Participants in and observers of the automotive industry are familiar with the normally glacial pace of change in the business. But change sometimes comes rapidly as a result of unexpected events such as fatal accidents or the subsequent accident investigations.
The most recent example of this phenomenon lies in the final report and recommendations of the National Academy of Sciences (NAS) panel reviewing the findings of the National Highway Traffic Safety Administration (NHTSA) from the investigation of Toyota’s year-old sudden acceleration problems.
The NAS report has revealed the vulnerabilities of both the automotive industry and its regulatory body, NHTSA. The fallout from the NAS recommendations are likely to quietly rattle the board rooms of car makers around the world.
Those recommendations are:
1. That NHTSA become more familiar with and engaged in standard-setting and other efforts involving industry that are aimed at strengthening the means by which manufacturers ensure the safe performance of their automotive electronics systems.
2. That NHTSA convene a standing technical advisory panel comprising individuals with backgrounds in the disciplines central to the design, development, and safety assurance of automotive electronics systems, including software and systems engineering, human factors, and electronics hardware. The panel should be consulted on relevant technical matters that
arise with respect to all of the agency’s vehicle safety programs, including regulatory reviews, defect investigation processes, and research needs assessments.
3. That NHTSA undertake a comprehensive review of the capabilities that ODI (Office of Defect Investigation) will need in monitoring for and investigating safety deficiencies in electronics-intensive vehicles. A regular channel of communication should be established between NHTSA’s research program and ODI to ensure that (a) recurrent vehicle- and driver-related safety problems observed in the field are the subjects of research and (b) research is committed to furthering ODI’s surveillance and investigation capabilities, particularly the detail, timeliness, and analyzability of the consumer complaint and early warning data central to these capabilities.
4. The committee concurs with NHTSA’s intent to ensure that EDRs be commonplace in new vehicles and recommends that the agency pursue this outcome, recognizing that the utility of more extensive and capable EDRs will depend in large part on the extent to which the stored data can be retrieved for safety investigations
5. The committee also endorses NHTSA’s stated plan to conduct research on pedal design and placement and keyless ignition
design requirements but recommends that this research be a precursor to a broader human factors research initiative in collaboration with industry and that the research be aimed at informing manufacturers’ system design decisions.
6. The committee believes that strategic planning is fundamental to sound decision
making and thus recommends that NHTSA initiate a strategic planning effort that gives explicit consideration to the safety challenges resulting from vehicle electronics and that gives rise to an agenda for meeting them. The agenda should spell out the near- and longer-term changes that will be needed in the scope, direction, and capabilities of the agency’s regulatory, research, and defect investigation programs.
7. The committee further recommends that NHTSA place development and completion of the strategic plan as a top goal in its coming 3-year priority plan. NHTSA should communicate the purpose of the planning effort, define how it will be developed and implemented commensurate with advice in this report, and give a definite time frame for its completion. The plan should be made public so as to guide key policy decisions—from budgetary to legislative—that will determine the scope and direction of the agency’s vehicle safety programs.
The recommendations touch on the functioning of several vehicle systems including brake pedals, event data recorders and keyless ignition systems. While the investigation resulted from several sudden acceleration incidents, one in particular, involving the Saylor family and Mark Saylor, a California Highway Patrol officer and former pilot, helped to bring the issue to the attention of regulators.
The Saylor crash was unique in the fact that it involved a highly skilled driver and a live 911 call from the vehicle seeking help while the incident was in progress. The vehicle involved, a Lexus, featured a keyless ignition system requiring a three-second depress of the ignition button to turn the car’s engine off. The vehicle's floormats were implicated in the Saylor incident and an earlier mishap. Mark Saylor and three family members died in the spectacular crash that resulted from the vehicle’s uncontrolled acceleration.
While mechanical failure was not completely ruled out, and Toyota endured a recall to replace brake pedal mechanisms, regulators focused on software issues. NHTSA was unable to identify any specific software failure, a finding which was affirmed by NAS.
But NAS’s half-endorsement and half-critique of NHTSA is both unsatisfying and forboding. (It is also a not-so-subtle request for additional research funding.) NAS is in effect saying NHTSA was correct in finding no error, but that NHTSA is not and was not equipped to be successful in its quest in the first place. NAS was only reviewing NHTSA’s findings and not conducting its own independent inquiry, so it is unclear whether NAS has the expertise, the lack of which it notes at NHTSA.
Two directions may emerge from the NAS report. NHTSA may pursue additional research and regulatory actions or it may do nothing. The likelihood is that NHTSA won’t do much as indicated by its comments on the report suggesting that it has already taken steps to beef up its capabilities.
In an ideal world, the following steps might be taken:
è Convene a panel to review the existing EDR standard (not currently a mandate though widely adopted on a voluntary basis) to determine what, if any, additional data ought to be collected;
è Consider a recommendation requiring greater sharing of EDR data voluntarily, on-demand or automatically in all accident cases;
è Review current OEM policies and procedures for vehicle data collection and distribution – ie. via embedded modems – what data is currently collected and processed, under what circumstances and for what purposes, and with whom and how it is shared;
è Develop a process for defining voluntary minimum standards for connected vehicle systems regarding safety-related data gathering and sharing;
è Convene a panel to assess the implications for remote vehicle control and real-time vehicle monitoring in circumstances impacting the safety of drivers or the public.
A review of the physical and electronic functioning of brake systems and keyless ignition systems implicated in the Toyota sudden acceleration incidents is inevitable and is likely ongoing. And there are some in the regulatory community that have called for the implementation of a brake override capability. Meanwhile, Toyota’s massive post-review investments in safety systems and safety research are noteworthy.
But the proliferation of connected vehicle technologies, particularly embedded systems, has wider implications in this context. A live real-time connection to a car creates expectations from the consumer and obligations for the manufacturer. OnStar’s remote vehicle slowdown capability for stopping vehicle thefts is but one example, but it is notable given its embrace in Brazil’s Contran 245 vehicle tracking and immobilization mandate.
If a car company has the capability to stop a car in danger of getting into an accident or the subject of criminal activity, does it have an obligation to do so? Given the circumstances of the Saylor crash, such questions need to be asked and their implications explored. The events are not dissimilar from the 2009 crash of Air France Flight 447, that regulators said might have been prevented by existing pilot monitoring technologies.
NAS’s lukewarm endorsement of NHTSA’s findings brought the Toyota investigation to an unsatisfying conclusion. Observers are left with the powerful implications of the multiple fatal incidents that caused the review.
Software and electronics are playing an increasingly important role in automotive systems. Connectivity, too, is emerging and creating new demands on OEMs even as the technology enables new functions for consumers.
OEMs will do well to get ahead of the issues by improving transparency regarding the operation of their systems. Car makers will benefit from enhanced consumer awareness of their systems and regulators clearly need to be educated regarding system capabilities and long term industry direction.
In this context it is important to note that OnStar emerged from General Motors’ own initiative and not from a government mandate. It will be best for consumers, the industry and the marketplace if the automotive industry can maintain its firm grasp of this initiative.
The day has already arrived that a vehicle connectivity system can be used to stop a thief. The day may not be far off when a telematics system can prevent a crash – especially with V2X technology arriving before the end of the decade.
Car makers should do all in their power to demonstrate that telematics systems are the solution to the problem and not just another driver distraction. Perhaps this communication is already taking place.