Toyota Recall

Posted on January 29, 2010 by Jim Ramsbotham

One of the most troubling aspects of the current Toyota recall is that basic logic and engineering principles seem so lacking in the discussion.   Both the company and the media have been focused on floor mats and gas pedals.  The technical rationale for doing so has not been very persuasive.

The local Washington CBS affiliate, Channel 9, almost got it right.   Its 11 PM news report last night (28 January)  included  a brief segment of a mechanic pointing under the hood and stating that the problem was not mechanical, but in the electronic controller.  Astonishingly. this critical statement was passed over without comment and the talking head went on about  gas pedals.

I am, by education, an electronics engineer.  If I were a betting man, I’d put my money on the mechanic.

Is it credible that a major auto manufacturer would be forced to shut down sales and production of virtually all of its vehicles because of a problem with such basic and universally-used components as floor mats or gas pedals?   Or that such basic components would affect such a wide variety of models, with different cabin floor configurations and thus, presumably, different floor mat designs and mechanical linkages?  There is another possible culprit.  That is the electronic fuel control—particularly if it is a digital control.

Over the last 100 years, millions of cars and billions of miles have been driven.  All but a few of those billions of miles have been driven safely, despite the fact that many of them have been driven with after-market mats, bear skin rugs, pets, liquor bottles, and even the occasional small child underfoot.  Some of these conditions, of course, resulted in accidents and fatalities.  But,  it seems unlikely that  suddenly Toyota, and apparently only Toyota, should have a problem with carpets and gas pedals that they can not definitively pin down.

There are some principles of engineering so basic they are the stuff of pre-engineering freshman orientation.   The first question to ask when a product that has worked for years develops a new problem is, “What did we change?”  If the same problem crops up across a family of products, the next question should be, “What did we change that is common across all these products?”

Once there is a candidate list of likely culprits, the engineering starts with: “How could these changes have produced the same problem across all the products, and which is the most likely culprit?”  Carpets and pedals seem unlikely choices.

I personally suspect that changes may have been made to a digital fuel control, and that the same controls and algorithms may be used across different models.  If so, based on my engineering experience,  this is a likely suspect for causing the problem.   This would also explain Toyota’s draconian response to the problem.  Unfortunately it may also the absolute worst-case scenario for Toyota and its customers.

We take many things around us for granted because of their apparent simplicity.  In fact, many everyday things involve very complex non-linear dynamic processes.  These processes are prone to have instabilities, conditions where arbitrarily small changes in input can change the behavior of the process in unexpected ways.

In the “real-world” we deal primarily with what are called analog processes, where inputs and results vary continuously.  Analog processes are inherently “noisy.”  Hands shake. Electrons tumble about randomly.   This random noise, in fact, is one of the things that let systems pass through points of instability without incident.  On rare occasions, however, input conditions remain in a constant state long enough for an output response to build to destructive levels.  When that occurs, we have disasters like Chernobyl and the Tacoma Narrows Bridge collapse.

Digital inputs from sensors and outputs to controls are not continuous.  They are constrained to discrete values.  Engineering design models for digital controls assume that the systems being controlled behave nicely between values. In general this is a safe assumption.  Except when it isn’t.  It is hard to know, in absolute terms, which is which without testing the system under all possible operating conditions.  This is one of the ugly little secrets of the digital age.

Another ugly little secret is that good software performance metrics and standards continue to elude information technologists.  The best we have been able to come up with are standards for the processes used to develop and test software.

If the problem turns out to be in a digital controller, we need to appreciate that it did not occur because Toyota does not know how to build cars or design controls.  Very possibly an objective investigation will find that their engineering practices were world class and that they could not reasonably have been expected to predict the problem.  If it is a controller problem, however, they can be severely criticized how they responded once it occurred.

To some extent designers and customers alike are susceptible to a pervasive and pernicious form of technological fundamentalism in which digital information technology is assumed to be infallible and whatever it puts out, holy writ.  If highly educated scientists and engineers believe, who are we, the common consumers, to doubt?

Any of us who use personal computers with any frequency know to be dubious.  We  have all had the experience of clicking on something and failing to get the expected response.  If the software engineer has anticipated the problem and programmed the computer to deal with it, the program sorts it out in seconds.  If not, the application may freeze obstinately enough that it has to be terminated and restarted.  On occasion, everything locks up and we have to reboot the system.

Digital does what digital does.  The principal differences  between the PC and the processor in the control system lie in complexity of the application and in the probability of failure.  Those, and the fact that our PC is not doing 65 miles per hour when it freezes.

Those of us in systems engineering who worry about this sort of thing have a saying: “God (or, in this case, perhaps the Devil) is in the empty spaces.”  This is why the obvious quick fix, to reprogram the digital processor to change the control algorithm or its parameters, would be fraught with peril.   If the digital fuel control system is ultimately acknowledged by Toyota as the cause  it will be hard for them to counter the accusation that they should have known and acted on it sooner.  The science of digital control of non-linear dynamic processes is widely understood.

This leads me to a final point.

Lost in all the media hype is the fact that improvements in automobile technology (including introduction of digital controls) have saved countless lives. In terms of accidents per million vehicle miles the problem in question has rarely occurred. When technology works as designed, we take it for granted. That it fails so rarely ensures that, when it does, it is big news.  The essential thing is that the problems be attacked openly and with scientific objectivity.  This is where I believe both Toyota and the popular media can be faulted for their handling of the matter.

Toyota deserves to be held fully accountable for their handling of the problem, and for any resulting damages.   Resolving whether or not they were negligent in the original design and production of whatever caused this problem at this point will require objective investigation by independent scientists and engineers.

NOTE TO READERS:  The following addendum was added 31 January 2010

What kinds of questions should such an independent investigation ask?

One basic question, lost in the hype and potential litigation is. “How bad, statistically, is the problem.”  There are a lot of Toyotas on the road.  How does the rate of incidence of sudden acceleration per million miles driven compare with the industry-wide average?  One would assume that if they were no worse than the norm, Toyota would have already offered this as a defense.   They may  have made the corporate decision that it is not in their interest to offer a “we’re no worse than anybody else” defense.  Regardless, from a engineering reliability standard the answer is meaningful.

An independent investigation should ask, “What in design or manufacture of the vehicle has changed?”  This should include both parts where thedesign has changed and parts of proven design where either the manufacturer or manufacturing process has changed.

To be credible an independent investigation must have have full access to ALL of Toyota’s fault analysis, test data, and engineering staff to determine its adequacy.   The key questions will be, “Are all of the parts that could  theoretically affect the fuel control accounted for?” and “Has the analysis credibly proven that they can be dismissed as a cause of the problem?”   This must include not just the normal fuel  system itself, but the cruise control and any environmental controls and associated sensors.  This is because amid all the talk of stuck pedals and floor mats, the media continues to report incidents of unexpected acceleration where the driver’s account would appear to exclude these as causes.   Also, the reports that applying the brakes had no effect might be explained if the fuel system were somehow trying to compensate.

Regarding sticking pedals as a potential cause, for reasons already outlined, I am personally skeptical.    But, the possibility cannot be discarded.   Fortunately, there are some specific questions whose answers will either support or challenge Toyota’s conclusion that the problem can be exclusively attributed to wear associated with pedals from a single US supplier, CTS .  These include:

“Have there been any incidents on vehicles other than those equipped with CTS-supplied pedals?”  If not, it would tend to support Toyota’s claims.  If so, the claim must be seriously questioned.

Regarding wear:  “What is the statistical distribution of the failure as a function of the vehicle mileage?”   One troubling fact:  The cars in the recall are 2009/2010 models, and thus should be low mileage.   From an engineering design and reliability standpoint, something seems amiss.

Even if the analysis points to a sticking pedal as the most likely cause, reports of sudden acceleration where drivers were not reported to be pressing on the accelerator need to explained.   That is why an independent technical investigation is essential.

Alan J. Ramsbotham, Jr.

28 January 2010

About Jim Ramsbotham

Technology and national security specialist with over thirty-five years experience in both research and development, and policy. Current Position: President of Orion Enterprises, Inc. Interests: Art and Music.
This entry was posted in Commentary and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.