The aviation world is reeling after the second 737 MAX 8 crash in just a matter of months. It is unprecedented for two of the same brand new aircraft to have catastrophic, fatal crashes just mere months after their introduction. I’ve been deeply saddened by the crash of Ethiopian flight 302 on Sunday, and left looking for answers. I cannot deny that I am rattled for the first time in regard to the safety of any commercial aircraft (SEE: Two fatal crashes, too many questions. I’ll be avoiding the 737 MAX 8 for now).
Boeing just announced that they will be updating the software of their 737 MAX aircraft in the wake of these disasters. This follows on the heels on an FAA decision to not ground the aircraft in the United States, but also an announcement that the FAA has been working with Boeing on said software enhancement for the Maneuvering Characteristics Augmentation System (MCAS) since its implication as one of the causes of the Lion Air crash. This is expected to be put in place no later than April. For now, the FAA has not mandated the grounding of any 737 MAX 8 aircraft in the U.S., even though numerous countries, including China and all the countries within the European Union, not to mention many airlines, have grounded the aircraft.
I am admittedly not an aircraft expert or aviation engineer. However, I am an engineer, or at least educated as one (been on a different track since university) and have doing everything I can to understand and digest what I’ve been researching about Boeing’s newest aircraft. And this software update as the fix to the 737 MAX problem of the new plane is troubling. Here’s why:
The 737 MAX doesn’t fly quite like the old 737NG series
I’ve been doing some digging since the crash of Ethiopian flight 302, and what I am finding is that the new 737 MAX 8 and MAX 9 aircraft don’t fly quite like the old 737 Next Generation (737NG) series. Where the old planes were very stable in flight, the new 737 MAX is less so. This is the result of the placement of the new LEAP 1-B engines, which required an adjustment to the design of the plane to accommodate their increased physical size.
Simply put, the LEAP 1-B engines are larger, and they could not be simply swapped with the existing 737 engines. Boeing engineers had to move the point at which the engines attach to the wing, and this changes everything.
Moving the engine from its current position destabilizes the aircraft at in pitch (essentially the up and down movement of the nose). When the aircraft is in normal flight with a low pitch / angle of attack, it should fly basically just like the old 737s. However, when the pitch is increased, the engines themselves provide extra lift. The force of this lift is now applied forward of the center of gravity of the aircraft, due to the change in position of the engine, which in turn can cause the nose of the plane to pitch upward even more. This could cause the aircraft to swing into too high of an angle of attack and subsequently stall.
So it would appear that the 737 MAX 8 flies just fine in normal flight, but it is less stable in when flown at a high angle of attack, which is not good. This is a marked difference from its predecessor 737s.
The angle of attack (AOA) sensor and MCAS system in the 737 MAX is what Boeing designed to guard against a stall, kicking in an automatic “trim” if the aircraft begins to approach too high an AOA. But what if this sensor is faulty? This sensor failure is what contributed to the Lion Air crash back in October. Oddly, Boeing placed two sensors on the aircraft, one on each side of the nose, but the MCAS system only ever receives input from one at a time. If the one sensor fails, the whole system is in jeopardy.
Is Boeing using software to correct a flawed design?
This is my biggest worry. As I mentioned, the old 737NG design is very stable, and the aircraft has proved to be incredibly safe over many, many years of operation and an insane number of operating cycles. It is no wonder that it is the most popular commercial jet aircraft ever manufactured.
But the new design isn’t as stable as the old design, with the previously mentioned change in the engine placement. My worry is that Boeing chose to bank on this design and a potential inherent flaw, providing a patch using a new software system rather than going back and changing the actual design of the aircraft itself. Banking on a software system that is unfamiliar to pilots (who are going to expect the new 737 flies just like the old one) was a very poor choice in my opinion. To top it off, the new MCAS system was not properly explained to pilots, and they received no training on it. Boeing provided little to no documentation on MCAS.
Taking a step back, I find that “fixing” an aircraft stability problem through the use of software is a dubious decision at best. As someone who has done some software development, you can encounter any number of unexpected issues along the way, even after testing, and especially when you put the software in front of someone who does not understand it the way that you do. This may not be entirely the same situation or a truly fair comparison, but it cannot be denied that Boeing put a new software system in place and also changed the fundamental way that pilots expect to deal with a problem with this software. With the NG planes, if the trim system is not acting properly, the pilot pulls back on the yoke. With the MAX and MCAS, pulling back on the yoke does nothing. Boeing has completely changed the way pilots deal with a malfunctioning trim system.
One former Boeing flight controls engineer calls the MCAS system a design flaw. He states that “commanding the nose down clearly is a major concern” especially if it can be “triggered by something as small as a sensor error.” He goes even further to state that “somebody didn’t do their job” and “there is going to be hell to pay for that.” Boeing now has a procedure in place for pilots to deal with a faulty AOA sensor that triggers the MCAS system, but the fact remains that you have a computer with the ability to tell the nose of the aircraft to pitch down when it doesn’t need to. And that is not good.
Software or sensor failure mixed with unexpected human interaction has lead to some fatal incidents in the past. The one that comes to mind is Air France 447, which crashed into the South Atlantic after after the pilots incorrect reactions after the airspeed indicator failure resulted in them putting the plane in an aerodynamic stall and the death of all aboard.
Adding more software just adds complexity to an aircraft. Some people may be willing to put more trust in an automated software system than a pilot. I am not. I am much happier putting myself in the hands of a highly skilled and well trained professional who knows what he is doing and wants to get home to his wife and kids. Captain Sullenberger’s familiarity with the Airbus A320 cannot be overstated in the “Miracle on the Hudson” incident. I don’t think I’d trust a computer to land me on a river in the event of a dual engine failure.
Conclusion
No matter the software update, I’m still not all that confident in the 737 MAX. I am not surprised that Boeing stock has tanked 11% since Sunday. We’ll see whether that will rebound, or continue to fall further, but market and consumer confidence in the aerospace giant has been rattled. It is my hope that Boeing will do everything they can to ensure that their aircraft are completely airworthy and safe, even if it means grounding them and providing additional modifications and fixes besides the software update to the MCAS. I’m not a fan of fixing a hardware problem with software and would like to see something else done to ensure that their 737 MAX series is equally as safe, if not more so, than their old tried and true aircraft.
737 MAX image courtesy of Aka the Beav via Flickr under CC 2.0 license.
Points With a Crew has partnered with CardRatings for our coverage of credit card products. Points With a Crew and CardRatings may receive a commission from card issuers. Responses are not provided or commissioned by the bank advertiser. Some or all of the card offers that appear on the website are from advertisers and that compensation may impact on how and where card products appear on the site. Any opinions expressed in this post are my own, and have not been reviewed, approved, or endorsed by my advertising partners and I do not include all card companies, or all available card offers. Terms apply to American Express benefits and offers and other offers and benefits listed on this page. Other links on this page may also pay me a commission - as always, thanks for your support if you use them
User Generated Content Disclosure: Points With a Crew encourages constructive discussions, comments, and questions. Responses are not provided by or commissioned by any bank advertisers. These responses have not been reviewed, approved, or endorsed by the bank advertiser. It is not the responsibility of the bank advertiser to respond to comments.
Dan Miller travels with his wife and 6 (SIX!) children. He loves to help families travel for free / cheap, especially larger families. If you are looking for help, drop him an email at 
My family and I will never be seeing boarding another B737Max in this life.
Already dumped a ticket AA refused to change and already decided I will not put my family in jeopardy.
We have too many choices whenever we fly and we’ll be exercising our customer power to choose.
I agree. I heard hold times at airlines have been ridiculous as people have called to change or cancel tickets, or confirm that they aren’t on one of the MAX aircraft.
It cannot be coincidence. Cursory reports indicate autopilot function may be the problem, causing a nose down (dive) when engaged after take-off. This situation has been observed and corrected by other pilots who have filed reports. Corrected = disengage autopilot. I haven’t flown in 20 years and don’t expect the need to arise in the next 20. In summary; the cause of these two crashes could be combination of faulty design, too much reliance on automation and failure of the pilot to react to deteriorating situation ……….by disengaging autopilot. There can be NO excuse for putting a new plane into service without sufficient testing.
Boeing have tried to fix a major design fault going against all the know laws of flight and gravity with a software patch.
Would you drive a formular one racing car if the brake pads where replaced by floppy discs?
Boeing have put profit before safety.
Definitely not. I think it is becoming obvious they rushed this. I wouldn’t be surprised to see a full recall after the ET302 investigation.
Privately, I have heard from a few Corporate Travel Managers – those who manage their in-house and owned corporate travel agency and/or contract with an agency to book travel.
These few have basically said that if asked by their business travelers, they have quietly advised them not to fly any MAX 8 aircraft, including those operated by AA, WN and AC. As of right now, I am not aware of any of the large/mega companies that have outright directed their employees not to fly the MAX 8, as certainly the potential for bad press or the appearance of a boycott exists.
Also, many of these large companies have contracts/agreements with AA, WN and UAL (who flies the MAX 10). The travel managers certainly at this point don’t want to jeopardize their relationship(s) with their contracted carriers by issuing internal memorandums to their travelers not to fly a certain aircraft.
This story is evolving – it could pivot similarly to the early problems with the 787’s, and in 1979 when AA Flight 191 crashed after take-off from ORD on it’s way to LAX. Two weeks later after the crash, the F.A.A. grounded all DC-10’s. The DC-10’s had already been in service for at least 7-8 years at that point of the crash. Today, the circumstances are not the same – other than the tragic loss of passengers and crew.
SO_CAL_RETAIL_SLUT
Another example of too much reliance on automation. The pattern appears to be AUTOPILOT creating a problem when the plane is climbing…….after take off. Something with auto-leveling feature?
I’ve seen every episode of WHY PLANES CRASH and frequently find the reaction of the crew to simple issues quite disturbing, i.e., pulling UP in a stall situation when the pilot should dive to gain control.
You nailed it. Normally computers systems on planes are designed to assist the pilot. The MCAS system was secretly implemented to cover up a flaw in the planes aerodynamics.
VW created software to cheat on emissions. Boeing tried to create a program to cheat aerodynamics. VW decision did not kill anyone.
There is no authority except facts .
Facts are obtained by accurate observations.
Deductions are made from facts.
Experience has proven the truth of these words.
William Boeing
I hope the facts from ET302 allow the correct decisions to be made regarding the 737MAX.
As a university trained engineer, I would disagree with your assessment of faulty software. I still practice as a professional engineer that has used many types of software. I fondly remember my professors telling me that while software/programs makes our jobs easier, it was up to us to understand the assumptions, equations and the limits of said software/programs. If I am flying a new aircraft with a totally new design with different flight characteristics, I know that training is of the most importance. I equate it to driving vehicles of different weights, center of gravity, front wheel drive, rear wheel drive, etc. Furthermore, every single modern day plane has software to help stabilize flight. To say or think otherwise is to believe the airplane model before operated on 100% manual piloting.
@JIM;
I respectfully disagree with your thoughts as I understand them. Airlines and pilots covet equipment that can be interchanged with little extra training. Boeing pushed too hard to have this aircraft considered interchangeable with previous 737 models despite the changes in aerodynamic behavior and the additional system changes.
There was no declaration of new design and new flight characteristics, that is just the point!
Software to stabilize flight is very different than software to correct potentially poor aerodynamics. That’s like writing some code to try to fix a hardware issue.
Google “Pilots complained several times about 737 MAX problems before latest crash”. Pilots talk about flying the aircraft in question with ZERO training. Pilots also said having the autopilot engaged cause the plane to behave erratically. Autopilot mode uses code/software to fly the plane. The plane does not have poor aerodynamics, it has faulty code. Two totally different things.
There was no software failure in this case and definitely not some “faulty code”. The MCAS (software on 737 MAX) is a workaround for a problematic hardware issue, which is decreased longitudal stability caused by bigger and displaced engines compared to older series. The software worked as expected, the problem was the airframe design which needes such software mitigations in the first place.
And of course, again, software guys will have to make another workaround.
Exactly. That is the heart of what I was trying to get at. MCAS seems to be a “patch” for a larger problem.
Basically all “fly by wire” aircraft (call me Airbus and lately Boeing) use software for the control function. Inputs from the pilot joystick (in the case of Airbus) are sent to the computer which then commands actuators to move the control surfaces. etc
Software limits or manages the response to the inputs in many situations.
This is very similar to the Boeing MCAS system.
It took a number of crashes of A3XX series before Airbus got it right. Most people don’t remember or care since India seemed to be a location for many of them.
To state that computer software is untrustworthy per se means you should never be in an automobile manufactured after the late 90’s since ABS brakes on cars override your brake pedal to pulse the brake. Computer control bad?
How about intelligent cruise control? List goes on.
Computers control everything from your toaster to automatic landing systems. To simply state computer software “fix” is not acceptable means to go back to the DC3 which is probably the last airplane without a computer.
Boeing must make the MCAS system redundant (meaning more than one sensor) and fix their AOA sensors so they don’t fall I hope it’s as simple as that.
We shouldn’t need passenger flight crashes to get things right. I’m totally fine with the computer controlling a number of aspects of flight. I just have an issue with it trying to “fix” aerodynamics that could be an issue. We potentially have a more fundamental problem.
No thanks.
So, for now, ALL MAX 8 and 9’s are grounded to/from the United States.
SO_CAL_RETAIL_SLUT
Sampling from a single sensor is deadly. Multiple inputs with conflict resolution and the ability of the pilot to override the automated trim control are a default requirement. Secondly, and of equal importance, the Aircraft design should be fixed now to eliminate the High lift under high AOA situations. There is no excuse for it.
I would much rather see the aerodynamic design corrected rather than just a sensor or software change. That is the real underlying issue. But obviously ridiculously costly for Boeing.
They are raising the landing gear of the MAX 10 9.5″, which may accommodate the new engines in the old location. This change is for runway/takeoff performance, though, and not the engines. Not sure what they are doing with the engines.
Please bear with this rather lengthy post. The basic design for the 737 was indeed set in the mid 1960s. The aircraft has been extremely popular. Any airline that flys 737s wants the next version to be operated under the same type rating as the original, saving training costs. This has forced Boeing to create the airplane airlines demand. Boeing resisted building the Max as they wanted to do a new aircraft. The Airbus NEO project and resulting sales forced Boeing to respond. If Boeing had just done a clean sheet aircraft then the airlines would have nothing to lose by going with Airbus as they would be getting a new type aircraft either way. The requirement to provide operating economy dictated the engine choice and the resulting mounting position. The pitch up with power is more pronounced on the Max but this was also true of the 3/4/500 aircraft compared to the 200 series. The MCAS does rely on a single input, and I do believe that this should be changed, the software should look at aircraft performance and attitude to validate AOA probe information. It is interesting that the AOA sensors failed, they are normally very reliable, is this portion of the problem a vendor problem with the AOA sensor? Anyway, the MCAS is inhibited with pilot activated trim input and disabled by the STAB trim cutout switches. The situation is not very different than the runaway STAB trim with the exception that the MCAS is not deactivated by opposite elevator input. Normal pilot response should be to retrim the aircraft, which the MCAS would not interfere with, when the MCAS activated again then the response should be to use the STAB cutout switches and trim manually. The failure to do this and to simply fight the MCAS with elevator would cause the system to continue trimming the STAB nose down with disastrous results.
If Boeing can prove to both pilots and the public that their MAX jets can be safely flown with either a different system in place, or one that the pilots can disengage and know exactly how to disengage, then they might be able to salvage the design. However, it is disastrous that they a) didn’t tell pilots about MCAS, and b) MCAS is implicated in the first crash and very likely in the second crash.
I’m mostly worried that the 737 MAX is a less stable aircraft design and necessitated this system.
An aerodynamic design flaw seems like a reasonable deduction, if it can be proven beyond the shadow of a doubt…patching it with a software fix is unethical, immoral, illegal and unforgivable.
Quite a few people should be going off to prison for homicide or accessory to homicide…before and after the fact. There are 338 people dead now due to this known flaw and purposeful cover-up. Ted Bundy got to “ride the lightning” for much less killing than this. Seeing Boeing go bankrupt over murder wouldn’t bother me at all, and it would be a warning to ALL other airplane plane manufacturers and airlines willing to kill people to cut their operating costs.
It is certainly a major worry that they did not perform due diligence in this case. There was so much at stake in regard to their long-term profit if they spent a few more years developing a new aircraft. But if the MAX is grounded forever due to an unfixable flaw that compromises safety, they may pay way kore dearly that they could have known.
That Boeing did not mention the MCAS is revealing that they themselves know there is a design flaw. Did I read correctly that Boeing has 4000+ orders for these aircraft? Fix the center of gravity problem now Boeing before more people get killed.
Correct. There are at least that many orders.