Here Be Dragons

The Sad Futility of Trying to Prevent Planes From Crashing

You can't design every single possible death out of a system, as Germanwings flight 4U9525 showed.

by Martin Robbins
Mar 27 2015, 3:00pm

Photo via Wiki Commons

One thing we know for sure about flight 4U9525 is that the co-pilot, Andreas Lubitz, didn't fly it into a mountain. If you've read or watched news reports about the crash, you probably imagine the young German grabbing the stick of the Airbus A320, pushing it forward and hanging on grimly as the plane nosed down into a dive. But that isn't what took place.

We can tell what really happened thanks to data from the transponder, published by FlightRadar. The key line is:

"09:30:55Z.397 MCP/FMC ALT: 96 ft QNH: 1006.0 hPa."

What this means is that a little after half past nine, somebody set the flight management computer to an altitude of 96 feet above sea level, using a control panel in the cockpit. If 96 feet seems a bit random, FlightRadar points out that it's probably the lowest value the system allows you to set, and that the controls work in 16-feet increments.

The autopilot obeyed, because that's what autopilots do, and sophisticated algorithms that millions of us rely on every day worked perfectly to fly the plane at exactly 96 feet above sea level. The algorithms were still working perfectly when they flew the plane into the side of a 6,000-foot mountain, obliterating it and all 150 souls on board.

Another safety system also worked perfectly that morning—the door. Within weeks of 9/11, airlines began introducing new security systems to prevent terrorists from gaining access to flight decks. Doors were reinforced with bullet-proof Kevlar, and elaborate security and verification systems were put in place. As a result, if airline pilots decide to lock themselves in there isn't too much a terrorist can do about it. Or anyone else, for that matter.

In the case of Flight FU 9525, the pilot left the cockpit for a moment, leaving his co-pilot in charge. We don't know exactly why he left, but it was probably something routine like a visit to the bathroom. When he came back, he realized to his horror that Lubitz had locked him out. We know this because that horror was captured in vivid detail in audio recordings recovered from the black box. The captain spent the last moments of his life desperately trying to break down a door designed by committees of experts to be unbreakable.

The potential for tragic irony was something people were aware of even before this crash. Popular Mechanics, for example, published a piece a year ago, after the loss of MH370, asking, "Could plane cockpits be too secure?" According to the article, "some pilots"—probably glad today they weren't named—"scoffed at the idea that a locked cockpit is a serious concern, noting that planes are programmed to fly safely and even land on autopilot in the unlikely event both pilots nod off." In this case, of course, the autopilot flew them straight into a mountain.

A quote carried in that piece from a former airline CEO, David Neeleman, sounds pretty damned eerie today. Questioning whether "perhaps there needs to be a way to get back in that door," he comments, "nobody ever thought about having to protect the passengers from the pilots."

There's a rule of thumb when you're designing a complicated system, which says that when you get to a point where you're applying fixes to fixes it may be time to step back and reconsider the whole thing. For example, here's a really basic question about secure cabin doors that I don't think I've seen a single report on them in the last day or two ask: Have they saved a single life? Have they ever actually prevented a single instance of terrorism? Scouring Google I couldn't find such a case, and if the answer is "no" then airlines have installed a literal death trap for no good reason. The safest thing would be to just remove it.

At the route of all this is a pathological fear of people dying. Which to be fair isn't exactly a bad attitude to take. Most of you probably agree that death is bad and less death is good. Therefore any reasonable efforts made to reduce deaths in air crashes are a very good thing, right?

The problem is, what's reasonable? For example, in the wake of 9/11, thousands of people tried to avoid dying in an air crash by switching to America's roads instead. The problem with that logic is that air travel is already a hundred times safer than driving, and so the result was an increase in road fatalities. A really big increase. A staggering 1,595 extra deaths were recorded—more than half the death toll from the attacks themselves. Secure cabin doors, also intended to prevent deaths, have just resulted in 150 of them.

Inevitably, more clever ideas are being put forward in the wake of this crash. The Mail today is asking, "Why can't airlines seize control of doomed jets from the ground?" Noting huffily that, "The technology exists but pilots and companies refuse to use it." It sounds like a great idea, especially in an age when autonomous military drones are happily buzzing around over the heads of our enemies.

"The ability to direct pilotless aircraft from the ground is well established," the Mail tells us, which is true. The Pentagon has established their ability to direct pilotless aircraft from the ground. They've also established their ability to direct pilotless aircraft into the ground, which was obviously too tiny a detail for the Mail to mention, but probably an important one. More than 400 drones have crashed in accidents since 2001. If you can name it, a drone has probably hit it, from homes and farms to a Hercules C-130 transport plane. This is not a record for civilian airlines to aspire to.

Right now, flying is safer than pretty much anything else you can do. It's worth asking how much safer it needs to be, and how far we're prepared to go in pursuit of that; especially when the rest of the time we're perfectly happy blundering around in our "two-ton death machines," as Elon Musk called cars recently.

At some point we have to accept death; that shit happens, and people die, and there isn't always much we can reasonably do about it. You can't design every single possible death out of a system, and trying can lead to madness. Air accidents are so rare and so unlikely that we end up playing a sort of endless whack-a-mole with death, trying to predict the next unpredictable thing even as the last change we make introduces new possibilities for danger.

Follow Martin Robbins on Twitter.