May 18, 2012
For the second time in 40 years, the National Highway Traffic Safety Administration is attempting to upgrade the accelerator control standard by proposing that manufacturers be required to equip all vehicles with a brake override. A brake override system cuts throttle voltage in electronic throttle control (ETC) vehicles when the brakes and throttle are in conflict. Variations of this type of fail-safe have been incorporated in a number of ETC equipped vehicles since the 1990s.
“We considered establishing a design requirement as the sole requirement for BTO, but the differences among BTO systems currently available from different vehicle manufacturers are significant enough that a design requirement by itself cannot effectively accommodate them all without being overly complex and/or design restrictive. By combining a relatively simple performance test with the basic equipment requirement described above, we can achieve a robust standard which is largely performance-based and minimally costly or burdensome.”
The Notice of Proposed Rulemaking is in direct reaction to the Toyota Unintended Acceleration (UA) crisis, noting the August 2009 deaths of California Highway Patrol Officer Mark Saylor, his wife, daughter and brother-in-law in Lexus ES350 loaner that experienced a UA event at highway speed. But, the proposal appears to be more of a political response than a technological one. It ignores past recalls for UA events that are electronically caused; and it fails to base this upgrade on any statistical analysis. It merely codifies manufacturers’ current equipment without teasing out the differences between more effective and less effective brake override systems, such as the Toyota system, which doesn’t activate in some of the most frequently reported UA scenarios – when the driver’s foot is on the brake – or on no pedal. According to Toyota’s “Smart Stop Technology,” “the feature doesn’t engage if the brake pedal is depressed before the accelerator pedal. The driver must press the accelerator first and then depress the brake.”
Antony Anderson, a U.K.-based electrical engineering consultant who has studied unintended acceleration, says that the rule fundamentally misses the essential ingredient in any failsafe system – independence from the malfunctioning component. This is why many machines, from motorcycles to escalators, have separate kill switches that can independently remove power from the throttle, he says.
“For some reason, the automobile industry seems to think they don’t need to bother,” Anderson says. [The agency] “has a well-developed NHTSA-speak, where they are all the time trying to minimize the possibility of an electronic malfunction.”
“This just captures the state of the industry, not the state of the art,” says Neil Hanneman, an automotive engineer who have overseen automotive electronic designs and has consulted with Congress on Toyota unintended acceleration. “For it to really be a robust standard it would have to address things that have not been addressed yet – which will be with the electronics.”
The agency says that the update is necessary because the powertrain responses that can result from failures in electronic systems are more varied than with mechanical systems.
Yet, the agency does not address possible electronics causes of UA. Instead, NHTSA is quite specific in identifying the safety problem by the old mechanical causes: component disconnections and pedal misapplication, cleaving to the agency’s current position in the wake of the Toyota UA crisis:
“This action augments NHTSA’s ongoing research and defect investigation efforts aimed at addressing a serious safety situation where a pedal becomes entrapped by a floor mat or no longer responds to driver release of the pedal because of some other obstruction or resistance.
In general, this proposal aims to minimize the risk that loss of vehicle control will be caused by either: (1) accelerator control system disconnections; or (2) accelerator pedal sticking and entrapment.”
The proposal acknowledges “widely publicized” “allegations” of electronically caused UA events. It ignores actual manufacturers’ recalls for electronically caused UAs. For example:
In February 2003, Daimler Chrysler recalled nearly 20,000 2003 model year Dodge Ram pick-up trucks equipped with a diesel engine and an automatic transmission because they could potentially experience an “elevated idle condition” after extended use of the cruise control, leading the driver to conclude that the cruise control did not disengage.
In March 2003, BMW recalled more than 1,000 2003 3-Series because of a defect in the electronic programming of the digital engine management control unit governing the engine idle control.
In January 2006, General Motors recalled more than 1,300 2006 model year Cadillac STS model vehicles equipped with all-wheel drive and a 3.6l V6 engine, because the torque monitoring functions, of the electronic throttle control (ETC), were not enabled. “Without these functions enabled, a persistent ECM failure could result in a throttle opening greater than commanded by the driver.
In February 2007, Toyota recalled some 2006-2007 Scions because the Rostra precision controls’ speed controls could have a faulty module. When the speed control on/off’ switch is pressed once to turn the unit off, the throttle does not return to idle.
NHTSA said that it could not propose any safety requirements based on electronic causes, because it was still studying the problem.
“We are actually back in the age of the horse,” Anderson says. “Before the automobile came along, everyone was used to driving with horses and carriages and everyone knew that horses could run away. Nobody blamed the driver. Now we’ve turned to the idea that driver might get frightened, but it’s the engine control system that has what I call the ‘electronic disobedience.’ You don’t command throttle anymore, you send a request and the ECU decides if it’s going to take any notice of what you’ve requested. That concept doesn’t seem to have penetrated through.”
This proposal is also notable for the lack of data establishing a need for brake throttle override systems. The agency said that its traditional sources of data, the Fatality Analysis Reporting System, the National Motor Vehicle Crash Causation Survey, and National
Automotive Sampling System – Crashworthiness Data System (NASS-CDS) were ill-suited to identifying crashes, injuries and fatalities caused by pedal entrapment or throttle disconnections. In fact, the agency could only muster 11 such crashes in a decade’s worth of data. The Vehicle Owner Questionnaire (VOQ) database has thousands of UA complaints, but, the agency said, these self-reports are not reliable. The agency is, instead, relying on its feelings that a brake override will be helpful:
“Although we do not have a statistical estimate for the number of fatalities or injuries that could be prevented by brake-throttle override technology, we believe that BTO would prevent a significant number of crashes and thus have a positive impact on motor vehicle safety. In NHTSA’s complaint database, over a period of about ten years starting in January 2000, the agency identified thousands of reports of UA events of all types. Based on NHTSA’s review and analysis of a subset of vehicle owner-provided narratives in the complaints, some UA incidents appear to have involved stuck or trapped accelerator pedals, and a portion of those resulted in crashes. We believe brake-throttle override would prevent most crashes where a stuck or trapped accelerator pedal was to blame because, with a BTO system, the driver would be able to maintain control through normal application of the vehicle’s brakes.”
A Brief History of FMVSS 124
Federal Motor Vehicle Safety Standard 124 Accelerator Controls was promulgated in 1972. The standard removes the actuating force from the accelerator control or in the event of a severance or disconnection in the accelerator control system: 1 second for passenger vehicles and 2seconds for light trucks. “The purpose of FMVSS 124 is to reduce deaths and injuries caused by malfunctions in the accelerator control system. The standard applies to passenger cars, multipurpose passenger vehicles MPVs, trucks and buses.” In the late 1980s, the agency began to field inquiries from automakers developing electronic throttle control systems. In 1995, after seven years of issuing interpretations relating electronic systems to the mechanically-based standard, the agency asked for comments with the aim of revising standard.
In recounting the responses to this query, the agency noted: “In general, the comments of vehicle and engine manufacturers did not address the specific questions in the notice. Instead, they voiced a preference for rescinding the standard altogether, suggesting that market forces and litigation pressure are sufficient to assure fail-safe performance without a Federal motor vehicle safety standard.” [Emphasis added]
The agency held a workshop on 1997 with the Truck Manufacturers Association (TMA) and the Alliance of Automobile Manufacturers’ predecessor organization, the American Automobile Manufacturers Association (AAMA). Both reiterated that there was for a safety standard.
Seven years after it first requested comments, the agency published a proposed rule. The July 2002 NPRM proposed to explicitly state its applicability to new types of engines and throttle controls, and added new test procedure to address different types of powertrain technology, including one to the measurement of engine speed under realistic powertrain load conditions on a chassis dynamometer. The new standard would not expand in scope, nor become more stringent.
Despite the agency’s attempt to establish fail-safe criteria that were performance rather than design-based, The Alliance and Toyota led the effort to push back the rule. The Alliance argued that FMVSS 124 should include a direct measurement of powertrain output to the drive wheels. Toyota and the Alliance argued that compliance should be measured by a speed creep test. In 2004, the agency withdrew the rulemaking, saying it would do further research on issues relating to chassis dynamometer-based test procedures for accelerator controls.
The New Proposal
The current proposal is two-fold: an equipment requirement and a performance requirement. By the agency’s estimation, manufacturers already comply with both – brake override technology has achieved 100 percent market penetration for 2012 model year. The proposal would affect all passenger vehicles and light trucks with a gross vehicle weight rating of 10,000 pounds or less and ETC.
At its most basic, the proposal requires that the “BTO must engage if the powertrain controller determines that inputs to the brake and accelerator pedals are conflicting. This means not just that the pedal inputs are overlapping but also that they probably are unintentional; are unlikely to occur in normal driving; and may create an unsafe operating condition. For example, if a vehicle is traveling at a high rate of speed, and the brake is forcefully applied while accelerator pedal input signal remains high, it is logical to conclude that the driver’s intent is to slow the vehicle and that the throttle command should be ignored. On the other hand, if overlap between the accelerator pedal and brake exists only briefly, such as for less than one second, there is no reason to engage an override feature since a vehicle could not accelerate much in such a short time span, and the potential for loss of control would be very small.”
The system would be required to engage if the pedals conflict at speeds of 10 mph or above. But, the system could not disengage once the vehicle slows to 10 mph; it would have to remain in effect until “the vehicle has been brought to a stop and remain engaged until either the pedal conflict no longer exists (for example, if the driver releases the brake, or the gas pedal becomes unstuck), or vehicle drive power is removed by another action such as turning off the ignition.”
The agency did not propose requiring a warning or alert to accompany BTO activation, but requested comments on existing safety data supporting this concept.
The proposal would adopt the manufacturers’ preferred compliance test – a measurement of vehicle speed creep – instead of its original 2002 proposal to measure engine speed. The speed creep would be measured following an ACS disconnection and removal of force on the accelerator pedal. In order to comply, the measured creep speed, with no accelerator pedal input would have to fall 45 below the proposed maximum allowable value of 31 mph. This speed was suggested by Toyota; NHTSA said that it confirmed 31 mph as an appropriate level in tests of two passenger cars and one light truck, because it would accommodate typical vehicle responses, including limp-home modes, and delivers a level of drivetrain torque that is easily controllable.
(Submit your comments to NHTSA’s proposal here.)