Toyota, WSJ, and Computers: An Update

By | 2014/08/25

Back in 2010, I wrote about the sudden unintended acceleration problem (SUAP in the earlier article here, UA in the source I’m about to link) in various Toyota vehicles. Drivers would find their cars accelerating out of their control and braking was unresponsive. People died. Survivors spoke of their unsuccessful attempts to get their car to stop. And commentators like Mike Ramsey of the Wall Street Journal opined that all of it was operator error. I opined that Mike Ramsey was full of it, and that when the dust settled, fault would be found in Toyota’s software.

The dust has settled. While an analysis of Toyota’s firmware by NASA in 2011 failed to find faults that could lead to UA, other embedded systems experts persevered and did find them. Michael Barr of The Barr Group testified in a case in Oklahoma that marked the beginning of the end for Toyota’s claims that its software was OK, and its customers were idiots who couldn’t find the brake pedal to save their lives. Literally. Experts for the plaintiffs demonstrated a host of errors and bad practices within the firmware, including paths to unintended acceleration. (The article linked just previous delves into some of the embedded systems analysis and the faults that were found. I recommend it highly.) Later, Toyota settled a class action lawsuit over the matter for a cool $1,100,000,000 ($1.1 billion, with a “b”).

I also recommend a more robust approach to analysis for those of you who were advocating the “operator error” explanation back in the day. The odds that the drivers of a particular manufacturer’s vehicles would experience pedal confusion at a much higher rate than the general population are small. The odds that in 100% of cases accelerators remained fully depressed and brakes remained entirely untouched, the data from logs that Ramsey erroneously believed exonerated Toyota, are too slim to even be believable. It was, in fact, the 100% report that convinced me that the fault was not due to operator error and lay within Toyota’s systems.

Be Sociable, Share!
<> 72925 4291 >

2 thoughts on “Toyota, WSJ, and Computers: An Update

  1. Wesley R. Elsberry Post author

    While I was looking things up about the Toyota UA problem, I noticed a claimed instance concerning a Ms. Myrna Marseille, who contended her 2009 Toyota accelerated and cause her to crash into a building. Google for “myrna marseille toyota” and you’ll get pages of results touting the news that the Sheboygan Falls Police Department concluded that this instance was driver error. Now, we know news reports are incomplete, but what those said was that the police concluded driver error because video of the crash did not show brake lights coming on until after the crash. As we know now, that doesn’t mean that the driver was *not* frantically trying to brake.

    So I looked up the Sheboygan Falls Police, found their web page, and used the handy “contact” form to send them the following:

    I blog at http://austringer.net/wp

    I have blogged about the Toyota unintended acceleration issue:

    http://austringer.net/wp/index.php/2010/07/14/toyota-wsj-and-computers/

    http://austringer.net/wp/index.php/2014/08/25/toyota-wsj-and-computers-an-update/

    Courts have found Toyota to be at fault in various cases of unintended acceleration, largely on expert testimony regarding the programming of their Electronic Throttle Control System. See

    http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware–Bad-design-and-its-consequences

    for details.

    Toyota recalled cars to correct unintended acceleration defects and settled a class-action lawsuit for $1.1 billion over this issue.

    I’m writing to determine whether Sheboygan Falls Police re-opened the early 2010 case of Myrna Marseille. According to news reports at the time, your investigation concluded the case was due to “driver error”, and Ms. Marseille vehemently denied such.

    The Toyota Engine Control System is a fly-by-wire system. This means that user controls are sensor inputs to Toyota hardware and software. Actions of the system require the system to function properly. Such actions include the activation of indicator lights. We now know, via the court cases referenced above, that fault conditions are possible and have happened due to errors in Toyota systems.

    Specifically, the aspect of the Sheboygan Falls investigation that concluded “driver error” in Ms. Marseille’s case on the basis the a video recording that did not show brake lights until after the crash is now *indeterminate* as to the cause of this incident. Either Ms. Marseille could be at fault, or the Toyota system that was supposed to have registered her pressing the brake failed to do so, and instead accelerated her vehicle on its own. Given that Toyota’s system is, by Toyota’s own admissions in recalling vehicles and settlling the class-action lawsuit and also by determination of trial courts elsewhere, faulty, the presumption of innocence should require you to revisit this incident. If the lack of brake lights until the crash is the only basis for the determination of “driver error” in Ms. Marseille’s case, it seems to me that at the least you need to expunge the record of your erroneous determination, if not offer restitution to Ms. Marseille over any sequelae she suffered due to your decision.

    I would appreciate feedback as to whether Ms. Marseille’s case was re-opened, and if so, what the outcome was. Feel free to contact me at (phone number). I will follow up by phone if I haven’t heard back from you by September 1, 2014.

    Wesley R. Elsberry, Ph.D.

    It’s not really worthy of the name “investigation” if all that happened was looking at a video, IMO. Hopefully I’ll find out more soon.

    A lot of people were subjected to all sorts of online abuse when it appears that quite a lot of them may have been right all along. I’d like to see some more recognition that errors were made by people who had a responsibility to care.

  2. Wesley R. Elsberry Post author

    I sent email to Michael Barr (CTO, The Barr Group), the expert on embedded systems programming who testified in the Bookout v. Toyota case. I asked about the Electronic Data Recorder, and Mr. Barr kindly pointed me to his testimony in the case itself. Given that chunks of information are under seal and Toyota seems to be litigious, this is perfectly understandable. Here’s is a section from the cross-examination of Mr. Barr where the topic of the Electronic Data Recorder comes up:

    Q. Now, how about, one of the other ones was a Chory, C-H-O-R-Y, did
    you review the event data recorder for that crash?

    A. I don’t believe I had the actual event data recorder, but I’m
    familiar that Toyota reviewed it.

    Q. Have you seen that data readout?

    A. I don’t think I’ve seen that data readout.

    Q. You’ve seen these before, haven’t you?

    A. Yes.

    Q. You understand how to read them. If we look at this paragraph
    right there, that box shows that the brake was never applied, right?

    A. That’s what it shows. I’ve written a separate chapter about how
    these pre-crash recorders have their own defects. In fact, Mr. Arora
    in his September 17th report last year, he actually demonstrated for
    us that the car he was pressing the brake on, the recorded black box
    data sequence said he didn’t press the brake. And that’s cited in my
    chapter on the pre-crash EDR, which is not really directly relevant to
    this case because the 2005 Camry wasn’t equipped with that, but the
    point being that in this later Camry that had it, this is not
    something we can rely on to disprove a software malfunction. In fact,
    with the UA occurs and task K is dead, the pre-crash EDR will be wrong
    about the brake signal specifically. That’s what Mr. Arora’s data
    showed.

    Q. And you know that NHTSA disagrees with you on that ?

    A. No. The analysis this NHTSA did was a very different analysis.
    What NHTSA did was to evaluate that if data was stored in the black
    box, that it was reliably read out the same way that it was in the
    box. NHTSA didn’t evaluate — they did evaluate in one bumper crash
    that they got the right data. But that didn’t prove — we read the
    code and said — and we even got the pre-crash EDR code and we saw
    that it could be confused also by task X death, specifically about the
    brake pedal. So NHTSA always assumed that these black box es were
    reliable, but they’re not. And that’s been demonstrated by Toyota’s
    own expert.

    Q. But they dud a study of those and no matter how you want to
    characterize it, they validated the validity of these EDR readouts,
    didn’t they?

    A. As I explained, they validated that the data could be read
    properly by either a tool from Bosch or a tool from Toyota. They
    didn’t validate properly scientifically like we did that this could be
    wrong.

    Q. They did some testing with vehicles to confirm with accelerometers
    and their data acquisition that the data that was being recorded in
    the EDR was the same data they were getting with their external record
    ing devices, correct? You are aware of that study ?

    A. Again, sir, it doesn’t matter how many tests showed that the EDR
    worked. We have one test that was conducted by Toyota’s own expert
    that proves it can be wrong. And that is sufficient to prove there
    are aliens in the universe. That is sufficient to prove that the EDR
    is not reliable. So one test like that disproves this view that
    Toyota would have you have that this is reliable.

    That part of the cross-examination is a thing of beauty. It demonstrates the truth of an old legal adage, “Never ask a question that you don’t know the answer to,” and how the Toyota lawyer ignored that to his peril.

    It also undermines every single determination of “driver error” ever premised upon Toyota’s EDR showing no braking was applied. There is a critical difference between what the EDR records and what that means about reality.

    Mr. Barr also offered an opinion I could quote:

    If the computer that stores the pre-crash “black box” data gets any of its information from the engine computer and the engine computer malfunctions, then the black box computer can’t be trusted. The black box data can “lie” about what happened and should be ignored if the data conflicts with eyewitness testimony.

    This is an eminently sensible suggestion that, unfortunately, has not been well heeded in the history of Toyota’s problems with unintended acceleration.

Leave a Reply