April 9, 2010
You wouldn’t troubleshoot the space shuttle by tinkering under the hood of the Spirit of St. Louis. But a surprising number of observers think that the answer to Toyota’s Sudden Unintended Acceleration problems can be found in the mechanical systems of a quarter century ago. Linking Toyota’s present troubles to those of Audi in the mid-1980s is a convenient shibboleth; it may even provide a lesson in corporate crisis management. But to figure out why so many Toyota makes and models across multiple model years are experiencing unintended acceleration in a variety of scenarios, we must resolve to understand modern automotive electronic systems.
The cables and rods that once linked the accelerator to the throttle butterfly began to pass into history in 1988, when BMW introduced the first electronic throttle controls in its 7-Series. Virtually all vehicles produced today employ electronic throttle systems that rely on sensors to relay the driver’s intentions to the engine control module, a computer that controls the opening and closing of the throttle. Like any electronics, these systems can be subject to error – caused by electrical shorts, mis-manufactured microchips or faulty software – and leave no trace. Selling the public on the idea that automotive electronics will always perform perfectly and that acceleration can only be commanded by the driver’s foot or some other mechanical source – such as floor mats – is akin to Microsoft trying to persuade us that every time Windows encounters a problem and closes without explanation, we’ve hit the wrong button.
The automotive industry has borrowed many of these electronic technologies from aviation, where systems were developed for extremely expensive and sophisticated machines, backed up with multiple redundancies. Automakers have reduced these to the commodity level, where saving a pennies makes a big impact to the bottom line and the temptations to dumb-down a system to trim costs is mighty.
The industry is well aware of the problems that have been caused by the proliferation of automotive electronics. In 2003, Mercedes removed 600 electronic functions because of quality concerns. Executives at Bosch, a major global supplier declared at a 2004 industry meeting that there was direct correlation between the size of a vehicles’ electronic architecture and the number of defects. Other industry experts have acknowledged that automakers have overloaded vehicles with electronics, without understanding how these systems, which might work well in isolation, operate together.
The National Highway Traffic Safety Administration is even further behind the curve. Its job is to set minimum safety standards. They do not cover every component – nor should they. Rather, the agency develops performance standards for the safety-critical systems, such as brakes and tires. This is to ensure that manufacturers have the freedom to innovate. But many of these standards were written 40 years ago, and have not kept pace with technological advances.
The standard governing accelerator controls is a perfect illustration. The original standard was written in 1972 with mechanical throttles in mind. In 1995, the agency proposed revising it to accommodate the new electronic systems. In 2002, NHTSA issued a new draft regulation, but withdrew it in 2004, after Toyota and the Alliance of Automotive opposed the test method. In the absence of regulation, some manufacturers will produce designs that skim safety’s surface, while others set a higher bar for their products. The public needs to know the safety margin behind these sophisticated control systems. It’s past time that NHTSA revisited this issue.
A vehicle that accelerates in contradiction to the driver’s commands poses an unacceptable safety risk– no matter how rare. It can be so unsettling that some who have experienced a sudden unintended acceleration incident in a Toyota refuse to drive the vehicle ever again. Toyota, unfortunately, has chosen to attack its critics, as it doubles down on the infallibility of its electronic throttle system. But there’s some hope for the motoring public, now that these systems are being scrutinized in ways that were ignored before the Toyota crisis.
Identifying intermittent and random errors in an electronic safety system may be difficult, but not impossible. The answers are probably not in a black box. As Toyota has consistently argued in litigation, the crash information captured by its Event Data Recorder is unreliable. (That hasn’t stopped the company from placing the data in heavy media rotation when it appears to point to driver error.)
Most certainly, the answers don’t lie in the past.