Would I fly on a pilotless passenger plane? er, no.

The mystical way the LinkedIn Algorithm works meant that this bright November morning, I saw a LinkedIn article, written months ago, which asked the interesting question:

"Are you safer in an aircraft with no pilot?"

https://www.dhirubhai.net/pulse/you-safer-aircraft-pilot-john-dowdy/?trackingId=dseZeJrzdw82KKQpJVKBGA%3D%3D

The author, John Dowdy, got me thinking. (thanks John, great post!)

The answer to that question is: it depends.

The question, the article and the conversation / comments that followed the article forced me to think about what I, as a System Safety Engineer, really thought about the concept of Pilotless Passenger Aircraft, and whether I personally would fly on one.

And so...

[Q] Would I fly on a pilotless plane?

[A] Short Answer: NO.

Slightly longer answer: Not ever* (<--, yes, that's an asterisk, all the LinkedIn post writers are using them, I'll get to it further down)

But why, Simon?

Here are a few reasons:

Conclusions of Human Error = #InvestigationNotFinished.

For a lot of accidents, the investigation simply did not / could not establish WHY the human behaved the way they did.

Traditional safety and accident investigations often suffer from #HindsightBias, seeking to assign #blame, and are often not adequate to really understand the #HumanFactors aspects of accidents. (This is why I am focusing on working with the #CAST Accident Analysis method, it doesn’t have those same limitations. More on this another time...) 

Data, more data & Statistics

The often quoted data on causes of accidents (number / % of accidents due to humans) is not strictly representative of the true situation. When "statistical data" is used to justify an opinion / claim, those opinions / claims do not usually adequately consider or address the following significant aspects:

(1) #SystemSafety & #SystemsEngineering concepts;

(2) Implicit assumption that humans are bad for ensuring a system is safe, i.e. its the pesky humans fault, if we just got rid of them, things would be fine!

Humans are one of the best resources we have when things go pear-shaped / not as the designer expected (of course presuming the designer did a reasonable job with #HumanFactors design).

(3) the data was collected on systems that are fundamentally different in their control system architectures than entirely automated systems, and so cannot strictly be used to justify a new system that we have no data for.

(4) No data is recorded for the number of times humans saved the day, and especially not for events where no actual harm occurred: think of the #SurvivorshipBias (https://en.wikipedia.org/wiki/Survivorship_bias) #ApplyArmourWhereThereAreNoHoles

“the study only considered the aircraft that had survived their missions—the bombers that had been shot down were not present for the damage assessment”

Complex Software: There's not an app for that pilotless passenger jet. Guess why?

Pilotless passenger aircraft will require the development and use of complex software, which means that it cannot be completely tested as there is not enough time in the universe. #UntestableSafetyCriticalSoftware #StuffSoftwareSafetyEngineersSay

Fail-safe: Loss of the fleshy safety margin

By increasing automation, the designer is reducing the flexibility and adaptability that is absolutely essential when there is no “fail-safe” state.

In the case of a car / train, they can just stop (well! Not in all cases, e.g. car stopped on the train tracks with a goods train carrying hazardous materials approaching! anyway.). Aircraft cannot just stop, they have to keep flying, manage or accept certain issues, then land. Different System Goals and System Safety Constraints.

Increased fragility & susceptibility to... HUMAN ERRORS! (wait! what?)

By increasing automation, the designer is making the System more fragile and much more susceptible to design errors and software issues. The designer cannot think of everything, and design for it on the first version of a system.

This point basically highlights that whilst the “source of human error” is removed from the flight deck, the #SystemArchitecture has actually forced and made more severe the potential for #HumanError by the designer.

Look up the #MarsPolarLander and recent #ExomarsSchiaparelli accidents.

“#PilotlessJets will save ￡billions”: nonsense

We are told by numerous analysts from all areas of business and commerce that Pilotless Jets will save ￡billions. Nonsense, Pilotless jets look-like they may save money IF you only look at one part of the #SocialTechnicalSystem.

When you look at the whole system, it becomes obvious that those future-super-duper Aircraft will cost ￡billions more than conventional passenger jets due to a combination of the following aspects (+ others):

(1) updated Aircraft Design & Airworthiness Standards will be needed (tax payer funded? + take years to develop, will be wrong on the first iteration (we are only human by the way!);

(2) Aircraft Designers / Manufacturers will have to go through expensive #ChangeProgrammes to be able to design the new Aircraft type, and comply with the new standards (increased cost to the Manufacturer and so the Airline / Operator / Taxpayer);

(3) There WILL be more accidents than at present. System Change is notorious for contributing to accidents, as is new advancements in technology. (a good paper related to this is Nancy Leveson's paper on "High Pressure Steam Engines and Computer Software", here.)

(4) Accidents cost A LOT. Not just in financial, but also emotional and brand image terms. Those costs will, I expect, far exceed the oft quoted monetary savings. (The 1977 Tenerife Disaster reportedly cost approx. $9 billion dollars, though the true cost may never be known.)

(5) Market demand challenges, e.g. the A380 example, the economics don’t apparently work for the airlines. Imagine a pilotless jet involved in one crash, the public perception / market shifts and suddenly they are no longer viable.

The Sky is NOT falling, but perhaps the planes will...

Please do not misunderstand my view (Nov 2017) as being risk averse or #TheSkyIsFalling.

I am looking at this topic from a #SystemSafetyEngineering perspective and what can actually be done, AND done safely. There is a significant difference.

#CockroftsFolly (https://en.m.wikipedia.org/wiki/John_Cockcroft#Cockcroft.27s_Folly)

The End. Or what?

To sum up, like autonomous cars, pilotless passenger jets are a fiction not worth the expense in terms of development, test and the inevitable serious accidents.

They look great in films like iRobot and The Thunderbirds, and they might provide bragging rights to some billionaires... but we can’t build them safe enough. 

Just because we can make a pilotless Aircraft (or other types of vehicles, Sea Air Land), doesn’t mean we can make them safe enough to transport our loved ones, or hazardous cargo, or perform certain missions.

*Asterisk*

*If the application of (Systems Thinking based) #SystemSafetyEngineering is made an absolute global priority and applied well, then perhaps.

But right now, I am unwilling to pay for them voluntarily (through apparently lower-cost plane tickets), and also unwilling to pay through my taxes!

Thoughts? Conversation?

If you would like to talk about this further, let me know and I’ll set up a #Livestream.

I would love to hear / see your views on what I said.

Please like / share / comment and subscribe!

Interesting quotes:

“The pessimist sees difficulty in every opportunity. The optimist sees the opportunity in every difficulty.”- Winston Churchill.

“The problem with the world is that the intelligent people are full of doubts, while the stupid ones are full of confidence.”- Charles Bukowski.

#SystemsThinking

#STAMP #CAST #STPA