I don't normally read this blog but the safety guy at work posted a link to a post on it that really got on my nerves. So a few comments on it: (I apologize that you'll need to read the ranting of the original post for this to make sense. Update: I submitted a comment to the blog post as well; they apparently didn't feel the need to post it. Ah well.)
1) The title of the post makes it seem like there's some sinister plot by the FAA to dupe and potentially injure air travelers, which doesn't seem to be the case if you actually read the Directive.
2) If you search Google for AD 2011-04-09, the first link you get is the FAA's public posting of the Directive, on their web site. I'm not sure why the actual Directive wasn't attached or linked to (probably because it doesn't support the poster's argument) but it is easily accessed.
3) The post suggests that the oxygen supply is removed but the mask is stowed as if it will still work, and there will be no notification to passengers. This is not necessarily the case, and even the single sentence paraphrased in the post tells how the actual response by airlines might be different. What the Directive does is allows the airline to remove the safety hazard (of the chemical oxygen generator) without making potentially significant modifications to their aircraft. The Directive doesn't instruct the airlines to re-stow inoperative air masks; it gives them the option of re-stowing or removing them. The access panel is generally hinged, so the options are to close it, leave it hanging open, or removing it; removing it would result in an unsightly hole in the ceiling that would give passengers a potential interface to tamper with the aircraft (or injure themselves). Just closing the door means that the airlines can easily comply with the Directive without having to make big modifications their aircraft. Passenger notification is not addressed in the Directive but that doesn't preclude flight attendants from noting the modification during the pre-flight safety presentation. Modifying an aircraft involves a lot of regulatory requirements that make modifications an expensive and time-consuming process. Directives are written with the intent of maintaining the safest possible air travel environment without creating an unreasonable burden for airlines and aircraft manufacturers. When the FAA mandated that all commercial flights in the country be non-smoking, they didn't require airlines to remove ashtrays from the seats; airlines and aircraft manufacturers have made those modifications at their convenience.
4) The post suggests that the airlines are allowed to make this modification in order to save cost and weight. Even a perfunctory reading of the Directive reveals that the airlines are required to take this action because the chemical oxygen generators in lavatories pose a specific safety risk that the FAA has deemed unacceptable. The option of expending the canisters saves no weight.
5) The post makes a big deal of the "time of useful consciousness" at various altitudes. What it omits is the fact that while an oxygen-poor atmosphere may cause you to lose consciousness and wake up with a nasty headache, commercial aircraft don't reach altitudes where the low oxygen concentration poses an immediate health risk to most passengers. The flight crews of aircraft have canisters of breathing air (not chemical oxygen generators) so that they can continue operating the aircraft and oversee passenger safety during a depressurization event. Passengers have oxygen masks so that most of them will stay conscious during the event so that they can evacuate the aircraft once it lands (or crashes). It is not assumed that every passenger will be able to help themselves; flight crews (and fellow passengers) assist those who are incapacitated. In this vein, the Directive instructs flight crews to check the lavatories in the event of cabin depressurization in case someone was inside (another overlooked detail).
The actual news here (that there is no longer emergency oxygen in commercial aircraft lavatories) is nearly lost in the zeal to accuse the FAA of compromising passenger safety in the name of cost savings for airlines. I'm not sure how that's helpful to anyone.
Over the last few years, we've seen a growing trend - an ugly one - the increased use of Portable Electronic Devices (PEDs) on airplanes. It's not just passengers bringing more gadgets on to planes with them, either: in 2003, Lufthansa and British Airways demonstrated a cabin 802.11b wireless system for passenger use; Qualcomm and American Airlines demonstrated an on-board mobile phone pico-cell in July 2003; recently, Boeing Connexion has been installing 802.11b wireless systems on Lufthansa airplanes. Even the FAA has been thinking about rescinding the rules requiring passengers to turn off electronic devices during takeoff and landing.
Why is this a disturbing trend? We've all seen people leave their iPods or CD players or cell phones turned on during takeoff or landing with no apparent ill effects.
The rules we have are in existence for a reason, and they may not be strict enough. I've mentioned some specific instances of PEDs interfering with aircraft systems in other posts, but I haven't mentioned the scope or technical aspects of the problem. I'll do that in this post, but beware: this post is a bit more technical than my other posts on the subject.
First, a bit of technical discussion: how could your cell phone have any effect on an airplane? It transmits at different frequencies than the airplane uses, right? And what about a CD player? It doesn't even transmit at all!
In an ideal world, those statements are correct. However, we don't live in an ideal world; in reality, electronic devices can emit Radio Frequency (RF) waves in various seemingly random frequencies, at surprisingly high intensity. This is called Electromagnetic Interference (EMI) and it is the root of the problem. Devices like CD players are called "unintentional radiators," which means that they aren't designed to transmit anything, but certain components they contain may create electrical "noise" that is the same as EMI.
Though aircraft equipment is generally well shielded and protected against EMI, there are still ways that spurious signals can get in to the systems. Aircraft navigation systems use highly sensitive high-performance devices, and high-performance systems are by nature unforgiving: the systems may block out all RF transmissions outside of their designed frequency range, but must accept all RF transmissions inside the range. The two basic ways that EMI makes its way into aircraft systems are called "Front-door coupling" and "back-door coupling."
Front-door coupling occurs when PED emissions enter the aircraft radio receiver directly through the receiver antenna. This happens when RF signals from PEDs radiate through windows, cargo and passenger door seams, and hatches to the aircraft's external antennas. The likelihood of this type of interference is dependent on the frequency and strength of the spurious emissions, the path loss between the PED and the receiver antenna, and the sensitivity of the aircraft RF receiver.
In an example of front-door coupling, an avionics manufacturer reported the loss of GPS guidance on three separate GPS receivers during a Piper Cherokee test flight. The interference was traced to the pilot's mobile phone emissions. Further testing by NASA on the same phone model (but different phones) confirmed significant emissions in the GPS band:
Back-door coupling occurs when emissions radiated by PEDs couple directly to aircraft wiring and avionics. The primary concern for back-door coupling is from intentional PED transmitters, i.e. mobile phones, wireless RF network radios (i.e. 802.11b), wireless PDAs, two-way pagers, or walkie-talkies. The effective radiated powers from these devices can range from a few milliwatts to several watts: a 2 watt mobile phone can have RF signals of around 15 v/m at 0.5m! Aircraft systems have a wide range of immunity to back door RF coupling; some systems are very well protected but others lack sufficient protection. Avionics systems with failure modes listed as "catastrophic" or "hazardous" that have been certified since the early 1990s should be immune to mobile phone back-door coupling, but tests have shown that while they may be theoretically immune, in practice this varies.
So how often does this actually happen? NASA's Aviation Safety Reporting System (ASRS) issued a report in 2004 that compiled data on incidents between 1995 and 2002. These data reflect reported incidents where PED interference was actually verified; the actual number of incidents is likely to be much higher. As stated in the ASRS Database Report Set: "ASRS reports are submitted voluntarily. The existence in the ASRS database of reports concerning a specific topic cannot, therefore, be used to infer the prevalence of that problem within the National Airspace System. [ASRS reports] cannot be considered a measured random sample of the full population of like events. For example, we receive several thousand altitude deviation reports each year. This number may comprise over half of all the altitude deviations that occur, or it may just be a small fraction of total occurrences. [...] One thing that can be known from ASRS statistics is that they represent the lower measure of the true number of such events that are occurring."
Keeping that in mind, let's look at some of the statistics. First, the number of reported incidents, based on the navigation system affected:
From this we see that the majority of reported incidents affected the VHF Omnidirectional Range (VOR) system. The VOR is a commonly used radio navigation system. VORs broadcast a VHF radio signal that pilots use for direction reference. An interesting note here is that the VOR system operates on a radio frequency between 108.0MHz and 117.95MHz, which is in the VHF range. VHF was chosen because it travels only in straight lines and resists bending due to atmospheric effects - this makes it very reliable as a direction-finding tool. This also puts it well out of the reported frequency range of any cell phones, GPS units, wireless data devices, or anything else an airline passenger is likely to have on board. Yet it is the most commonly interfered with. Why? Because consumer devices commonly emit frequencies well outside their approved range (see the earlier cell phone/GPS example). Since there aren't many devices these days that use the VHF band, we normally don't notice this interference.
It's not just old airplanes that are affected, either, though in all fairness the majority of reported cases occurred in older airplanes:
And oddly enough, cell phones aren't the biggest offenders, though they are a close second:
All of this begs the question: how are these incidents verified? How do we know that the causes of these incidents are PEDs, and not just faulty aircraft systems? In most cases, it is not possible to objectively verify the offending PED, but pilots do generally try to get an idea of what has happened:
Pilot reports to the ASRS tell the story as well. The following narratives are as reported by pilots to the anonymous ASRS incident tracking system. Though there is a bit of jargon, after reading one or two of the reports it's easy to pick up. I've inserted some comments in red on the reports as a guideline.
Aircraft: DC-9 Undifferentiated or Other Model
DURING CLB [CLB = climb] AND WHILE TALKING TO SDF [SDF = Louisville Standiford International Airport] DEP [DEP = departure traffic control], WE GOT A TCAS RA [TCAS RA: TCAS = Traffic Alert and Collision Avoidance System; RA = Resolution Advisory; When the TCAS detects another aircraft directly in your aircraft's path, the TCAS will alert the pilots of both aircraft and instruct them on the proper evasive action, i.e. one pilot is told to climb while the other is told to descend. It is imperative that pilots immediately perform the recommended action to avoid collisions.] SHOWING A TARGET AT 12:00 O'CLOCK, LEVEL AND SHOWING A CLB. TCASII COMMANDED A FULL SCALE (6000 FPM) [FPM = Feet Per Minute] CLB AND I AS PF INCREASED CLB RATE TO 3000 FPM (THE MAX WE COULD SAFELY DO). WE CALLED SDF DEP TO RPT THE RA AND ASK ABOUT THE TARGET. HE SAID HE HAD NO TARGET WITHIN 5 MILES OF US, SO I HIT THE TCAS PRESS TO TEST BUTTON. TCAS TEST RPTED 'TEST OK.' I THEN ASKED THE LEAD FA TO DO A PED WALK AND HE RPTED BACK THAT A COMPUTER WAS IN USE IN VIOLATION OF THE STERILE ENVIRONMENT CONDITION. THE COMPUTER, A 'DELL INSPIRATION 8000,' WITH RPTEDLY NO XMISSION CAPABILITY AND NO EXTERNAL POWER PACK, WAS SHUTDOWN FOR THE REMAINDER OF THE FLT AND TCAS FUNCTIONED NORMALLY WITH NO FURTHER FALSE RA'S OR TA'S.
Aircraft: B767 Undifferentiated or Other Model
INSTRUMENT MALFUNCTION AUTOPLT ABNORMALITY. CLR OF CLOUDS, FL350, ECON CRUISE 'MACH .78,' SMOOTH AIR. THE FO WAS FLYING THIS LEG WHEN 30 NM NE OF LEFKO INTXN ON GREEN 26 PROCEEDING DIRECT TO REDFIN, JAX CENTER CLRED US DIRECT REMIS FOR A WARNING AREA HAD GONE ACTIVE. AT APPROX XA:44 ENE OF REMISS WE ENCOUNTERED THE EVENT. FIRST THING I NOTICED WAS THE AMBER AUTOPLT AND AUTO THROTTLE EICAS MSG AND AUDIBLE ALERT FOR A DISCONNECT. WE ALSO NOTICED SOLID YELLOW LINES THAT WENT THROUGH ALL FLT MGMNT CTL DATA ON BOTH CAPT AND FO ADI'S AND HSI'S. I LOOKED AT THE TOP EICAS ENG INSTRUMENT AND NOTED NO N1 OR EGT DIGITAL READOUTS, ONLY WHITE CIRCLES REMAINED. LOWER EICAS REFLECTED THE SAME. NO DIGITAL INFO FOR F2, FF, OIL PRESSURE, OIL TEMP, OIL QUANTITY, VIB. BOTH CDU'S WERE BLANK. AN IMMEDIATE CHK OF THE ELECTRICAL PANEL INDICATED NO MALFUNCTIONS, A TEST OF INDICATOR LIGHTS REVEALED NO BURNED OUT LIGHTS. CENTER AUTOPLT WAS ENGAGED AND SHOWING PANEL ACTIVE WITH NORMAL INDICATIONS. STANDBY ADI INDICATED WE WERE STARTING A LEFT BANK. WITH WARNING OF AUTOPLT AND AUTO THROTTLE DISCONNECT I GRABBED THE YOKE AND HIT THE AUTOPLT DISCONNECT SWITCH AND DIRECTED THE FO TO FLY. HE MAINTAINED LEVEL FLT AND STATED THAT THE AUTOPLT WAS STILL ENGAGED. I ATTEMPTED TO DISENGAGE THE AUTOPLT WITH THE DISENGAGE BAR BY PULLING IT DOWN AND WAITING. THE WHITE AUTOPLT CMD LIGHT REMAINED ON. I WENT BACK TO THE YOKE AND AGAIN HIT THE DISCONNECT AND FELT THE YOKE PRESSURE THE FO WAS HOLDING.
[Brief synopsis: while flying, an alarm sounded indicating that the autopilot had disengaged itself. The following displays that indicate the status of the aircraft stopped functioning: ADI (Attitude Direction Indicator), HDI (Horizontal Situation Indicator), EICAS (Engine Indication and Crew Alerting System - the acronyms the pilot references on this system are N1 (compressor rotational speed), EGT (exhaust gas temperature), and FF (fuel flow)), CDU (cockpit display unit, a radar display). The pilot performed several system checks which all claimed that equipment was functioning normally. When the plane started making an uncommanded left turn, the pilot attempted to manually disengage the autopilot (which was still operating despite the warning saying it had stopped) but was unable to.]
I CALLED ATC AND ADVISED WE WERE HAVING SOME KIND OF AN ELECTRICAL ANOMALY. JUST AFTER THE CALL TO ATC THE AUTOPLT DISENGAGED AND THE WHITE CMD LIGHT WENT OUT AND ALL SYSTEMS RETURNED TO NORMAL OPS. I DIRECTED THE FA 1 TO SEARCH THE ACFT FOR UNAUTHORIZED ELECTRONIC EQUIP BEING USED. I THEN RPTED TO ATC THAT OPS WERE NORMAL. THE EVENT LASTED APPROX 45 SECS. [...] FA 1 RPTED A CELL PHONE WAS IN USE BY PAX. I DIRECTED FA 1 TO HAVE IT TURNED OFF AND CONFISCATED TO ME. PAX STATED IT WAS A NEW PHONE BY AT&T, MODEL SIEMENS CEO168, HE WAS INSTALLING NEW PHONE NUMBERS IN DATA BANK AND NOT TALKING ON PHONE. MAINT WAS CALLED AND STATED THE ACFT HAD NO PREVIOUS HISTORY OF THIS TYPE OF EVENT. ONE AREA OF CONCERN WAS A POTABLE WATER TANK GAUGE QUANTITY PROB. THE FO AND I COMPLETED A COMPLETE SYSTEMS CHK CONCLUDING OPS NORMAL. WITH PASSENGER'S CELL PHONE OFF AND IN MY POSSESSION THE FO AND I AGREED WITH DISPATCHER TO CONTINUE THE FLT WITH CAVEAT THAT SHOULD ANY OTHER SIMILAR EVENT OCCUR WE WOULD LAND ASAP. [...] FROM NAVIGATION POINT REMISS WE PROCEEDED UNEVENTFULLY TO SFO. [...] THE CELL PHONE THAT WAS ON AT THE SAME TIME IS RPTED TO BE A POWERFUL NEW TYPE IN THE SEARCH MODE. THE LOCATION OF THE PHONE DURING THE INCIDENT WAS THE CABIN AT SEAT ROW X WHICH IS ROUGHLY ABOVE THE ELECTRONICS AREA. DURING THE FAILURE THE STANDBY ENG INSTRUMENTS ACTIVATED.
NAV INTERFERENCE. OVER CHT, CLRED '10 DEGS R INTERCEPT LOC RWY 31L PLAN CIRCLE RWY 22L.' UPON TUNING LOC FREQ AND SETTING COURSE, IT APPEARED WE WERE ON THE LOC, ALTHOUGH VISUALLY WE APPEARED S OF COURSE. ATC ASKED IF WE HAD INTERCEPTED AND SAID WE WERE S OF COURSE. THE CDI THEN SWUNG FULL SCALE TO THE OTHER SIDE INDICATING WE WERE N OF COURSE. I TURNED TO CTR AND THE CDI AND WE SWITCHED TO TWR. MY CDI SWUNG R INDICATING WE WERE S OF COURSE. I NOTICED THE FO'S CDI WAS SWINGING THE SAME DIRECTION AS MINE, BUT MOVING ABOUT HALF AS FAR. WHEN WE SAW THE RWY, WE WERE N OF COURSE WITH CDI'S INDICATING WE WERE S OF COURSE. WE WERE HIGH AND WELL N OF COURSE WHEN TWR ASKED IF WE COULD GET DOWN FROM THERE. WE ASKED TO BE TURNED OUT TO RE-ENTER THE PATTERN, UPON TURNING OUTBOUND WE MADE A PA ASKING PEOPLE TO PLEASE MAKE SURE THEIR CELL PHONES AND OTHER EQUIP WERE TURNED OFF. THE CDI'S IMMEDIATELY BECAME STEADY AND WE COMPLETED A NORMAL ILS RWY 31C CIRCLE RWY22L WITH NORMAL INDICATIONS AND THE FLT ATTENDANTS RPTED THAT A WOMAN IN THE FORWARD LOUNGE WAS TALKING ON HER CELL PHONE. AS SOON AS SHE TURNED HER PHONE OFF, OUR CDI INDICATED NORMALLY.
AT CRUISE ALT OF FL310 WITH RADAR 'ON,' ALL 4 EFIS DISPLAY UNITS STARTED FLASHING AND BLANKING OUT, ACCOMPANIED WITH A YELLOW 'WX RADAR SOURCE' WARNING FLAG ON BOTH EHSI DISPLAY UNITS. I TURNED BOTH RADARS 'OFF.' ALL DISPLAY UNITS STOPPED FLASHING AND BLANKING OUT. I TURNED FO'S RADAR BACK 'ON,' FLASHING SEEMED TO HAVE STOPPED. FLT ATTENDANT CAME TO THE COCKPIT AND ADVISED THAT 2 PAX HAD WALKIE-TALKIE TYPE HEADSETS (MODEL DIGI-TECH DSI) ON AND THEY WERE TALKING TO EACH OTHER. THEY WERE SITTING IN DIFFERENT PARTS OF THE CABIN. I ADVISED THE FLT ATTENDANT TO HAVE THEM TURN 'OFF' AND DISCONTINUE USING THE HEADSETS. I TURNED BOTH RADARS BACK 'ON,' RADARS AND ALL 4 EFIS DISPLAY UNITS WORKED NORMAL FOR THE REMAINDER OF THE FLT.
Aircraft: Brasilia EMB-120 All Series
I EXPERIENCED INTERFERENCE WITH VOR NAVIGATION RECEPTION. WE FOUND A PAX IN SEAT XA, OPERATING A 300MHZ TOSHIBA PROTOGE LAPTOP COMPUTER. WE HAD HER DISCONTINUE USE OF THE COMPUTER AND NORMAL RECEPTION WAS RESTORED. I HAVE HAD PREVIOUS PROBLEMS WITH TOSHIBA COMPUTERS THAT ARE USED IN ROW X. I WILL NOT LIMIT THE USE OF PAX ELECTRONIC DEVICES YET, HOWEVER I NOW IMMEDIATELY CHECK TO SEE IF A LAPTOP IS ON WHEN EXPERIENCING PROBLEMS. CALLBACK CONVERSATION WITH RPTR REVEALED THE FOLLOWING INFO: THE RPTR STATED THAT THE SAME EXACT INCIDENT OCCURRED ON A DIFFERENT EMB120 AT ROW X AND WITH A TOSHIBA LAPTOP COMPUTER. THAT TIME, THEY WERE AT MCCALISTER VOR, WHEN THE VOR NEEDLES ON THE MFD (MULTIFUNCTION DISPLAY) WENT CRAZY AND WERE SPINNING IN CIRCLES. IN BOTH CASES, IT WAS SPINNING IN CIRCLES ON BOTH NAV 1 AND NAV 2. THE RPTR GUESSED IT WAS A LAPTOP COMPUTER CAUSING IT AND HAD THE FLT ATTENDANT CHECK IT OUT AND HAD THE PERSON TURN IT OFF. AFTER THE VOR RETURNED TO NORMAL, THE RPTR ASKED THE FLT ATTENDANT TO HAVE THE PAX TURN IT BACK ON TO SEE WHAT WOULD HAPPEN, AND THE INSTRUMENTS RESUMED TO ALMOST A NORMAL POSITION, BUT IT WAS 40 DEGREES OFF FROM ATC. HE SAID ROW X IS THE FIRST ROW BEHIND THE TRAILING EDGE OF THE WING, AND SPECULATES THAT THIS MAY HAVE SOMETHING TO DO WITH THE WING'S WIRING OR AN INSTRUMENT UNDER THE WING.
Decoding the pilot reports is a bit daunting, but I feel that actual reports mean more than just numbers. What we can gather from the reports, and the statistics, is that during ideal weather and flight conditions, it is easily possible to recover from the interference caused by PEDs. However, those corrections could lead to other hazards (what if the TCAS in the first report had erroneously instructed the pilot to climb in to the path of another aircraft?), and in low-visibility conditions they could cause a pilot to send his aircraft off course, land on an incorrect runway, or miss a runway altogether. Of course this is all speculation, but there is documented evidence that makes such speculation worthwhile: if we are willing to say "better safe than sorry" when we're told we can't bring toothpaste and deodorant on to an airplane, why should we react differently when asked to turn off our electronic devices? There are many more documented instances of PEDs causing potentially hazardous situations than there are of terrorists using mouthwash to bring down an aircraft. Sadly, though nobody had to die for us to recognize the possible hazards of unknown chemicals, I really do believe that we won't hear the voice of reason until a serious incident occurs that is directly traced back to a PED. That incident will terrorize the nation, but it probably won't be terrorism - it will just be us learning that dangers we don't understand do exist and can hurt us.
It seems that people are skeptical about the dangers of operating Portable Electronic Devices (PEDs) on airplanes. I've heard the same tired argument ("but I leave my phone on all the time, nothing bad happens") several times already. Well, sometimes bad things do happen. Usually not "planes dropping out of the sky" bad, but bad nonetheless. Airplane systems (including Air Phones and the like) are subject to rigorous electromagnetic emission standards to establish and provide control of the electromagnetic characteristics and compatibility of these systems. PEDs, however, are not subject to these restrictions, and electromagnetic interference from PEDs carried on by passengers have been reported as being responsible for many anomalous events during flight. Some examples, provided by Boeing:
In another widely known incident, in January 2001 a Slovenian airliner made an emergency landing after a passenger's mobile phone caused its electronics system to malfunction and indicate there was a fire on board. The plane was a Canadair Regional Jet CRJ-600, a modern and sophisticated aircraft. In another incident, the pilot's mobile phone was identified as the source of interference causing a loss of GPS guidance on three separate GPS receivers during a Piper Cherokee test flight. USAirways has reported that interference from cell phones used during taxi-in caused the emergency lighting system to activate on one flight.
PEDs have been implicated in interference with many aircraft navigation, flight control, and safety systems: the VOR (VHF Omni-directional Range), LOC (Localizer), CDI (Course Deviation Indicator), Autopilot, pilot displays, FMS (Flight Management System), TCAS (Traffic alert and Collision Avoidance System), radio communications, radar altimeter, IRU (Inertial Reference Unit), ILS (Instrument Landing System), smoke/fire detectors, and aircraft spoilers, among others. Laptops and cell phones have been the biggest offenders, with handheld game devices and portable TV/DVD players close behind. Boeing also conducted laboratory and airplane tests with 16 cell phones typical of those carried by passengers; the results indicated that phones not only produce emissions at their operating frequencies, but also produce other emissions that fall within airplane communication and navigation frequency bands (such as the Automatic Direction Finder, High Frequency, Very High Frequency [VHF] omni range/locator, and VHF communications and the Instrument Landing System [ILS]). Emissions at the operating frequency were as high as 60dB over the airplane equipment emission limits.
It's not just PEDs, either. In early production runs of a particular Lear Jet, the Radio Direction Finder (RDF) would peg to one side if the window defroster was used, because the little defrosting wires on the glass were right next to the RDF instrument. Were a pilot to follow the RDF when the defroster was switched on, he or she would be flying in a tight circle. This is an extreme example, but more minor examples exist. Interference could cause just enough of a change in an automated system that people wouldn't notice a change in direction but the pilot could land at the wrong airport by accident (this actually happens quite frequently).
Is it possible that electromagnetic interference could bring down an airplane? Yes. A seven month study by the US Air Force completed in late 1998 concluded that "thousands of conflicts" among radio frequencies used by the three branches of the US military had produced grave outcomes. According to Colonel Charles Quisenberry, the director of the study, EMI can "affect the electrons within the aircraft's flight controls as well as its fuel controls ... putting a plane into an uncommanded turn or dive or turning off its fuel supply." Some forms of interference, he stated, "are very, very critical -- some cause aircraft to crash." He gave some instances where this was the case: because of EMI, Black Hawk helicopters crashed and killed their crews five times between 1982 and 1988, with 22 deaths. "The Black Hawk was shielded at a very low level -- it was known ahead of time that its shielding was inadequate." One Army aviator had gone on public record saying that "EMI is causing these aircraft to flip upside down and crash and kill everybody aboard."
Lots of electronic devices put out RF interference in unpredictable ways, and more and more devices come out all the time that are small and light enough to carry on to the plane. The FAA has banned the use of all electronic devices during takeoff and landing because of this uncertainty. Because of strong contrary public opinion, PEDs have not been banned outright on flights, but given the uncertainty, it is probably safest to switch them off as soon as the boarding door closes, and leave them off until the door has opened.
I stay in hotels a lot these days, and most hotels that I stay at plop a free copy of USA Today at my door every morning. So I read a lot of USA Today as well.
In today's USA Today there was an article by Kevin Maney in which he discussed the pummeling of people who carry on loud phone or VOIP conversations on airplanes. This is something I approve of, but he also made some flippant remarks about how cell phones really aren't the safety hazards that the FAA makes them out to be. I disagree on that, and wrote him an e-mail saying so. Then I decided that since I haven't posted anything here in a while, I could use that e-mail to waste some more bandwidth. So here it is:
I've just been reading your article in Wednesday's USA Today: "In-flight cell calls can't annoy fliers, but over-the-Net calls can." I'd like to disagree with you on a peripheral comment you make in a couple of places.
I agree wholeheartedly with the main point of your article, that people yammering on cell phones in airplanes should be pummeled. There should be a special kind of abuse reserved for people whose cell phones turn on the second the plane's wheels touch the ground, so they can make the call "Hi! Yeah, we just landed. No, still on the plane. Taxiing to the gate. OK! See you soon." I mean really ... couldn't that call wait 5 minutes? Cripe.
But that's not my issue. You also ask "Who really believes a cellphone signal is going to scramble cockpit controls and bring down a jet?" And later, "...Ryanair's concept says a lot about the dangers of cellphone use on planes, no?"
This is where I disagree. I'm an electronics engineer; I worked as a contractor for the FAA dealing with navigation and landing aids for two years, and during that time I got to see what the reasons behind the FAA's rules are.
You've probably seen a label on the back of electronic devices saying that it complies with Part 15 of the FCC Rules, and that it may not cause harmful interference. Part 15 also stipulates that "An intentional or unintentional radiator shall be constructed in accordance with good engineering design and manufacturing practice." Fair enough, but the fact is that with the recent boom in cheap 802.11 and other wireless devices, this is not always the case.
Ideally, your cell phone or laptop won't cause interference that would scramble cockpit controls. However, if the device is poorly designed, or a 1-2 cent component in the RF section of the device is defective, there is no telling what sort of interference it could cause. Aviation navigation equipment is designed to be robust and fault tolerant, but it is also high-performance equipment, very sensitive and very precise, which makes it more susceptible to interference. There is a documented case of a 1 Megawatt mountaintop radar facility being knocked off line by a wireless 802.11b video security camera, purchased for under $50, that was over 7 miles away. The interference was caused by a harmonic over 1GHz outside of the frequency range of 802.11b; the camera was just defective. There are plenty of similar incidents documented, demonstrating that strict rules are justified.
Will an errant cellular phone cause an airplane to fall out of the sky? Not likely. But recent reductions in the minimum separation requirements for commercial air traffic can only be construed as safe if all of the RF-based navigation, collision avoidance, and location-notifying systems are operating correctly. Once the plane is on the ground, different RF-based systems kick in to help prevent ground collisions on increasingly crowded airports.
The FAA, like other government agencies charged with protecting citizens from themselves (CDC, FDA, FCC, etc), are often hampered by public opinion: people are willing to take risks because they don't understand them, and people react violently when things they regard as convenient are taken away in the name of safety. How do you explain the fact that when the boarding door closes and the aircraft begins to taxi, you have to turn your cell phone off, but as soon as the plane is on the ground, well before the boarding door opens, you're allowed to turn the phone back on? Try telling the person sitting next to you that he or she has to wait another 2 minutes before turning their phone back on: then you'll be the one getting the beating. The same goes for your laptop: you're supposed to turn off anything with an antenna, yet as soon as your laptop boots, its wireless Ethernet device is activated and starts scanning the area for access points. Think of the $.05 worth of low-bid electronic components that are supposed to keep your laptop's emissions in check next time you fire it up mid-flight to finish an article. Will you think twice? Or will you dismiss safety concerns as overly cautious? After all, you've used your laptop on the plane before, and there were no consequences. Why should this time be any different?
In the past couple of years, national security has been on everyone's mind; laws have been passed, rules have been enacted, and generally life has been made more miserable so that we as a country can feel more secure. Some of the initiatives that we have seen are very visible; airport security, security at federal buildings, and legislation such as the Patriot Act have been widely discussed, and their relative merits are subject to some debate. There has also been much behind-the-scenes work, such as the Container Security Initiative (CSI), which is designed to protect the transportation of the ubiquitous and increasingly important 40-foot containers that bring us much of what we buy. All discussion of the merits of these security precautions aside, we can still say that people are actively working to keep our critical infrastructure safe from attack. But we have been ignoring an important point in the process of securing our national infrastructure, and that overlooked point presented itself to us recently. The recent massive power outage in the northeast provided us an important lesson: decreasing margins of safety and error in our infrastructure place critical societal functions at greater risk of significant disruptions from rare occurrences -- accidental, malicious, or otherwise unforeseen. This is nothing new; it has been going on for decades now, as a series of decisions by policy makers placed the administration of our national infrastructure in the hands of profit-seeking organizations. This is not necessarily bad, but redefining acceptable levels of risk and protections as the world changes is hard work, and needs to be done carefully.
Cost pressures and tight engineering under benign assumptions over the last few decades have lead to thin margins of error in our current infrastructure. This is to say that certain major failures are assumed to be so unlikely that they are discounted during the design process. This way of thinking creates systems that tend to be less expensive, and are optimized to fit the relatively optimistic world and set of basic assumptions. But while optimized engineering leads to most events being of small consequence (because the systems are engineered to tolerate them), some rare events that might otherwise have been relatively benign (or at least tolerable) can now lead to massive disruption. As the margins of safety designed into the large, complex, and poorly understood systems that make up our critical infrastructure (such as the national power grid) are whittled away in the name of cost-effectiveness, the likelihood of massive, uncontrolled failures increases. But while it seems like this might be just asking for trouble, it is seen as "bad engineering" to overdesign a system to tolerate very rare events, or events whose specific causes are not well understood, if that tolerance is perceived to cost more than the failures it would prevent (in terms of expected value to the customer), or if the likelihood of the failure seems very remote -- fragility to extremely rare events is seen as a good business decision. This is why rare disruptions (like power outages) come as little surprise to insiders of highly optimized or complex infrastructures. Building excess capacity and redundancy into a system such as the electric power grid is essential to safety and reliability, but it has no market incentive -- safety doesn't sell.
What the market calls "excess capacity" (note the connotations of "excess"), others call a safety net. When a critical power line fails, parallel lines must have this "excess" capacity to take over the flow, and this safety net must remain intact when lines are out of service for maintenance. Such safety is not cheap. So while adequate margins of safety generally have the side effect of increasing the overall efficiency and reliability of a system, at some point investments in redundancy are seen as extravagant and wasteful to stakeholders, whether they are private stakeholders (i.e. shareholders) or public (i.e. taxpayers). Those who are out to placate stakeholders tend to favor more visible single-point safety or security measures, which tend to cost more in the long run and are generally less effective.
The invisible hand of economics creates systems designed and optimized under optimistic assumptions of relatively benign environments; these systems are at great risk if new or unexpected threats arise, because the margins that have historically made it possible to work around unexpected problems (think of the Apollo-13 near-disaster) are no longer designed in. The development of our critical infrastructure is subject to these economic motivations, so it is already (and will become more) fragile to rare or unexpected events. That's good business paving the road to future vulnerabilities, because the market will not bear the cost of the level of reliability that it expects. The pace of technological change and societal reliance on these systems amplify the uncertainty, urgency, and magnitude of risk here.
After 9/11, we can point out how scenarios that were previously almost unthinkable are suddenly possible, and thus engineered defenses against potential attacks are more strongly motivated. However, to define and quantify threats and their impact, particularly in combination with coordinated physical and psychological attacks and effects, requires deep contemplative research, development, large-scale experimentation, and the like -- all very costly with little to no visible immediate payoff (which makes them politically unpopular). But given the social and economic consequences that arose from the recent power outage, the national power grid is suddenly a large, inviting target for those who seek to disrupt society because it has demonstrated weaknesses and widespread impact. It is impossible to protect all important points of such a large system using the standard paradigms of physical security, which is generally designed in isolation from the system it is protecting, and therefore offers little real protection. Instead we need to fix the basic problems with the infrastructure -- if we can reduce the potential impact of catastrophic events on the power grid by making it more robust and flexible, it will become a less inviting target for catastrophic terrorism. To achieve this, we must accept that we need non-market investments in the design and implementation of safety, security, and robustness in critical infrastructure.