Surplus1;
BTW, neither one of you answered my question with respect to the pilot’s ability to deliberately take the aircraft out of Alternate Law and force it into Direct Law if he so desires and I don’t know the answer myself. Although someone posted a fine diagram indicating which protections were retained in Alternate Law and which were lost, I do not recall them exactly. Safetypee you said you believe that stall protection is lost in ALTN Law but what I want to know is: Can the pilot go to Direct Law and remove all “protections” if he chooses to do so? From what I've read, stall protection is lost but stall warning is available from the AOA source.
The ability to take the Airbus into Alternate or Direct Law resides within the design of the autoflight system but is a profoundly non-standard approach with this design and is entirely within test-pilot territory.
I state this strongly because it is not even in the realm of an "ad-hoc, emergency response" to a badly degraded aircraft or flight control system. I could not see this kind of system intervention condoned or even considered by any Airbus pilot nor can I see it as a legitimate response in the present discussion.
This is because the flight control system, in Normal Law, does not prevent the crew from doing what is necessary to fly the aircraft within (and slightly outside of) expected maneuvers.
I think what you're asking is, is there a switch like there is in the 777 that connects the control column/wheel "directly" with the flight controls such that the pilot can exercise as much control input as is deemed required to intervene with abnormal regimes and attitudes. The answer, for both types, is, "no" in the sense that there is no more authority than is already granted by the flight control design when the aircraft is in such abnormal states, (system failures or abnormal attitudes). I have previously posted information on this twice.
The 777 switch bypasses the (equivalent of the) primary flight control computers but still sends electrical signals to the flight control servos in "direct control" (another name for direct law). In other words, control is achieved by wire, not cables/pulleys. (I assure you that I am familiar with and have flown the DC8, DC9 and B727 and have flown "manual reversion" in all these types in simulator exercises. The A320 can be flown on engine thrust and stab trim alone, to a successful landing). This is exactly the same as the Airbus 330/340 system except that the FCPC and FCSC - primary and secondary flight control computers execute the direct flight control orders from the stick. The available authority from the sidestick in alternate 2 law and direct law is, with minor variations in alternate 2 law, the same as would be available to a 777 crew in the same circumstances.
The essential decision by the design and engineering people is, because the autoflight system is beyond it's design capabilities either during a serious system failure (hydraulic, electrical or data-loss) or a "jet upset", (> 10deg ND, 30NU, 50deg roll, approximately), it can no longer reference and interpret the situation the aircraft is in and necessarily hands control over the flight crew.
This design is not a matter of "handing the aircraft over at the worst possible time" even though that is what it looks like - it is a matter of design practicality and software capabilities in rescuing a serious loss of control. In the Airbus, loss of hydraulics or electrics means that the autoflight system may not be capable of exercising all the control that is required of it when in Normal Law and so it is designed to degrade to Alternate Law in the 320, and Alternate 1 and 2 Laws, then Direct Laws in the 330/340. There is nothing about this that either intervenes in pilot direct control or prevents a pilot from flying the aircraft as s/he will. Any one of five flight control computers on the 330 will provide full use of all flight controls without restrictions. I have posted many schematics and diagrams illustrating both these laws, the degradation of same and the aircraft attitudes and/or system faults which will cause Normal Law (C* law as it is known) to revert to Alternate and Direct laws. The 777 degrades in approximately the same way.
I have to emphasize that there is nothing in the A330 design in terms of pilot interventions that were not available in the B707/DC8 design. The flight control computers do not mysteriously "modify" pilot input to do what the engineers and designers really want but haven't told the flight crew.
To be clear because there is a question, in Alternate law 1 & 2, pitch law is referenced to 'g' loading, (same as Normal law). The AOM does not specifiy that Pitch Alternate Law restricts 'g' loading to "2.5" but I suspect they do. In Direct Law, the aircraft is a "DC8".
The essential question is, "can the pilot get whatever 'g' s/he can pull above certification limits (2.5 positive, 2.0 negative, flaps up)? The answer is, yes in Direct Law and likely no, in pitch alternate laws 1 & 2, (1 is the same as 2 in pitch).
I hope this is of some help - I'm being a bit "direct" only to save space and not to dismiss concerns. This is the way the system works - there is only complexity, but not mystery. To explain the entire 330 autoflight system here would take substantially more space and would probably not be necessary.
I ask this question because the entire concept of the automated control system seems to be that it will prevent undesirable positions/attitudes, speeds, etc., as long as we are not in Direct Law. If we carry that concept to its limits - upsets, stalls and overspeeds simply can’t occur – so there is no need to waste time or money training for recovery from them. I do not believe that to be truth.
Not entirely true, and for the reasons described above. Otherwise, we have a fully-automated airplane in which the pilot is just so muich "spam in a can", as John Glenn said to NASA engineers when they refused to give the astronaut some control over his Mercury capsule. In the end, it was Glenn who saved a mission via skill and manual control when the computers could not deal with a stuck thruster...
I therefore agree completely with your "If we carry that concept to its limits...etc". As much as it seems reasonable on the surface, we can't have it both ways.
Every effort and tons of money have been made and spent to keep the Space Shuttle safe yet the vehicle has been lost twice. We build things that we say are ‘fail safe” but nothing is truly fail proof.
The latter part of the statement is absolutely true. Some have mentioned Murphy's Law and variations on the theme.
Even without a creeping hubris focussed on "the mission" rather than the traps, a characteristic which can infect and even convince the most skeptical to ignore the "nay-sayers", and under the very best of managerial and engineering intentions and comprehension of the risks at hand, we can still fail extremely badly.
It is not that failures occur of course; It is what we have done with the inevitable but frequently ignored precursors to a major accident that we must surely reflect upon. For me, that is the case here, but truly that is an old aviation story indeed. What happened to AF447 after 0215Z is immaterial in terms of systems design, aircraft response and crew handling.
I note that the shuttle accidents are referenced in comparison to automation accidents regarding "tons of money" etc. I disagree with this comparison and the reasons stated, and although it is perhaps a side-bar, I would suggest, if I may, a close reading of Diane Vaughan's book, "The Challenger Launch Decision", and Moshe Farjoun's and William Starbuck's edited book, "Organization at the Limit" for a full understanding of why the Challenger and Columbia disasters occured. In almost every aspect, they bear very little relationship to this accident.