PPRuNe Forums - View Single Post - MAX’s Return Delayed by FAA Reevaluation of 737 Safety Procedures
Thread: MAX’s Return Delayed by FAA Reevaluation of 737 Safety Procedures
View Single Post
Old 30th Oct 2019, 12:15
  #3586 (permalink)  
spornrad
 
Join Date: Jul 2009
Location: France
Age: 62
Posts: 98
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by GordonR_Cape
One of the highlights, but barely noticed points in the testimony, was when Senator Duckworth asked that Peter Lemme's article be read into the record, and this was accepted with no comments!? This article: https://www.satcom.guru/2019/10/flaw...-disaster.html
After having re-read Peter's exhaustive and complex analysis of certification and safety assessment of the MAX several times, I dare trying a short summary. Peter Lemme comes up with three major conclusions, he calls
  • Tail Wagging the Dog
  • Level of Mistrim
  • Ineligible Discount
- Tail wagging the dog: no Fail-Safe implementation was choosen reflecting an unacceptable safety culture during the design phase of the MAX, violating company precedence. The Fail-Safe mandate should have been obvious from the beginning, once the aft column cutout override was added. If nothing less, to follow the other Boeing model implementations (which are all Fail-Safe).
- Level of mistrim analyzes in detail the flawed assumptions regarding trim speed, cutout override and pilot dealing with multiple malfunctions within 3 s.
- Ineligible Discount was for me the most difficult to understand. Trying in my words, Boeing used an arithmetic trick in the SSA (System Safety Assessment) combining the probabilities for 1. MCAS false activation (1/10.000) and 2. being outside the normal flight speed envelope (1/1.000) in order to claim a combined MCAS false activation probability of 1/10.000.000. This math trick is called "discount" and allowed them to avoid the dual channel design requirement for a "hazardous" condition. Peter Lemme further asks, whether this trick has been pulled as well for other malfunction evaluations during certification.
The JATR report states, that this creative arithmetic is not in compliance with the relevant safety rules.

Besides, this math is simply wrong, because combined event probability is only equal to multiplied single event probabilities if events are independent. Since MCAS is designed to trigger outside normal speed envelope and has the authority to bring AC out of the envelope, these events are by no means independent. You can try this trick with your life insurance broker: My annual risk of dying is 1/1000. My risk of a motorbike crash is 1/1000. Therefore, my combined fatal crash risk is only 1/ 1 Mio ....
Last edited by spornrad; 30th Oct 2019 at 13:36.
spornrad is offline