This article illustrates the need for trial lawyers and keeping that route option open.
See how Texas shut down the medical lawsuits under the guide of malpractice reform where it didn't really work as advertised.
In an ideal world, the consumer protection agencies, etc would do their jobs. But they can't because of the revolving door syndrome, the industry lobbying, and so on.
So what are our alternatives to force companies to fix their product defects? People actually died due to their shoddy design/production and these companies tried to hide or cover up.
I wouldn't be surprised to see an increased effort to pass laws to remove the ability for us to sue companies in case something goes wrong. This on top of the media campaign to paint trial lawyers as the scum of earth. Some may but many are actually very good and very dedicated at what they do.
It's probably self-serving, but I think it's valuable to have people in society who have different incentive structures. Trial lawyers don't answer to share holders or analysts--they answer only to judges and juries composed of ordinary people off the street. Within an otherwise capitalistic market economy, having some of them around provides a valuable foil.
Tort reform in Texas worked out as designed--what you have to ask is: what was it designed to do? Take caps on jury damages: do you think that's targeted at frivolous litigation? Or is it targeted at limiting compensation in the most meritorious cases, ones where someone really fucked up and a jury saw fit to award a big number?
What Texas is doing/has done would not have impacted this issue if a similar law were applied to manufacturing. The key here is that people at GM knew they had a problem and successfully hid it. If you were to apply a loosely copied version of the Texas law it would start a timer two years from revelation to get the suit going.
What annoys me most is the US government fined Toyota a billion dollars for not quickly identifying problems and so far GM has taking a walk comparatively. I really want to see a real fine on GM for this , given their CEO her positions coming up through the ranks would have/should have known about this problem. Maybe not its extent, but she would have at least heard aboutit
> In an ideal world, the consumer protection agencies, etc would do their jobs. But they can't because of the revolving door syndrome, the industry lobbying, and so on.
The article mentions the possibility of criminal charges against the switch engineer, if someone kept digging there could very well be evidence of criminal wrongdoing by the oversight agencies as well. When people start going to jail real change will be effected. But who's going the champion the multi-year investigation without a multi-million dollar carrot?
There's been quite a string of front page posts the last week; mercury dumping in rivers, tainted generic drugs, faulty ignition switches. Perhaps thousands of cases of criminally negligent homicide and no charges filed in any case.
Cut off the criminal and civil routes for justice and I guess vigilantism is all that's left.
I feel the root cause here is the culture of setting hard deadlines by management.
Getting a deadline moved even for logical reasons involves pushing against massive internal red tape. Missing a deadline invites greater punishment from management than compromising on quality. Naturally, quality loses out.
Happens all the time in our own industry, and sadly, this case shows that it happens even in safety critical industries.
All engineers, regardless of industry, should be trained in how to negotiate with management. All managers, regardless of industry, should be trained to respect opinions of subordinates.
> […] managers […] should be trained to respect opinions of subordinates.
That's your problem right there: the subordinacy of engineers.
We are biased to listen to high-status people more than low-status people. The strength of this bias varies from people to people, and from culture to culture. But if you are asking someone to listen to the opinion of a direct subordinate, you are asking for trouble.
This is one reason why Michael O. Church is so big on guilds, or "professions". If instead of being a subordinate, the engineer was a (possibly certified) master craftsman, things would be different. Just picture the manager calling the the engineer "master", then not listen to her opinion.
> […] engineers […] should be trained in how to negotiate with management
Conversely, it's harder to negotiate when you have lower status than the manager. You may feel it is not your place. But if you're a master programmer, offering your services to said manager, then you could feel more confident about talking to him as a peer. You could feel more confident about saying things like "your idea won't work —trust me, it's my speciality."
I agree with you. I'd like to live and work in such a world myself.
But my rather pessimistic opinion is that status, hierarchy, etc are deeply embedded in us as a species - just like animal species who have pack leaders or dominant males or whatever - and this won't be easy to get rid of. The ones who hold financial strings, the ones who act more arrogant, more confident, more powerful, more knowledgeable - they are unconsciously seen as having higher status.
The hierarchy could be inverted with a very small change to the laws governing engineers, just as it has been done for lawyers. The details vary by jurisdiction, but generally lawyers must practice in some form of partnership where non-lawyer members are restricted. Work similar to project management is frequently performed by secretaries that are subordinate to the lawyers.
Whether or not strengthening the profession of engineering would be good for society is another question. It is inherently anti-competitive. It could easily slip into a system with very few and highly paid "qualified" engineers whose small number would hinder development. This is a problem with medicine and the supply of doctors in some places.
I would note that in the legal field, effective DOJ threats have prevented any attempt to limit the supply of JD grads, while the other rules such as management of lawyers by non-lawyers has remained in place.
The problem is not hierarchies as such, but in failing to recognize the hierarchy as an expert organization where the experts are the masters of their expertise. Managers are project managers who have the responsibility to direct their experts to solve the issues to make the project succeed. It's therefore the managers job to have a best overall understanding of the project, and incidentally it's the job of the experts to inform the manager of any serious issues they cannot solve alone, and possible solutions for the problem if possible.
Expert organisations are not hypothetical, and actually have been present in all hitech companies I've worked for. Then again it could be a cultural difference, as I'm working in Finland where social equality is a big thing, and calling your manager, director or CEO with honorifics like "mister" would be considered awkward or almost inappropriate.
This would change almost nothing in the current scenario. Companies still have in-house legal teams, who are trained lawyers and I'd argue they are still 'subordinate' to whoever their managers are. Given the number of startups that regularly skirt the edges of the law it's obvious that many founders don't pay heed to legal advice either (or even seek it out) [1]. Why should it be any different if engineering was more 'professionalised'?
[1] I'm not making any judgements about this, simply stating that it happens.
> This would change almost nothing in the current scenario. Companies still have in-house legal teams, who are trained lawyers and I'd argue they are still 'subordinate' to whoever their managers are.
I have no idea what your scare quotes mean, so I'll pretend I didn't see them.
What you describe may be yet another problem of subordinacy, but there is a difference: when you get legal advice, it's not binding. You may chose not to follow it. But only engineers can build a bridge. That gives them a limited veto power.
In the current scenario, there are several steps. First, the lawyers says how much the different kind of litigations cost. Second, the boss (or some other manager) works out which costs more: letting people die, or fixing the lethal stuff. Finally, there's the engineer, which either fixes the damn thing, or does not.
This suggests at least two angles of attack. First we could increase the cost of death for companies. Second, we could held specific people personally accountable. Either the manager for trading lives for money, or the engineer for implementing that trade off.
Now, as another commenter warned about, we should be careful about not freezing innovation in the process. At this point, the problem is so hairy I have no idea what's best.
The quote marks around 'subordinate', to me, are intended to indicate that the status that the relationship entails on the surface does not hold where it matters. The lawyers are not really subordinate to the managers and are able to extract more value from management than the managers are able to extract from the lawyers. If this dynamic persists long enough, then, like the Janissaries of Ottoman fame, the subordinates eventually find themselves the masters.
That almost sounds like you're absolving the engineers (as though they can do no wrong). Changing a part, without also changing it's part-number, doesn't sound like a normal thing to do (and then forget about).
This is a complex issue and I do not agree with the (over-simplistic) reduction to 'management' and 'deadlines'.
Not absolving the engineers. The engineer in this case - and other cases - may well be guilty - both legally and morally - of mistakes.
What I'm trying to understand is, what would make an experienced senior engineer prefer such shortcuts over doing the right thing.
The article says, "Faced with a deadline, DeGiorgio replied: If increasing the torque will destroy the switch then do nothing. Maintain present course. Under no circumstances do we want to compromise the electrical performance of the switch.".
I interpret it as the deadline being a root cause. At the heart of any complex issue lies one or more root cause(s). What were they here? What made him behave that way? Fudging the records is a consequence, not a root cause.
>What I'm trying to understand is, what would make an experienced senior engineer prefer such shortcuts over doing the right thing.
Organizational failure. An onerous documentation change/approval management scheme. Covering up a mistake. A culture that causes people to fear losing their jobs, especially for cost reasons, or the feeling that company management are looking for reasons to cut staff. Having your group be blamed for an expensive product recall makes you an easy target. One of the last things a middle-aged engineer in the US auto industry wants to be right now is laid-off.
We naively expect a senior engineer to do the ethically correct thing without respect to whether it has negative personal consequences. The problem with this idea is that the consequences for being "that guy" are too great; and both engineering societies and state licensing boards have been derelict in their roles of helping to protect engineers who refuse to do the ethically gray/wrong.
>I interpret it as the deadline being a root cause. At the heart of any complex issue lies one or more root cause(s).
There are so many things wrong with product engineering management, but yeah laying a deadline that no engineer has the courage to break would definitely be one of them.
It doesn't sound like such a horrible position to be in; working for a multi-billion dollar company that was trying to force you to ship a part that could kill people. Whistleblowers get 1/3rd of damages, it's like wining the lottery for ethical people.
How long does it normally take to design one of these switches, when you've been doing it most of your life? Knowing absolutely nothing about the complexity of these switches, but knowing what small hardware teams have been able to accomplish at companies I've worked at, 3 years sounds like a more than reasonable time frame.
>It doesn't sound like such a horrible position to be in; working for a multi-billion dollar company that was trying to force you to ship a part that could kill people.
It's probably not a case of some moustache twisting monocle wearing fiend who was the manager and the engineer was absolutely convinced that it was a faulty part that would ultimately be responsible for death and destruction. It was more likely one of a number of similar sub-assemblies, all having some questionable attributes and people trying to ship things under the guise of "perfect is the enemy of the good". At some points along this road, various people probably began realizing that there was a real problem, one that they might have some culpability in. Why the people involved continued to make poor decisions, I don't know.
>Whistleblowers get 1/3rd of damages, it's like wining the lottery for ethical people.
It's a nice theory. I've yet to see it happen consistently in practice (or pretty much ever). Engineering ethics case studies are littered with cases where engineers tried to alert management of problems and were punished for their efforts.
>How long does it normally take to design one of these switches, when you've been doing it most of your life?
Not very long given ample resources and nothing else to do. I doubt they were working under those conditions.
Engineering is the art of technical and economic tradeoffs. Engineers use their judgement, experienced engineers simply have a larger pool of good and bad judgements to draw on. They still get things wrong for the same reasons Uncle Bob has to debug the code he writes, they're human and make mistakes.
The domain of automobile use encompasses more variables than a website - there's no sleet over TCP/IP and broken internationalization doesn't result in crushed vertebrae. The vast majority of software engineers and programmers live in a world where the calculus for balancing technical/economic tradeoffs don't involve life safety and billions of dollars of capital investment in the pans.
You're taking four words from an article (not original sources) and deducing a root cause. In the absence of those four words -- which is the only time 'deadline' is mentioned -- would you draw the same conclusion? I do not.
I could argue that fudging the records is a 'root cause' of why the investigation took longer. If you want to go reductio ad absurdum then really the root cause is ultimately human fallibility.
> then really the root cause is ultimately human fallibility.
I'm not sure why you see this as 'absurdity', because it is a problem and it is something we try to design around with everything from good UIs to fatigue management.
I see it as absurd because when you get to that level, there's no information about what you can practically do to fix it. You've gone way past the threshold of usefulness — if you get my meaning (in other words, this reductionist view could end with "because, physics", but that's not very helpful).
You don't attempt to fix human fallibility itself but instead create systems and process to reduce both it's likelihood and impact (as you describe) for specific scenarios. Those systems and processes can then be improved and new scenarios added.
In this particular case, I find the reduction to 'management and hard deadlines' to be a useless summary (as well as incorrect) as it goes beyond the threshold.
> I see it as absurd because when you get to that level, there's no information about what you can practically do to fix it.
I disagree. I see it as important to recognize our shortcomings and find successful ways to deal with them. It may be that we haven't yet figured this out in general, but figuring out specific cases may allow us to solve individual pieces of the problem one at a time and improve things even if we cannot fully overcome our flaws.
> Changing a part, without also changing it's part-number, doesn't sound like a normal thing to do (and then forget about).
This really depends. If the original part was not being made to spec and the "new" part was to spec, the specs never changed and therefore the part number shouldn't change. They would just identify that parts with serial numbers or stamp dates up to X were not made to spec or defective.
Did you read the email from the chief switch engineer about the 'switch from hell'? Seems like this guy seriously fucked up and then tried to cover it up and then continued to lie about it at depositions?
Management is absolutely also to blame but it all started with the engineer. His negligence and 'fuck this switch' attitude killed people. He failed technically and ethically to do his job and people died.
As reported in [1], it looks like he wasn't negligent - "DeGiorgio discussed the problem with Delphi...in February 2002, he had a choice: do nothing to fix it or change the switch and delay production."
He certainly knew about the problem, but then decided to not fix it, to keep the production schedule on track. This is what makes me talk about management and deadlines.
It's easy to blame it all on that single engineer - and I'm sure GM would love to do so - but isn't it possible the environment in which he worked made it difficult - even risky - to implement the right solution? Perhaps biased by some of my own experiences, I tend to favor the organisational failure explanation that other comments here describe quite well.
Of course, everything he did later - the cover up, the lies - were attempts to cover up this one bad decision, and show that his ethics were less than stellar.
I guess I see it differently. Management definitely failed to react properly once it became obvious the switch was faulty. I mean, apparently it came up in car reviews of all places.
However, if you're the lead engineer on the switch, you have 23 years of experience on the job, it's your responsibility not to say "fuck it, just ship it." It's his signature on the paperwork. This wasn't a one-time one-day bad decision. This is a switch he worked on for three years.
The right course of action is refuse to sign off on a faulty part, and then not try to conceal that the part was faulty once people start dying. Every project has schedule pressure, so if schedule pressure is somehow a defense then engineers are never responsible. I simply don't buy that. Management can decide they want to override the engineer and ship it anyway. GM can fire the guy for not agreeing to ship a faulty part, but then DeGiorgio could have been a whistle blower collecting 1/3rd of the damages against GM right now.
I don't blame it singularly on the engineer. TFA says that GM’s Director of Product Investigations shut off the car with her knee, so this goes way beyond just the engineer. But I don't think that lets the engineer off the hook either. The engineer failed spectacularly, possibly criminally, and I hope he has to face a jury of his peers for this. Management also failed the same way, and if the investigators were in place to really push this, I'm sure the paper trail is there to at least indite some of these greedy complacent fools.
"However, if you're the lead engineer on the switch, you have 23 years of experience on the job, it's your responsibility not to say "fuck it, just ship it." It's his signature on the paperwork. This wasn't a one-time one-day bad decision. This is a switch he worked on for three years."
I think you're still not getting the point. The way modern management works, and this seems to be nearly universal now, is that it leaves the professional still formally in charge and still liable but creates a situation where there is massive pressure to follow the schedule.
GM can fire the guy for not agreeing to ship a faulty part, but then DeGiorgio could have been a whistle blower collecting 1/3rd of the damages against GM right now.
Oh, you can't collect damages for fatal decision you prevented and then were fired for. Even more, the point bad engineering decisions is not that they are not guaranteed fatal but simply that they might be. If you dig your heals to prevent them, you get fired - the bad decision gets made but turns out not to be fatal but sequence of events is still fatal your career. Even if you warn about each one, you'll get fired 'cause management will see and won't want you covering your ass at every turn. They want you, silently making the decisions on the impossible schedule they set, to be the device they use to cover their asses instead. That is the point of the whole structure.
Of course there's pressure to follow the schedule. There's also pressure not to kill people with sloppy work. Did you miss the part about fudging the part number, the lying, the cover-up?
I don't understand your second point. Keep in mind that he could have signed off on the faulty part initially, and only after the first reports of a safety issue started trickling in he could have raised holy hell with management and if they did nothing then he could have become a whistleblower. 20% of the problem was initially failing to design a proper switch, but 80% of the problem was how DeGiorgio and GM overall behaved afterwards.
The point is there is a strong regulatory framework which lets you fully and properly fuck your managers and live out a very happy life if they actually try to force you to cover up a mistake like this, but only if you have the ethics to do the right thing. Instead DeGiorgio allegedly spearheaded the cover-up personally.
I've worked at a hardware startup verifying specifications and watched the level of process around BOM changes (it's off the charts compared to software change tracking). I'm really surprised it was even physically possible for DeGiorgio to make the hardware change without changing the part number.
There was one time in my career an engineer fabricated test results because the schedule didn't allow enough time to properly run them. I discovered the falsified results and discovered it, and the engineer was ultimately fired. The next guy in the position worked within the system to properly communicate how long the tests took to run, and the result was that some less critical testing was skipped, and the rest got the appropriate resources to complete them. But you do not get to just lie and say everything was done just because the schedule was unrealistic. Schedules are always unrealistic.
Doesn't matter. As an engineer, you don't get to pass the blame like that. When you sign off on something, you are taking responsibility for it. Being able to tell your employer 'no' is fundamental requirement of being a professional engineer. It's the most important difference between a professional engineer and 'some guy who designs things'.
If management was acting irresponsibly, they deserve blame as well, but that does not excuse his actions. My engineering association probably has somewhat different rules than his, but they're all going to be similar. From the handbook sitting beside my desk:
-------------------------------------------------
Rules of Conduct:
1. Professional engineers[...] shall, in areas of practice, hold paramount the health, safety and welfare of the public, and have regard for the environment.
....
A client's or employer's interests should be held in high regard. However, the following duties take precedence over the interests of the professionals' client or employer:
- the duty to protect the safety of the Public;
- the duty to the professions under the Code of Ethics; and
- the duty to act fairly and justly to all parties when administering a contract on behalf of a client or employer.
....
Having a Recommendation Overruled:
- When a client or employer makes a decision that adversely affects the public interest and is contrary to the recommendation of the professional, the latter should inform the client or employer of the consequences of the decision. If the client or employer is unavailable or unresponsive, the professional should notify the appropriate regulatory authorities that have the ability to evaluate the concerns and the power to suspend activities until the technical issue is resolved.
> the professional should notify the appropriate regulatory authorities
Sounds like a great way to lose your job. Don't get me wrong, but it could very well be a very costly thing to do, and not all people in management likes that.
It's interesting - and encouraging - to see such things codified as a handbook. Out of curiosity, what industry are you in? (and you need not reply if you wish to maintain privacy)
I should mention that it's not just something written down in a handbook, either. Accredited engineering programs are effectively required to contain an engineering ethics course, the purpose of which is to explain what the rules are and why they exist. Mostly by looking at incidents like this one.
EDIT: Thanks, krallja. It seems that US national ethics guidelines are indeed very similar.
> Management is absolutely also to blame but it all started with the engineer.
No. Whatever the engineer's responsibility, the engineer's management decided to keep him, making it their responsibility.
"A loss of X dollars is always the responsibility of an executive whose financial responsibility exceeds X dollars."
- Gerald Weinberg's 'First Principle of Financial Management' and 'Second Rule of Failure Prevention' [1]
[1] 'First-Order Measurement', Quality Software Management, Volume 2, Gerald Weinberg, Dorset House Publishing, 1993
No. Actually, professional engineers have a legal responsibility to do their work correctly and can be held personally accountable for failures to do so. This problem was not a failure of a management.
From what I understand, this is exactly what happened. A few people were just trying to cover their own asses and it resulted in tragedy.
It's ridiculously unfair to all the people who died and families who lost someone. It's also unfair to the engineers and management at GM who are ethical and good at their jobs.
It's an understandable byproduct of a stack ranked organization. Any time you have the threat of being ranked and rewarded based on delivery well anything that threatens the delivery reflects badly on the rankee and is actively avoided.
The threat of being ranked? We are ranked constantly starting at 1st grade. Competitive ranking should be a very familiar feeling for every American at least.
When humans face the prospect of being ranked, the only option then becomes to lie, cheat, take shortcuts, or put lives at risk?! It may be an understandable byproduct for the weak, the proud, or the immature. Cheating is certainly endemic in our society, but I don't believe that absolves the cheaters; it's still criminal/unethical and it should still get you fired, throw off the team, or sent to jail.
There is something important to study and learn from this disaster, but my personal opinion is it's not so much a problem with performance evaluations, but rather a spectacular engineering failure combined with a company rotten to the core that completely lost its sense of purpose (hint: serving customers, not short term profit).
I do expect that adult humans can be subjected to significant workplace stress and pressure and still be expected to behave ethically and responsibly. I think that the law and justice expect the same.
Question: What were they trying to achieve with the 2005 version of the ignition switch, which required a new design, that couldn't be provided from a 1975 switch design? It seems that a lot of effort and money is poured into redesigning every component of products every few years, when this was a solved problem many decades ago. After all, the ignition switch has to 1) be turned with an authorized key, 2) provide electrical contact for accessory, run, and start positions.
Have you had a car made in the last 15 or so years?
Nowadays ignition switches do everything but starting the ignition system. As the car is fully controlled by a computer, the key is an electronic gizmo that authenticates the driver as the owner and signals the starting sequence. The revolving movement is completely unnecessary and just provided for familiarity purposes, there are cars that instead of a key have a card and start by pushing a button.
My bet is that maybe in 2005 GM was building the first switches under this principle, thus the need to preserve the electrical characteristics of the system, so the data transmision channels between the key and the computer wouldn't get compromised.
Ah, that explains it -- my F150 pickup truck is 14 years old, the only technology it has is an RFID chip in the key (which I assume is read by a sensor in the location of the ignition switch, fed to the engine computer, but otherwise not requiring any other re-design of the key switch).
A 1975 switch probably doesn't have the same crash characteristics as a modern one, it's quite common that keys in older cars will penetrate your knee during a crash.
When I read this story, I thought of parallels to large complex software projects (of course). You could call a large software system that would take more effort fix than has been been spent to create it so far "totalled", like a badly crashed car. It happens (usually with government payroll systems it seems).
GM seems to have "totalled" their entire lineup of cars designed and produced over the last 20 years - the quality of their organization's work has been so low that it's not really possible for GM to find and fix all the serious problems on all the cars they've made. They would have to dissect all the parts from a sampling of cars of each year, since they can't even trust that the same part number is really the same in different years! It's probably cheaper to make a couple new car models, really make sure they're not defective, and provide everyone who still has a GM car with a replacement car. Cheaper, but maybe still not possible. "Good enough" massive recalls will have to do.
So the writer describes the guy who does the CSI on the car as a "grease monkey" and implies he is an uneducated hick. Yet it was his work that figured it all out.
Have you ever used a Tech 2 scanner to diagnose one of those cars? They are quite complex, with mutliple computers networked over the canbus system.
Grease Monkey. Like Code Monkey or Porch Monkey. Derogatory.
I didn't read anything implying he is an uneducated hick unless you think the term "grease monkey" itself has that implication. But I don't that that term has the connotation you're saying it does. Whenever I've heard "grease monkey" it seems more like the car equivalent of "hacker" – that tinkering with cars is something you deeply understand and enjoy, not just a job.
Yeh, I've always taken the term 'grease monkey' as the mechanic equivalent to 'hacker', and not bad at all. IIRC it was popularised during WW2 where guys with a mechanical knack would hack together repairs to their vehicles out of spare parts. Those guys were the grease monkeys and were well-respected for keeping the mechanised fleet operating when everything was going to hell.
"Charlie Miller has been a grease monkey for almost his entire life. Born in Tippo, a tiny town in the heart of the Mississippi Delta, Miller overhauled his first engine when he was 12. He put himself through a local college working as a mechanic while supporting an addiction to drag racing and after he graduated he become a professional hot rod driver. In 1974 he opened an auto repair shop in Merigold, but it was 15 years before he was asked to offer an expert opinion, and only because of happenstance"
That didn't sound very complimentary to me. Maybe it could have been written like:
"Charlie Miller was asked by a friend to help in a court case. His friend has asked for help because of Charlie's unique background. Charlie had a love for cars since he was a child, and was smart enough to overhaul an engine at the age of 12. He was not only good with tuning an engine, he could also drive. He competed in drag racing as an amateur before becoming a professional driver. A graduate from a local college, Charlie was able to combine his love of cars, his self directed education and his keen diagnostic sense to solve his friends problem as an expert witness, and that is how he started his path to become the guy who solved the biggest recall in automotive history. "
There is nothing insulting in the bit you quoted. It describes someone from a rural background who turned a teenage racing hobby into not one but two careers. Maybe you're so sensitive to country folk getting shit that you think just mentioning his rural background must be done with a snicker and a sneer, but I don't. It's the plain facts.
And "grease monkey" is not an insult. It's more of a compliment, if anything.
If it is such a compliment, then why not go to an auto shop and say "Hey you grease monkeys, how are you?" and then see if you get punched. I am not brave enough to do that, and I have been working in automotive for 25 years.
It would not be the same as talking to computer programmers and calling them 'hackers'
> The Cobalt’s engine shut off and the lights inside and outside the car dimmed. Melton hit the brakes, but no power from the engine meant no anti-lock brakes and no power steering.
I wasn't aware that anti-lock brakes (is that ABS?) is not a purely mechanical system. Also, was power steering hydraulic or electric? Shouldn't it be run of battery for short period of time?
> While Brooke’s lap belt glued her waist to the seat, her shoulder harness went slack the instant the engine shut off.
Now that's just criminally stupid.
EDIT: I guess I need to read through to the end to the article but that's a hard read for me for some reason.
That's not quite right. The Cobalt, like a lot of cars, has a seat-belt pre-tensioner. This is an explosive device that pulls in the seat belt by about 4 inches when the air bags fire. The seat belt's basic inertial locking function still works without power.
Anti-lock brakes, on the other hand, definitely require power. They're computer-controlled, using pulse counters in the wheels, electrically-controlled brake valves, and rate gyros. With ABS, jamming on the brakes is just fine. Without ABS, jamming on the brakes is awful. In the first crash mentioned, the driver not only jammed on the brakes, but having entered the skid, turned away from the skid, which makes it worse. It was also a side crash, so the air bags would not have fired. Who practices non-ABS skid recoveries in cars any more?
Losing electrical power in that car is a big deal. You lose propulsion, power steering, power brakes, anti-skid braking, seat belt pre-tensioning, and air bags all at once. That's bad design. All those electrical functions should be enabled until the transmission is in PARK.
And the airbags wouldn't go off, either, without the key turned on.
But having your car suddenly go from having abs -- where jamming the pedal down is probably the right thing to do -- to a state where the driver must pump the pedal is probably more than virtually all drivers can handle.
Given my experiences i personally feel she has shown terrible lack of skill - why slam on the brakes?
The car was fully controllable.
I`ve had my engine stall once and i mistakenly turned my engine off (and the hydraulic power steering went off) midturn and it wasn't a light car. I was completely fine.
On the other hand i find american buisness practices despicable and sickening.
Consider the possibility that this person may never have driven a vehicle without ABS. There would likely be little or no emphasis for teaching a skill (pumping the brakes) for a person in driver education, after a generation had passed with reliable ABS equipped on every car. Also consider that even a person with the requisite knowledge, driving a car with ABS, may not realize their situation until after they are in a skid.
Losing power steering in a vehicle with hydraulic "power assist" steering may be completely unlike losing power in a vehicle with electric assist. Given that in the recall, GM is replacing the electric power steering assist motor, one might assume that it becomes much harder to steer after loss of power. In other words, it may be much easier to rotate an unpowered hydraulic motor by its output shaft than it is to rotate a gear-reduction electric motor by its output shaft.
Finally, the fact that someone (such as yourself), or even that many people may have been skilled enough to be able to avoid fatally crashing their Chevy Cobalts is not proof that the cars are safe (enough). Nor does it excuse GM from ensuring that their products meet mandated safety standards.
Maybe she wanted to stop the car she had lost control of?
The reason for ABS to exist is that slamming the brakes is a very natural thing for (most of) us to do in a dangerous situation. If you're designing a car for a human to drive, you should keep this in mind.
To amplify that observation: ABS was banned from Formula 1 because it made braking too easy. Modern ABS can outperform people who are paid in excess of $40 million/year to be the best drivers in the world, who have unreal reflexes, complete mastery of a vehicle, and the ability to make good decisions under high-pressure driving situations.
The idea the average driver is an adequate substitute for ABS is laughable.
I once had a sheet of plastic blow on to my windshield at 70 mph on the Houston Beltway effectively blinding me. It takes significant presence of mind not to do something dumb.
She had scant seconds, the Air France 447 pilots had over a minute[1]. People do not function correctly in situations for which they are not trained - eg automation failing.
That's a very good comparison. (The Wikipedia article on this isn't very good, though.) The Airbus flight control system (not the autopilot) in "Normal law" mode will prevent stalls, and it's normal procedure to pull the stick all the way back if you want the nose up. The control system will keep the control surfaces just below the stall point.
Flight 447 had clogged air speed sensors. The flight control system detected this and dropped to "Alternate law", which does not have stall protection. In "alternate law" mode, pulling the stick all the way back will, as in most aircraft, cause a stall. This drastic change in flight control confused the pilots. This despite them having been trained for a drop to alternate law.
Airbus has redundant air data sensors, but not, apparently, with enough redundancy.
I'm not sure why you've been downvoted. She obviously lacked driving skill. When a vehicle loses power you don't slam on the brakes. Losing power is not a panic situation, especially on a long straight road. You either coast to a stop or gently slow down.
You're both getting downvoted because you're coming off as both obtuse and heartless.
When things go wrong at 60mph, people panic. When you're panicking, it's hard to remember skills you were taught in calmer circumstances--and nobody practices high-speed power failures, so you don't even have muscle memory to fall back on.
It is an engineer's responsibility to prevent dangerous situations from occurring, as far as is practical. "Dangerous situations" include those which are likely to induce panic in an average driver, even if a particularly skilled driver could handle them. Often it isn't practical, which is why so many people die in traffic accidents every day, but in this case the problem with the ignition switch was known and deliberately ignored. There's no excuse.
> in the first crash mentioned, the driver not only jammed on the brakes, but having entered the skid, turned away from the skid, which makes it worse.
I agree that jamming on the brakes was bad. But according to the article the back end "fishtailed, coming up on her left" (meaning her front end drifted right). So, turning the wheel counterclockwise (i.e., to the left) was the correct move, although it's also possible she over-corrected, hard to say from the article.
ABS is indeed the Anti-lock Braking System and I think it depends on sensors to determine the skidding amount and on software to determine the interval at which the brakes are applied and let go. So, the ABS is run off electricity and not a purely mechanical system. However, brakes themselves (without the "anti-lock" part) are purely mechanical/hydraulic, but since the brakes locked up, it didn't matter.
I'm not entirely sure about electric power steering systems and how they work.
In a hydraulic power steering system, if the power is cut, the driver can still turn the wheel (although it's much harder to do). In an EPS, is this still true?
> Also, was power steering hydraulic or electric? Shouldn't it be run of battery for short period of time?
Further down the article it answers this; yes, if the engine had simply "died" the power steering would still have run off the battery. But because the ignition was turned off, all the power was cut off.
Cutting all the power based on only the key must be the most stupid thing I've heard today, especially power steering?! Really, I've worked in automotive and all designs I've seen keep important components alive as long as the vehicle is moving, regardless of key position. THAT is the design flaw here, not that the key is too easy to twist.
This can be quite a hot topic, I frequently see people wanting the key as a "last line of defense against electronics and programming error switch" and i can understand that concern and sometimes think that way myself but really, if they are not confident enough in their system and think they require a human controllable "main switch" they might as well put a big red emergency shutdown button in the middle of the dashboard, i wonder how many people would buy such a car.
If you cut engine power hydraulic steering is basically dead, as are the brakes. The power assist on brakes usually uses engine vacuum and power steering is mostly driven by a hydraulic pump running off the motor. I'm not sure about the newer electric steering models.
But for most cars, simply having a stalled engine makes them nearly undriveable due to the weight of the controls.
I think that driver training should start with unassisted cars - no abs, power steering, power brakes and no stability control. And that early training should include skid control.
Once competency in those areas is gained, then move to bugger cars with power systems and electronics.
I'll always be grateful for learning to drive in a completely manual car with no power assist on anything. It means I can always tell when the car is doing something for me. I still drive an older car for fun which is completely 'analog'. It's mic more rewarding to make good progress by using skill rather than silicon.
The point is key switches as cut offs work fine when the component doesn't have major faults.
Any other electrical control system could cause just as many issues if designed poorly. Imagine if GM was just as sloppy with a push-to-start electronically controlled system that could shutdown due to EMF.
And there have actually been issues with push-to-start systems. One model I can remember required the user to hold down the button to shut off power in an emergency, when the most common user reaction was to rapidly jab the button.
>The point is key switches as cut offs work fine when the component doesn't have major faults.
GP is correct. Cutting the electrical power to the power steering assist while the car is in motion is a design flaw. Can you think of any reason why the car should not have operational power steering when it is in motion[1]?
[1] If you thought "for towing", that situation can be handled by the tow truck operator manually disabling the steering.
>Can you think of any reason why the car should not have operational power steering when it is in motion[1]?
You can't have an electrical cut-out that doesn't cut-out certain components. The reason you need a complete electrical cut-out is for safety reasons (eg fuel leaks into engine bay). If the ignition switch is not used for that purpose they would need to put a big red button on the dash like GP said.
The ignition switch cutting all power has worked without incident in every other brand for many decades. The issue here is GM's incompetence, and I'm not inclined to the idea that they would have competently implemented another system.
If anything I think this is an argument that power steering should be limited so that average drivers don't lose control of their vehicles if it fails (I've lost power steering in motion due to an engine stall, it is very scary).
1. You get a fuel leak in the engine bay while driving.
2. There is not already another safety system detecting this.
3. The driver actually notices this while driving.
4. The driver decides to take action by turning off the key, without stopping the car first?!
5. For the scenario to be dangerous we are also assuming this leak is severe enough to eventually cause ignition and catch fire.
This is like taken from a b-grade action movie and doesn't happen. Any scenario i can think of where you would require an emergency shutdown you would also want to get the hell out of the car asap. You could also imagine that things like cruise control "get jammed" but i find that extremely unlikely since software doesn't have the same wear and tear as mechanical components and sensors. Worst worse case you can always stop the car use the mechanical brakes or gearbox since those have more power than the engine. Unless we are talking about brake by wire or similar but those have _completetely_ different safety standards, there is also a reason those are not on the market yet.
>You can't have an electrical cut-out that doesn't cut-out certain components.
Nonsense. Even the old mechanical ignition switch simply engages a number of relays and other electrical/electronic controls.
>The reason you need a complete electrical cut-out is for safety reasons (eg fuel leaks into engine bay).
Fuel cutoff relays exist and have been in use since, not long after electric fuel pumps were put into use.
>The ignition switch cutting all power has worked without incident in every other brand for many decades.
In no way is that statement predictive of the efficacy of such a simple scheme going forward with more advanced electronic controls.
>The issue here is GM's incompetence,
No arguments there.
>If anything I think this is an argument that power steering should be limited so that average drivers don't lose control of their vehicles if it fails (I've lost power steering in motion due to an engine stall, it is very scary).
It is limited. It's more properly called power assist. It shouldn't be scary. Power steering is most useful only at low speeds.
GM failed to perform an adequate hazard analysis. Faultiness is inherent in any vehicle driven for a number of years, and as we've seen a single fault can disable many safety-critical features like ABS or Power Steering.
The potential impacts of the failure modes of the key switch are quite severe, although in normal use the likelihood of any one is low. Because of the severity, some risk mitigation should have been in order regardless of whether the component "works fine" or not.
I'm fine with that. I just think people are throwing out the baby with the bathwater by declaring mechanical ignition switches to be the problem (when they have worked fine for decades in every other brand).
For those of us who are programmers, if you wrote software that lives depended on, how confident will you be that lives won't be lost? My take away from this is to work harder towards excellent, better quality control, more documentation and don't change a working system without following process that informs other.
In the software domain, there's this bravado about hotfixing an issue in production. Raymond DeGiorgio did that, he fixed the problem without going through proper channels, not thinking of "legacy" cars, and those one's failing to get patched, cost lives.
At some level, I am horrified at what was done with prior knowledge by this institution. At another, this incident makes me wonder how this ties into the diffused nature of responsibility within corporations. Was the diffusion of responsibility within these corporations was so great that they could perpetuate these acts without any one individual bearing the moral responsibility of what happened? If so, then these corporations inadvertently have created an entity that is independent of the individual stakeholders and their moral pangs. That is a very frightening prospect...
It is not only responsibility but also knowledge. The ignition switch engineer may not be aware of what exactly it turns on and off; even if that engineer is, other engineers are not. (See page 1 of the GM Valukas report)
Analogy: does your DBA know about flushing to disk?
Very good point. In huge systems such as a car everybody can not know everything. But in this case, if the ignition switch team does not know how their component affects everything about the car or how important it is the responsibility should move up to whoever writes the specs on the ignition switch. First of all for designing a system with a single point of failure in the first place, secondly for not loudly notifying ignition switch team that their component is vitally important and a single point of failure. As i also said in a post above, way too much attention is given to the faulty switch when this is actually a much larger system design error.
Seems to be a lot of things at play, but what surprised me was the ability to issue a modified part without a change to the model number. Seems like something that could be enforced automatically? Like a version control system? Are we running out of numbers?
I was assume that this was part of a structured bill of materials. Changing the rev level should be sufficient to identify the change and would not entail changing the BOM.
I'm going to make a strong guess that the rev level was incremented (the article doesn't mention rev levels). If so, I don't see anything wrong with using the same P/N. It's not like that part number exists elsewhere in the vehicle.
A new part number doesn't necessarily mean new tooling. However, you are correct in saying that it is a way to cut cost by not issuing a new part number. A new part number means:
- Entirely new release/approval cycle. That means going through design, release and QA stages (QA is extremely expensive in automotive industry). Remember auto industry is not the software industry, there is no "agile" - waterfall is king because once the product is released, it is infinitely more expensive to change it
- Recalling old part numbers and shipping new ones
- Even the cost of printing new labels and making new packing materials can be non-insignificant
That said, a change in part equals a new part number, period. So, this was very likely a coverup AND an improper cost-reduction exercise.
Along with the other posters here, I am also "horrified".
But isn't this more-or-less the same at most/all other companies? They become old and sclerotic and hidebound and resistant to change. Aren't most old companies guilty of the equivalent of the "GM nod"?
a staple of GM managers, nodding in agreement
at steps that should be taken then doing nothing
Maybe companies like GM eventually run their course, and should be allowed to die. Maybe we were wrong to bail them out in 2009? Would the country be better off if a new company could take GM's place?
But, of course, GM couldn't be replaced "as is". It could only be replaced by something more in tune with the times. It's only a {relatively speaking} tiny company, but Elon Musk and Telsa could be "the next GM". Until Tesla eventually runs its course!
Not one company should be bailed out. If a business fails, those who think they can run that sort of company better should step in and buy the assets and give it a go.
In the many or most cases where companies have built what has become core infrastructure, regulations already exist for orderly shutdown and sale of assets without disruption of service.
If a company becomes 'too big to fail', this means regulatory capture has already occurred and you have far greater problems to resolve than mere bankruptcy.
>Would the country be better off if a new company could take GM's place?
Theoretically this is what happened with the bailout. Everyone made fun of Mary Barra for her "this all happened at the 'old GM', so the 'new GM' can't be responsible" but there's a reason it worked. GM was replaced by a new company: GM.
Still wondering why make physical ignition switches that actually mechanically cut the flow of electricity.
For years, cars have been equipped with all kinds of 'convenience' electric components such as Bluetooth, touch panels, and on top of that all critical elements in the engine have been controlled by an ECU for decades -- yet still only some cars have electrically, not mechanically, controlled ignition.
The car key doesn't even have to be wireless: you could still have the lock and ignition key as now if you really wanted but turning the key would only give a signal to the car's computer to wake up from sleep, authenticate the key, close the main circuits electrically to let the components start drawing the big current from the battery, and start booting sequence, self-tests etc. and eventually drive current to the starter motor to crank the engine up.
That's a huge number of things to do, and it had best be left for the computer to handle. Pulling the key from the physical ignition switch is aking to starting and stopping your PC by pulling and inserting the plug from/to the wall socket. You'd better push the suspend button and let your laptop put itself to sleep and let it wake up by itself.
It's also much easier to design a system that will handle startup and shutdown by itself, rather than a system that must survive opening and closing the main circuits at any time.
I think there's a change happening, some new cars can be started by button-press when the transponder (replacement for the key) is somewhere in the car (e.g. in your trousers' pocket).
And then, of course there's the other aspect that in some cases you absolutely want to be able to cut power to your engine. Wasn't that exactly the case with Toyotas drive-by-wire throttles that apparently made people unable to stop their cars?
Still: When you look at the electrical system for, e.g. a commercial airplane, you'll see a dozen different independent power-supply busses that can be fed from each other, different engines, or batteries. So that in case of power-loss in one or a few of them, not all safety critical systems black-out.
I don't claim that such complexity is helpful or desirable in a car, but with the majority of drivers relying on computerized systems it probably makes sense to make power supplies more redundant.
{probably that's already happening, and I'm just unaware of it?}
Because its cheaper to put a $1-5 mechanical switch in than to put a smart key system. Yet again, cost is the driving factor. How many lawsuits would you need due to ignition switch failures before smart keys for all cars was cheaper? A lot.
These kinds of scenarios could appear in the "negative" column of a positives and negatives analysis of whether to work in a safety critical, regulated industry. Because even if an individual does his job diligently and ethically, there is a risk that corporate motivations can coat you in shit.
Articles like this, and the Ranbaxy pharmaceutical article, make me wonder if the satisfaction of working in safety critical industries is worth the risk.
This was a case of 12V power disappearing to a lot of systems; that still doesn't explain the slack harness, but electric pretensioners would certainly fail to work in a crash under such circumstances.
This Pando article has re-reported the story with lots of additional details and does some great storytelling, so I'm glad to see it. Just wanted to add a note for anyone who is wondering (like I was) "whoa, haven't I seen this before?".
I liked the storytelling as well, the only part that annoyed me was the way he continued to drop back into the romanticizing of the characters. You've already hooked me, I want to know what happens next, I don't give a shit about the lifestory of the engineer, I only care that he's an engineer and how he got involved in the story.
Other than that, I thought it was a great writeup.
All sympathy to the families involved; what makes this the worst auto scandal in history? Are there numbers for this or is this based on public opinion?
I think it's exacerbated by the lying, the cover-up, the myriad missed opportunities to fix this as the dead and maimed piled up. It's like Fight Club's ABC quote, except the math pointed to an obvious recall situation and you guys thought you could get away with it anyway.
To me it's a tremendous blow to GMs entire credibility as an auto manufacturer. Basically it paints the company as a bunch of crooks which couldn't care less about their customers. I mean, when I get in my car, point it down the highway and accelerate to nearly 100mph, there's a fairly high degree of trust which I'm placing in the equipment. When it's revealed the degree of apathy GM has for its customers, it tends to erode that trust.
Over 1000 claims of bodily injury, ~74 dead, because you couldn't ship a proper ignition switch, and didn't feel like fixing it when it became obvious. It truly is shameful.
"[...] if you took all of the cars that GM has recalled this year and lined them up bumper to bumper, you’d end up with a line that would wrap around the earth four times."
Bronco, Explorer, and F150 rollovers -fixed by adding stability and Tire pressure monitors
Toyota's gas pedal and floor mat recall - halfway similar to this issue in that it involved very poor affordance (drivers could not immediately tell what was wrong, they thought they were pressing the break, but the gas was pressed as well)
GM Streetcar conspiracy
Cars from the Big 3 used to literally fall apart in the 70's due to poor assembly. (Welcome Toyota)
Ford Pintos in the 1970s had badly under-designed gas tanks that ruptured and caused fires in rear-end collisions. Media put the death toll in the "hundreds", NHTSA had a death toll of 27.
The scandal of the Big 3 killing smaller car companies like the Tucker 48.
Incredibly stupid design decisions like planned obsolescence.
GMs policy of "build a bunch of cars and make people buy them" from the 1970's to the early 2000's - responsible for peoples poor opinion of GM and competitors that followed the same mantra (It even bit Toyota in the mid 2000's)
The only one on your list which is comparable is the Pinto, where a known fatal fault was cynically ignored because it would be cheaper to keep paying out on lawsuits than fix the problem.
> 'Despite the conclusions of the police accident report, which claimed that Brooke had been driving too fast for the road conditions and lost control when she hydroplaned over a sheet of water...'
I would love to see an article on statistics of how many police reports are factually inaccurate, even if only proven inaccurate by later reporting/exposition.
I'm shocked that everyone here is so against GM on this.
Given the complexity of a car and all the things that could go wrong, this is a very minor issue. The brakes still work (no ABS though), steering still works (it's just harder to turn), and lights still work. It basically turns into a car that's 20 years older, not a coffin on wheels.
The driver also knew there was a problem, wasn't happy with it, but still drove her car regardless and then wasn't able to cope when it happened again. She wasn't forced to drive it.
Maybe it's because I tend to drive older cars, but I'm all too aware that they're machines and they break. I've had all kinds of things fail when driving and I've had to try and cope with them safely. Luckily I have, but if I hadn't been so lucky I wouldn't blame the car manufacturer.
100 years ago you could get killed by all kinds of things and it was more or less just accepted - why are we now at the stage where a switch that's a bit too easy to turn is the cause of all this blame?
If you rode around in a 2005 Cobalt that had these issues you would be shocked each time you lost control of your vehicle. There's another service bulletin that isn't mentioned in this article about inadequate insulation around the transmission computer wiring harness. In addition to the unwanted shut downs, the automatic transmission would sometimes go AWOL in the rain. Have you ever tried to drive an automatic when the transmission computer has bad grounds? It's horrifying. This car didn't kill my GF, but it tried more than a few times.
I think the coverup or moral dilution at GM stands to be pretty damn awful.
engineering a failure situation and not playing out how it's most dangerous scenarios might end is pretty bad. I don't think anyone would drive a car over 20 mph if they knew it would shut off and literally have to "cope" with the stress and impending accident and hope to manually steer the car to safety.
I'm shocked you don't hold manufacturers to a higher standard.
It's not sarcasm, I'm just very surprised that everyone's opinion is so one-sided about this.
I think if you put yourself in the engineer's position, he probably didn't believe that having a switch that was a bit easier to turn would lead to anything more than mild inconvenience.
I think if GM honestly thought this would cause even one death they would have changed the lock barrels. Even if you ignore the human side, the potential costs damages from something like this would totally outweigh the cost of changing them.
They knew it was an issue. Did they know it was going to kill someone? I'm not sure.
I guess a lot of people here are software engineers...
If you have a button in your phone app that's a bit slow to make something happen, you might put off a fix for it in order to ship early.
What if someone's using their phone (maybe illegally) while driving, they're distracted by the 'faulty' button and then they hit and kill a cyclist.
Would you then responsible for that cyclists's death?
I'm just trying to think 'what if I were an automotive engineer?'. Thinking of all the things in a car you could blame for not being absolutely perfect, it seems like an impossible job.
The ignition switch in question seems totally unremarkable. I wonder why it was redesigned in the first place? Why not use one of the many existing parts GM had at the time?
Also—somewhat of a nitpick to an otherwise good article—the Bronco II is a completely different model from the one driven by Al Cowlings during the O.J. Simpson chase. That was the full-sized Bronco. When details like that are wrong, it usually makes me suspect the accuracy of other facts in the story (although in this case, the article seems otherwise accurate).
I also wondered this since the story broke.. Why do they redesign core components like this, instead of just iterating on previous designs? I fight this every day in the enterprise space. My only conclusion is ignorance: sharing previous design or infrastructure knowledge is hard (or at least, not prioritized). So folks end up recreating the proverbial wheel.
I guess that might be due to parts' supply and logistics problems. When production counts in hundreds of thousands and millions, getting all parts together and in time is quite a challenge.
Not really relevant to the article but bugs me because it was incorrect. The Bronco II is not what OJ Simpson drove on his infamous low speed chase. He was driving the full size Bronco. The bronco II was the mid size ford ranger based suv(at least the article gets that right)
> A cultural touchstone, the Bronco II was not only infamous for having been the little brother to the Bronco, which ferried a fleeing O.J. Simpson as a battalion of police cars and news helicopters gave chase on national television…
I should have added some historical context to this request for those unaware of it.
It's hard not to see the user name Waffle_SS as an unnecessarily hurtful trivialisation of the Waffen-SS, the Nazi paramilitary force. See https://en.wikipedia.org/wiki/Waffen-SS for more information.
See how Texas shut down the medical lawsuits under the guide of malpractice reform where it didn't really work as advertised.
In an ideal world, the consumer protection agencies, etc would do their jobs. But they can't because of the revolving door syndrome, the industry lobbying, and so on.
So what are our alternatives to force companies to fix their product defects? People actually died due to their shoddy design/production and these companies tried to hide or cover up.
I wouldn't be surprised to see an increased effort to pass laws to remove the ability for us to sue companies in case something goes wrong. This on top of the media campaign to paint trial lawyers as the scum of earth. Some may but many are actually very good and very dedicated at what they do.