Originally Posted by
Musician
The existing system already detected that the input was bad. The problem is that unless you can determine why the input was bad, it can't be trusted from that point on: it might look as expected, but still be off, just by less.
Your alternative sensors can't replace air speed data: inertial speed or GPS speed is ground speed, which is fine for navigating, but for aviating you need the air speed because it determines how close to the limits the plane is: how close to a stall, how close to being overstressed?
"Do nothing" might have been "keep air speed constant by applying power", which is what it was doing before the autopilot turned itself off. That's pretty much what the pilot did, isn't it? And if you change the system behaviour to "do nothing", you may have changed it for situations where it shouldn't have changed (any programmer knows that fixing a bug often introduces new bugs). What you say is "easy to manage" is in fact hard to manage. It is easy for humans, but hard for computers, which is my point.
Actually in this particular (admittedly trivial from an engineering standpoint) case it is rather straightforward to manage. If you can describe the circumstances you can program them into the system. You have already said that the system correctly determined that airspeed indication was faulty, so your primary concern has been dealt with. It would be very easy to have set it up to allow it to keep control and make a best guess at actual airspeed based on other parameters. As the crew should have done - they had no more information but should have looked at the vast array of other information available to them and simply managed attitude, why would it be dangerous to have left the computer to do no more than that?
True, in a fully automatic system I would want to look at the nature of the backup sensors - eg multiple identical pitot tubes were not actually independent of each other as they all had the same characteristics.
The crew failed because of 'startle' - computers don't suffer from that! Having totally screwed-up the situation the crew were further confused by the very interesting stall warning signal that disappeared when the airspeed fell below what the system considered possible in flight - it was actually correct, they were not flying when the stall warning went silent, they were falling like a brick, but there is a lesson there when considering more automation.