RSS

Tag Archives: Toyota

ET ALERT: Toyota ‘Unintended Acceleration’ Is Still Occurring

fire

Despite claims that Toyota’s problems with unintended acceleration have been due to driver error, or cured via floor-mat adjustments, a recent case has been reported wherein neither of those factors were relevant. As reported by “Charles” in a message to Engineering Thinking:

The following events occurred on May 15, 2015 while driving from Charleston, SC to Nashville, TN (I-26, I-40) in my 2012 Toyota Highlander.  Normally interstate traffic is so congested it prevents use of cruise control; however, that morning I was able to turn it on and set it on 75 MPH.  As we were coming up on slower moving traffic, I applied the brakes to switch off the cruise control and it did not work – even after pumping the brake pedal.  I then used the off/on on button(switch) on end of cruise control lever to switch off cruise control – and that worked. If that switch had failed – or if I had panicked – then I would have had a “runaway” Toyota.  The car did not accelerate, but when you are standing on the brakes and the car is still “cruising” at 75 MPH it sure feels like it is accelerating.

Later on during the same trip I tried the cruise control again (several times actually) and each time applying the brakes would not switch off the cruise control.  Whatever is wrong with the cruise control system, on this Toyota, it is what we call in my line of work a “solid fault” – not intermittent.  I feel confident that my car will repeat the scenario every time it is tried…

…I am a semi-retired Electrical Engineer with over 40 years in the power industry.  For approximately 5 of those 40+ years I worked as a field engineer, testing and commissioning power control systems.  So I know a little something about how control systems (cruise or otherwise) are supposed to function.  I would like to add, that in my testing/commissioning experience, I only had one programmable relay that failed out-of-the-box, and it was not a software problem.  All the problems I encountered were related to wiring and/or wiring design … I strongly suspect the Toyota “problem” may also be related to wiring (wiring harness, assembly process, etc) not software.

…Please note, our Highlander has the factory floor mats which are held in place by two hooks.  My cruise control issue had (has) nothing to do with floor mats….

Charles

Charles’ expert qualifications and detailed report are compelling evidence that Toyota still has a serious issue that cannot be dismissed by blaming the driver or the floor mats. My thanks to Charles for sharing his experience, and for alerting Toyota owners to the fact that ‘unintended acceleration’ is still a very real possibility.

Prior posts on this issue can be found at the following links:

2011/02/9
Toyota Unintended Acceleration: “No Electronics-Based Cause”: Not True & Misleading

2010/03/09
Customers Claim “Fixed” Toyotas Are Still Accelerating

2010/02/05
Toyota’s “Drive By Wire” Throttle System Suspected As Crash Cause

2010/02/03
Stop Driving Recalled Toyotas

2009/11/10
Toyota Unintended Acceleration Causing Deaths And Injuries

-Ed Walker

 

Tags: , , ,

Flying the Flaming Skies: Should You Trust the Boeing Dreamliner?

dreamlinerWhen a serious safety issue occurs, the normal engineering process tends to become quickly corrupted by management misdirection and stonewalling. Some prior examples of this are the explosion of the space shuttle Challenger in 1986, and Toyota’s more recent “unintended acceleration” fiasco. And now, as I recently discussed in the DACI Newsletter, we have fires on Boeing’s new Dreamliner aircraft (“Boeing’s Flaming Lithium Batteries: Was This A Risk Worth Taking?“).

In the Challenger case, although the root cause was immediately known, it took a long time for the NASA managers to admit what they knew. This is because, prior to launch, they had ignored the pleas of their engineers, who had been very concerned about the possibility that a large and critical o-ring seal might fail catastrophically due to unseasonably cold weather. This is indeed what happened, but that simple fact was deliberately buried under NASA’s confusing jargon and misdirecting blather, until physicist Richard Feynman cut through all the nonsense with a simple science demonstration. At a hearing on the disaster, he showed how the o-ring became too brittle to perform its function when exposed to a frigid temperature. (You can see him dipping the o-ring material into a glass of ice water here; start at 1:57.)

With regard to the recent Toyota unintended acceleration issue, Toyota likewise tried to downplay the problem, until forced to address it because of the growing number of fatal incidents. (Note 1)

boeing_batteryToday, Boeing is faced with a crisis: the lithium batteries used in their new Dreamliner aircraft have caught on fire during some initial flights, forcing those flights to be aborted, and the fleet to be subsequently grounded while the problem is investigated.

Observations:

1. I have no proof of this, but it is my firm belief that there are engineers at Boeing who strongly recommended that lithium batteries not be used on the Dreamliner.

2. Using the batteries was not wise, since lithium batteries have a history of catching on fire. If the battery properties were clearly understood, there would not be incidents of lithium batteries bursting into flame in cell phones and laptops, and of being the cause of the tragic crash of UPS Airlines Flight 6 in December 2010.

3. On January 30 (after the flaming battery incidents), Boeing CEO Jim McNerney said, “We feel good about the battery technology and its fit for the airplane. We have just got to get to the root cause of these incidents and we will take a look at the data as it evolves, but there is nothing that we have learned that causes us to question it at this stage.” At the time of his statement, lithium batteries were known to have a history of catching on fire, which is at odds with Mr. McNerney’s purported optimism.

4. The steps to reassure the flying public that the Dreamliner battery system is safe should include:

a. Generation of a detailed analysis, vetted by an independent third party review, of the battery properties that affect the tendency of the batteries to catch on fire; e.g. chemistry, mechanical tolerances, operating temperature, charge/discharge rate, etc. The lithium batteries used by Boeing would be redesigned accordingly.

b. Confirmation of the analysis by a demonstration showing that the redesigned batteries, with proper construction and application, cannot catch on fire when subjected to the worst case combination of variables (e.g. high ambient temperature, high charge/discharge rates, shock/vibration, aging, etc.)

c. Even after the battery system has been redesigned, the possibility will remain that a rare and unintended event (e.g. extreme shock, or higher than normal discharge) could ignite the batteries. Therefore there should be a demonstration that a containment design will successfully prevent a fire in the battery system from breaching the containment and threatening the flight. (Such second-stage protection is routine for critical hazards, and is especially necessary because of the extreme volatility of lithium.)

A much simpler option, as I earlier recommended, would be to discontinue the use of the hazardous and unstable lithium batteries, and replace them with stable batteries such as nickel metal-hydride. (Following this logic, Airbus has recently pulled lithium batteries from its new A350 design.)

The bottom line: We cannot expect zero risk, but we should expect that proper engineering be applied to known hazards. For example, gasoline and other fuels are highly flammable and very hazardous, but because of proper engineering we all feel comfortable with the gas tanks that are strapped under the cars we drive, and with the large containers of fuel that accompany us on the planes we fly. We do not expect gas tanks to spontaneously ignite, ever. The same reasonable expectation should apply to batteries.

Note 1. Although Toyota has maintained that a faulty floor mat was the root cause, I believe that there was an additional serious problem in the electrical system, based on the report of a driver who experienced uncontrolled acceleration until he turned off his cruise control (see “Toyota Unintended Acceleration: “No Electronics-Based Cause”: Not True & Misleading.” Related posts are listed under the Protect Yourself tab, Health & Safety, here). My guess is that the cruise control design was inadequate from a safety standpoint, and that the problem was quietly remedied by Toyota.

 

Tags: , , , , ,

Toyota Unintended Acceleration: “No Electronics-Based Cause”: Not True & Misleading

Engineering Thinking Extra Is A Short Review Of A Current Hot Topic

According to Reuters today (8 Feb 2011), “A government probe cleared Toyota Motor Corp’s electronics of causing unintended acceleration, a big victory for the world’s top automaker as it seeks to recover from the hit it took over runaway vehicle accidents.”

This news release is misleading. The investigation did not “clear” the electronics. Rather, the investigation could not find any evidence for the electronics being the source of the problem. Failure to find a cause is not the same as proving there was not a cause.

The following statement from the Los Angeles Times is more accurate:

“A NASA report on Toyota’s sudden acceleration found ‘no electronic flaws … capable of producing the large throttle openings required to create dangerous high-speed, unintended acceleration incidents.'”

Note that the NASA engineers used more careful language, indicating that they were not able to identify an electronics cause, not “proving” there was no cause.

Although I certainly respect engineers in general, there are aspects of this case that — at least until I have had a chance to review the NASA report — will not allow this particular engineer to agree that the case is closed.

In particular, although “stepping on the gas instead of the brake” is likely a factor in some cases, those cases are generally when moving from a  coasting mode to a quick stop.  (My aunt died in such an instance, when coming to a stop next to a grocery store wall.) In some reported cases, however, the driver is cruising along on the highway when the car suddenly starts accelerating, without the driver moving their foot. In at least one such case, the acceleration was terminated by switching off cruise control.

Also, as reported earlier, Toyota emails indicated that staff members celebrated their efforts to delay safety regulations and investigations (“ET EXTRA: Protecting Your Life: Toyota Joins The Gallery Of Shame“). This does not lead one to believe that Toyota Engineering was primarily concerned with finding the root cause of the issue. This type of behavior also raises serious doubts, including: were the vehicles studied by NASA representative of the failed vehicles, or did Toyota provide test vehicles wherein Toyota had already identified and corrected a root cause, such as an intermittent cruise control linkage?

If I have the opportunity to review the NASA report I will comment further. If anyone who worked on the report would like to comment, please do.

-Ed Walker

 

Tags: , ,

ET EXTRA: Protecting Your Life: Customers Claim “Fixed” Toyotas Are Still Accelerating

Engineering Thinking Extra Is A Short Review Of A Current Hot Topic

“…the Department of Transportation released data Thursday showing that more than 60 people have complained of sudden acceleration incidents in vehicles that have been repaired by Toyota as part of the recalls to address the problem.”
Los Angeles Times, “Top lawmakers want more data from Toyota,” 6 March 2010.

The problem with Toyota is not that they have experienced a problem. All technology products have problems, although for high quality products the problems are usually minor and only affect a small percentage of products sold.

Problems occur because, despite our advances in technology, it is a simple fact that it’s not humanly possible to achieve a perfectly safe and reliable product. Plus, the price tag for trying to achieve perfection always reaches a point where the customer is not willing to pay the price. We all would be safer if we drove vehicles that were built like tanks, but their low fuel efficiency, cumbersome performance, and high price would make them much less attractive, all things considered, than the less-safe autos that we willingly purchase today.

Also, technology is not capable of completely compensating for human error. Drivers can mistakenly step on the gas pedal rather than the brake pedal, and in a panic keep their foot jammed to the gas pedal because they think they are stepping on the brake. (In engineering parlance, this is an example of a feedback loop that has — because of the application of foot to incorrect pedal — changed abruptly from a stable loop to a completely unstable one.) Although I have not seen any convincing data on how often we should expect human error to create “unintended acceleration” events, the hypothesis is plausible and should not be dismissed.

No, the problem with Toyota is not that they claim that human error is sometimes to blame, or that they have some product defects. The problem with Toyota is their response to the issue, which has been documented to be one of delay and obfuscation (link). This demonstration of poor character is what may kill Toyota.

An avenue of investigation that I have not seen addressed by Congress is a request to review Toyota’s design validation documentation. This would be the set of analyses and test reports that are the gold standard for high-reliability products. The analyses would include a Worst Case Analysis and a Fault Tree or a Single Point Failure Analysis. In my view, if these documents do not exist, it indicates that Toyota has not adopted “best engineering practices” regarding safety-critical products.

If they do exist, they can be reviewed for thoroughness and accuracy. And if they are thorough and accurate, there is a high likelihood that the problem has already been identified. If so, this means that Toyota ignored their engineers for cost-containment purposes, to the detriment of public safety. Toyota is acting as though this indeed is what happened.

Toyota: show us your analyses.

-Ed Walker

 

Tags: , ,

ET EXTRA: Protecting Your Life: Toyota Joins The Gallery Of Shame

“Toyota officials claimed they saved the company $100 million by successfully negotiating with the government on a limited recall of floor mats in some Toyota and Lexus vehicles, according to new documents shared with congressional investigators.” …

“The savings are listed under the title, “Wins for Toyota — Safety Group.” The document cites millions of dollars in other savings by delaying safety regulations, avoiding defect investigations and slowing down other industry requirements.”

-AP as reported by MSNBC

 

Tags: , ,

ET EXTRA: Protecting Your Life: Toyota’s “Drive By Wire” Throttle System Suspected As Crash Cause

“Toyota car recall sparks ‘drive by wire’ concerns”

-New Scientist

Over the years some of my colleagues and I have cautioned against placing too much faith in systems that insert an electronic link between the operator and the controls of aircraft. Such systems are called “fly by wire” (the “wire” being the electronic link). Electronic linkages in recent years have started appearing in automobiles, so we now have “drive by wire,” where the wire replaces the old mechanical throttle linkage.

Why are some engineers such as myself so cautious? Because we are the ones who do the detailed design and analysis and testing, and we know the risks. We have predicted and observed the damage caused by glitches in electronic linkages, such as power outages over large parts of the country, patients erroneously exposed to deadly doses of radiation during medical scans, and various other catastrophes.

Sometimes new technology seems cool, but sometimes it’s also half-baked and contains hidden risk. To protect yourself, here’s a saying that may help:

Don’t Be The First One To Stick Your Toe In The Water,
Unless You’ve Got A Toe To Spare

-Ed Walker

As conservative
 

Tags: , , ,

ET EXTRA: Protecting Your Life: Stop Driving Recalled Toyotas

“Owners of recalled Toyota Motor Corp. vehicles should stop driving them until the company fixes a defect that is causing sudden acceleration, U.S. Transportation Secretary Ray Lahood said.”
Bloomberg

Even though Secretary Lahood subsequently backpedalled on his statement above, I agree with his original assessment. Furthermore, the root cause of this issue does not seem to be adequately resolved to only pedal-sticking, and the possibility of problems with the electronics system should not be dismissed.

-Ed Walker

 

Tags: ,