The automotive industry has furnished the field of engineering ethics with more than one "paradigm" case that generations of budding engineers have studied. In the way Toyota tried to deal with the now-infamous problem of unintended acceleration in many of its models, they have given us an example of how not to deal with a safety problem. Technical issues are only one aspect of the way an initially small-scale issue snowballed into a major financial disaster that shut down sales and may have permanently blotted Toyota's reputation. While the whole story has yet to emerge, it looks now as though a circle-the-wagons mentality was at least as much to blame as poor engineering.
We have the Los Angeles Times to thank for most of the initial journalistic spadework that pressured Toyota into reluctant action. Back in August of last year, an off-duty policeman and three of his family suddenly felt their new Lexus jet out of control at speeds of up to 100 mph before it hit another car, flew down an embankment, and caught fire, killing all four occupants. Investigation revealed that if a certain rubber floor mat is installed, a projection in the molding can catch the bottom tip of the rigid accelerator pedal so that the throttle is stuck wide-open. In late September, Toyota issued a floor-mat recall on over four million vehicles.
The August incident turned out to be the tip of an unintended-acceleration iceberg that Toyota has been struggling to minimize for over a decade, as further investigations published by the L. A. Times in October revealed. In October, Toyota sent out a letter to many of its car owners that the National Highway Traffic Safety Administration criticized four days later as "inaccurate" and "misleading." Toyota was clearly trying to minimize a problem that now appears to be more serious than simply a floor mat that interferes with accelerator-pedal motion. Some of the incidents dug up by the Times appear to involve the "drive-by-wire" electronic accelerator system which is, of course, operated by computer programs. Toyota admits that there is no software feature that disables the accelerator pedal when the brake pedal is pressed.
In all of the United States, Toyota has exactly one machine that can read a car's onboard data recorder to assist in diagnosing accidents and problems after the fact. This appears to be an attempt on the part of the automaker to control the production of potentially damaging information, since dealers and other interested parties cannot access the data. After a crash the day after Christmas in Texas that killed four people appeared to be due to unintended acceleration, things spun out of even Toyota's control. On January 26, they took the extraordinary step of halting sales of about half their models until the mechanical accelerator fix can be applied. It turns out this is at the request of the federal government, in a move that was probably motivated by words to the effect of, "if you don't do it by yourselves, we'll make you do it." As of this writing, the question of whether Toyota's electronic throttle system is to blame as well as the mechanical pedal problems is still under investigation. But there is plenty of smoke around to justify the conclusion that there's a fire in that department as well.
The phrase "damage control" can mean several things. If you're talking about something as straightforward as fighting a fire, it means putting the fire out as fast as you can to minimize physical damage. But the phrase has taken on a darker meaning in recent years. It has come to mean a strategy that an organization deploys in its public (and government) relations in order to convince outsiders that whatever really happened, things are not that bad after all. Although the story is still unfolding, there is enough evidence already to conclude that Toyota had taken the second meaning all too much to heart. In its misleading minimizing of the seriousness of recalls, in its failure to provide more than one data-reading device for the entire U. S., and in its Johnny-come-lately reactions to serious, long-term problems, it showed a signal lack of judgment and concern for the safety of the driving public. We do not know yet what Toyota knew about the problem, or problems, and when they knew it. But it is already clear that whatever they knew, they didn't want anyone else to know. It took a courageous news outlet (a print one, at that) to keep hammering on the issues and asking embarrassing questions, as well as a government agency that is arguably understaffed and underequipped to deal with the technical complexity of today's automotive industry. I wonder how long it would take a gang of clever Caltech undergrads to crack Toyota's automotive data-recorder code. If somebody hasn't done it already, they ought to as a public service.
The worst thing that can happen to a corporation (short of going out of business altogether) is to lose money, and Toyota has already been taken to the woodshed in that regard. But losing money is one thing, and losing one's life to a preventable technical defect is another order of thing altogether. Some estimates say that perhaps fifty or so people have died as a result of unintended acceleration in Toyota cars. That is a small fraction of the total of annual auto-related deaths in this country. But the engineers who could have prevented these deaths failed to do so. And that's what engineering ethics is about.
Sources: Motortrend Magazine online has a good chronology of the Toyota recall and related issues up to late January at http://www.motortrend.com/features/auto_news/2010/112_1001_toyota_recall_crisis/index.html. I also referred to a recent Los Angeles Times article on Congressional hearings about the matter at http://www.latimes.com/sns-ap-toyota-recall,0,7766384.story. For the record, I drive a Honda.