Aren’t All Technical Service Bulletins Public?

March 23, 2010

CNN reported today that a Technical Service Bulletin (TSB) issued by Toyota in 2002 calls for a software patch to fix a calibration table on Toyota Camrys.    You are probably aware that the 2002 Toyota Camry was the first Camry to use Electronic Throttle Control.  In addition, there was a spike in reported sudden unintended acceleration incidents between 2001 and 2002.

One may rightfully wonder about why the existence of this TSB is not evidence of Toyota knowing about possible software problems in its electronics.   I wonder more about how such a TSB is not publicly available.  Interestingly, NHTSA had seen the TSB and has a short report on it.

Given that the TSB was not public, it would seem that only those 2002 Camrys, which were taken to a Toyota dealer, could have been patched.    Others could still be using the mis-calibrated tables in the firmware on the engine control module.

Event Data Recorders of a Different Kind

March 22, 2010

On its website, Toyota has a video clip providing its analysis of the runaway Prius in Southern California.  They obtained data from the Prius, demonstrating that the driver of the Prius was alternating between braking and accelerating 250 times.  They point out that the data were not obtained from an event data recorder.   They mean that the data did not come from the vehicle’s ‘black-box’ which in their vehicles stores only 2-5 seconds of data, can be read only by Toyota and customers can get that limited data only with a court order.

That’s a distinction without a difference!   Any logger on the vehicle that stores events from the automobile is an event data recorder (recall that many planes have two black boxes).   It would appear without additional information that they had read the non-volatile memory on the Engine Control Module or other ECU (Electronic Control Unit).    Is it possible to read such data from other Toyota vehicles as well?  Any afflicted parties and NHTSA ought to get a complete listing of what data get stored by each Toyota vehicle.  NHTSA should also be given the means to read that data.

As I have argued in a different posting, Toyota should release what information is stored in each vehicle before future incidents are analyzed.

Probabilities and Assumptions

March 22, 2010

A recent article in the New York Times noted that

[…] Driving one of the suspect Toyotas raises your chances of dying in a car crash over the next two years from .01907 percent (that’s 19 one-thousandths of 1 percent, when rounded off) to .01935 percent (also 19 one-thousandths of one percent)….  It’s not worth losing sleep over.

Intriguing analysis.   Some items to note that may alter the above math significantly:

  1. Why compute the probability over the next two years as opposed to 10 or even 20 years?  (According to Toyota, about 80% of their vehicles that are 10-20 years old are still on the road).
  2. Why compute only the probability of dying?  What about the probability of being injured which is about 10-20 times higher?  Do we want our cars to be unsafe and to add to the uncertainties of the world we live in?
  3. An unsafe vehicle does not just pose a danger to the occupants of the vehicle.  It could pose greater dangers to pedestrians and passengers in other vehicles.
  4. The NHTSA database only contains reports that were filed by pro-active complainants.  Many incidents may not have been reported; one estimate is that only 20% of incidents get reported – people may just sell a car with problems and move on.   It is also at least conceivable that there have been accidents, injuries and deaths that have been wrongly attributed to driver error when in fact the vehicle is to be blamed.
Should we go back to mechanical systems to ensure the safety of cars?

March 10, 2010

A reporter asked me yesterday whether there are any ‘independent’ organizations or groups that test the safety of car electronics.   An independent entity would be one that does not work with any carmaker, automotive supplier or plaintiffs in a car accident.   Unfortunately, I had to answer ‘No’.   The reason for this absence of independent entities who can offer “unbiased” feedback is simple: how will they support themselves?   Automotive electronics is complex; one needs the services of experts in mechanical engineering, electrical engineering, control systems, electronics hardware, embedded real-time software, fault-tolerant systems, sensors, actuators,  EMI and ESD.  There are hundreds of models sold *every* year.   The cost of sustaining such a testing operation will be enormous, and unless one has a service contract with one of the automakers, or looking at specific issues for a plaintiff, it is very difficult to sustain the operation.  Let’s look at the landscape and how we can help the situation.


Toyota plays (hard)ball

March 9, 2010

Today, Toyota had a webcast and press conference to ‘debunk’ Dr. David Gilbert’s demonstration of an Avalon undergoing SUA.   In specific, Toyota pointed out that  (a) Dr. Gilbert had manipulated the vehicle’s electronic system and that (b) the errors Dr. Gilbert injected could not happen in practice.  The whole episode received a lot of attention in the media.  Toyota even had a Stanford University professor speak in support of Toyota.  Exponent filed a report pointing out that they could reproduce the same problem in vehicles from other carmakers.

Let’s look at what Dr. Gilbert actually said in his report and his congressional testimony.  (a) He specifically said that he had manipulated the vehicle’s acceleration pedal position sensor subsystem.  He even gave a detailed diagram showing the interior of the breakout box he used to conduct the experiment.  He further enumerated the list of capabilities the breakout box allowed him to do.   (b) Dr. Gilbert pointed out how moisture, corrosion and wear could lead to the  fault scenario.  He however did not say that this WILL happen or how likely it was for it to happen.  Many including me pointed out the relative impracticality of this scenario.   So, there was absolutely zero news on what Toyota said today.   It seemed like Toyota wanted to do a PR blitz and that was that.

Dr. Gilbert during his demo mentioned that he was unable to repeat the problem in an American car (GM I think but could have been Ford).  Exponent had been able to repeat Dr. Gilbert’s experiments on a Subaru, Honda, BMW, Mercedes and a Chrysler.  In other words, they did not find any problem with Dr. Gilbert’s conclusion.   It’s all about perception management, one is forced to conclude.

Toyota Playing Its Version of Russian Roulette

March 8, 2010

The number of SUA (sudden unintended acceleration) complaints in Toyota vehicles that have been ‘fixed’ keeps rising on a daily basis.   The House Energy and Commerce Committee has asked Toyota for its documents showcasing their internal tests of throttle control electronics and for access to Toyota engineers who worked on it.   Given all this, what is Toyota doing?  They have decided to aggressively launch a marketing campaign to sell its cars to Toyota loyalists.   What is going on?

Here’s my interpretation. ..  (All numbers are within a factor of about 2. )  There are 1000-2000 complaints of SUA  over the past 9 years in the US with about 20 million Toyota vehicles.  This translates to a failure rate of approximately 1 in 10,000.   This rate could go up as more complaints are filed in part due to an increased awareness of SUA.   (There will also likely be an increase in the reported tally due to human errors being reported as vehicular problems.)    Overall, however, there appear to have been a few tens of deaths and a few hundreds of injuries that could be attributed to SUA.   Taking a legal perspective, even if Toyota loses all these lawsuits, the total liability is perhaps less than $500 million in the US.    Toyota may have just made a business decision that it can always settle injury/death cases in court, and be aggressive in the market as always.    Traditional business model, you say?   If electronics is indeed shown to be a problem later, Toyota will immediately lose face, alienate its heretofore loyal customer base and be liable for potentially billions of dollars.    A bunch of executives within Toyota must be hoping that they have calculated these odds correctly.   The odds they may have calculated could indeed be the 1 in 10,000 failure rate.  But one may  be able to show a trouble-making sequence in the electronics of a vehicle that did experience SUA before.   The odds of somebody showing such a sequence, I believe, are (much) better than 1 in 10,000.  The House Committee can also  follow through and find additional information.

Let me re-emphasize: Toyota can demonstrate to a lot of customers the correctness of its system by installing a “black-box” (event data recorder) in vehicles that have exhibited SUA (and even more so on vehicles which have exhibited multiple SUA incidents).  If/when the driver claims SUA, the data in the black box would show where the fault lies – with the driver or with the carmaker.  We have not seen this testing happen – and its marked absence only reinforces the skepticism of many people like me.

A Clash of Cultures and Its Consequences

March 7, 2010

Today’s New York Times describes how Toyota has been able to not make any recalls  in its home-base, Japan.  In both Japan and the United States, big corporations unfortunately have a major say in policy-making such as the (non-)establishment of regulations and how they are (not) enforced.  Think Toyota in Japan and the banks in the US.   Old-timers in the US may recall how the Big Three of the past became over time the Detroit Three, by advocating reduced investments in public transportation infrastructure back in their golden age during the 50s and 60s, and then adopting ill-advised market-growth techniques that came to be collectively referred to as “planned obsolescence”.

The lack of accountability to customers is something that may define how this whole episode of concerns over recalls plays out.  We need to watch how extensively Toyota responds (or not) to the request from the House Energy and House Committee for test documents and interviews with technical experts.   If Toyota is able to bring to bear political pressure not to bring to light its internal documents, that would be a pity.  The harsh spotlight shining on Toyota, which some attribute to “typical” hype from the press, has nevertheless put immense pressure not just on Toyota but also on other carmakers, who have rushed to announce recalls that may not have happened otherwise.  A good outcome, hopefully, will comprise of

  • An added public awareness of both the many benefits and risks of electronics in safety-critical systems,
  • An increased concern over consumer safety among the carmakers, who will otherwise pay for it with reduced market share and diminished reputation, and
  • More industry standards and products that favor the use of independent fail-over mechanisms.

Cars for the people!

Toyota at the Crossroads

March 5, 2010

The context: More drivers are beginning to complain of sudden unintended acceleration after the recent fixes in response to massive recalls by Toyota.   Some of these complaints may not be legitimate but others likely are.   As the Toyota recall story was building to a crescendo leading up to the congressional hearings, many owners of Toyota vehicles have taken the following position in recent weeks.   “I have owned one or more Toyota vehicles for a long time. They have been very reliable.   I can understand that something can go wrong once in a while, but Toyota will find the problem and will fix it.   Meanwhile, if I can find a Toyota at a good price, that’s not a bad deal, is it?”   Very reasonable.    This argument also explains the less-than-expected drop in Toyota sales in February 2010 (about 9.5% when some analysts expected a bigger drop).

Now, if Toyota begins to be perceived as being unable to find and fix a problem that is safety-critical (who wants to encounter SUA with your family in the car?), the tables can turn very rapidly.  Hondas, Nissans and Hyundais will sell well, while many others will look at vehicles made by the Detroit Three.  And many are likely to be pleasantly surprised that the quality level, designs and prices of those other cars are not so bad after all.     Credibility can be lost very quickly and rebuilding reputation can take a long time.

It’s precarious times for Toyota from that perspective.   With about 20 complaints of cars with “fixes” reporting SUA, Toyota has said “This represents only a ‘tiny fraction’ of the cars” reporting the problem.    I am no PR expert, but this does not sound like a good defense in the public sphere of consumers.   (These numbers are just from the last 2-4 weeks).   Loyal Toyota owners are watching.

On a related note, the US House Energy and Commerce Committee is now asking Toyota to

  1. Submit internal documentation and detailed reports from the various tests that Toyota conducted on their ETCS electronics.
  2. Provide names of Toyota engineers and technical experts who worked on and tested the ETCS – so that they can be interviewed.

Both are steps that I have advocated (read this blog posting for example).

Black Boxes on the move

March 4, 2010

Yesterday, Toyota seems to have given 3 “black boxes” to NHTSA to see if SUA is happening in its vehicles.    This represents some movement on this issue, as I have argued for some weeks.  The black box records vehicle data on the fly and can be used to see what was happening in the vehicle before an event of interest (like SUA) occurred.   3 is more than 1, and certainly larger than 0, which was the status quo earlier.   So, this is progress.   Now, calculate the costs of the recall even ignoring the impact of perception on Toyota sales and image.   Could they do only 3 such boxes?  Hopefully, there are more on the way.

If I got such a black box, I would calibrate it.  For example, run the vehicle at high speed, low speed, apply the brakes, change the gear, rev the engine etc. and see what the data say.   Apply the brakes and press the gas pedal together in a safe location.  Then, I would even try doing an experiment like SIU Prof. Gilbert’s – even if somewhat forced, the black box logger should record the sequence that results.  In other words, the black box should not judge the logic and just report the data.    Then, off one goes looking for SUA and the results.   The data ought to be very revealing.

Accelerations ‘r Us

March 4, 2010

We do not believe sudden unintended acceleration because of a defect in our E.T.C.S. has ever happened,” said Takeshi Uchiyamada, an executive vice president for Toyota.    May be, just may be, Toyota engineers have never been able to confirm an error in the electronics that led to SUA.   But given everything that has happened, with now people complaining of SUA after the “fixes” resulting from the recent major recalls, is this what Toyota should be saying?  So, are all the Toyota drivers reporting SUA at fault?

Should they not be saying something along the following lines?

From the time these SUA complaints started several years back, we have investigated the incidents diligently and have been trying to reproduce the problem.  We keep looking.  We just cannot find an electronics problem.   We have built new tools, new hardware and we keep looking for more and more information from the system but we still cannot see our electronics causing SUA.  We have developed lots of new tools.   In fact, here on the table in front of you is some new hardware we have built – anybody with recurring problems, please install such a unit in your Toyota vehicle.  It can record/observe what is going on.    All of you, not just us, can observe what happens then.  Each unit will record accelerator pedal position, throttle position, brake position, vehicle speed, vehicle acceleration, cruise control usage, engine rpm, and more.  The last  15-30 minutes of driving data will always be recorded when the engine is on.  Our customers can look at the data directly – the software to do this can be downloaded right from the homepage on our website.  If SUA happens, stop, do not restart the engine, have the car towed and look at the data yourself.   If SUA happens due to electronics, the data will show it.  If SUA is not due to electronics, the data will also show it.  Please bear in mind that this box is not fully crash-proof and can get damaged in the case of a big collision.  But we still expect that in most if not all cases, if the driver switches to neutral avoiding a collision, the data will be accessible to you and be very informative.   If you report the incident to police, you can ask them to look at the data.  You can have your Toyota dealer show you the information.    Let us know after you have seen the data. Call NHTSA and us. We are right now looking for volunteers. We will be happy to work with NHTSA and others to screen these volunteers, install the units and have you collect more data for detailed observation.  The first preference will be given to those who have documented SUA incidents before.  The more observations you can make, the more everybody will know.    We have 1000 units available right now in the US.  It’s a minor expense given the magnitude of our recalls.  If more units are needed, we’ll make more real soon.   And then, as more drivers see that our electronics is not at fault, all our customers can feel safe knowing that the electronics in our vehicles is not malfunctioning.   Toyota proudly stands by its customers.  We always will“.

Why is Toyota not saying the above?   Frustrating.