PJ2,
a major issue is: looking at discrepant readings from multiple sensors, and deciding which of them are more or less the same and which of them are more or less different.
I believe you are right that this is a form of "gestalt" and that you are equally right that there are hard technical results that say that this cannot reliably be performed in general with fewer resources than 3n+1 (or fewer if perfectly-reliable digital signatures are assumed, as pointed out by iff789).
Machinbird has put a lot of thought into his architectural construction, but what is missing is the crucial insight that you can't "climb the ladder" to get out of the constraint. 2 systems is about the worst one can propose: you can't tell which one is right and which one is wrong, and if you dump the data on the pilots to decide, that is the worst possible scenario for them: debug and decide on the fly. Better have three. Then, when it goes wrong (two of them are wrong but agree, as with the Perpignan AoA sensors), the pilots get even more data dumped into their laps and have likely even less chance of sorting it out. And so on.
The Perpignan pilots had, according to the BEA, data "dumped into their laps" which we, sitting in our comfortable chairs before our comfortable computers with a pleasant glass of 2009 Josephshöfer Riesling in our comfortable hands can easily see from the BEA report were anomalous.
Tom Sheridan at MIT researched such issues, and Dave Woods (who proposed the concept "mode confusion") et al. has shown how this work applied in detail to aeronautics, and people such as Sidney Dekker have carried this further. Summary: you can't dump the system state into operators' laps and imagine they can save the day. They mostly can't.
It's between a rock and a hard place. Had someone said, before the Perpignan accident "you know, if two AoA sensors agree, falsely, then it is probably because ...... and we can handle it with ......." and persuaded everyone to go along, then that crew would have been saved. So let's consider doing that. Everyone predict the next twenty type-XXX accidents, suggest the obvious ways they could have been avoided, and write a letter to the manufacturer of type-XXX suggesting they implement those countermeasures.
If you think that is a silly idea, then we are on the same wavelength, because I think it would be silly too. But the people suggesting that Perpignan could have been avoided if only the aircraft had show this-and-this-and-this are still 19 accidents away from this recognition.
PBL