When a 1-in-a-Billion Chance of Accident May Not Seem 'Safe Enough'

By James Fallows
As the mystery about the fate and location of MH370 continues, and as theories come and go about what might have happened, here is a note from J. Mac McClellan, long-time editor of Flying magazine, about a phenomenon I've mentioned frequently. First-world commercial air travel has become so extremely safe that when something does go wrong, figuring it out can be a huge challenge -- which heightens the mystery and, for many people, the terror of these episodes, by making them seem so random. You're sitting there grumbling about the discomforts of modern flight -- and then, for no apparent reason, your plane is the one headed into the sea. McClellan writes: 

As you probably know the FAA standard, and pretty much the global standard, for certifying critical components and systems is one in a billion probability of failure, or 10 to the minus 9th. The FAA calls this standard "improbable."

That means in a transport category airplane [JF note: this includes airliners] the certification standard for a failure, or combination of failures, that would prevent the airplane from successfully landing on a runway must be one in a billion flights. Not hours, flights.

I remember that when the 777 was introduced it was such a sales success and was expected to live such a long service life that some people speculated the fleet could actually make a billion flights. Of course, you don't need to make a billion flights to draw the magic short one-in-a-billion straw. But it is something to think about. Transport flying is now so safe that the long time standard of 10 to the minus 9th may not satisfy the public.

I'm sure you are also tired of hearing about all of the things a transponder does that it really can't. Every comment on a transponder says it reports course and speed, but we know a transponder, even a Mode S as you have and the 777 has, reports only an identification code and Mode C pressure altitude. Course and speed all must be calculated by observation by radar. I guess the media and experts have mixed up what ADS-B does with what a transponder does. [For more on transponders, here; on for ADS-B, here.]

Also odd that the 777 FBW [fly-by-wire, or electronic system for directing the airplane's control surfaces] system has escaped almost all speculation. It was the first for Boeing. And it was failure of the pitot input that put the FBW system into "direct law." [That is, it disabled the normal automated limits on "control inputs" the pilots could give to the airplane. In "normal law," which prevails within normal flight circumstances, the autopilot impedes or buffers any control input thought to be unsafe, for instance too sharp a turn or too steep a climb at too low an airspeed.] This handed the Air France crew an airplane that the computer could no longer control while expecting the humans to quickly diagnose a problem the computers couldn't. I'm not saying FBW has anything to do with 370 but it must be on the list of considerations.

This is not speculation, simply some basic info that I haven't seen touched on during the endless TV interviews and such.

The sobering point here is again that the very safety of modern air travel makes these episodes both intellectually and emotionally even more difficult.

One other aspect of the drama is the national reactions and tensions it has highlighted -- of course in Malaysia and China, also in Australia, even in Israel. Thanks to many people writing in with on-scene reports of reactions in China and Malaysia. Will sort them out and report as I can.

Previous post                                                                    Next post

This article available online at:

http://www.theatlantic.com/technology/archive/2014/03/when-a-1-in-a-billion-chance-of-accident-may-not-seem-safe-enough/359780/