Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crashed Boeing Planes Lacked Safety Features That Company Sold Only As Extras (apnews.com)

Posted by BeauHD on from the missing-features dept.

The recent Boeing 737 MAX crashes involving an Ethiopian Airlines flight and a Lion Air flight may have been a result of two missing safety features that Boeing charged airlines extra for (Warning: source may be paywalled; alternative source). The New York Times reports that many low-cost carriers like Indonesia's Lion Air opted not to buy them so they could save money, even though some of these systems are fundamental to the plane's operations. "Now, in the wake of the two deadly crashes involving the same jet model, Boeing will make one of those safety features standard as part of a fix to get the planes in the air again," the report says. From the report: It is not yet known what caused the crashes of Ethiopian Airlines Flight 302 on March 10 and Lion Air Flight 610 five months earlier, both after erratic takeoffs. But investigators are looking at whether a new software system added to avoid stalls in Boeing's 737 Max series may have been partly to blame. Faulty data from sensors on the Lion Air plane may have caused the system, known as MCAS, to malfunction, authorities investigating that crash suspect.

The jet's software system takes readings from one of two vanelike devices called angle of attack sensors that determine how much the plane's nose is pointing up or down relative to oncoming air. When MCAS detects that the plane is pointing up at a dangerous angle, it can automatically push down the nose of the plane in an effort to prevent the plane from stalling. Boeing's optional safety features, in part, could have helped the pilots detect any erroneous readings. One of the optional upgrades, the angle of attack indicator, displays the readings of the two sensors. The other, called a disagree light, is activated if those sensors are at odds with one another. The angle of attack indicator will remain an option that airlines can buy. Neither feature was mandated by the Federal Aviation Administration. All 737 Max jets have been grounded. "Boeing will soon update the MCAS software, and will also make the disagree light standard on all new 737 Max planes," the report adds, citing a person familiar with the changes. "Boeing started moving on the software fix and the equipment change before the crash in Ethiopia."

Slashdot reader Futurepower(R) adds to the story: The FBI has joined the criminal investigation into the certification of the Boeing 737 MAX, lending its considerable resources to an inquiry already being conducted by U.S. Department of Transportation agents, according to people familiar with the matter. "The federal grand jury investigation, based in Washington, D.C., is looking into the certification process that approved the safety of the new Boeing plane, two of which have crashed since October.

14 of 486 comments (clear)

  1. A corporation cutting corners... by Anonymous Coward · · Score: 5, Insightful

    ... on plane manufacturing safety and design... say it isn't so.

    1. Re:A corporation cutting corners... by sjames · · Score: 5, Insightful

      It's worse. The features were available, just turned off unless you coughed up more money for them.

      They literally nickel and dimed hundreds of people to death.

    2. Re: A corporation cutting corners... by Anonymous Coward · · Score: 5, Insightful

      Boeing, in life support devices safety is part of the product, not a feature, is like selling a car without airbags or charging extra for the brakes.

    3. Re:A corporation cutting corners... by Anonymous Coward · · Score: 5, Interesting

      This is what happens the US government constantly protects Boeing from having to compete on the free market by trying to kill off competitors like Bombardier with illegal protectionism.

      As soon as you take away the need to compete from a company, it can act in the most absurd of ways, exactly as Boeing has here.

      It doesn't matter how important the US government thinks Boeing is as an aircraft manufacturer, it has to be forced to compete against Airbus et. al. on even terms otherwise more people will die because Boeing has been turned into another "too big to fail", and "too big to compete" and given a free ride. The fact people have now died due to safety failings is precisely why protectionism pushed by the current US (and still to a lesser degree, previous governments) is bad; it means that unless you have sufficient competition in your protected home market, all it will do is reduce quality.

      Frankly I see it in cars too nowadays, every time I'm in the US as opposed to elsewhere, it's pretty clear that US cars are horribly behind the times, dated, and much poorer quality nowadays than thus coming out of the rest of the world like Asia and Europe. The more insular the US becomes, the more shit it's products become, and the less relevant it's products become on the world stage. As soon as you stop competing and start using protectionism it's an inevitable spiral towards game over. I agree that Huawei is a massive security risk, but simply banning them access to your market isn't suddenly going to make Cisco et. al. wake up and say "Okay, now let's figure out how they're getting ahead of us technologically and make better products", it's going to make Cisco go "lol, we don't even have to put any effort into competing now".

    4. Re:A corporation cutting corners... by Kiuas · · Score: 5, Insightful

      So who is "they" in this context? Boeing or Lion Air/Ethiopian Airlines?
      Who was scrimping and saving?
      Hint: It wasn't Boeing...

      Boeing certainly wasn't scrimping, they were being greedy by selling critical safety features for a few more bucks, and it's now backfired on and cost not only hundreds of lives but hundreds of millions and likely billions in lost sales and upcoming legal costs (Norwegian has already said they're suing for the costs that the grounding will cause them, others will surely follow).

      The damage this kind of stuff will do to their brand is massive and it's already affected their sales, Garuda (an Indonesian airline) just cancelled their order of 48 planes. That alone will cost them over half a billion. And it gets worse: Only 381 planes have been delivered so far, less than 10 % of all existing orders. If more airlines start to follow suit as they probably will because the brand of the plane is now seriously damaged and people don't want to fly it (understandably) it might cause the entire plane to be unprofitable for them.

      From both a business and product design standpoint they could not have made a more moronic decision, this is a godsend to their competitors, and I can bet you that the sales and marketing department of Airbus are currently ecstatic over this.

      --
      "It is the business of the future to be dangerous" -Alfred North Whitehead
    5. Re: A corporation cutting corners... by Anonymous Coward · · Score: 5, Insightful

      It BECOMES safety critical when someone puts one on a plane and gives it the ability to silently override the autopilot and human pilots.

      How fucking difficult is that?

    6. Re: A corporation cutting corners... by Anonymous Coward · · Score: 5, Insightful

      No, actually it's like building a car that has a tendency to swerve, then installing a mandatory lane keeping assist system that frequently steers into other lanes against driver input, then telling people it's just a normal car instead of making sure that people know the system and how to turn it off, then charging extra for a warning light that tells people when the sensors malfunction and disagree whether the car is leaving its lane or not, causing the car to swerve.

    7. Re:A corporation cutting corners... by Pikoro · · Score: 5, Interesting

      Actually, Steve Dickson, who I used to work for, is exactly what the FAA needs. He's a safety first kind of guy and an excellent leader. He's also a pilot and knows his shit. He'll be a good thing for the FAA.

      --
      "Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
  2. Could you tell me in advance when booking by Anonymous Coward · · Score: 5, Interesting

    Could you tell me in advance when booking a flight if the plane in question is missing any optional safety features that should obviously be standard so I can choose a provider that does not save money on no-brainer stuff like like this?

    I mean right now I have whole Boeing lineup set as "this plane may be missing obviously useful redundancies in safety systems that might mean it can crash, so I will not book a flight on this plane" and I know that is probably unfair to most of those planes. But without available information, that is the only option available to me.

  3. sadly laughable on two levels: by Anonymous Coward · · Score: 5, Interesting

    [1] We now know that the Lion Air 787 had the same issue on an earlier flight, but it was saved from disaster by the presence of a third pilot aboard who knew what to do, and then the airline chose not to fix the sensor before the fatal flight. Translation: the problem was avoidable if either of two things happened: the presence of a competent pilot, or the aircraft being properly maintained. People should prepare themselves for the very possible scenario that in perhaps a year when the NTSB finishes investigating (They're extremely diligent and objective) it will be determined that there's nothing wrong with the 787Max and that a combination of maintenance and pilot training and skill were the core issues (and I say that as a Boeing critic).

    [2] The over-regulation of aviation in the US by the FAA makes the development and deployment of things like avionics and engines particularly expensive. [stay with me for a moment for the payoff...] It's not enough to develop a new flight instrument and get it approved - you must get a "Type Certificate" to allow the instrument to be installed into each make and model of plane. As a result, if you are only going to have a few customers for your new instrument in a particular sort of aircraft, then there's no way you'll ever recover the regulatory costs of getting a TypeCert for it, so you won't bother, and that means owners of that type of plane cannot get your new instrument for their plane. It's THIS aspect of FAA regulation that has made it so that most private planes in the US do not have (and indeed cannot get) an Angle-of-Attack instrument - the very thing this article complains about being optional on these 787s!!!!! Many private aviation incidents in the USA occur on departure, and on approach, and that's where an AOA indicator would save lives, but where many private pilots are only served by a squawking stall indicator.

  4. Re: How is this a safety feature? by Anonymous Coward · · Score: 5, Insightful

    Well, in the situation how it was being sold, this is pretty much the truth.

    Without the MCAS, the MAX handles fundamentally different in some pretty dangerous flight modes than the NG. This alone would require a new type rating. Type ratings for pilots are expensive and time consuming, Boeing wanted to avoid that, mostly as an economic argument. That's why they put in the MCAS. With a WORKING MCAS, the MAX handles sufficient close to the NG, that pilots with just the NG type rating can still fly "safely", until MCAS fails and potentially crashes the plane.

    Boeing and/or the FAA could have skipped MCAS and made type ratings for NG pilots mandatory. Then, at least every pilot would know about the tendency to pull the nose further up than the NG when going to full throttle. Most pilots fly with some automation still enabled, even if they're flying "manual", so auto-trim could've easily have corrected for this.

    This aspect of the MAX would have certainly not be one of its highlights, but if every pilot knew about those properties, it wouldn't be a safety problem, just part of normal procedures.

    The alternative would obviously have been designing a different airframe, allowing for a higher, but more balanced placement of the engines. Maybe higher legs would've been sufficient though, since the MAX 9 does already feature higher legs.

  5. Re:Third pilot on JUMP SEAT, not flying. by Solandri · · Score: 5, Informative

    No, the third pilot's disassociated viewpoint had nothing to do with it. He simply knew the plane's checklist. That's a bunch of standard procedures every pilot is supposed to know of what to do when they encounter a specific type of problem on that specific model plane. When you hear that a pilot has been trained on a certain plane model, that's what they're talking about - they're leaning all these checklists. If a pilot can't remember it exactly, the entire book of checklists is available aboard the plane for the pilots to reference in a Quick Reference Handbook. Any time the pilots face a situation aboard the plane which puzzles them and they don't recall the resolution from their training, they should reach for the QRH. One of them flys the plane, the other looks up the problem in the QRH.

    The third pilot knew the checklist for the 737 Max. He instructed the other pilots to perform the manufacturer's specified procedure to resolve the problem, and it did resolve the problem. The pilots in the two planes which crashed apparently did not know the checklist, and did not reference the QRH. (Speculating here a bit since we don't know yet what happened - maybe they performed the proper reset procedure and the problem didn't go away.)

    Contrary to the way most people here seem to be interpreting it, the third pilot's anecdote actually absolves Boeing and places blame for the crashes primarily upon the four pilots. This is looking like a pilot training problem. Boeing is still culpable for designing an automatic safety system which was prone to fail multiple times in just months of operation, and for making it so hard and non-obvious to override. But based on the third pilot's anecdote, primary culpability would be upon the pilots of the two other planes for not knowing the plane's checklists, and not bothering to crack open the QRH to double-check if they were addressing the problem properly.

    Planes are incredibly complicated and it's unreasonable to expect a pilot to understand how all of its systems interact. The checklists in the QRH are made by the engineers who designed the plane. They do understand all of the plane's systems and how they interact. They come up with every possible problem they can think of which a pilot might encounter, and write checklists to resolve every possible cause they can think of for those problems. The checklist procedure for this problem fixed it in the third pilot's case. If the four pilots did not follow that procedure, then the crashes were their fault, not Boeing's.

  6. Re:Third pilot on JUMP SEAT, not flying. by timholman · · Score: 5, Interesting

    Contrary to the way most people here seem to be interpreting it, the third pilot's anecdote actually absolves Boeing and places blame for the crashes primarily upon the four pilots. This is looking like a pilot training problem.

    A friend of mine from college is a senior Delta pilot and has served as a flight instructor for many years, including the training of pilots from other countries. He has also flown the 737 MAX. His conclusion is the same as yours, and is an unfortunate reflection of the state of pilot training and aircraft maintenance in developing countries.

    That Lion Air plane should have been grounded the day before, after the first incident. And as many new stories have reported, that particular aircraft had a backlog of maintenance issues that Lion Air failed to address.

    His observation: "Everyone thinks that flying is "safe". It's not. It's difficult and dangerous. What makes it appear "safe" in the developed world is the constant routine of aircraft maintenance and pilot training that keeps the accident rate very, very low. But in other countries, that isn't the case."

  7. Failure of hazard Categorisation by ContextSwitch · · Score: 5, Informative

    The Seattle Times has a good article on this although it should be taken as preliminary data subject to change.

    To summarise

    Due to airframe changes from previous models Boeing introduced MCAS which automatically lowers the nose when approaching a stall.

    The MCAS was introduced to allow pilots with 737 experience to fly the 737 MAX with a minimal amount of conversion training thus saving airlines a lot of cost and making the MAX even more attractive to them.

    As initially designed a failure of MCAS was classed as a "Major" hazard in that it could cause passenger discomfort but not death. This was because MCAS was limited to a very small change to the flight control surfaces. For this category the use of a single sensor is allowed assuming the sensor reliability is sufficient.

    During the flight test phase the ability for MCAS was extended to unlimited repeat operations. These repeat operations have a cumulative effect on the flight control surfaces. The MCAS can now lead to a catastrophic failure.

    At this point the category of hazard should have been changed. This should have lead to a design change but because the category remained at "Major" and not "Catastrophic" no further changes were made.

    There could be any number of reasons why this categorisation change was missed, hopefully any future investigations will get to the root cause.