Thursday, April 3, 2008

More on trustworthy data

You are flying a high tech airliner, at night, over the ocean. Your instruments become useless, airspeed and altitude randomly moving from off-scale-low to other, arbitrary values. Or are they true values? The computerized control system reacts to those with a series of warnings, some of which are contradictory: over-speed and stall, at the same time. Without any visual frame of reference, there's no way to tell even roughly how high or fast you are going. What do you do?

Ask for help.

Air traffic control has radars covering the area (it does for most places airliners fly, but not some of the deep ocean routes) so you call back and ask them to give you accurate information off their screens.

They can easily, if slowly and by voice, give bearing, direction of travel and speed.

an very small area of a modern ATC screen Who knows what is wrong with this last data point?

Altitude is not derived from radar data, but is instead telemetry; the aircraft sends the information, along with those identifying codes at the top, to the radar as part of the transponder data. If flight instruments are inaccurate, its very likely -- and in this case, indeed true -- that the number on the ATC display screen is wrong also.

And as a result, you fly into the ocean.

Aeroperu 603 New York Times article Wikipedia article

There's plenty more to hate about this crash (and the similar Birginair one) from a human factors point of view, from providing static and pitot port blocking devices, to the difficulty the flight crew has of focusing on a problem with so many conflicting instruments and warnings.

But I think there's something to be said for the problem of displaying the trustworthiness of data in this one narrow context. ATC systems have worked like this forever, and will probably continue to do so. I was surprised no one seemed to be aware of their manner of operation. And remember, the ground controller does not have as many issues as the aircrew, so should have had a chance to think over the issue. I presume he was, deep down, aware of how the system works.

But I generally avoid anything that has training as its backbone. Would there be a way to denote how information works, or where it comes from? I have nothing now, but its worth considering. The big problem as I see it is that the information is of mixed sources, and therefore mixed reliability. When transponders fail, or are turned off (terrorists, smugglers), the data supplied by it simply disappears. But before that, its displayed in the exact same manner as the systematically, radar-derived data.

Note that just because air travel is a high-reliability system with lots of history, these systems are not bulletproof. Changes to the displays frequently are poorly implemented and cause confusion. I suspect much of the design is status quo, and is not that good were testing to be done on it. Problems are alleviated with training and procedure, leading to accidents that result from poor training, breakdowns in procedure, and poor communications of changes in either.

No comments: