The Wall Street Journal has an important story on the crash of a Lion Air Boeing 737MAX in which everyone on board perished. Boeing must be delighted that the ugly details are getting out when the press is fixated on heaving stock markets and California fires.

The short version of the story is that Boeing had implemented a new “safety” feature that operated even when its plane was being flown manually, that if it went into a stall, it would lower the nose suddenly to pick airspeed and fly normally again. However, Boeing didn’t tell its buyers or even the FAA about this new goodie. It wasn’t in pilot training or even the manuals. But even worse, this new control could force the nose down so far that it would be impossible not to crash the plane. And no, I am not making this up. From the Wall Street Journal:

Boeing Co. withheld information about potential hazards associated with a new flight-control feature suspected of playing a role in last month’s fatal Lion Air jet crash, according to safety experts involved in the investigation, as well as midlevel FAA officials and airline pilots. The automated stall-prevention system on Boeing 737 MAX 8 and MAX 9 models—intended to help cockpit crews avoid mistakenly raising a plane’s nose dangerously high—under unusual conditions can push it down unexpectedly and so strongly that flight crews can’t pull it back up. Such a scenario, Boeing told airlines in a world-wide safety bulletin roughly a week after the accident, can result in a steep dive or crash—even if pilots are manually flying the jetliner and don’t expect flight-control computers to kick in.

“Under unusual conditions”? How many total miles had these models flow before the Lion Air crash? The available evidence says it might not take “unusual conditions” to trigger a nose dive. The Lion Air pilots told air traffic control they were finding it hard to control the plane.

And why haven’t the planes been taken out of service? As one Wall Street Journal reader put it:

If this tragedy had happened on an aircraft of another manufacturer other than big Boeing, the fleet would already have been grounded by the FAA. The arrogance of engineers both at Airbus and Boeing, who refuse to give the pilots easy means to regain immediate and full authority over the plane (pitch and power) is just appalling. Accident and incident records abound where the automation has been a major contributing factor or precursor. Knowing our friends at Boeing, it is highly probable that they will steer the investigation towards maintenance deficiencies as primary cause of the accident…

Boeing’s excuse was it didn’t want pilots having to tax themselves to learn about the new behavior. The reality was that Boeing had marketed the plane as not requiring additional training costs:

Boeing marketed the MAX 8 partly by telling customers it wouldn’t need pilots to undergo additional simulator training beyond that already required for older versions, according to industry and government officials. One high-ranking Boeing official said the company had decided against disclosing more details to cockpit crews due to concerns about inundating average pilots with too much information—and significantly more technical data—than they needed or could digest.

In fact, the older 737s didn’t have anything like this feature:

Earlier 737 versions have different stall-protection systems, that don’t automatically drive down the nose even when other functions of the plane’s autopilot are turned off. Yet operation of those older systems was highlighted in training over the years, and pilots had to memorize steps to counteract potentially dangerous unintended consequences. MAX 8 training materials don’t include a requirement to memorize the steps to turn off the stall-protection system.

And Boeing failed, or more accurately, refused to inform even the FAA, probably because the agency would have insisted at a minimum on updating manuals, which would in turn have alerted buyers that Boeing’s sales patter had been a crock. And why did Boeing decide to make it difficult to override the nose dive? This sounds like a disaster that was baked into the design. From the Journal:

“It’s pretty asinine for them to put a system on an airplane and not tell the pilots who are operating the airplane, especially when it deals with flight controls,” said Capt. Mike Michaelis, chairman of the safety committee for the Allied Pilots Association, which represents about 15,000 American Airlines pilots. “Why weren’t they trained on it?” One Federal Aviation Administration manager familiar with the details said the new flight-control systems weren’t highlighted in any training materials or during lengthy discussions between carriers and regulators about phasing in the latest 737 derivatives.

So a supposed safety-enhancing device turned out to be deadly thanks to Boeing letting its sales imperatives come first. As one Wall Street Journal reader put it:

I am stunned that the auto system kicks in even in “manual flight mode”. That means the pilots had no idea that they can be overrode under certain circumstances and had to go through complex and long procedure to disengage it. This is effectively a death sentence to the pilots and passengers on board.

A telling detail is that it was the American Airlines pilots’ union was the first to alert its pilots. From the Journal:

Boeing’s latest communications with airlines prompted American’s union to alert its members. “This is the first description you, as 737 pilots, have seen,” the union pointedly told pilots in a memo, referring to the 737 MAX stall-prevention system. Noting the system wasn’t mentioned in American Airlines’ or Boeing manuals, the union memo added: “It will be soon.”

And for reasons that are impossible to fathom, Boeing made it harder to disable this feature:

The ultimate way to counteract dangerous automated nose-down commands is basically the same for old and new systems, though checklists and procedures for the 737 MAX 8 entail more steps and take more time. Investigators and safety experts are convinced that as the emergency worsened, the Lion Air crew had barely seconds in which they could have diagnosed the problem and taken action to save the aircraft.

Translation: even if the Lion Air pilots had been trained, it’s not clear they could have implemented the new complicated override quickly enough to have prevented the crash.

Perhaps readers will beg to differ, but the difficulty in designing automated safety controls for airplanes bodes ill for fully autonomous self-driving cars. The variables involved in navigating planes are much simpler than in driving cars. For starters, planes are kept well away from each other, so you don’t have anything like dealing with left turns, bicycles riding in your lane, someone making a dangerous pass that puts them head on in your lane, or people opening a car door right into your path. Recall that this Boeing design disaster occurred despite the airline industry having a very strong safety culture. Silicon Valley has nothing of the kind, yet they want us to entrust our lives to them.