Mandatory brake override? Sure, but which one?

The Department of Transportation is actively considering whether brake overrides should become mandatory on all vehicles.   If a driver is pressing on both the gas pedal and the brakes, a brake override will give priority to the brakes and just ignore the gas pedal positions.   Given the history of sudden intended acceleration incidents, this mandate may seem like a slam dunk.  If the vehicle accelerates without driver input, just hit the brakes and all is well.  If only safety-critical systems were that simple…

The question is not whether there should be a brake override mechanism, but what kind of brake override should be in place.   A fully electronic override may not even be recognized if implemented in the wrong subsystem within an automobile.  A mechanical override on the other hand will have independent failure characteristics.   I have made this argument in a previous blog posting here.

Consider Toyota’s ETCS-I, which has been in the news a lot lately.   There are those of us who believe that there is a problem in the electronics that can cause sudden and sustained unintended acceleration (SSUA).  If when the brake is pressed, this ETC system is supposed to receive a message from the brake sensor(s), override the gas pedal position completely and close the throttle.   But suppose the problem is indeed in the ETC system which is unable to close the throttle resulting in SSUA.  (We anticipate that this could just may be end up being the source of the SSUA problem.   The electronics that controls the throttle, for example, could have been damaged intermittently or permanently).   Under this condition, the brake override will no nothing.  Nada. Zilch.

In other words, a  fail-safe mechanism that is completely independent of the ETC system is needed to close the throttle.

Brake override?  Yes.  But the right one.

Addendum:  To provide a more balanced perspective, suppose the problem in the ECTS-I is the one that Prof. Dave Gilbert (SIU) points out  – where if the two acceleration sensors are shorted to the 5V supply, the vehicle takes off and there is no DTC.   In this case, an electronic brake override will indeed work fine – the accelerator values will be ignored.  So, an electronic brake override by the ECUs in the ETCS-I is better than having nothing.

Advertisements

One Response to “Mandatory brake override? Sure, but which one?”

  1. A Clash of Cultures and Its Consequences « Blog on Automotive Safety Says:

    […] industry standards and products that favor the use of independent fail-over […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: