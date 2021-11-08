Pilots don’t get sick, per se. They’re either fit to fly, or they’re unfit to fly. That is primarily and most frequently self-assessed. I have a head cold. I’ve got the flu. I pulled a muscle at the gym. There’s trouble downstairs and I can’t sit in a chair for 10 hours straight without distraction. Hey, I just fell off a motorbike on my way to work and I think my arm’s bent the wrong way.

What people probably don’t fully realise is that pilots are license holders and every time they exercise the privileges of that license, they are doing so as self-contained individuals before they do so as employees. Factor on top of that what it is they are actually going to do. This probably sounds obvious when put like this:

The pilot accepts the prospect of being the only and/or last person to deal with literally anything that could happen to any aspect of the aircraft that they take responsibility for.

That includes the people and cargo onboard. Is that what you accept when you go to work? Even if you do accept that level of responsibility, is a successful or totally fatal outcome for hundreds of people going to emerge in your job in the course of just one day or shift? Unlikely.

Once airborne, a pilot can’t put on the brakes. The plane or helicopter is constantly in dynamic motion, in real time. There’s nowhere to pull over and have a think.

“Hover? Helicopters can hover.”. That’s a complex dynamic manoeuvre requiring full physical and cerebral engagement. Helicopters are inherently unstable aircraft.

“Autopilot? That does all the work.”. No, autopilot does what the pilots tell it to do. Make a mistake and the autopilot flies that mistake until something interrupts that mistake. Like a correction. Or another aircraft. Or a hill. Or the ground.

All takeoffs are completely manually flown. There is no autopilot for takeoff.

99% of a commercial pilot’s landings will be manually flown.

In a modern airliner, pilots fly in three basic ways:

Manual flight via the control stick, rudder pedals and thrust levers. Literally what you think “flying” is.

Short term autopilot. The autopilot operates the flight controls and thrust so the pilot’s hands and feet are free of the control stick, thrust levers and rudder pedals. Pilots then use other electronic controls to tell the autopilot what heading, altitude, speed, or vertical speed (rate of climb or descent) to fly. This is like manual flight but through a different interface that is less physically taxing.

Long term autopilot. Pilots programme the autopilot via the flight management computers with a flight plan (destination, route, altitudes, speeds, origin, diversion plan etc) and the the aircraft will automatically follow it over the course of that plan, with certain (very large) caveats. The aircraft doesn’t know whether that plan is authorised and correct. That’s up to the pilots. Somewhere along the way, the aircraft is going to need repeated human checking and intervention in order to complete the flight.

Autopilot is there as a tool that frees up a pilot’s brain power, hands and feet so that she may perform instantaneous, tactical and strategic assessments of the the flight’s status and progress, then take appropriate decisions and actions, employing whatever systems or tools are necessary.

Autopilot comprises multiple computers that the pilot needs to programme and keep updated. Computer programmes are all only as good as their programming. GIGO applies: garbage in, garbage out. Programme a computer badly and it goes wrong, or performs badly. Bad programming can lead to a crash. In airliner flying, there’s no Windows “blue screen of death” but there is the prospect of an actual crash, leading to actual death. It’s kinda linear like that.

The pilots are there to take responsibility for the avoidance and prevention of actual death at the extreme, and spilled gin at the opposite extreme.

You can read all the accident investigations you like, be in possession of a pretty wild imagination and a deeply cynical attitude but that still won’t put most people ahead of the curve of possible events that could happen to them while they’re flying a plane. The MH-17 crew did not go flying over the then warzone of the Donbass region expecting and anticipating being blown out of the sky. But they were flying over a warzone. Their route was planned by someone else in the company who wasn’t a pilot but presumably had access to some current affairs information. They still planned that route and the crew accepted it. Did they lack imagination? Was the information or threat assessment for that airspace inadequate? Were all involved in route planning acting simply at an appropriate level of good faith in the information and threat assessment system, and there was no way of knowing that someone, somewhere down there had an itchy trigger finger and a missile going spare?

The four pilots in control of the two ill-fated 737 MAX aircraft had no idea of the degree of the corruption that stemmed from Boeing, through the FAA and into their flight decks. One of the crews didn’t know about the capabilities, limitations and workaround of the system Boeing had installed in the plane that was so powerful that they could not physically override it by brute force on the controls. Apparently, the other crew did to a greater extent but Boeing kindly didn’t bother to work out whether pilots could actually recognise, in time, what was going wrong amongst all of the beeping, flashing, stick-shaking and nose-diving in order to select the most effective course of action, while both tried to use all their physical strength to pull back on the stick, lift the nose and avoid smashing into the ground. How much analytical ability can you bring to bear when you’re doing a constant 100kg plus seated row without the benefit of your legs? Does that analytical power increase or decrease when the windscreen is full of the ground and you are starting to make out the individual sheep, cattle and people down there? The Lion Air aircraft hit the ground so hard and fast that there was very little wreckage remaining on the ground. It was the proverbial “smoking hole”.

In the 737 MAX crashes, a form of the autopilot crashed the plane. The pilots couldn’t override that form of autopilot with physical force. Boeing had created a system with the power of life and death that had no backup in the case of failure. That system failed, went wrong and made the planes crash. Boeing also failed to tell the regulator about what the system could do and that it lacked back up, in a way that the regulator understood. Boeing also didn’t properly teach pilots about the system and its shortcomings. Boeing also didn’t optimise the entire flight deck and pilot workload environment to make sure that should the system fail in the way that it did, when it did, the pilots would be able to quickly and accurately identify the root cause failure and appropriately intervene before the planes crashed.

When a professional pilot reports for duty and signs in, they are explicitly choosing to exercise the privileges of their license to the best of their ability (at or above an accepted minimum standard) while stating that they are at or above the minimum level of mental and physical fitness, to the best of their knowledge. Implicit within this is their acceptance of an unknown fate and the willingness to deal with literally the unknown, in whatever form that takes. In theory, all aircrews are accepting the possibility that they could be intercepted, shot at or introduced to a new and fatal design feature of the aircraft that they weren’t taught about in flight school or type rating. Most of these extremes are largely avoided or mitigated out to a sufficient degree. However, the 737 MAX is undeniable proof that one of the largest aerospace defence corporations in the world deliberately designed in and kept a fatal feature with zero redundancy and used a form of corruption - regulatory capture - amongst other things, to avoid or reduce product development costs, at the ultimate expense of human lives. When that line was publicly shown to have been crossed, the only people left to deal with how corporate greed manifested itself on those days were the pilots and no one else. They did not deserve to be the bag holders for the externalities of “maximum shareholder value” but they were, along with the rest of the casualties. Nothing of any real significance has happened to Boeing or the people who are really responsible. Fining a corporation cash in amounts that have no bearing on its ongoing existence is not punishment. Allowing people to simply resign with no personal liability is meaningless. Having your lives ended while you try to fix a problem that should never have existed actually does mean something to you, your families and loved ones. Dying while sitting behind undeserving bag holders as they struggle through mortal fear to save their own and therefore everyone else’s lives is tragic and pointless. It’s not in the Condé Nast Top One Hundred Reasons Why People Go Flying.

The 737 MAX crashes involved planes nose-diving into the ground because:

an automated system with no redundancy failed and sent a spurious signal to another automated system which then initiated repetitive nose dives;

the pilots could not understand and override any of that in time because the flight systems literally overloaded, distracted, confused and scared them;

those systems we so strong, mechanically, that the instinctive correct action - pulling back on the control column - was also impossible for two humans pulling together and, even then, “just pulling up” wasn’t the only factor in play.

the automatic system had fully “trimmed” the aircrft to dive. Trim is another control, separate from the control column.

Pilot error is not the root cause of the crashes.

Some Airbus aircraft had a software “feature” that could also initiate a sudden and uncommanded nose dive in normal flight that was undocumented, unknown and therefore possibly unrecoverable by the pilots. The first time this was encountered in flight, I recall that the flight dived from cruise altitude and lost perhaps half its altitude during which time the pilots managed to creatively work out, from scratch, a fix. They degraded some of the aircraft’s automatic protection systems in an off-piste way to give them less automatic computer control and more manual control. In doing this, they managed to killed the influence of the computer system that was causing the dive, even though they didn’t know specifically the actual root cause. They managed to recover control of the aircraft and probably drank the wine of their choice that evening in the safety and comfort of a ground floor room. Probably while wearing parachutes.

What happened to that Airbus had never been seen before. No crew in any airline I have worked in was trained to deliberately degrade aircraft systems by turning them off in order to fix a problem that the plane didn’t think was a problem. Up to that point, no one had ever trained me or anyone I know in how to kill the Airbus HAL 9000 while in a nose dive and then recover control of the ship. The guys who did that for real are heroes.

Only after this event had occurred to this crew - who managed to literally save the day, aircraft and all the lives on board - did Airbus realise it was a problem. For years after, this software problem existed in the aircraft’s systems. Instead of fixing it in as short a time as possible, the problem was mitigated by publishing an Operational Engineering Bulletin that informed crews of the possible event (in a rather low key manner) and provided a manufacturer approved intervention and procedure that the pilots must follow. In essence, this procedure said:

Press one of these specific buttons to shut off some of the computers that are causing the problem and the autopilot. Recover manual flight control of the aircraft and stabilise the flight path. Continue with the flying.

I find it difficult to imagine exactly how it would feel to have been the first crew to encounter this ultimately fatal feature of uncommanded nose dives in either type of aircraft.

While uncommanded nose dives aren’t a Boeing-only feature, to my knowledge only Boeing has been shown to have sequentially and deliberately:

ignored long-standing redundant design principles of safety critical systems (for no good reason because there isn’t a good reason) and chosen to actively reduce safety of the 737 MAX;

internally suppressed the knowledge of these design flaws and their corollary (death);

corrupted the regulatory system such that it was regulating itself. It literally mislead the FAA and deliberately hamstrung its knowledge, but the FAA has allowed itself to be put in to that position much like the UK CAA;

tried to maximise profit by avoiding the hassle of designing a new and modern airframe. It chose to destabilise an ancient and existing airframe by strapping oversized engines to it then made computers smooth out the resultant flight performance issues. Right up until they couldn’t, thanks to the limits of Boeing’s system design and its computer programming.

GIGO.

At the end of that chain of garbage are two people who turned up to work fit to fly and in doing so, accept the possibility that they might - for some strange and unforeseen reason - be the bag holders for literally anything, anywhere in the aviation industry. On those days, they even held the bag for things that were in the accounts of Boeing or Airbus HQ.

Weird job, huh?