EgyptAir Flight 804: Clues to a Tragedy

Early last Thursday morning, May 19, EgyptAir Flight 804, an Airbus A320 carrying 56 passengers and 10 crew members, went down in the Mediterranean on its way from France's Charles De Gaulle International Airport to Cairo.  The plane apparently broke up in the air and there are no survivors.  Search parties have begun to recover pieces of the wreckage, and data transmitted from the plane suggests that a bomb might have caused the crash.  But a definitive conclusion about the cause will have to await the recovery of the flight data recorders, if they can be found.

Generally speaking, commercial aviation safety has been a spectacular success story.  If you drive to the airport, the risky part of your journey is over once you park the car.  But determined terrorists can evade security measures to bring a plane down, and no amount of design improvements can make a modern airliner 100% secure against attacks.  In the case of Flight 804, we are fortunate to have information transmitted by the Aircraft Communications Addressing and Reporting System (ACARS) that has provided material for early speculation about the cause of the crash.

Within a day, a number of sources provided news media with ACARS data transmitted for a period of about two minutes around the time of the crash.  Two indicators associated with windows on the right side of the cockpit and several smoke alarms went off.  An aviation expert cited in The Telegraph (UK) speculated that a bomb in or near the right side of the cockpit could have blown out a window, and the resulting cabin depressurization at cruising altitude would have caused condensation fog that can set off smoke alarms.  As the plane broke up, the ACARS system could have kept working, which explains the length of time between the initial transmission and when communication was lost.

ACARS has been helpful in investigating other crashes, such as the Malaysian Air Flight 370 that went down over the Indian Ocean on Mar. 8, 2014.  Although numerous pieces of that plane have been recovered in widely separated locations, the underwater search for the main body of the aircraft continues to this day. 

The part of the Mediterranean over which EgyptAir Flight 804 went down includes some of its deepest waters, over 3000 meters (more than a mile) deep.  So it will be a challenge to find the flight data recorders, especially if the search takes longer than 30 days, which is about as long as the recorder underwater locator beacons operate. 

The continuing mystery of the Malaysian Air Flight 370 crash led to calls for live streaming of flight-recorder data in addition to hard-copy logging on the plane, and in the ACARS data that was recovered for the EgyptAir flight, we see that even in the absence of regulations requiring such streaming, airlines have begun to take advantage of digital communications channels to transmit data that can be helpful both for maintenance and in case of a crash.  Other improvements that could be made to flight-recorder technology include automatic ejection and flotation, as is already done for recorders on military aircraft.  Instead of sinking with the plane, military flight recorders are ejected during the crash and automatically deploy flotation devices which makes them much easier to locate on the water's surface.  Since national governments usually bear the burden of paying for underwater searches, you would think that they would see the logic in offering to reimburse airlines for the additional expense of military-style flight recorders.  But logic isn't the only consideration in international politics.

If the flight recorders and cockpit voice recorders are recovered, the question of whether the crash was deliberate will probably resolve itself pretty quickly.  If it was indeed a deliberate act, the question then becomes one of criminal investigation, and the security at De Gaulle International Airport will come under scrutiny.  As long as airliners are flown by human beings, the trustworthiness of the pilots is an essential link in the security chain.  Assuming the pilots were not themselves part of a conspiracy, that leaves the possibility that someone planted a bomb somewhere in the cockpit.  While cockpits are now typically sealed off from the rest of the plane during flight, it's possible that maintenance workers or others can get into them while a plane is on the ground.  The Telegraph reported that the short stopover in France may not have allowed security personnel enough time to give the plane a thorough going-over before it took off for Cairo.

Whatever the cause of the crash turns out to be, we will learn something from it.  If it was mechanical failure, which seems unlikely but is still possible, it may affect all A320 Airbuses out there, but if there is such a problem it hasn't shown up more than once, apparently.  If, as seems more likely, there was a deliberate act of sabotage, the technique used by the saboteurs will have to be guarded against in the future. 

Either way, sixty-six lives have been lost in what was in all probability an avoidable tragedy.  Most of the time, the vastly complex systems of design engineering, maintenance, operations, and security for air travel work essentially perfectly, and when we get on a plane we don't usually give much thought to the question of whether we'll be getting off  under our own power or not.  But the price of such liberty is eternal vigilance, and I hope the lessons eventually learned from this tragedy make future ones even less likely.

Sources:  I referred to reports from CNN.com at http://www.cnn.com/2016/05/21/middleeast/egyptair-flight-804-main/ and The Telegraph (UK) at http://www.telegraph.co.uk/news/2016/05/21/egyptair-crash---smoke-detected-inside-the-aircraft-cabin-as-sea/, as well as the Wikipedia articles on Aircraft Communications and Addressing System, flight recorders, and Malaysia Airlines Flight 370.

Airline Pilots as Human Infrastructure: Neglect At Your Peril

By now, enough information has emerged from the March 24 crash of a Germanwings plane in the French Alps to show that the co-pilot, Andreas Lubitz, deliberately flew the plane into the ground after waiting for the pilot to leave the cockpit and locking him out.  Data from the flight's recently recovered "black box" showed that Lubitz sped up the plane's descent in the moments before it flew into a mountain in the French Alps, killing all 150 people on board.  It also appears that Lubitz suffered from depression and was suppressing information about his condition from his employer.

For most of recorded history, suicide was a private affair.  But when trains, planes, and automobiles came along, it became technologically possible to take a lot of folks with you when you died, if you happened to be driving or flying.  And here is where the issue of what I'm calling "human infrastructure" comes in.

It's not a very good phrase, but I can't think of another one to describe the state of mind of a person whose job, mediated by engineered transportation, makes them directly responsible for the safety of others.  I'm going to stick my neck out here and claim that in certain periods of history, the committing of certain acts was essentially inconceivable.  The evidence for my claim is that nobody ever did them.

Here's one example.  Unless I've missed something (which is always possible), I believe there is no recorded case in the 19th century of any locomotive engineer (engine driver, in the UK), of his own free will, deliberately causing a train wreck that killed himself and injured or killed large numbers of other people.  It was technologically possible to do that back then, but as far as I know, nobody did. 

But in the last couple of years, we have seen at least two cases—the Germanwings crash and Malaysia Airlines Flight 370, that disappeared over the Indian Ocean—of airline pilots apparently taking their own lives and those of their passengers too.  And this doesn't include things like the hijackings that destroyed the Twin Towers in New York City on Sept. 11, 2001.  The hijackers were not authorized pilots, but they managed to learn enough about flying to do what they did.

What if the world of the 1800s was such a place that the kind of people who signed on as locomotive engineers were essentially incapable of seriously considering a suicidal act that would betray the trust extended to them by their employer and their passengers?  And what if the twenty-first century is such a different place that, despite the best efforts of airlines to screen and inspect their pilots, the kind of people who get hired as pilots include a few to whom crashing a plane with lots of people on board is not only conceivable, but seems like the best thing to do at the time? 

The kind of person you do want to pilot your aircraft is someone like Chesley Sullenberger, whose sense of responsibility to his passengers was so strong that he spent his spare time making a study of aircraft safety and devised contingency plans for various unlikely mishaps, such as having all your engines fail due to clogging by birds during takeoff.  That is exactly what happened to him on Jan. 15, 2009, as he flew US Airways Flight 1549 out of New York's LaGuardia Airport.  Sullenberger expertly maneuvered the powerless plane to a safe water landing, and everyone survived. 

Not every pilot can be a Sullenberger, but is it humanly possible to weed out the Lubitzes?  One can imagine draconian measures, such as firing any pilot who gets treated for depression.  But that would immediately lead to situations such as Lubitz apparently got into, in which he was suppressing the fact that he was seeking help for his condition. 

As long as we let human pilots control aircraft, we extend trust to them to do the right thing in whatever circumstances arise.  Some may think it obtuse or irrelevant for me to point out that in the nineteenth century, your average locomotive engineer probably believed in God, Heaven, and a Hell for people who deliberately killed themselves and took others with them.  It was a kind of belief that is not that common today among college-educated individuals, which is the only pool we take airline pilots from. 

This is not a call for all airline pilots to be Bible-believing fundamentalists.  After all, it is presumably Koran-believing fundamentalists who flew the hijacked planes into the Twin Towers.  But something has changed in the metaphysical background if we compare the 1800s to modern culture, and it has changed in a way that has made formerly inconceivable acts not only conceivable, but do-able, at least by a few bad apples.

In the days to come, we will see calls for more technological fixes that will prevent pilots from deliberately crashing planes.  Something may need to be done along these lines, and if it's effective and doesn't lead to other problems, I hope it will be.  But what I think is more important is a renewed look at the human side of the situation:  the way pilots are chosen and the way airlines keep tabs on them for subtle hints that things are not going well.  Lubitz appears to have been a loner, and while there's nothing illegal or immoral about that, it's a modern situation that has few historical precedents.  Airline pilots have such great responsibilities that it might be worth sacrificing some of their privacy to ensure that they will carry out their duties in a manner worthy of the trust we extend to them.

Sources:  For information on Lubitz, I referred to a CNN article updated on Apr. 3 at http://www.cnn.com/2015/04/03/europe/france-germanwings-plane-crash-main/.  I also referred to the Wikipedia articles on US Airways Flight 1549 and Chesley B. Sullenberger.

Boeing’s 787 Battery Eggs: All in One Lithium Basket

Excuse the tortured metaphor, but the old advice about not putting all your eggs in one basket applies to engineering as well as to other fields.  The implication is that if the basket with all your eggs slips and falls, you’ve lost everything.  Boeing hasn’t lost everything, but the battery troubles besetting its new 787 Dreamliner could not have come at a worse time.

The 787, the latest-model wide-body jetliner from Boeing that seats up to 290 passengers, has been in commercial service since October 2011, less than a year and a half.  It boasts the latest high-tech advances such as a mainly carbon-fiber airframe for reduced weight and fuel consumption, and mostly electrical control systems, rather than the older pneumatic or hydraulic actuators.  Consequently, its electrical power requirements are about triple that of earlier comparable airliners, and so the electrical power system of the 787 was boosted accordingly.  Like a car, the engines (or turbogenerators driven by engines) provide most of the electrical power in flight, but for emergencies and times when the generators aren’t running, the 787 needs batteries, also like a car.  But lead-acid or even nickel-cadmium batteries were seen to be too heavy for the advanced jet, so designers chose to use two 60-some-pound auxiliary power units (battery banks) that employed lithium-cobalt batteries.

Now, lithium batteries have both virtues and vices.  Their main virtue is that they have the best energy-weight ratio of just about any commercial type of battery, meaning you get more stored energy in a 60-pound lithium battery than you would in the same weight of nickel-cadmium or lead-acid batteries.  So far, so good.  But lithium is one of the more reactive metals, and the chemistry of lithium batteries is very touchy with regard to storage temperatures, charging rates, and defects such as little metal needles that sometimes grow through insulating layers and short the things out.  When any of these problems happen to a severe enough degree, the battery can catch fire.  And once a lithium battery is on fire, there’s very little you can do except to wait till it burns itself out, because all the ingredients for the fire are already inside the battery.  Even the FAA recognizes this because it doesn’t require any fire-fighting equipment to put out lithium-battery fires—just adequate ventilation to make sure the hazardous fumes from the fire don’t harm passengers or crew, and don’t spread the fire to other parts of the plane. 

But there is evidence that in the two lithium-battery fires that occurred on 787s in the last couple of months, even these safety systems didn’t work properly.  After these fires in Boston and Japan, the FAA and most other national air-safety agencies grounded the entire fifty-plane fleet of 787s until the battery problem is resolved. 

This problem clearly could have been worse.  The planes could have crashed, but in the incidents so far, the pilots discovered the problem in enough time to land the planes safely.  In the past, lithium-battery fires in a plane’s cargo compartment have caused the loss of the plane, and that is why you are not allowed to carry loose non-rechargeable lithium-ion batteries in checked luggage on air flights.  (Didn’t know that, did you?)  But anybody who owns or leases a multi-million-dollar investment like a 787 knows that every day you can’t fly it is a big hole in your pocket, and also seriously disrupts flight schedules that were made assuming the new 787s would be available. 

It looks like the planes were designed almost in the expectation that the batteries would catch fire some time or other, even though the ventilation systems apparently didn’t work as well as planned.  The fix is likely to be a challenge, because the plane’s entire electrical system is designed around lithium batteries.  Substituting an older type of battery is feasible, but will involve a major redesign, adding weight and probably space and a lot of certification tests to ensure that the fixes aren’t worse than the original problem. 

We may be getting ahead of the game if we assume the lithium batteries are going to come out of the 787s altogether.  The fact that the fires happened so close in time, after over a year of service, says to me that there may have been some kind of well-controlled slipup either in the manufacture of those particular batteries, or the design of those particular planes.  If engineers and investigators can isolate—and ideally, reproduce—the cause of these fires, and it turns out to be fixable, then it may be a simple matter of making sure those particular conditions don’t happen again, and the planes can fly safely again with the lithium batteries they were originally designed for. 

The trouble with these investigations is that once you get a lithium fire going, there isn’t a lot left to pick through to see what started it.  In the “Sources” section at the end of this blog, I’ve put a URL for a little video that I must say about at the outset, “Kids, don’t try this at home.”  It shows a guy taking apart an ordinary consumer lithium battery and setting fire to it.  After you watch that video, you may have second thoughts about buying a lithium anything, though most people don’t go around taking propane torches to their batteries.

We can be thankful that the battery incidents did not result in any fatalities, and I for one hope that the problem turns out to be discoverable, reproducible under controlled conditions, and fixable.  But in any case, Boeing has some lithium-colored egg on its face for the time being, and has about fifty reasons—equal to the number of 787s sold—to get to the bottom of the problem and solve it to everyone’s satisfaction.

Sources:  I referred in the preparation of this piece to an article in the Tacoma, Washington News-Tribune by John Gillie published online on Jan. 27, 2013 at http://www.thenewstribune.com/2013/01/27/2451132/787-battery-fire-correction-may.html.  I also referred to the Wikipedia articles on Boeing and the Boeing 787 Dreamliner.  The lithium-fire-from-battery video can be viewed at http://www.youtube.com/watch?v=BliWUHSOalU.