While I don't have any sympathy for this pilot, I also find the FAA's excuses here to be less than convincing. Basically, their position is "Well, we trusted this Boeing employee to tell us the truth about the new flight controls, and he didn't." But if the regulators had actually done their job and independently evaluated the new flight controls, they wouldn't have had to take the word of any Boeing employees. I realize that that's the way the FAA does things now, but this whole debacle should be a warning to everyone that that method of regulation is not acceptable. The whole point of independent regulation is to not allow obvious conflicts of interest to harm the public.
What you talk about the FAA doing thier own testing and validation is (unfortunately) almost impossible. Back in the 90s, a senior FAA official (I think a Director) had said something along the lines of “The FAA does not and cannot check everything, we just see that companies are doing their tests.” The FAA would require several times more manpower to be able to actually audit or test everything, and that is assuming they have the technical skills (which they haven’t had for highly complex systems and electronics for decades now).
I’m afraid I’m saying a lot of things from memory from the time I had written a report on the Max 8 accidents and an actor analysis. (I’d anyone is interested I could perhaps share it.) Most of this stuff came from the DoT report on the accident, the rest from reputable news articles.
I don't think this style of regulation is limited to FAA. FDA does not independently test all drugs either. They just review and ensure the drug companies' tests are acceptable.
And FINRA is made up of brokers and banks but overseen by the SEC. The EPA doesn't directly monitor every factory. The NTSB sets general testing guidelines and standards and seems to have greatly increased auto and aviation safety, but they can't police everything and at least to the public seem to regulate after the fact.
The general term, I believe, is self-regulatory-organization. The theory, I guess, is that the government sets the laws and says very generally, "no fraud", and "you have to write your own rules and make sure they're good", but offers little technical guidance otherwise. I think this could work well if there were very heavy penalties for failures to self-police, but in practice the revolving door between government and industry incentivizes slap on the wrist style punishment. It's a hard problem and I don't think we're doing well over the last few decades.
... and for most of the agencies, it's not that their budget is small or the agency itself is incompetent: it's what's required by law and they can't override it unless Congress decides to change the laws.
You don't want regulatory agencies creating law on their own though. Not only is that unconstitutional but the reason its unconstitutional is because you would inevitably end up with some busybody who is not accountable to the people massively over stepping their power and creating tyranny.
Regulatory agencies create "laws" all the time. When Congress creates legislation, they rarely spell out all the details and implementations. This is left to the agency to interpret, and they have a wide latitude in both interpretation and enforcement.
You're referring to Chevron deference and/or Auer deference, and it is worth noting that those are in the long process of being curtailed/attacked heavily. :(
Chevron defense is separate and distinct from Auer defense. The Chevron defense applies to Congressional legislation, Auer is applied to an agency's own vague regulations. I have no issue with restricting the Auer defense. If an agency issues vague regulations, then that's their own fault. You're correct that they're both being attacked, but the underlying issue won't go away; Congress can't/won't dictate every detail of legislation especially when it comes to general/vague legislation. They have neither the inclination nor domain knowledge to do so.
While I do study relevant US laws as required in my job (requiring familiarity with how law operates in countries where we operate), I am not an American, but I do understand certain things with regards to the US constitution and relevant case laws.
The Congress originally meets only for a few months' time, usually less than 6 months. This is due to the reality of the time, where travel is slow and representatives only receive a comparable salary to most people. Thus, it is exactly empowered to delegate certain powers to the executive branch. As someone mentioned, the administrative law is a cornerstone law and yet it delegates many powers to the executive branch.
In fact, said law and many, many, many similar (federal) laws have been upheld constitutional in the Supreme Court. There are certain powers that only Congress can do, and cannot be delegated to the executive branch, but it is clearly laid out in the constitution what those are (notably spending). Now I said federal because in certain states, the legislature can only delegate in very narrow situations (usually only in cases where lives would be in danger or in the protection of properties and where a need of immediate response is demonstrated).
So I'm confused why are you saying that is unconstitutional, in fact American history shows a very different answer. If you think that should be not allowed, you're entitled to your own opinion. However unless I read it incorrectly, the constitution, even considering the various amendments, is unfortunately not aligned with your opinion.
> the constitution, even considering the various amendments, is unfortunately not aligned with your opinion.
Sure it is. Article I of the Constitution says that all legislative power shall be vested in Congress. That means anything that has the force of law--and all Federal regulations created by executive branch agencies under the current US regulatory regime have the force of law; you can be fined or jailed for violating them--has to be passed by Congress using the process described in Article I. So any Federal regulation that has not been passed by that process--i.e., every one of them--is unconstitutional.
The fact that current US jurisprudence disagrees with that statement just illustrates how far current US jurisprudence has diverged from what the Constitution actually says. The status of Federal regulations is by no means the only example: current US jurisprudence says that Congress can regulate farmers growing crops for their own personal use because of the Commerce Clause; and that a city government can use the eminent domain power to evict people from their homes and turn the property over to a private development corporation (that ends up never developing the land anyway), and that counts as a "public use" under the Fifth Amendment.
> You don't want regulatory agencies creating law on their own though.
While I agree with this as a matter of personal opinion, it is not at all the actual fact in our current regulatory regime. Federal regulatory agencies create law all the time. Look at the Federal Register; every regulation in there has the force of law and was written by a regulatory agency.
> you would inevitably end up with some busybody who is not accountable to the people massively over stepping their power and creating tyranny.
I'm afraid this is the logical consequence of a majority of people falling for the lie that "government can't do things as efficiently as the private sector".
When people vote for politicians who say
"government is wasteful",
"there's too much red tape"
I don't think so, testing like you refer to is not scalable and even more inefficient.
Letting an external auditors understand all the small technical details and test them independently will basically halt any progress. It might make this specific change safer but for the long run will slow down innovation and development of better and safer products.
This has some similarity to software development- we test much better but prefer to move faster to achieve a better overall quality and be able to fix issues faster and better
When politicians say "government is wasteful" or "government can't do things as efficiently as the private sector", what they're saying is that their management style is wasteful.
Would somebody asserting that about _their_ _own_ _job_ even make it past the interview in the private sector?
Or they could be saying that centralized monopolies are rarely efficient. That is certainly my experience. For example, SpaceX undercut NASA by a factor of about 10, according to this FT report: https://www.ft.com/content/25e2292b-a910-41c8-9c55-09096895f...
'Not normative' doesn't mean 'not in compliance with ethical norms'. It means not pertaining to ethical norms. It's not the correct word, however you twist it.
Exactly! And when all US companies refuse to lower their prices, they should start sourcing from foreign companies to increase competition!
Oh hey look, I'm signing yet another contract with an arbitration clause when signing up for a cell phone service. Must be my fault that all of them require the arbitration clause...
I think the worlds greatest agency couldn't evaluate a so complex system as the Max. They should just have said no.
I believe it is foremost a complexity issue, and the MCAS(?) failure is just one of the many things that could go wrong, that actually did. Boing probably have more issues with the plane that is waiting to surface given their culture ...
It's a management function. If someone comes to you and says "We want to rewrite everything so it runs on a Raspberry PI powered by a hamster wheel" you don't need to ask about the engineering spec of the hamster wheel.
The Max MCAS was only marginally more plausible in overview. Details were never going to rescue it.
Indeed. The FDA just has a multi-step process where you need to define how you'll run your trials, what data you'll collect and whether it's enough to get approval.
The FDA very carefully reviews the submissions, requires validation of tests and safeguards so data can't easily be manipulated. But the system is built on trust. If a company wants to manipulate, fake or exclude negative data they can. They'll likely get caught, but not always.
Yeah, people are are drastically underestimating how enormous the testing apparatus is at a company like Boeing. It's thousands of employees. Expecting the FAA to duplicate those efforts is ridiculous.
I don't know much about the FAA, but as someone who works in healthcare, I know the FDA conducts regular audits of medical device manufacturers.
They roll in for a week, request access to everything and everywhere, then pick a handful of areas (randomly) to do a full deep-dive. Generally, if a company is cutting corners, discrepancies will exist in many areas and they'll quickly spot one or more of them. I assume the FAA operates similarly.
And ISTR that just around the time I entered the medical device industry, that this is exactly what happened to Abbott and they were forced to remove some of their products from the market for months until they could bring their quality system back up to FDA satisfaction.
Similar for many other things, the report most countries based the safety of roundup on was written by Monsanto itself. Most countries only check these reports for completeness and obvious errors, they don't try to run the studies themselves. However that "error checking" of the report is something where the FAA fucked up, the information on the MCAS provided by Boeing was completely out of date, either the documented testing procedures where incomplete or the FAA did not notice that the MCAS handled cases far outside of its original specification.
Of course the FDA has to regulate 10s of 1000s of companies\drugs\trials. The FAA basically just oversees Boeing and Airbus in the large commercial jet market and either offers 10s of models...
The FAA oversees every flying object in the US. Not just new models, but also config changes to existing models, continued airworthiness, all the design org and production org certification of manufacturers (per site) and suppliers (again, per site). Which is quite a workload, especially in a world as complex as aerospace.
That there's multiple other airplane manufacturers, not targeting the "large passenger jet" market, but more towards the "general aviation" market?
Textron (Cessna, Beechcraft, hawker), Piper, Carlson, Viking, ... There's dozens of aircraft manufacturers (I have intentionally not listed those who make hit planes, but I think they too fall under FAA checks).
I would not actually be surprised if the small airplane manufacturers puts substantially higher load on FAA than Airbus and Boeing do.
The FAA oversees all portions of pilot licensing, airplane manufacture, airplane service, operations, traffic control, idiots with drones, etc, for general and commercial aviation in the entire country.
Certifying new commercial models is but a small portion of what they do. By number of employees and budget I would bet that ATC is actually their biggest responsibility. That's not to say that they should just rubber stamp all that...
Your comment boils down to a false dilemma fallacy between "FAA blindly trusts manufacturers" and "FAA conducts their own testing and validation." Clearly they could have been more actively reviewing stuff coming from Boeing, or engaging in some level of auditing.
If the FAA had paid attention they would have seen a company desperate to compete modifying numerous basic characteristics of an airplane to the point of making it aerodynamically unstable, using a flight control system as a bandaid to fix this.
Not to mention being such massively cheap assholes that they literally didn't install warning lights in the cockpit to tell the pilots when the sensor their flight computer would use to override control inputs, had failed.
Actually, this is a sauce effect of the complexity of modern systems: regulators have no choice but to trust companies and regulate the results of tests, with heavy penalties for cheating. Consider pharmaceutical trials: it's impractical for the FDA to check on each patient. Financial audits often assume the client isn't directly lying to the auditor, with criminal penalties as the disincentive.
The alternative requires raising costs and slowing progress and innovation, which is a nonstart in a competitive environment such as Boeing vs Airbus.
It can be done, it just costs money. It can not be done within the liberal frame of mind, were everything that costs money is tax and thus theft.
So why not reformulate it correctly. In my ideology, it is not possible to solve this problem.
If that ideology would be out of the way, it could actually be tested pretty good via unittest running a simulation. So once developed those tests would actually be pretty cheap to run.
Its just this ideologic blindspot that prevents good safety.
You speak as if you think that if only the great billionaires accepted a little less money then we could have safety.
How many lives are you willing to lose for a multi year delay to accommodate the FDA recreating every required test that the pharmaceutical company did? How many lives are currently lost because the current system doesn’t work?
Your suggestion is akin to voter id’s as a requirement to prevent voter fraud. How many legitimate voters are going to be prevented from voting due to the new rules to stop how many prior confirmed cases of voter fraud?
This isn’t a lack of resources. This is society deciding that the resources are better used elsewhere.
> This is society* deciding that the resources are better used elsewhere
* Actual decisions on resource allocation made by regulatory agencies, which have a close partnership and history of employment with the industry being regulated.
It's different to say "society decided" vs 'a specialized subset of society, with tangled incentives, decided.'
At the end of the day, it's a spectrum from (no oversight) to (full, independent validation).
Boeing didn't want MCAS highlighted as a change, Boeing didn't want the FAA to independently discover it, and Boeing got all these things. Either by action on its part or by design of what the FAA did and did not independently verify.
That's a strong indicator we should shift regulatory posture further towards (full, independent verification). And while it may be cost prohibitive to shift all the way there, that's doesn't mean we can't shift closer to it.
Our society, as presently organized, delegates that choice to lobbyists. That is one failing.
The problem with the FAA vs Boeing is not that the system is designed around the (correct!) assumption that the public's and FAA's interests, on one hand, and Boeing's interests on the other are aligned. This failure cost Boeing enormously!
What was not aligned were Boeing's interests and Boeing upper management interests. The pervasive failure of our society to force CxOs to align with the companies they run and with society at large is much bigger than just in aviation.
That some pilot was indicted, but not the management he was responsive to, is a glaring indicator of this failing.
But in the case of aircraft we pay for that innovation and "progress" with dead bodies. Maybe it is time to rethink the cost/benefit of how we enforce these regulations.
The 737 Max is not aerodynamically unstable. I don’t know where people got this idea. The purpose of MCAS is to match existing stick pressure progression in certain situations. It’s not a fly-by-wire system like the F-16.
Not just existing stick pressure progression, but required stick pressure progression. As far as I understand it, in that specific situation the 737 MAX without MCAS does not comply with the rules regarding aerodynamic stability. It's not dramatic, doesn't manifest itself in normal flight, and could be dealt with by pilots quite easily as far as I understand it. But it's a rule, and it was important enough for Boeing to first put a quite gentle MCAS on the plane, and then to increase the effect of MCAS.
This is correct. It is non-compliance for control stick forces to slacken towards a stall on a passenger carrying aircraft. They put a gadget in the system to render it compliant.
Unfortunately, they did not work as hard as they should have to ensure that it would not malfunction. Or to make sure if it did pilot's were aware and had a chance to develop muscle memory for it.
I've heard people break the design/implement/test phases down to essentially equal parts in terms of cost. It's not a small task if you think about a government agency's testing capabilities potentially needing to be roughly 1/3 of what the private industry is throwing at it. I can see where they need to be pragmatic and adopt a stance where they're really just overseeing the vendor's testing and doing some spot checks. Not ideal, though.
It wouldn't require several times more manpower for the FAA to figure out there's something called MCAS that didn't exist before, would it? (Note that I'm talking in the current world we live in, not in a hypothetical world where Boeing would be a mortal enemy of the FAA doing everything within the stretch of human imagination to hide MCAS.)
Out of curiosity, how confident are you that there aren’t any other novel systems that didn’t exist before on a similar level as MCAS?
Having not had a public debacle around them, how much effort would it take for you to personally certify that MCAS is the only novel system of its caliber on these aircraft?
The airplane couldn't have been built without many system diagrams showing MCAS, or a similarly complex component.
The FAA should have pulled schematics directly from Boeing engineering during certification. And the FAA should have someone with enough technical expertise and experience look at them. And that person should have said "The submitted information by Boeing doesn't include full details on this subsystem."
Whether or not the Boeing test pilot highlighted the system for the FAA is a red herring. It's the FAA's job to find this, regardless of whether someone points them at it.
If the FAA doesn't have the technical staffing or expertise to do this, then that's the problem. Charging the test pilot is necessary, but not sufficient.
If the FAA infrequently performs this work (certification of a new aircraft), then flex in retired expertise! You can't tell me there aren't qualified, retired candidates (ex-industry or ex-FAA) who would have signed up for a year or two review. And all the better that they don't have career incentives!
Essentially, this is the FAA charging Boeing for not doing the FAA's job correctly.
Now you're talking about the FAA essentially replicating the scope of Boeing's test/QA operation. There are thousands of pages of diagrams and likely millions of lines of code. One person is not going to scan them and say "Here! This is a problem."
> Out of curiosity, how confident are you that there aren’t any other novel systems that didn’t exist before on a similar level as MCAS?
Me? What makes you think I would have information on this?
If I had to hazard a random guess, I would think that, if you're talking about the MAX 8, there have been enough leaks and testimonies and whistleblowers that any comparable system would have probably been mentioned somewhere. I have no idea either way, I haven't read everything that's gotten out. But I don't see why a regulator couldn't use various means to figure stuff like this out with reasonably high confidence.
It would be nice if the FAA were able to bill large companies making planes the public is intended to fly on commercially for all of the hours required to process the 'type certification' fully and exhaustively.
That process would include validating all aspects of the mechanical specifications and changes of parts (reused already OK parts from the same authorized suppliers would be a quick check-off), mechanical engineering, electrical engineering, computer software, and any changes for maintenance and end operators.
Describing it fully like that, I believe the only benefit to 'type certification' should be training for the end users, but major overhauls should require retraining and that should be caught.
From the article:
>Because of his alleged deceit, the FAA AEG deleted all reference to MCAS from the final version of the 737 MAX FSB Report published in July 2017
AFAICT (medium certainty), the development sequence went thusly: (1) MCAS added to design, (2) FAA informed about MCAS, (3) MCAS potential control inputs and overrides drastically increased during development, (4) FAA not informed about changes, (5) FAA certifies aircraft on basis of (2).
So it's probably most accurate to say "the FAA was aware of the system existing, but incorrect on the details of that system."
Let's say it is 0.1 on average, and the FAA would need 5 years just to test. That gives you an expected wait time of 10 years to get something tested, and 20 years if you include development time. I'm sure the industry benefits from lower turnaround times than that.
Sure. So you take half the staff and put them on testing a second plane. Then each individual plane takes 10 years to test instead. (Remember that you don't gain person-hours for free just by shuffling people around.)
What would this accomplish? Instead of a total system time average of 10 years, you now get an average testing time of 10 years to which you still need to add the queuing time, so you're even worse off than before.
(The queueing time won't be five years with two servers in parallel, and I can't do the exact approximations in my head, but it'll be at least two years. In other words, by testing in parallel you worsen the cycle time from 20 years to at least 22 years.)
This is a good general rule: by taking on more work in parallel, you'll make the turnaround time worse. This is why lean consultants go on about limiting work-in-progress.
Also a call to learn some basic queuing theory! It comes in handy often.
When there's a defined process that appears to run in isolation, I don't see why there should be only one queue in this case, considering that the task length cannot be easily reduced.
I'm all for increasing the FAA budget so they can do their jobs better. I think that's a net positive for the industry.
What I was saying with my previous comments was that giving the current budget levels, it doesn't help to shuffle people around (without some strong assumptions on the process, which in my experience rarely are true in practise.)
Only if the workload doesn't shake out favorably in light of Amdahl's law.
Most mechanical processes aren't necessarily conducive to parallelization. Verification and information processing on the other hand can do favorably in the presence of non-reliance on a physical system-under-test.
Which subsystem vetting arguably is. If you're talking vetting specs.
Yes, there are some circumstances under which it makes sense to parallelise some of the work.
I'm assuming the FAA does this already. Human organisations have a bias to parallelise to a fault. Increasing the parallelism level beyond this does not improve lead times.
Or, more precisely: How many new major passenger planes a year that are trying to imitate the same type rating as an older aircraft do they have to test a year?
In that specific case probably the important parts to review are the bits that try to make the new airframe handle the same as the old one.
None of those are unfixable problems at the FAA though. It all just boils down to a hiring problem. (If there were a will to actually have a functioning government.)
> What you talk about the FAA doing thier own testing and validation is (unfortunately) almost impossible.
No, it isn't. It's just more work than the government feels like doing, involving more technical skill than the government feels like hiring.
The problem is that the government can't have it both ways. It can't both claim that it is regulating airlines and airplane manufacturers to protect public safety, and also claim that it can't independently check what the regulated entities are telling it. It has to be one or the other: either we get the actual independent regulation that the government claims to be doing, with whatever resources it takes, or we all admit that we are not going to get that because the government is incapable of doing it, and we figure out some other way of ensuring safety.
That sounds like they are knowingly incompetent? If a utility regulator had no one on staff who knew how utility scale power transmission/generation/whatever worked, that’s what we’d call it for sure.
And aerospace engineers are dirt cheap. What sort of clown show is the FAA running?
Aerospace engineers have as much to do with airlines as software engineers have to do with data entry companies. Which is to say pretty much nothing.
Aerospace requires lots of capital expense and is very ‘large customer’ driven and aerospace engineers play second (or third) fiddle to that, unlike in software.
I suspect you're letting your software world experience dictate your expectations of what engineering is all about, and what it takes to actually get work done.
Software development is a rare field where the only relevant resource is man hours. In other fields, including aerospace engineering, trained meat bags tend to have a negligible cost to the point where replacing a whole engineering team might be a minor inconvenience. However, crashing a prototype is a project killer due to cost alone.
I believe the OP's point is that if you're not just using engineers to audit the tests Boeing does, then additional engineers are a fraction of the cost of running a full parallel aerospace test programme. The capex to set up the test infrastructure is significant even if Boeing is legally obliged to supply you with prototypes to destroy at no cost (which obviously has an impact on the amount of R&D Boeing is willing to do).
Also, you're not hiring from a diversely employed Valley pool: most of the engineers with the requisite level of understanding to test Boeing's hardware work for Boeing (and to an extent its supply chain), which might mean you don't have to offer them much of a pay rise, but it also means [i] you're weakening the engineering capability of the firms actually designing and building the stuff by poaching them and [ii] their views on what's safe and what's an appropriate level of testing aren't fully independent anyway.
1) Boeing lays off thousands of aerospace engineers regularly (they did as part of the max disaster), and doesn’t rehire them all back - the industry is highly cyclical, and Boeing is periodically shifting locations anyway
2) the stated concern was Boeing brass was applying undue influence to engineering correct? If those folks worked for the FAA directly after being laid off , wouldn’t they be more than happy to stick it to Boeing brass if they were telling them to cut corners?
3) we’re talking design overview and identifying where Boeing (or others) may be ‘putting their finger on the scale’ or trying to snow regulators by asserting bogus test results or designing tests that they can pass by not including important test criteria they may not pass right? That is certainly something an engineer who was previously in the industry would be aware of, or even a independent engineer should be capable of spotting from ‘the outside’ - and require they do.
4) at (linked in a parallel thread) a median salary of $118k, which is well within something the feds could cover, the FAA can certainly afford to hire a non-token amount of aerospace engineers onto their staff if they actually wanted too/Congress wasn’t trying to kill them. This isn’t like hiring on a FAANG staff software eng for 700k or whatever which would cause outrage or break the pay scale, and this is for something for which there are clear large body counts that can be pointed at.
Now if we want to say Congress has been strangling the FAA for a long time (like the IRS and USPS) and forcing them to outsource to industry or whatever, hey - I could believe it - but that is something that should be yelled from the rooftops because that can be fixed, and that will cost us a lot in blood.
I don’t want more Americans dead due to corruption of a regulatory process, especially not my friends or family, and those are the stakes here.
It should, as it was what I said. I'm really not sure if it's possible to make a point any clearer.
> Boeing lays off thousands of aerospace engineers regularly (...)
Sounds in line with the classical big corp style of management. I'm not sure what any of that has to do with humans not being the critical element of providing a service. In fact, are you sure you're not supporting the point you're trying to refute?
You said that the FAA would be causing brain drain - in a field where thousands get laid off all the time?
And that Boeing would surely be exerting influence on them so they wouldn’t catch issues - after Boeing laid them off?
And that it wouldn’t matter having competent engineers at the FAA because catching things require expensive tests - that the engineers if they existed at the FAA could mandate Boeing pay for, since they would know they needed them to do them?
Huh?
No one is saying the FAA should be running a full parallel aerospace program. I’m saying if they lack in house competency to call bullshit on what a player they are regulating is passing to them and relying on that player to just always do the right thing, then they are not effective regulators
It would be like taking Facebooks word that they are totally being good privacy wise, and not having anyone available who understands internet tracking or adtech. Which, is of course another failing regulator (looking at you FTC), but at least that doesn’t get hundreds of people killed in giant fireballs?
I think you’re deeply misunderstanding the purpose of the FAA and the magnitude of the problem here.
Like almost every other agency (the FDA didn’t do the vaccine trials; are they incompetent too?) they don’t do the tests. They just police the industry.
Theoretically if you set laws and regulations and dole out severe punishment for bad behaviour, you don’t need to be the one running the tests.
People should want their government to run on trust (if their culture is compatible with trust) because it’s far cheaper and more efficient.
Presumably when it is shown beyond a reasonable doubt that they conspired or deliberately overlooked the fraud. The prosecutor has every incentive to get participants to roll over and follow the conspiracy as high up the ladder as it goes. Successfully prosecuting such a large profile case, particularly with defendants with very little public sympathy, would make his/her career.
the case was settled with a deferred prosecution agreement — an agreement that Columbia Law Professor John Coffee at the time called — “one of the worst deferred prosecution agreements I have seen.”
Boeing did not have to plead guilty to any of the allegations.
No Boeing executive was charged.
And the Boeing deferred prosecution agreement included an unusual provision finding that a compliance monitor was not necessary because “the misconduct was neither pervasive across the organization, nor undertaken by a large number of employees, nor facilitated by senior mismanagement.”
“That is without precedent,” Coffee told Corporate Crime Reporter earlier this year. “I have not seen that anywhere else and I’ve looked at a number of deferred prosecution agreements. Prosecutors themselves are not conducting the investigation.”
Boeing’s lead corporate criminal defense law firm is Kirkland & Ellis.
Erin Nealy Cox, the lead prosecutor in the Boeing case, left the Justice Department earlier this year.
And last month she joined Kirkland & Ellis as a partner in its Dallas office.
Since you’re not going to find any documentation of that because of CYA, and Boeing is the flagship US aircraft manufacturer with a protected (as in ‘in the interest of national security’ protected) position to offset Airbus - that’s pretty much not going to happen.
I think it would be possible to ring-fence the individuals to be prosecuted, facilitate an orderly handover of power inside Boeing, and then prosecute the individuals without risking mortal damage to the company.
That ring should probably extend around McDonnell Douglas' management from the 90s, which made their ways into the upper echelon of Boeing during the merger.
So if the FDA is unable to find someone who can understand or can’t interpret/understand the studies themselves enough to see flaws or likely fake data, they should just take the companies word for it that it’s all good?
Last I remember this being a topic of discussion, the stance was ‘trust but verify’ no?
While it may be efficient to rubber stamp things, it is not doing their job. Folks scam all the time, especially if they know no one is looking.
If they lack the competence to be able to independently verify, they aren’t being effective regulators.
Do you have any data to share? Most of my family has been involved in Aerospace, with my dad working for skunkworks, my brother working for Garmin (and a formal aerospace engineer).
Most aerospace engineers are lucky to break 75k/yr to start with little to no equity, and often need to move to the middle of nowhere (compared to say NYC, SF, LA, etc for software), and get hit with periodic catastrophic layoffs with the regular cycles in the industry.
It’s pretty common that software folks are paid 2-5x with far less intense or zero credentialing and better work conditions - at the same company.
Oof, even worse than I noted. So median (and that includes established mid and late career aerospace engineers too) is $118k all in?
That’s roughly half of the initial comp for an entry level software engineer at any of the SV firms, and most folks will be making much more than that at said SV firms within a couple years.
Being able to get a team of 4-5 experienced and credentialed aerospace engineers for the comp of a single ‘senior’ (mid-level somewhat competent but not amazing) software engineer sounds dirt cheap to me?
You realize you just compared Silicon Valley software engineer salaries in high margin industries to all location aerospace engineer salaries in normal margin industries?
If you want to baseline off SV salaries, you shouldn't be looking at median all-AE numbers.
We’re on a SV startup website, where the comparison to cheap or not is of course going to be based on this.
You provided as a counterpoint to my statement on aerospace eng’s being cheap, data which shows median salary across all experience levels of the field being half the starting pay of a typical entry level SV software engineer - which typically requires no specific credentials, unlike Aerospace engineering.
If there is a large cluster of companies who pay 4x the median aerospace engineer salary to Noobs, then please provide said data. My understanding is those don’t exist.
SpaceX, a high profile name and maybe the closest to a SV type place you’ll get in the industry pays between $70-100k to their Aerospace engineers, based on multiple sites. Here happens to be a random Reddit thread about it in the first couple results.
Which is exactly the point I’m making. When a straight out of school software engineer has a whole section of an industry they can go to that will pay them 2-5x what an experienced aerospace engineer mid-point or even late in their career can make ANYWHERE (except MAYBE a one-off consulting gig somewhere), then aerospace engineers are cheap no?
FAA could facilitate smoketesting and focus on parts they deem the most suspicious/experimental/new in a new airplane. And then outsource the actual tests to a third party.
By law, the certifiction activities done by the EASA (I assume the FAA is the same) cannot be done by third parties. It also worth noting, that the aircraft certification procedures worked pretty well for decades, up until Boeing started to lie to the FAA. Not sure how Boeing kept its design org approval after that.
EDIT: Some required activities by the organizations to be certified can be outsourced to third parties, the org itself is still accountable.
> Not sure how Boeing kept its design org approval after that
That's an easy one. It's too big to fail. One way or another Boeing had to make it out the other end of the 737 Max disaster intact as an organisation. Anything else would have been unpalatable from the point of view of the American military industrial complex. I know that phrase is usually applied in a derogatory way but here I don't even disagree with the thinking.
That seems to be the answer. And I kind of get the reasoning. Under EASE rules, there are accountable people at the head of approved design and production orgs. I hope those people at least got their licenses revoked, if something similar exists under FAA rules.
What manpower would be needed? How often are new aircraft validated? That's pretty scary that at the end of the day it's just a corporate shill pilot validating. What is the point of all the regulations if that's all that it takes?
Every single component in every single aircraft certificated in the USA is tracked all the way to the mine. A quick web search reveals around 11.3 million people work in the aviation industry directly. A significant portion of this would have to be duplicated if the FAA were to verify everything.
Perhaps the FAA could get Airbus to contribute a review of the test plan when a new plane is close to release. Then you'd certainly see a more lively technical debate.
Also this feels a lot like Boeing offering up a sacrificial lamb. I find it hard to believe that the FAA can focus on one person at Boeing as the reason for the failure in reporting the issue. There are too many managers and engineers involved. On the surface this sounds a lot like the Challenger disaster story.
Overall though, I'm at least happy some individuals are getting prosecuted, it sends a message that there are legal risks to individuals involved in this kind of thing, not just diluted corporate responsibility.
What really needs to change is the corporate culture that led a person to think that they would be doing the company a favor by lying to the regulators. This probably goes all the way to the top.
Also, whomever decided that a basic software safety check would be an optional extra with a price tag should definitely not be in the management chain. That's the sort of next quarter profit-only thinking that rots companies from the middle out. That is the kind of thinking that results in your brand new product killing 346 human beings.
The "software safety check" wasn't an optional extra. It didn't exist at all! The optional add on was for an "AOA DISAGREE" warning light, which would have indicated that the MCAS might be relying on faulty data (if the pilot was even aware of MCAS in the first place) but wouldn't have actually stopped it from doing so.
Now, the updated MCAS will only activate if both AOA sensors agree. Which seems like a fucking no brainer that should have been the case from the start, but... yeah.
Only if the people actually responsible get prosecuted; prosecuting the wrong person sneds the message that the people really responsible get away with it - so there is need for some care.
Even prosecuting the wrong people at least encourages whistle blowing. If someone thinks they might be the sacrificial lamb if excrement hits the fan they can protect themselves by being the first to report it to regulators
Genuinely curious; how big is that title? Are they essentially an overall project manager who gives the green light? Do they have the power to tell the executive class "Nope" without getting fired?
Never mind. I saw Buildsjets comment that explains his position.
I think the other approach is to have more corporate whistle blower programs with teeth and upside. In a case like this, lots of people knew everything wasn't on the up and up. But it is hard to get someone to understand something when their job depends on not understanding it (Upton Sinclair). However, if the whistle blower programs came with immediate cash (after initial proof was obtained) with more to come and potentially relocation and identity change, people would be more likely to come forward.
Fighting something like this in court plus media scrutiny will basically ruin someone's life and make them almost unhire-able in their field. Excepting someone to ruin their family's life for the greater good isn't likely. There won't always be a young single ideologue who is willing to move overseas to escape his own government. There are lots of major crime systems where someone is the spouse of the criminal and knows what is going on but how are they going to give up their home and life for their kids while also putting their life at risk for the sake of doing the right thing. People have shown that they will do the right thing if you make it easy enough and safe enough.
I can’t help but feel that this is all by design. Legislators require financing from corporations for re-election, corps don’t want whistleblowers because it risks their bottom line. Therefore legislators don’t improve protections.
Does everything come back to campaign finance reform?
It could be a factor for sure. I don't think campaign finance reform will ever happen but whistle blower could. I've given up hope on the altruistic billionaire to do things the government is reluctant to.
> basically ruin someone's life and make them almost unhire-able in their field.
It will make them almost unhireable everywhere. Even outside their field, they're still a risk. They've now got a very public "troublemaker" label.
The prizes would also have to be pretty large. We're talking "never have to work again" large, because that's a very real possibility, or at least a very real perceived concern.
We're talking people who make a good living. For people not close to retirement, it's probably a multi-million dollar number. At $200k/year, that's $2 million per decade, and not including potential raises. After you pay income taxes on the prize, you probably need it to be close to $10m to break even.
I was assuming they would be even higher. However, look at the economic damage being done by things like the opioid epidemic or the lives lost from these lies inside Boeing. We spend hundreds of billions on boondoggles, it doesn't seem like putting aside $5B per year to make the world better is much of a strain for the US government.
How were they supposed to do that? They'd have had to either review the source code and somehow notice that it had too much control authority over the horizontal stabilizer, or run the flight control system in a simulator that reproduced the failure conditions found in the field. These seem _possible_ but not exactly easy. It'd have been much easier for the Boeing engineers who designed the thing so badly to have had bosses who said "wait...what? No you can't do it like that".
As I understand it, the source is a very careful implementation of a spec, and the FAA should have the spec.
In any case, I strongly doubt that the buck should really stop at this test pilot. Someone higher up surely has some degree of responsibility. The test pilot did not invent MCAS.
> It'd have been much easier for the Boeing engineers who designed the thing so badly to have had bosses who said "wait...what? No you can't do it like that".
Interesting. I never even imagine that happening anymore. I find the reverse so much more plausible: the bosses say to design it like that but the engineers have the backbone to say no (even at the risk of being fired and replaced).
On the one hand, I see where you're coming from. Executives are the ones with the money and power, so they should have the responsibility. They should go to prison when they order misconduct (whether that's negligence, fraud, etc.). This should incentivize them to act conservatively. (Where right now, we reward them largely based on short-term stock performance, and we never punish them, and I think our executives are overwhelmingly sociopaths who pursue short-term stock performance above all else.)
On the other hand, engineers are the ones who throughly understand the issues and have licenses with ethical standards attached. They're going to notice the problem. I believe many already aren't willing to sign off on something they don't believe is safe. With good enough whistleblower protection, they'd be likely to speak up when they see someone else signing off improperly.
FAA could have looked at how the fans were upsized and pushed forward to avoid dragging on the runway, and called for a new type certification. The FAA failed by allowing Boeing to not get a new type certification, which would have required greater scrutiny of the new airframe.
the airframe was fine. the problem was that mcas was implemented in a totally shitty way. If it had just replied on 3 sensors instead of 1, wet likely wouldn't be talking about it now.
No, the airframe was different and didn't handle the same way as the old one. In order to hide that, Boeing implemented in a terribly negligent way MCAS. Had they accepted it's a different one, and had a different type rating, all would have been fine.
The 737 airframe reached a point where it was not compatible anymore with modern engines. When the 737 was designed, engines where a lot smaller, the nwer turbofans simply don't fit under the wings of a 737 anymore, so they had to be moved forward. That changed flight characteristics, Boeing used MCAS to compensate for that. If I remember correctly, on-board systems of 737 had issues with handling a second sensor for MCAS (someone with more knowledge please skim in). So they went with that config, they went, as we see in the messages from the chief tech pilot, to forgo major re-certification and thus decided to hide MCAS true nature and impact from the FAA. Consequently, they also hid it from EASA since FAA and EASA basically trusted each others certifications.
Boeing, if you ask me, committed a cardinal sin in aerospace. They cut corners, ignored redundancy, lied to regulators and as a result directly caused airframe losses killing crew and passengers. And that after decades of efforts to increase safety. All that just to save money and maybe keep market share.
Had they just done all the proper testing and development they did after the aircraft losses upfront none of that would have happened.
And also, the MAX would not exist at all, because the flagship customer (Southwest) had basically said, "If it requires pilot retraining, we won't buy it."
There's plenty of blame to go around, up to and including the society that says it's ok to not pay a living wage to the working class because "infinite downward price pressure is good for consumers" (until they die in a plane crash, that is).
To paraphrase J. K. Galbraith, at any given time there exists an inventory of undiscovered regulatory fraud in the economy, and this inventory is part of the bezzle.[a] In good times regulators are relaxed and trusting, and their approval is easier to obtain. Under these circumstances the rate of regulatory fraud grows, the rate of discovery falls off, and the regulatory bezzle increases rapidly. In bad times all this is reversed. Actions are watched with a narrow, suspicious eye. Regulators assume everyone is dishonest until proven otherwise. Regulatory audits are penetrating and meticulous. Commercial morality is enormously improved. The regulatory bezzle shrinks.
--
[a] The term "bezzle" was proposed by J. K. Galbraith in The Great Crash of 1929: "To the economist embezzlement is the most interesting of crimes. Alone among the various forms of larceny it has a time parameter. Weeks, months or years may elapse between the commission of the crime and its discovery. (This is a period, incidentally, when the embezzler has his gain and the man who has been embezzled, oddly enough, feels no loss. There is a net increase in psychic wealth.) At any given time there exists an inventory of undiscovered embezzlement in – or more precisely not in – the country’s business and banks. This inventory – it should perhaps be called the bezzle – amounts at any moment to many millions of dollars. It also varies in size with the business cycle. In good times people are relaxed, trusting, and money is plentiful. But even though money is plentiful, there are always many people who need more. Under these circumstances the rate of embezzlement grows, the rate of discovery falls off, and the bezzle increases rapidly. In depression all this is reversed. Money is watched with a narrow, suspicious eye. The man who handles it is assumed to be dishonest until he proves himself otherwise. Audits are penetrating and meticulous. Commercial morality is enormously improved. The bezzle shrinks." (https://www.goodreads.com/work/quotes/1466583-the-great-cras...)
At some point, auditors have to trust some things that their subjects are saying. If the auditor has to re-evaluate every piece of information, they will end up re-doing the subjects' jobs.
There's a bit of backstory here where things the auditors used to verify first hand devolved into from-a-distance. And too friendly a relationship with the businesses they were auditing.
And that's how we got the VAG emissions scandal. Instead of trusting computer outputs, we could have done tried and true dyno tests and the entire thing would have been avoided.
The defeat devices were designed to detect dyno conditions and reduce emissions, it wasn't a case of a regulator trusting a computer output. They were uncovered by doing road tests.
Most regulators don’t verify much, (the SEC almost never actually looks at bank account balances,) they just look for inconsistencies in the information they receive.
The SEC isn’t regulating banks generally so bank account balances shouldn’t matter much - they are regulating security markets no?
So looking at discrepancies between data from market participants IS verifying and regulating.
Same as if the FDA looked at raw study data and compared it to equivalent studies for similar types of drugs/treatments, or the FAA had an engineer on staff to double check elements of a new design from a major manufacturer for plausibility
True, though with the way GAAP and accrual accounting works (generally cash balances are only tangential to income, expenses, or even assets once you get past small to medium businesses), and the scale and number of accounts most businesses have, that’s a lot of work for a very muddied view of what is likely happening outside of some specific circumstances like a depository, clearing house, or the like.
That I somewhat like counting the number of bolts ordered and delivered by Boeing to ensure they are staying compliant with building their airframes.
If they never order any, or there aren’t many arriving where you expect, is that a problem? Sure, though it’s probably a subcontractor ordering them, or they haven’t bought any when you were looking because they have a large stockpile, or whatever.
At the end of the day this is what you want, though: people need to realize that they are going to be held personally responsible if they're involved in pencilwhipping the FAA approval process, and tell their boss they're not going to jail so that Boeing can make another 1% profit this year.
I'm not saying it's just the test pilot who lied, or held sole responsibility, but yeah, he was a member of a criminal enterprise that resulted in people's deaths.
I like the result. Too many people hide behind “I was just doing my job and helping the company.” At some point you have to make a personal stand to not harm humanity. And programmers reading this, that era is definitely upon us.
When we see programmers charged who implemented the twisted evil shit Facebook or whoever ordered them to, we will be making some progress on fixing the problem.
and in particular, it appears this guy was actively talking about how to deceive the FAA and avoid attention, so yeah... fuck him, this isn't a random fall guy, this is a chief test pilot who was in on the plan.
again, by all means, this should not be the only prosecution here, and if they can flip him on the rest of his conspirators then he should get a reduced sentence, that's the standard RICO playbook. But prosecution is the lever you use to flip the ones you catch on the rest of their conspirators, and this guy very clearly was a willful participant in this criminal enterprise.
(obviously the jury gets to decide that, but this isn't a courtroom, and barring some gross miscarriage of justice, the quotes they're presenting sound pretty damning)
It isn't one or the other! This guy could have committed fraud and been effectively abetted by a regulatory body that lacks the resources, incentives, or power to actually regulate.
Well the FAA discovered the pilot lied and now the pilot is in serious ** with his career and reputation destroyed: I'm assuming he is looking at possible jail time (not a lawyer).
I'd say this is a serious deterrent to pilots contemplating similar action in the future but I don't think the problem was with the FAA or this pilot. The real problem was the senior management at Boeing who made the conscious decision to put profits ahead of safety. Thus they were directly responsible for creating a culture of short cuts and cheating which lead to the ending of several hundred lives.
This is the reality of most certification processes. There is no government agency that has the knowledge to evaluate planes on a technical level. So what they do is ensuring engineering care and diligence, clear responsibilities and paper trails in a way that risk is minimized and failures can quickly be located and corrected.
At least that is how it is done for medical appliances, I assume FDA and FAA work similarly. But government just doesn't have the extra engineers to technically evaluate every part of a new plane. That would induce massive costs and the manpower simply doesn't exist.
But if companies don't use due diligence to ensure safety, these agencies have the power to penalize you heavily, so you have to comply anyway. Sadly there is also a political component so agencies sometimes have to work against pressure from politicians that don't want to damage domestic brands.
I believe this case was a clear management error for that matter but the FDA probably has more info.
There is such thing as too much regulation. If they had more funding, that would lower industrial output simply by sucking engineers away from productive activity. That’s even if it doesn’t negatively affect aviation with too much regulation.
The principle here should be the same as the principle of proper auditing.
Take the population of x , then sample y and if the sample passes the tests then you have z degree of confidence of projecting the results of the sample over the entire population.
Its not hard. Its only that bureaucrats are generally not hired for the industry knowledge but instead career paper pushers and ticking boxes on their way up, instead of, you know, getting dirty with actual work
Given that the engines were moved forward changing the Centre of Mass I would expect an Aerospace Engineer to be aware and concerned that this is an issue that would require an automated intervention to correct for that, and that would need to be extremely robust.
In hindsight that’s easy for me to say, and the FAA had gone to relying on Boeing engineers, but as mentioned if there was huge pressure for Boeing to compete things could get overlooked.
> The whole point of independent regulation is to not allow obvious conflicts of interest to harm the public.
Like all centralized systems, easy to hack over time. A better system would be decentralized regulatory bodies that check on each other's conclusions instead of a monolithic one.
At this stage you absolutely should not trust any regulatory body, FDA included. (The FDA never replicates any trial for example)
At some level, you have to trust the information you get.
There is also good reason to trust it, especially when it comes from a large company such as Boeing: it is stupid for such an organization to lie to you, because it risks its existence for the rather small payoff of avoiding delays for a single model.
It’s even worse for individual employees at the company: they risk jail time and aren’t even the direct beneficiary.
Government regulation makes sense when there are externalities, for example a polluting factory that harms society but not the company. Airplane manufacturers, however, can self-regulate. If their planes are unsafe they will be bankrupted by the lawsuits of families of dead passengers, and airlines will not buy their planes.
> ...a warning to everyone that that method of regulation is not acceptable.
What part of the situation here is unacceptable? There were, I believe, 2 crashes. We accept more than that with most modes of transport. It isn't obvious that tightening the regulatory process is a net win.
Nailed for being the only guy stupid enough to write instant messages bragging about misleading the FAA.
As a longtime corporate grunt, I can guess exactly how management leaned on him. He should have left and let the scumbags find another patsy to do their dirty work.
It reminds me of Lenin signing lists of people to be executed and when asked later about it, saying that his signature was just to show he had read the list not to approve of executions.
I do not know if these discussions happened in WA, but WA had one party consent audio recording laws instead of all party consent, then executives would be more wary of instructing underlings to do something illegal.
Unless your corporate retention policy is only 6 months. I setup an archive to keep important emails around only to find out our retention policy had been applied to it.
Once an org gets burned by discovery in a lawsuit they go to great lengths to ensure it will never happen again.
Not sure about your healthcare, but the healthcare company I work for is full of ex-aviation engineers who are happy to comply with our regulatory requirements.
As long as they don’t see who
is printing out their emails, still possible to CYA - but
it does draw a giant target on ones back if you’re obvious about it.
In a broad sense, not specifically related to not retaining data as a legal protection, institutional memory is somewhat overrated because of how much low-value content is retained and how it was a snapshot of how a different world was understood.
Many of those juicy emails are from before the past few years' wave of tech lawsuits.
At least at the entry level, I think a lot of the "don't say the word 'competition'" training started as a reaction to relatively recent legal tangles - it wouldn't be surprising if people at the senior level also have gotten more careful about how they communicate.
Internal Boeing e-mails between various Chief Technical Pilots and other Boeing staff are available at [1]. It shows that there was an overarching requirement for the program to to ensure that 737 pilots could fly the 737 MAX with minimal "Level B" training (e.g. no need for hours of simulator training).
Per [2], MCAS was poorly designed and exhibited a failure mode (e.g. AOA sensor failure) that required immediate pilot action to avert disaster. For pilots that were aware of the MCAS failure mode and how to respond, simulation showed they could respond and avert disaster within typically 4 seconds. A delay of 10 seconds from a pilot to respond correctly to the failure event would be catastrophic.
A Boeing staffer wrote to the Chief Technical Pilot now indicted[^][1] regarding the pilot action required in those critical few seconds:
"I fear that skill is not very intuitive any more with the younger pilots and those who have become too reliant on automation"
The Chief Technical Pilot now indicted[^] responds:
"This is the path with least risk to Level B. We need to sell this as very intuitive basic pilot skill".
Boeing it appears then opted for updating Non-Normal Checklists (NNCs) for pilots instead of:
* Fixing the MCAS flaw to remove the failure mode altogether
* Ensuring pilots were trained to handle an MCAS failure in a simulator
* Otherwise ensuring that pilots were aware of the non-intuitive nature of MCAS and the particular failure mode requiring immediate <10sec response from pilots
If the failure mode with MCAS did occur, pilots didn't even have 10 seconds to find the NNC and go through the checklist steps before catastrophe was set to occur. They were not aware of MCAS being present on the aircraft and per the Boeing staffer raising the concern, "that skill is not very intuitive" in relation to acting on the failure mode should it have occurred.
Sincere cooperation has value and is weighted by authorities, regardless of where it does or does not lead. Years served are based on such factors.
Also, there are the civil suits. Standards of evidence are generally lower and a credible and cooperative peon has value to plaintiffs as they pursue the big targets.
No one is going to give immunity or spare someone from prosecution if that have that person nailed hardcore, and the only evidence they have against the ‘mastermind’ is he said/she said that isn’t going to go anywhere in court.
This guy’s name popped up in the Seattle Times article from almost Day 1 of the MCAS debacle. IIRC he left Boeing and went to Southwest, and proceeded to lie to them about the Max. To the extent there was a single person concealing information, it was him.
I guess him leaving explains why he's the only one to get the blame. Had he remained in the company, he could have blackmailed his way out, by threatening to bring down the whole club. By leaving, he painted a huge target on his back.
Unless he flips on management there’s not much for the government to go on. And then you’re asking a jury to believe the words of someone already alleged to be dishonest.
some C-level staff eventually has to take some responsibility
That may be optimistic. Off the top of my head I can't remember any c-level execs of such a massive corporation having criminal charges brought against them. (except maybe for some type of tax/securities fraud) There's probably... some? My knowledge of the area certainly isn't comprehensive.
Ken Lay (Chairman, CEO) had a heart attack and died, not suicide. Jeffrey Skilling (CEO) was initially sentenced to 24 years, later reduced to 14, served 12. Andrew Fastow (CFO) was sentenced to 6 years, served 5.
"Chief Technical Pilot" is not a role listed amongst the dozens of executive council roles and vice president roles at Boeing[1].
What about the following executive roles listed at [1]:
* Chief Aerospace Safety Officer
* Chief Compliance Officer
* Chief Engineer
* Vice President, Total Quality, Boeing Commercial Airplanes
* Vice President and Chief Engineer, Boeing Commercial Airplanes
* Vice President, Manufacturing and Safety
Are there more indictments on the way? It doesn't sound plausible that a "Chief Technical Pilot" at Boeing should be ultimately responsible for signing off engineering designs for MCAS, signing off on the System Safety Analysis for MCAS, signing off on manuals to be provided to pilots that omitted MCAS, signing off on training materials that omitted MCAS, ensuring quality assurance across all of the above, signing off on verification and validation of MCAS, etc. There is a large team of people signing off on these processes and documents. Per [2], "The chief pilot is among the leaders who must concur that an airplane is flightworthy before the company proceeds with a flight."
If I'm wrong and the chief pilot for an aircraft class is indeed ultimately responsible for its design, engineering, testing, training, certification and everything else, why is this situation possible? Is there no independent quality assurance and auditing?
The Chief Project Engineer is the person who is ultimately responsible for the design, engineering, testing, setting training requirements, certification, and everything else. The CPE for the 737 MAX was Michael Teal. There’s only room for one signature on the FAA application for an ammended type certificate, and it was his.
Forkner was not the Chief Pilot. He was the the Chief Technical Pilot, who is the person responsible for developing new training information for changed systems, getting it certified by the FAA, and coordinating with airlines to deploy it to their pilots. Therefore Forkner was responsible for:
Signing off on manuals to be provided to pilots that omitted MCAS.
Signing off on training materials that omitted MCAS.
Signing on on the verification and validation that MCAS was correctly represented in the flight simulators.
The Boeing program wanted Level B training only[1] which excludes flight simulator training, hence Forkner was trying to achieve that requirement by avoiding the need for pilots to undergo simulator training.
Even if you were to remove Forkner entirely from the decision making process, pilots would have been asked to fly an aircraft with a 'catastrophic' hazard only reduced to 'hazardous' by training pilots to respond to a very rare event within ~4 seconds of a failure event that the pilots weren't even notified of because the AoA sensor disagreement warning feature was an optional paid addon[2]. If a pilot were to take 10 seconds to respond... too late, the aircraft would likely have been lost[3].
Even with the best training in the world, is it reasonable to just expect pilots, within seconds, to be able to work around 100's of crap engineering and human machine interaction design decisions? As [3] notes, the lack of consideration of the pilot (as a human not a robot or computer) in the engineering design of the aircraft is glaring. Corporate Boeing wanted an aircraft that pilots didn't need to be retrained in, and thanks to unrealistic schedule expectations, they seemingly also didn't want to spend the time needed to remove all the HMI pain points that are inflicted on pilots.
It's really fascinating how the first thread barely has any mentions of technical difficulty, while in the second thread nearly no one blames the pilots anymore. Benefit of hindsight, really.
Still, it's important to remember that Boeing and the FDA dragged their feet for ages before grounding the plane after the second crash. So that's at least part of why they get so much flac in the second thread.
It is important to note that Boeing settled for 2.5 billion in which it is agreed that "...the misconduct by its former employees was “neither pervasive across the organization, nor undertaken by a large number of employees, nor facilitated by senior management".
(https://www.wsj.com/articles/boeing-reaches-2-5-billion-sett...).
So remember, when push comes to shove, the technical lead always gets thrown to the wolves while management goes "we don't know about that technical stuff".
Not to detract in any way from what he is culpable for.
It's possible this is the initial charge to get them in the door with search warrants and subpoenas and testimony because someone dropped a dime with some info that there were criminal acts not know to the government at the time, not covered by the settlement. I doubt the settlement was a "you're pardoned for ALL acts related to 737 MAX."
A refresher since this happened so long ago:
Airbus was eating Boeing's 737 sales for lunch. Boeing management wanted to put better engines on the plane to get those sales back. But the better engines were bigger, and that meant they couldn't just swap them out and call it a day. So they moved the engine position. Well, when you move heavy shit around on a plane that also happens to be the thing generating thrust, you change a lot of stuff about the plane - its center of gravity, how the plane behaves when that thrust is applied (think torque steer but for planes) and aerodynamics.
The plane became aerodynamically unstable in certain conditions. Hence the need to add fly-by-wire systems and sensors. Except...they also cheaped out on both the number of sensors and even the frigging lightbulbs to warn pilots of sensor error.
The shit Boeing has gotten away with over the years boggles the mind. At one point the NSA got caught doing industrial espionage against Airbus for them!
> Except...they also cheaped out on both the number of sensors and even the frigging lightbulbs to warn pilots of sensor error.
I believe that the issue was more tragic than that (no expert)...
They wanted to 'hide' the fly by wire (FBW) as for it to be apparent would require that the plane (effectively) be re-classified as a new plane, requiring expensive up-skilling of the pilots. The existence of the new FBW was even hidden from the manual!
The FBW required information from the pitot tubes in order for it to know how fast the plane was flying. Planes have two such tubes, one for backup as they are prone to blockage. Normal practice would be to poll both tubes, and if their reading disagreed the pilot would be notified and assume blockage in one of the tubes.
However, they could not do this as a pitot tube warning would reveal the existence of the FBW to the pilot, who would not have been aware of its existence. Hence they relied on one pitot tube input and (of course) no warning lights.
This must have been a calculated risk on their behalf. They must have known that sooner or later it would fail.
The warning light shows a disagreement between the two AOA sensors, not the pitot tubes used for airspeed measurement (of which there are three on the 737).
They didn't cheap out on lights. They didn't want to add a light to the cockpit because changing anything meant pilots would have to be trained on it. Airlines, specifically American, didn't want to incur the cost of training of a new plane that could compete with Airbus. So to get the sales Boeing promised a million dollar kickback per 737 MAX sold if American 737 pilots had to get training to fly it. The cockpit had to remain the same in every way to avoid it.
It's not unstable, stop repeating this falsehood. It does behave differently when high trust is applied, pitching up much more, and MCAS was introduced to counter/hide that. Earlier models did pitch up as well, all planes with engines under low wings do, and pilots or automatic systems have to deal with it.
This is not an issue of instability. The plane will remain at a level pitch/roll at a given thrust with the appropriate elevator trimming. An unstable plane would require constant input changes.
Fly by wire isn’t really the right term here. Fly by wire means that control inputs are transmitted to actuators via an electrical signal (rather than by a hydraulic or mechanical connection). As far as I know, the 737 MAX retains conventional primary flight controls. Lots of airliners with conventional flight controls also have various forms of artificial stability that modify pilot inputs (such as yaw dampers).
The trim can be controlled by an electrical motor in the 737, and the MCAS system in question here controls that motor, so you could argue its part of a FBW system (but I guess normally you refer to the main flight surfaces which are not FBW in the 737 like you say).
Ah yes, that is a fair point. However, in that case we are not talking about 'adding' a new FBW control system, as the system was already in place on previous models.
I was thinking this too. Seems to be a pattern since Volkswagen scandal; blame the rank and file employee... As if the employee had any incentive at all to lie about the performance of the plane. This is disgusting. The directors who pressured the employee to lie and then tried to use them as a scapegoat should be jailed for life.
I also thought of VW in this context. The idea that the managers only set policy and it's up to the engineers to figure it out, lesving management with "plausible deniability".
That might have played a role. Plus Boeing, as part of duopoly on commercial aircraft, seems to be a lot more important than a simple, regardless of size, car maker.
I took a gig at a hospital. They got an MBA Karen with 3 years of experience. She learned the very basics of IT, then started micromanaging. As in, she'd tell you what switches to put on CLI commands. If you said that's wrong, or would cause data corruption - you're not a team player. The entire team of 18 people were not team players - the team consisted of her alone.
One time, she told me to do something very dangerous during a data migration. Not a best practice, and a big no-no. I'm seeing open files randomly spread across about 50 NAS shares which should according to her be offline - retired apps. It would take time to identify those, notify people, etc. She has deadlines to meet. You see, this migration that's been put off time and again for 2 years, needs to be finished in about a month, because when she was hired, she made that promise to her boss - without knowing anything about the apps, how much data, what users, etc.
I talked to her over chat, saved the chat, warned her about all the dangers and was told to proceed. It brought down a clinic, resulted in some data loss, and affected patients.
Next migration batch, she asks me to do it again. With a phone call. I ask for it in writing, she refuses. I added the phone call notes to the servicenow change control ticket, put risk as high, and said I need a note in the ticket from her telling me to proceed despite risk.
A week later I'm on suspension for disobeying my manager. HR tells me they will be getting in touch with me to get the details of what happened. I enjoy my paid week off while HR investigates the complaint - they need a full week because they review so much. at 4pm, the day before the week is over, the HR rep calls me and asks be about what happened. At 9am the next day I'm fired.
I file for unemployment and get a corp to corp contract to a company I'm part owner in (contract to the company, not to me). They dispute it, saying I was fired for my attitude, and was written up many times. Both false - I turn over the details - saved chats, emails, a phone call I recorded, etc to the UI officer. The next day my unemployment is approved, and I'm collecting unemployment weekly, while collecting dividends from the company I own for its c2c contract. I do however reply to one email per day from an indian recruiter - I pick ones with names I can't pronounce. They do the needful and submit me to one position per day with "their client." Why only indian recruiters? Because they are a minority and I don't discriminate.
This is a Boeing engineer being thrown under the bus by management. Here's what needs to happen: the engineer is guilty. I was guilty too when the first time I ran the destructive script, despite being told to do that in writing. The engineer is like a nazi soldier. Both the soldier, and his boss, and anyone up the chain who approved or pushed for this, need to be on the receiving side of that courtroom.
I'm puzzled by the do not discriminate bit, doesn't that mean you do discriminate by only choosing the names you can't pronounce?
Minutae aside, as a European I'm shocked and appalled at that process, but surely an employment tribunal would have been the next step? Seems open and shut if you have the details to hand and everything evidenced properly. That said I'm sure you probably didn't want to be there from that point
I only took the gig so I could get the vaccine as soon as it came out. It was a huge pay cut, and a very easy job. Why fight to stay and keep working somewhere you don't want to be, when instead you could get an extra 3k/month on unemployment?
Corporations are a useful thing, and are commonly used stateside to do shady things - like getting paid by a customer, but not officially working. Like collect unemployment, while collecting dividends for a contract your company has with a customer. What you have to do is keep applying for jobs. Most of the spam my linkedin gets is from indian recruiters. There is zero chance one of them can get you a job in the states. The ones that can will all have a name you can pronounce.
It is possible to get a payout for wrongful termination. This will count against your unemployment claim. It will cost (as the estimates in my case were) 10-20k for the attorney. I will likely have to go to court/arbitration, and it takes lots and lots of time and stress. As someone who is a company owner, I spend about 50 hours/week on owning my company (not working for my company). I can get a max of about 20-25k for the wrongful termination... It's just not the right way to go.
As a sidebar, I've worked and lived in France, Catalonia, Russia, and Japan - while living in those countries. I am in fact originally from Europe, but came stateside at a young age. Outside of Russia, the US has the crappiest "process" as you call it. It's a country where that process was put in place by corporations, to result exactly in this: the process is just not worth it.
The "do not discriminate bit" was sarcasm. We have this thing in this great country, where the people who do the most discriminating are the ones who complain most about being discriminated against. What to do if you're a criminal or a bully? Claim you're a victim. I won't go into that, because by this country's standards, I'm going to be flagged as a racist.
I was paid much less than my salary when I was unemployed. I made more per week from the salary than I did per month on unemployment. I assume you mean more than someone else you know who had UI. The benefit amount depends on your salary. UI is insurance paid by the company that fired you - in essence the company that fired you pays your unemployment (by paying for the insurance for their employees). The more people the lay off or fire w/o cause, the more their insurance premium. In addition, there was an extra benefit paid by the federal government due to the pandemic (unemployment is usually a state benefit).
So the way to both stick it to the asshole ex-employer and make extra cash, is to double-dip. Get paid unemployment, while getting other income. If you own a company, you don't have to be employed by your company - you can just be an owner - like when you buy Apple stock. You can then pay yourself dividends instead of salary, and bam - you're still unemployed, while getting the same amount as your salary, and unemployment. You do have to keep looking for work, daily though. Which I did do. So, think of it as a legal loophole to screw the guy who fired you and make money off him.
“They do the needful” is Indian English. There is more going with the guy, considering the way he makes sure we know the incompetent person was a woman etc.
"Do the needful" was a Britishism originally; Indians got it from the British. Somewhere along the line the British stopped using it but Indians continued.
I see. So me using "she" and "he" when I talk about people is me making sure you know I'm talking about a woman.
Welcome to the English language. We don't type extra text like "he/she" every time for zero reason. It's not a conspiracy theory - it's how people talk. Quite a conspiracy theory you got there buddy. You must think the entire world has "something more going on" since the entire world uses "she" or "he" while speaking. Or, perhaps you lack practice speaking to people? Tell me, when the basement gets very cold in the winter, do you venture upstairs with all that sunlight, or do you use a little space heater for your feet?
Depending on country/state you could possibly sue for wrongful termination. In addition, you could send your story to media or contact someone higher in the food chain of the company.
So as to not discourage people - right to work does not prevent you from going after a company that mistreated you in a civil lawsuit. If they ask you to do something unreasonable that was not in the job description, you can sue them for things like lost wages while you look for a new job, any relocation expenses to the new job, and to a harder extent emotional suffering an punitive damages.
Let me give a clearer example. Your boss tells you "shoot that old lady or you're fired." you refuse, he fires you. You can sue him, you will win, it has nothing to do with right to work or not. In my case it was asking me things to endanger patients, and refusing to put the request in writing so there's a record of it.
The issue with that is it's a civil suit, in court, and your law firm is now fighting a huge corporation for the amount equivalent to a couple of months' salary. It's not worth it in most cases, and they know that. But if you want to break even, and the huge amount of time and added stress of the lawsuit is worth revenge - not cash - absolutely do it, and punish those assholes. Except they're not really punished. The payout disappears in a database and becomes a rounding error somewhere, and the management responsible never gets punished. They don't have the stress and time waste of the lawsuit - there are zero consequences to them, and it's yet more loss to you.
Unless you're willing to find a lawyer who'll just take part of the settlement if you win and guarantee you it won't take up a lot of your time. I contacted a bunch of attorneys, and that was a no-go. Contrary to popular belief, getting the guilty party to pay the attorney bills of the winner almost never happens in real life. Even if you get awarded those costs (doubtful) - they will simply refuse to pay. You can then show up and take their office furniture and put it on ebay.
I reported them to OSHA and to the state health authority. This was a while ago. I got reminded of it today and posted the story because I had a call this week asking me to send in written testimony in addition to the form I filled out.
Wrongful termination is a no-go. I talked to a literal slew of lawyers. The amount I'd be looking to recover would be probably the cost of court. Also chump change compared to my overall income, so not worth my time.
Now, as far as media - no one died, no one was greatly impacted - probably not very interesting, and very technical. There was an outage for a day, records of a couple of hours of data (5-10 patient visits) was lost.
Now, as far a "higher up the food chain" - I got a rant here about my 20+ years of experience in corporate america. The guy up the food chain took a chance (saved money on salaries) by hiring a manager of an 18 person team, who has literally had 3 years of work experience. That was a bad decision. He (my boss's boss) doesn't want his boss, (my boss's boss's boss), to see this bad decision. So he's going to protect her until someone dies and he throws her under the bus. This is just a fact of life.
I've been at several hospitals over many years. All the IT people care greatly about patient care. The management is willing to have deaths on their hand to shave a day off a project. Management at hospitals are people who shouldn't be allowed near medical care. The higher up the chain you go, the closer you get to the money, the closer you get to the purpose of the hospital: pretend you're losing money while underpaying and overworking staff, and scamming sick people.
Think about it: you are a supplier. Your demand curve is inelastic. Your customers don't know the price before they buy. Now, what kind of people is this type of corporation going to attract? The worst of the worst.
I’ve worked in healthcareIT and the biggest diagnostics firm and yes: the more they speak about meaningful job and patient first the bigger the facade that in reality it is about their money and their career.
I would be curious to know from your learnings where you think engineers/product people should head to be fullfilled in such environments as I am starting to be clueless. Thanks
You have two options in my opinion. Your healthcare experience is worth a lot. The most money is if you jump on the bandwagon (for example go work for EPIC, or go into management at a hospital). If you need to look yourself in the mirror while you shave (to avoid cuts), my solution is to be the vendor.
You can do delivery for stuff medical companies buy (delivery/residencies/support) and your experience on the customer side will add big bucks to the salary the vendor pays you. Hospitals use AIX, they run EPIC on it. IBM will pay you more if you can go to hospitals that buy from them and help them set up AIX for EPIC. If you do storage like I do, those hospitals buy EMC/IBM storage, and medical applications need specific layout, path and disk group separation, etc - if you know those, EMC/IBM will pay you more. Your "customer" at this point is the IT staff at the hospital, and they're good guys and a pleasure to work with.
If you want even more money, again go for a vendor or a VAR, but do presales engineering. One downside to that, those toxic unethical managers are now your customer. But they'll pay you a lot, and you won't be asked to attempt killing people with a script by making an xray disappear from a display during surgery.
Both options are good, I've done and do both. If you work for a VAR instead of a vendor, you get the same salary as the vendor, but you also get spiffs from the vendor. I average about $5k/month in spiffs when I do presales engineering. But you feel a bit like a used car salesman - the spiffs are bigger when you sell what the vendor is pushing instead of the best solution.
So in short - all depends on how "straight-edge" you are, and how comfortable you are being around bs. the worse the smell, the more cash in your pocket unfortunately. I personally have screwed large corporations out of millions to end up with tens of thousands extra in my pocket. And that's something I don't like, but am comfortable with - as opposed to damaging individual people. If you are completely ethical, more power to you. Go work for VMware or Nasuni or something on the delivery side, tell them you know a bunch of medical applications, and they'll pay you more.
As ballpark, the current ceilings from my personal experience (storage), the total income including bonus and spiffs are: 150k delivery engineer for a vendor, 140k delivery engineer for a VAR, 180k vendor presales engineer, 200-250k pse at a VAR (because of spiffs). In cali or nyc, add about 10% to those. personal fulfillment is on the delivery side, monetary is in presales.
How unfortunate the certification process for a safety-critical system simply has to be designed such that one bad actor can cause so much damage. And I'm sure he was motivated purely by spite for the FAA and potential 737 MAX passengers - not at all by management that prioritizes speed and cost reduction above all else. What a terrible, very bad individual.
Oh well. At least we know that nobody else at all in Boeing was responsible in the slightest. Everyone else involved with the program were probably angels and this one bad bad man pulled the wool over their eyes. So sad. At least they caught the only bad man before he could strike again. Did I mention he's solely responsible for this whole thing yet?
It really was unfortunate, but these things just happen you know? I guess we just better cross our fingers and hope real hard that it doesn't happen again. There's nothing more to learn from this.
Rather than acknowledge and address the massive issues caused by instances of regulatory capture, such as this, or realizing the dangers that result from systemic issues with Boeing's incentive structure for management, facilitated by regulatory capture, the Federal Government and Boeing execs are just gonna scapegoat this guy. Nice.
He was still incredibly stupid and made horrible choices, but the environment he was in only facilitates and encourages behavior like this.
Always seems like some person in the middle of these companies and regulators that always gets hit and not someone deeper in the companies or regulators. Not denying or affirming this person’s role, but it seems to be a pattern, whether it’s financial institutions, corporations, defense contractors, etc. and their associated regulatory bodies.
Very dissatisfactory result - the buck should not have stopped with only him. This failure was on multiple people, from both Boeing and the FAA. The FAA was grossly negligent and has proven itself unreliable by this whole debacle. A national embarrassment.
At the end of the day we need some dummy to be hanged at the town square. So we can all lie to ourselves justice was served and everything works as should.
There are entire generations of people inside that company that should at least sit their asses in court.
This is so much bigger than just a rogue guy. So basically this is saying that the FAA just makes judgement and decisions based on documents and information coming from a chief pilot, without verifying or inspecting the codebase. This whole FAA process is flawed to the core.
Unfortunately it looks like this is really a fall guy with no mention of where the instruction to hide this information came from.
On the other hand, according to his Linkedin Mark Forkner worked for the FAA before moving to Boeing to become the chief technical pilot, so he should have been well aware of the stakes when he hid information.
It's likely he thought FAA self certification [1] would allow Boeing to skate by, which is probably accurate if the planes hadn't fallen out of the sky.
Which is generally why in other areas a corporation may have its own verification/validation processes, but bring in a 3rd party to audit them. It's a common accounting process.
Although, as we saw with Arthur Anderson, that 3rd party isn't always so neutral. And, by virtue of getting paid by the company, may deliver the results wanted instead of the results that are accurate.
This is the C suite guy getting the charges levied on him with pretty solid evidence against him. if he wants to avoid long term jail they will use him to cut a deal to get more information to find out if any of the few people that are above him ordered him to do it.
I think it's worse than picking cost over safety. What Boeing did was knowingly push a bad position. They knew they were in the hole with the pilot training for the Max, they knew they had screwed up. Regardless of that, they kept pushing the line that it wasn't their fault right up until that became untenable. The issue here is a corporate culture that ignored red flags, that played games with the regulator and decided that they would gamble peoples lives and the entire company reputation (including all their employees) on a cost cutting, corrupt means of beating Airbus. The entire c-suite should be headed for orange jumpsuit land.
The CEO at the time, Martin Winterkor, and at least six other executives were indicted. Some of the executives were jailed but still not the CEO (I can find mentions of prosecutors discussing the sentence but no mention of him actually starting serving it).
But I have muche less hope in the capacity of the US to seriously incriminate its poster child.
The CEO Martin Winterkorn is German and Germany doesn't extradite their citizens outside the EU so nothing will happen there. According to Wikipedia, he was also charged in Germany but looks like he will walk free from most charges.
> Steve Jobs told employees a short story when they were promoted to vice president at Apple. Jobs would tell the VP that if the garbage in his office was not being emptied, Jobs would naturally demand an explanation from the janitor. "Well, the lock on the door was changed,' the janitor could reasonably respond. "And I couldn't get a key."
> The janitor's response is reasonable. It's an understandable excuse. The janitor can't do his job without a key. As a janitor, he's allowed to have excuses.
> "When you're the janitor, reasons matter," Jobs told his newly-minted VPs. "Somewhere between the janitor and the CEO, reasons stop mattering."
> "In other words," (Jobs continued,) "when the employee becomes a vice president, he or she must vacate all excuses for failure. A vice president is responsible for any mistakes that happen, and it doesn't matter what you say."
This makes a lot of sense. When you are high enough you are so far away from the trenches that the only responsibilities are: 1) Making decisions and 2) Taking blames for whatever reason. That's why you get the big bucks.
Extrapolated from that, I kinda understand why many senior employees do NOT want to climb the pole but instead staying closer to the trenches.
It means don't throw your people under the bus by blaming them and when something goes wrong take responsibility. When it goes wrong at the VP level it means an organizational failure and/or your failure to understand what your org was doing or your failure to train/hire good subordinates who could handle the details for you.
Boeing were idiots selling this new model into the markets they did right out the gate. It was greed and bit them hard.
Poor maintenance. Pilot skills in hand flying and unusual flying and recovery so different (overseas they don't always come through a normal US style GA background).
If they would have looked more closely at the US, they would have found that this system was triggered (and resolved) I suspect pretty frequently by US pilots - ie, the pilots in the loop compensated for the design weaknesses which was the boeing thinking historically. US pilots have played that role on many planes, usually mfg then fixes the issues as well.
If they are going to continue to sell internationally in the markets they want to they actually need to think about doing more automation and flight protection stuff - more computers - not less.
This may never have been the major issue it became if they had focused on a major carrier like Southwest (very experienced crews).
The whole MCAS thing was garbage, interesting they are pinning it on this guy. He does say internally he lied to FAA (unknowingly) as they weren't fully familiar with MCAS modes and edge
Edit: Appears I was wrong - good maintenance in US seems to have been key saving thing.
"Following the recent events in Indonesia and Ethiopia, U.S. flight data was analyzed to understand whether indicators may have existed that could have been addressed, and potentially preempted the accidents. The data showed zero incidents of runaway trim on Boeing 737 MAX 8 aircraft in the U.S. system,” says the report from the special committee.
The flight previous to the LA crash also experienced the MCAS malfunction. You don't hear about that one because the crew used the electric trim switches to return trim to normal, then turned off the stab trim system with the cutoff switches.
Then, they continued the flight and landed normally.
The next flight on the same airplane is the one that crashed. The crew restored normal trim with the electric trim switches 25 times, but never shut off the trim system.
The EA crew also restored normal trim with the trim switches, but then turned off the trim when the stabilizer was too far nose down. This is contrary to the instructions in the Boeing Emergency Airworthiness Directive distributed to all MAX pilots.
This does not absolve Boeing's role in not doing a proper failure analysis of the MCAS system.
But contrary to what Frontline said "the pilots did everything right" it was recoverable if the instructions for runaway trim were followed.
The Ethiopian Airlines pilots followed the EAD to the letter.
First, they attempted to adjust trim using electric stabilizer trim, and then upon realizing that the they were experiencing an uncommanded nose down stabilizer trim, they followed the runaway stabilizer procedure - namely, stab trim cutout and trim wheel grasp and hold. Afterwards, they attempted to adjust the stabilizer manually.
There is a note in the EAD that electric stabilizer trim can be used to neutralize the stabilizers before doing a stab trim cutout, but crucially Boeing did not instruct pilots to make sure to neutralize trim first using electric trim before doing the stab trim cutout.
ERROR: Literally the first paragraph of the EAD is about controlling airspeed. [Edit: This is not correct]
They hit 700(!!) MPH. They literally commanded full take off power to accelerate the plane into the ground. You can add power if your pitch is high to arrest a sink rate (ie, during landing), but if you are pitched down, you pull power.
There is also a 300 second limit on T/O power - I'd be interested if they exceeded that as well.
The maintenance on this plane was terrible.
This was not a situation where folks involved "did everything right".
For those not familiar, approx 3 minutes after they did a stab trim cutout they put stab trim back to normal. That's never been in any guidance for EAD or runaway.
The 4th activation of MCAS moved trim down (to 1 unit, should have probably been at 4.3 - 5.x or so). That probably doomed them.
"Disengage autopilot and control airplane pitch attitude with control column and main electric trim as required. If relaxing the column causes the trim to move, set stabilizer trim switches to CUTOUT. If runaway continues, hold the stabilizer trim wheel against rotation and trim the airplane manually."
The entire EAD must be read, not the first paragraph. Including the digressions (your phrase). It's only two pages.
I am not a pilot. But I am an aerospace engineer who worked on critical flight detail designs. You've likely flown on my work. My father was a pilot for the AF for 20 years. You don't get to be an old pilot if you don't pay attention 100% to the instructions and training. Flying isn't like driving a car. Humans are not natural flyers. You rarely get a second chance if you make a mistake flying.
Maybe 90% of flight training is dealing with emergencies. If you're not dedicated to doing it right, and doing it 100%, every time, you've got no business being a pilot with hundreds of lives depending on you.
P.S. I've gone flying with pilot friends many times. I watch them do the preflight. If they're not 100% perfect with it, I'm getting off.
One advantage in flying - you are pretty much told EXACTLY how to do many things.
This is what makes me think flying will be automatable. There are a lot of checklists already written for almost everything. Ie, electrical power up, preflights, (CDU preflight?) before taxi before takeoff etc.
Runaway trim was a memory item (!). ie, so important you have to have it memorized.
What's interesting is that because of a jammed actuator motor in an earlier US situation (way back) they have this language about a "maximum two person effort will not break the cables"
This is because you have to basically break out of a clutch and friction condition if a motor seized which aside from the MCAS crashes could require pretty large efforts.
There is evidence of somewhat routine stab trim issues, at least 1x per year mistrim stuff, and more often inop etc. Before these crashes I don't think it was considered even a very serious concern because pilots would handle it in ordinary course of things.
> One advantage in flying - you are pretty much told EXACTLY how to do many things.
Experience shows that will get you safely out of the vast majority of emergency conditions. The ones that are left require understanding and a brain, which is why we still have human pilots.
Runaway stab trim is so serious a condition that the cutoff switches are within easy reach right there on the console. It doesn't really matter how many safeguards there are against runaway trim, the pilot needs to be able to just turn the thing off. It's also deliberate that the electric trim switches override everything but the cutoff switches.
Pure speculation on my part, but I suspect that Boeing thought that it was so easy to just turn off a misbehaving trim system, that the pilots would just do that.
It's sort of like one day I was working away on my desktop, and smoke started boiling out of the case. My first reaction was to pull the plug out. Fortunately, that stopped the fire. If it hadn't, my second reaction would have been to throw the box outside.
My lawnmower, power tools, etc., are all designed so that chopping the power to them is as easy as possible. Even race cars have a large switch mounted on the exterior to shut off all power.
> Boeing did not instruct pilots to make sure to neutralize trim first using electric trim before doing the stab trim cutout.
Yes, they did:
"Initially, higher control forces may be needed to overcome any stabilizer nose down trim already applied. Electric stabilizer trim can be used to neutralize control column pitch forces before moving the STAB TRIM CUTOUT switches to CUTOUT. Manual stabilizer trim can be used before and after the STAB TRIM CUTOUT switches are moved to CUTOUT."
> That's not an instruction - it's a digression. The wording there is "can be used".
Why do you think Boeing wrote an EMERGENCY AIRWORTHINESS DIRECTIVE and the FAA mandated it be sent to all MAX pilots?
If you're a pilot, it is YOUR JOB to read, understand, and remember every EMERGENCY AIRWORTHINESS DIRECTIVE. Not to parse words. If you want to parse words, get a job as a lawyer, not a pilot.
The "can be used" is there to explain how to overcome aerodynamic forces that make using the manual trim wheel difficult.
Please don’t flag replies like this; thankfully I was able to vouch for Walt.
For some background, Walt and I are routinely brigaded with downvotes on 737 MAX threads. What he and I have in common, compared to those who engage in such behaviors, is that unlike those we typically are replying to, we both have extensive backgrounds in the aviation field, especially on the programming side.
Back on topic, the takeaway that Walt is making and that seems to be missed continually in these threads, is that Lion Air did not lose their plane due to the MAX’s MCAS implementation. Rather, the pilots engaged with the plane in a manner precisely opposite to what procedure calls for. Despite all of the poor calls made by Boeing here, if LA’s pilots had simply reacted as the previous flight’s pilots had, the plane would have made it.
A clarification - my computing experience at Boeing was writing Fortran programs to solve design problems, not aviation software.
However, at Boeing I spent 3 years working on the stabilizer trim gearbox on the 757. The 757 system is a newer design than the 737, in that it uses a dual drive system connected via a differential gear system rather than having the manual wheels in the cockpit. Nevertheless, the difference is in detail, not concept. Both systems have cutoff switches within easy reach of the pilot, for a damn good reason - to stop uncontrolled stabilizer trim action. While the 757 did not have MCAS, it did have a computer autopilot that could move the stabilizer.
I did some searching online of the MAX trim system, and indeed the electric trim switches override MCAS commands. In all three incidents the pilots did override it and return the trim to normal.
In the first incident, after a couple times, the crew trimmed it to normal and then cutoff the stab trim. Continued the flight and landed without further incident.
In the second, the pilots brought it back to normal 25 times before the final plunge. For whatever reason, they never switched off the trim system.
I haven't got a solid reference to the EA one, but it appears they restored trim twice before the final plunge. They then turned off the trim system in the plunge. They could not turn the manual trim wheels due to the aerodynamic forces. So they turned the trim back on, the MCAS came on again making things worse. Why they did not counter again with the electric trim I do not know. Why they did not turn off the trim when it was in the normal position I do not know. Those are excellent questions for the NTSB to answer.
But what they didn't do was follow the directions in the EAD.
The first LA crew was not aware of the existence of MCAS, nor did they have the benefit of the Emergency Airworthiness Directive. But they worked the problem and solved it and landed safely.
Not to mention I think they ran the plane at full takeoff power during the recovery attempt - I can't even imagine what they were doing in terms of speed monitoring (in a nose down you normally reduce power, no go to full takeoff!).
The pre-MAX 737 has a cut-off switch that switches of the automatic trim system, without also switching of the electric trim (there's another one that switches off the electric trim). The 737 MAX also has two switches, but they both switch off the automatic trim (including MCAS) and the electric trim.
So you can't switch off MCAS without also switching off electric trim, leaving only manual trim. But in situations like the Ethiopian flight, you need inhuman strength to control the manual trim (as Mentour Pilot demonstrates in this video: https://www.youtube.com/watch?v=aoNOVlxJmow). You need electric trim to have any chance to fight MCAS, but you can't enable electric trim without also enabling MCAS. Must be horrific to be in such a situation.
The EA crew followed that memory item. It didn't work. (Had they reduced the throttle it probably would have helped, which is why the need to limit speed during runaway trim events has been added to the updated memory item now)
>Pilot skills in hand flying and unusual flying and recovery so different (overseas they don't always come through a normal US style GA background).
This is repeating lies propagated by Boeing management and is not true. The flight control system's design was flawed. It was a "fly into the ground sometimes" machine.
The Ethiopian Airlines pilots did get to the stab trim cutout as well (probably because they had read the emergency directive Boeing sent out) but were unable to manually trim afterwards due to the forces involved - had they cut airspeed at the start they probably would have been able to do so, but that was not part of the instructions at the time. For an analysis of the situation they were in, see https://leehamnews.com/2019/04/05/bjorns-corner-et302-crash-...
FAA outsourced it responsibility to Boeing - basically just a rubberstamp - no wonder the European and Chinese air safety folks wanted to do their own testing.
Never happened before as the FAA used to be the gold standard for safety - looks they have been gutted by the govt.
It is human nature to detest regulation in general but insist upon it after the fact of some failure. This can be easily illustrated with automobile speed limits. Almost everyone would be outraged if they were ticketed for driving 2 k/mph over the posted limit. It is a widely held belief that drivers traveling at or just below the maximum limit pose a safety risk because they are too slow. An officer who rigorously enforced posted speed limits would get run out of town. But who's to blame when the officer looks the other way and it results in a crash?
You cite human nature, but I disagree with most if not ALL of what you are saying here. Driving at or just below the speed limit is what the law requires. If the speed limit is wrong, you lobby to get the limit changed or start raising $$ from fines until people get the idea. What you DON'T do is let speed limits become optional else people running over kids near schools will feel like they were morally justified in doing so, because 'Who pays attention to those signs, right?'
You are describing exactly the normalisation of deviance that gets people killed per the 737 Max situation. The Officer in your example is secondarily at fault, the driver is primarily at fault, but the CULTURE that allows these dangerous situations to arise is where the problem needs to be addressed. "Yes, I was speeding/falsifying records, Officer. But everyone else was doing it."
The Frontline episode on PBS is 50% teary-eyed emotional testimonials from the victim’s families, interspersed with 25% stock footage and 25% poorly summarized, and in many cases technically incorrect explanation.
The Smithsonian Channel Episode “Ten Steps to Disaster” is far more technically accurate, and also deep dives the technical, business, and regulatory decisions that lead to the disaster.
Thanks for the reference. I'll look at it later. I was pretty disillusioned by Frontline. I always knew they were biased, but thought they made an honest attempt to present the facts.
...one man? Out of the whole company, the massive number of people that must have been involved, only one man gets the blame? And not even an executive at that?
