How Safe Is Safe Enough?
Dick Smith
While in Australia for The Amazing Meeting last year, I got to (very briefly) meet fellow speaker Dick Smith, a co-founder of the Australian Skeptics, serial entrepreneur, all-around snazzy gentleman, and former Chairman of Australia’s Civil Aviation Authority and its Civil Aviation Safety Authority. I became intrigued with a policy he advocated strongly during his years at the CAA and CASA and still continues to lobby for today. It’s called affordable safety. To get the complete idea, Dick offers a free book on the subject here, Unsafe Skies.
In a nutshell, affordable safety is, as its name suggests, the idea of making things as safe as we can reasonably afford to, allocating dollars where they are needed most. The status quo, Dick argues, is to continue overspending on outdated systems, hoping in vain that it will lead to that extra percentage point of safety, and creating a burdensome bureaucracy to support the Quixotic efforts.
I was reminded of the apocryphal old anecdote about Henry Ford where he sent inspectors to all the junkyards to look at junked Model Ts. They learned that all the wrecks had one component in common that was still intact. Ford dictated that that component should, henceforth, be built to an inferior standard, as it was unnecessarily robust. In this way, Ford saved money without affecting safety. The business thrived, prices stayed low, and there was an automobile in every driveway.
Unfortunately this has not been the fate of general aviation. Safety hysteria and overregulation has driven general aviation nearly to the brink of extinction. In the last fifteen years, the annual hours flown by general aviation has dropped by a third, and by a much larger amount in the previous decade. Is air travel any safer? Not necessarily, and certainly not proportionally to the money that’s been spent.
It’s not just about aircraft construction; in fact, that’s the least of it. It’s really more about airspace management and air traffic control. In a perfect world, we could stop everything, design a new system that takes full advantage of modern technology, start it back up, and be far, far safer. In a less than perfect world, which is what we have, we can plan such a new system, and then implement it incrementally. Every time affordable safety is applied, money is saved, and safety is improved. In short, Dick’s system would centralize the control of more airspace and drastically improve the use of radar and communication
This is not just an Australian issue. The United States air traffic system suffers at least as badly from outdated and inefficient organization. NextGen is the name given to the next generation of a national airspace system covering the United States. As you can probably guess, it’s been mired in committee for years and there’s no end of that in sight. Even now it’s planned to take almost 25 years to implement, and that implementation has still not yet begun. Until then, we’re flying according to a system that evolved at random in decades when there were far fewer airplanes, and no such thing as congestion in the skies or airports.
I leave the question to you. Is the concept of affordable safety a naive pipe dream? Is there too much money in existing bureaucracy to ever expect it to be reformed? Or, put another way: Is there actually a point at which we’re spending “enough” money to make something safer that can never be 100% safe?
As a USAF aviator, we probably accepted many more risks in flying than the average civilian pilot, and even in COMBAT I have seen a risk aversion that is bordering on paranoia. The only way tu gurantee that you live a 100% safe life is to never be born…
That said, I think as a society caught up in the 24 hour news cycle, and all the demands that “we gotta do something” to every event that ever gets coverage, you are indeed having a naive pipe dream.
I think it’s a pipe dream yes and the reason is law suits. Any perceived dereliction becomes a liability when someone gets hurt or killed. In the mind of a jury, there is no price tag on human life.
I think the idea that a human life has infinite/incalculable value has led to a number of bad decisions in the last century. I don’t mean to suggest that life is worthless or cheap. A human life has tremendous value, but that value is still finite. That knowledge is inherent in ideas like death with dignity and the pro-choice stance. We will all, eventually, die.
But we do this. The EPA has a dollar value for a human life; it’s $7.9 million. If the cost to, say, install extra filters on coal power plants is more than $7.9 million per life saved by reduced lung cancer cases, then the EPA won’t mandate it.
And if a hostage taker demands more than $7.9 million per hostage, or the rescue operation costs more than $7.9 million per hostage, tough luck.
My 23 years of experience with juries is that they are incredibly stingy and firmly believe in “stuff happens.” You hear about big jury verdicts because they’re are, not common. Also, when looking at data put out by people who want to restrict jury awards, check out whether the figures they present as payouts are from jury awards (where they jury also find liability; otherwise, no money is actually awarded even though the jury puts it on the verdcit form) or from settlements where the insurance company makes an offer and the plaintiff decides to take it. These amounts can be in the millions but have nothing to do with juries. As to the price of a human life, depending on the state, juries aren’t necessarily asked that question. They aren’t in mine.
The anecdote about Ford reminds me of an anecdote about World War 2. Bombers were returning from missions riddled with holes. A statistician examined the distribution of holes, and recommended reinforcing the part with the FEWEST holes. Why?
Presumably, the idea is that if an aircraft returns to base with one section riddled with bullet holes, that means it can still fly safely with that area riddled with bullet holes. On the other hand, the part with the FEWEST holes on returning planes is presumably a critical area, where too much damage prevents the plane from returning – hence safely returned planes will not have much damage to that section.
IRL, however, there are some problems with that approach. The area with the fewest bullet holes may simply be the area least likely to be hit by enemy fire. It may be that over-reinforcing that area with heavy armor severely degrades the aircraft’s performance, making it more likely to be shot down.
I am reminded of the finding a few years ago by a USMC medical examiner that the majority of fatal bullet injuries suffered by Marines in combat were hits to the side of the torso – areas unprotected by kevlar plates in the body armor vests then in use. That led to outcries by Congress and the general public to re-design the military’s body armor to protect those areas with kevlar plates.
On the one hand, whichever vital area of the body is least protected will be precisely the area where most fatal injuries will occur. Reinforcing that area will just shift the which hit location causes the most fatal injuries. And there are trade-offs. Body armor is HEAVY. And HOT. It is tiring to wear and encumbering. In combat, in the desert, it can hamper mobility and accelerate dehydration. Adding more and more heavy kevlar plates makes the armor heavier and heavier, and in many ways LESS effective.
On the other hand, the enemy isn’t stupid. Once they figure out that American body armor has a particularly vulnerable area, they are likely to aim for that area. The sides were originally left unprotected by plates since it was thought they were unlikely to actually take direct hits in combat – the USMC’s medical examiner’s report indicated otherwise.
It’s a complex set of trade-offs, with no obvious right answer. The same, I suspect, as with civil aviation safety.
I’m confused. You don’t want “to continue overspending on outdated systems” with diminishing returns, and you don’t want the NextGen overhaul, so what do you suggest? NextGen is supposed to be implemented incrementally, so how is it different from what Dick Smith suggests? And is Smith’s book, Unsafe Skies, part of the “safety hysteria”?
I think you’ve totally misread the article. Brian would like the NextGen overhaul, but doesn’t think it’s implementation is likely in the current political climate. And he’s promoting Dick’s book.
Boeing, General Dynamics, and ITT already won the NextGen contract potentially worth $4 Billion, so you don’t have to worry about a lack of lobbying for it.
http://washingtontechnology.com/articles/2010/05/26/web-faa-nextgen-contract.aspx
Brain, you’ve put your finger on a problem that plagues all large organizations, be they corporations or governments. The response to failure becomes the creation of rules to prevent it from happening again. Eventually you have so many rules you can’t exercise any discretion without running into a rule. It creates a decision paralysis since no one wants to risk breaking a rule to get something done.
That doesn’t mean rules are all bad, but at some point you need to trust people to understand the decisions they are making. As a rule, I never break a rule I don’t understand.
I’ve known people who work for aircraft manufacturers. To a man, they all claim that accident reports always show that aircraft which have catastrophic accidents have one thing in common—egregiously poor maintenance. Assuming that’s true (and I have no reason to believe it isn’t) it would be a situation of not paying enough for safety.
The problem with large-aircraft maintenance is that they are designed to keep flying with a lot of problems. It’s like a speed limit on a road—you know that you can drive faster than the posted limit, but you don’t know how much faster is safe under the current conditions, some of which you may not know about (like an animal running across the road around the next turn).
This is a subject that I know something about. Mechanical failure is more often the problem with commercial flights, but they represent only a small number of total crashes. Controlled flight into terrain continues to be the leader, and it’s the natural result of uncontrolled airspace where an often underinformed pilot is the only decision maker.
You are arguing against bureaucracy while at the same time talking about central control? Ever think that broad application of airspace management that allows for numerous options based upon proved reliance, as well as inexpensive backups in exchange for a one time invasion fee if the chosen system demonstrates a failure, and that an airline can make a one time use of an competing form?
The GPS idea is a great one, I’ve supported it since I was a kid who worked on PLRS as one of my first and favorite jobs. It just makes more sense, but to support centralizing control? How does that satisfy the model of Henry Ford? Sounds like the opposite.
For an actual investigative report on how corporate greed has affected airline safety I would recommend “Flying cheap” by Frontline.
http://www.pbs.org/wgbh/pages/frontline/flyingcheap/
Somite,
You might at least start out without weasel words like “corporate greed” if you wish to have a rational discussion.
Just my two cents here
I watched Piper virtually litigated out existence in the early 1980s where attorneys were claiming that there were “design flaws” with aircraft designs over 30 years old. Were there design flaws? Yes, on some of the newer and more complex aircraft. I would like to point out that every airplane has an annual inspection by a A&P mechanic certifying the airplane airworthy yet the big money was and still is going after the manufacturers and the name of the game is greed.
Any time a pilot flies inadvertently into an embedded thunderstorm the end result is ether a seriously damaged aircraft or scrap metal. The vast majority of accidents happen during landing and takeoff and that simple fact screams pilot error and you are never going to change that fact until the human element is taken out of the equation.
I did much of my flying the old fashioned way low and slow. My little yellow airplane had no electronics, lights, radios or even a starter. Its basic design dates to the early 1930’s and was truly a joy to fly. A basic stick and rudder airplane. Navigation was by pilotage and dead reckoning; techniques that appear to be a fading skill with pilots in an age of composite construction and GPS. That airplane was of course the venerable J3(Piper Cub).
All that said I HATE to fly with commercial airlines. I would much rather take several days flying the J3 cross country than several hours in a modern airliner.
We should accept the role of “pilot error” as long as we understand that pilot errors are shaped by their environment – by airfield layouts, by cockpit designs, and by ATC actions (where ATC is present). “human error is unavoidable” is a myth – a pervasive myth, but a myth nonetheless. (In aviation safety, Chris Johnson and Sidney Dekker have written a lot about this topic).
Also, if we “take the human element out of the equation”, by automating the pilot, we will replace “human error” with “software fault” (or “electronic failure”). We won’t necessarily eliminate crashes caused by bad decisions, and we will certainly introduce some new sources of them. The end result may be safer, but the same cognitive challenges will have to be met somehow.
I recently test flew an Ercoupe with a more or less original panel. Boy was that a shock after months in a CTSW with an all up MFD.
Remember boys and girls, eyes belong OUTSIDE the cockpit.
The theory is not just constrained to the air authorities. In the UK a new computer system for the NHS has had considerable teething trouble for so long that it is now expected to be out of date and antiquated by the time it is rolled out ot some hospitals (see articles in the Private Eye “in the back” section from many an issue for further details). Several countries have issues along these lines on the railways or road systems: There is a limited budget to improve safety and the public hears about (for a fictional example) a big disaster caused by one type of junction. So somebody decrees the junctions have to be looked at and rail fatigue or lighting drops down the agenda, and what actually saves the most lives (like fences) appear so simple they are almost forgotton.
Thankfully over the last few years companies have been utilising the ideas. It became standard on british railways that if you have to walk where trains need to be able to see you, then your torso and legs have to be in high visability orange, not just an open hv vest which is all but invisible when you bend over. Safety glasses and gloves are a requirment for companies. Sure, some will say “of course they sort those out, those are the easy and cheap stuff”. But the theory goes like this:
A major cataclysm is rarely the result of one mistake. There will be single mistake at the top, but there will be a long chain of mistakes that turn it from an incident to an accident. For every fatality there are likely to have been a number of RIDOR injuries, and for each of those there would be a number of injuries, and for each of those a number of near misses. For each of those there will be a number of warnings. Working on the bottom of the pyramid makes the big catastrophe less likely.
I’m not convinced it works like that, and with a limited budget there is always going to be an area that misses out. But I take the personal philosophy that if you make the bottom of the pyramid safer, then the guys working in the field are safe to put right the things that might cause trouble at the top of the pyramid. Better yet, when we have the bottom of the pyramid cleaned up we can see the warning signs for the big dangers, because we are no longer drowning under little issues. People spot issues with the permits or conflicting data because they are not distracted by issues that should not be issues. (This I have seen myself, and the change is brilliant).
It will be the same for air authorities. Clear up the issues with radios and radar at the bottom of the pyramid, and the warning signs for the big obvious events at the top are easier to pick up on.
If you make something idiot proof, they will just make a more efficient idiot.
I’m sorry; I must be missing something here. You’re suggesting that the current air traffic control system isn’t safe?
I read NTSB accident reports regularly and I don’t recall a significant percentage of accidents being caused by ATC inadequacies. Normally, it’s pilot error. (Think I’m exaggerating? See for yourself at http://NTSB.gov.) You mention, in a comment, controlled flight into terrain in uncontrolled airspace. You realize why this happens, don’t you? Normally, it happens to a pilot flying into instrument meteorological conditions (IMC) without proper training or equipment. He loses orientation and flies right into a mountain or the ground. JFK Jr, but he hit the water. If it’s UNCONTROLLED airspace, what does ATC have to do with it? I sure hope you’re not suggesting that ALL airspace be controlled. That would require some serious money.
You mention “safety hysteria and overregulation” as a cause in the decline in general (not commercial) aviation. As a GA pilot, I don’t see that at all. You don’t think that the decline is a result of economic factors? That it’s becoming too expensive for general aviation pilots to fly? Fuel, insurance, parts, repairs? That fewer new GA pilots are being trained because of the real or perceived costs of learning to fly and buying or renting an aircraft? That flying has become too expensive a hobby for many GA pilots to afford?
And isn’t it true that NextGen is designed more as a means to safely increase CAPACITY than to increase SAFETY? And isn’t it more for COMMERCIAL aviation than GENERAL aviation? The owners of general aviation aircraft couldn’t begin to afford the required equipment.
I’m sorry, but I think you’re mixing apples and oranges here. Commercial or general aviation? Regulations or systems? Increased safety or capacity?
Aviation safety and efficiency is a multifaceted topic. The “right” solution for a part 91 Cessna pilot tooling around the midwest on weekends isn’t going to be the same for the Part 135 helicopter charter operator doing air taxi flights in the Arizona desert or the Part 121 747 airliner flying daily between Honolulu and Chicago.
I guess what I’m really worried about here is a bunch of partially informed people playing armchair quarterback for a game they know very little about. The news media misstates and oversimplifies aviation topics all the time. Heck, they did it just last week when Michele Obama’s plane had to do a go-around for spacing. They called it a “near miss”! What bull!
Is that what triggered this topic? If so, you need to turn your skeptical eye to what you hear on the news and stop worrying about ATC safety issues whipped up by the news media, that might not even exist.
My read was that poster meant “safety hysteria and overregulation” were responsible for the rising costs. This is oversimplified at the very least.
That said
As an LSA pilot I agree with your analysis. AF one doing a go around in fog is national news…
I only fly with a club as we have to share costs. I’ve been looking at some used AC but I can never justify laying out the dough for anything of my own.
I might eventually get priced out of the hobby but its nice while it lasts.