also complicated by altimeters that were also not indicating correctly, but the method of resolution should still be the same. Increase throttles to climb power, maneuver the aircraft to a normal climb attitude, then troubleshoot. The pilot's reliance on the least reliable instruments and fixating on them rather than try to use secondary indications of the aircraft's speed (cockpit noise, control surface responsiveness) were what caused that crash. They were in a bad situation, but were in no way "doomed once they took off."

I've personally experienced an airspeed indicator failure while at the controls of a light aircraft at night. Mine was caused by a failure of the instrument itself, but it was still the only direct speed indication in the cockpit. Shortly after takeoff, the airspeed indicator suddenly stopped increasing. I pitched down to accelerate, but saw no change in the gauge. It became clear that it was impossible for me to have pitched down so far and not increased speed, so I checked the other instruments and found I was in a shallow dive and actually losing altitude. I returned the aircraft to what I knew to be a standard climb attitude and returned to the airport without incident. In the beginning, I was far too focused on the failed airspeed indicator, and should have not let things escalate to the point that I was slowly descending at low altitude. I certainly understand how it's tempting to focus in on that and not step back and consider the big picture, but it's what needs to happen in such a situation.

Re:It shouldn't of happened so they are in court

[subreality]

This is common objection to flight envelope protection systems. People's gut reaction is that in an emergency, they'd rather be in total control than have some computer "interfering" with them. But the statistics are on the other side: Pilot error is more common than computer error.

China Airlines Flight 006 is a prime example. They had a mechanical failure, and while the flight crew was distracted, the plane ended up in an ugly dive. They pulled it out after exceeding 5 Gs, badly damaging the airframe, and losing a considerable amount of altitude. Manual-control advocates say this is a good example of why you don't want a computer imposing limits on you - they had to do drastic things to save the plane. I disagree - if they were flying an Airbus, the computer would have prevented the situation from ever occurring.

The second argument in favor of flight envelope protection is that it actually enables the pilot to push the plane harder in an emergency. Consider this scenario: you're landing in low visibility, still a good ways out. Everything looks fine, but as you break out of the clouds, holy crap there's a skyscraper. You have a split second to evade it. With mechanical controls, you have to roll hard, but not *too* hard, or you'll ( break the plane | spin | exceed max angle of attack | etc). In a modern Airbus, you slam the stick over, and the plane will roll as fast as it can within its mechanical limits. Perhaps that's not as fast as an experienced military pilot could in a familiar plane which they regularly take to its limits, but a commercial pilot probably hasn't been over 2 Gs in a while, and in that split-second emergency, the computer will let them fly it harder than they ever could on their own.

So it's time for a car analogy. I have two cars I drive regularly: one has antilock brakes; the other does not. The mechanical limits are similar: light cars, good sticky tires, brake pads with plenty of bite, etc. On a good day, my stopping distance is similar between them, +/- a meter. But I've been put in emergency deer-avoidance situations with both cars on multiple occasions. In the ABS car, that means stomp on the brakes, burn off as much speed as possible in a straight line, and swerve at the last minute once the deer's finally decided which way to dart. In the non-ABS car, I'm pretty good at braking on the track, but both times it's been for a deer, my response was the same: ease into it, feeling where the limit is; crap locked up a wheel, let go for a moment and ease back into it to try to get just shy of the limit again; and occasionally letting off to steer early, because my ability to manage my grip budget is too taxed to get it perfectly right at the last minute. I haven't hit a deer yet - but that's only because I drive the non-ABS car slower.

The difference is very noticeable: when taken by surprise, the computer can stop faster than I can, AND it lets me focus on the situation instead of the limits of the machine. I believe the same is true for flight control systems, and statistics agree: they prevent more accidents due to pilot error than they cause due to computer malfunction. Note that there's not much difference between Airbus and Boeing these days, but Airbus pulled ahead in safety until Boeing started equipping their planes with flight envelope protection systems. Both brands are considerably safer than they were in the full-manual days.

Re:Double engine?

[MichaelSmith]

I work as a software engineer in Aviation and I have done some user interface design work on air traffic control systems. One problem I see in many domains is a kind of cascading call for attention. Over time the people who specify the system look for new ways to attract the attention of the user. Usually this happens in the context of addressing a specific problem such as user X failed to recognise condition Y for Z seconds and the solution is to make the condition Z warning flash yellow for N seconds. Okay so thats that problem addressed (but not solved) but now condition Q s is being missed while the warning for condition Z is up so we had better make that warning red and so on.

I ride a bicycle to work. We get all sorts of patches to the environment which increase the cognitive load on bike riders, for example:

1. Left lane left turn only bicycles excepted
2. Bus lane, bicycles permitted where signed
3. Bicycle lanes colored in green at "attract attention"
4. Bicycle lanes delineated with tactile edging which by the way is deadly in the wet
5. Five or six types of bicycle lanes depending on where you are
6. ..and so on

You see everybody has their own little local solution but tracking and learning about them takes a lot of cognition.

My wife bought a new car recently. I wanted her to get a Honda civic hybrid and we test drove it but we settled on a VW Jetta. The Honda has a mess of colored LEDs around the instrument panel. The VW has a little monochrome LCD screen. Thinking about it later I can see that a lot of thought about UI design has gone into the VW. It is a very cool car to drive in the sense that it keeps out of the drivers way as much as possible. It doesn't grab your attention. The lights and wipers are automatic. Thats two jobs you don't have to worry about for a start. The interior looks as dull as hotblack's stunt ship but it draws your attention to stuff you need to know about and little else. Its like a well designed ATC UI. The way they used to be.

you can't punish inanimate objects

[petes_PoV]

When will people stop making the fundamental mistake of anthropomorphizing companies and institutions ("we must punish the banks ...")

It's as crazy as sentencing a statue to prison time. It might make the more credulous citizens, and their frenzied tabloids, feel that justice has been served (jail_population += 1) and gives them a baddie to focus on, but in reality it's a pointless exercise and achieves nothing.

Companies are made up of employees - right up to the top, and shareholders. Impose a penalty on a company and the employees will suffer (both the tiny minority - usually 1 or 2 - who did something wrong) and the thousands of "innocent bystander" employees who were only guilty of being on the same payroll. The shareholders will generally take a slight, tax deductable, loss and carry on as if nothing had happened - or, since most shareholders are pension companies - everyone's: yours and mine, pensions will be slightly lower as a result.

Of course, it's still not as stupid as fining a public body: who's income comes from government in the form of the taxes we pay. That's just money going round in circles. Where nobody wins except the lawyers on each side. What we need is strong, forensically reliable audit trails for every policy and decision. Discover the names of the people who made and approved them, then send them to jail. After all, they're the ones making the big bucks, it's time they started carrying the responsibility their getting paid so well for.

Re:Maybe... it gets heavy.

[h4rm0ny]

An AI is just a machine in abstract form. If an AI "improves" an AI it's not different to a human making a machine to build a machine. The human is still the ultimate cause.

I disagree with that. A man can cause a child, but that doesn't mean that the actions of that child are no different to if the man had done them. Cause is only cause. It does not mean that a piece of code that self-modifies without the continued action of its creator is no different in principle to code that doesn't. That "continued action" is critical to the nature of the thing. When something does not require continual action, we now call that independence.

Because the AI only exists within the confines of the programming that the human creates. It is therefore only a tool of the human mind

When code becomes self-modifying, it can go beyond the human mind. Much like a child can grow beyond its parents, learning more, doing more, changing in unexpected ways, so could that code. Your argument assumes that the only input (and thus cause for development) of a progeny AI, is its creator. But the qualitative difference between the progeny AI and the dead code, is that the former can change in relation to the world around it, not only its creator. And as the world around it is more than its mere creator, then it can be influenced and go beyond its mere creator - it has become its own thing.

Re:Double engine?

[Registered+Coward+v2]

The problem with "pilot error" determination is that maybe 50% (made up number of large percentage is accurate) of the time, it actually has absolutely nothing to do with the accident. Pilot error is sort of a catch-all for, "we have no fucking clue what happened and feel we must explain the crash if possible so pilot error is as good as any. Not to mention its very believable."

While I agree that "pilot error" can be a catchall it's often a proximate cause of the accident. Poor design or environmental factors can be major contributor, but in modern accidents human (i.e pilot) actions often worsen the situation or create it in the first place - hence "pilot error."

For example - attempts to land in bad weather rather than divert, especially when it's the second or third attempt. Or the NYC crash where the co-pilot overstressed the rudder which came off. Pilot's turning engines off in flight because of switch placement (they did a restart and went on normally). Poor or confusing design can lead to poor decision making. Accidents are the result of an often complex chain of events, in which an operator's decision played a crucial role in a negative outcome.

The real danger is, as you suggest, to use "pilot error" as an excuse not to discover other probable causes of an accident.

They have diagnostic messages from aircraft ...

[perpenso]

By the way, they don't know what happened. They never found the black box or anything like that.

Actually they do have something "like that". The aircraft computers automatically sent diagnostic messages including alerts of various system failures to Air France via satellite. Think of it as text messages. I believe these messages document pitot tube flight data failures and the disengaging of autopilot and autothrust systems. This led investigators to construct reasonable theories of loss of control and to replay these failures in a flight simulator to evaluate crew responses and standard procedures.

It appears that the software worked fine

[RzUpAnmsCwrds]

It appears that the A330's software works fine. The indications and reversions that the software reported over the data link are consistent with a mechanical failure (possibly caused by freezing) of the Pitot-static system.

Without airspeed data the A330's autopilot and auto throttle disengaged, and the flight control system reverted to a mode known as "Alternate Law" where most of the restrictions are eliminated. We know that this happened because the aircraft reported it over the data link before the crash.

The unfortunate reality is that the reversionary modes on the Airbus flight control system are dangerous because they tend to occur at the worst possible times - when there are multiple sensor or computer failures or when the sensors give readings that are outside the operational limits of the control system. In this situation the flight crew has to react quickly and they are often faced with inadequate, contradictory, or confusing instrument readings.

It is possible to maintain a safe airspeed in an Airbus without the Pitot-static system. The problem is that the pilots need to notice the issue (loss of airspeed data) and react before things get out of hand. It appears that the Air France pilots were unable to do so.

Re:Napoleonic Law declares innocent until proven .

[e70838]

I am french. What is a speedy trial ?
In France, we have slow trial, very very slow trial and almost never ending trial.
We have also trial that ends because suspects death before the end of the trial.