Report: Boeing's crucial 737 Max safety analysis was flawed

The system had too much power and lacked redundancy, the Seattle Times reports.

Updated ·4 min read

Boeing's original 737 Max safety analysis, used by the FAA to certify the aircraft, may have had several serious flaws, according to a report from the Seattle Times. The problems revolved around a software system called MCAS, suspected to have contributed to the Lion Air and Air Ethiopia crashes that killed 346 people in total. Investigators are also looking at possible maintenance lapses and potential pilot error. The situation may have been compounded by FAA rules that allow aircraft manufacturers to do some of the certification themselves.

The MCAS system is designed to push the nose down if the 737 Max's so-called angle of attack (AOA) indicator detects an approaching stall, or loss of aerodynamic lift. Most commercial aircraft use some form of a similar "stick pusher" to prevent the dangerous condition. However, the MCAS system may have been been triggered accidentally on the Lion Air and Air Ethiopia jets under normal flight conditions, possibly due to faulty AOA indicators.

In its original report, Boeing said that MCAS could move the horizontal stabilizer a maximum of 0.6 degrees. However, after the Lion Air crash, it told airlines that MCAS could actually push the controls 2.5 degrees, or half the physical maximum. Boeing reportedly increased the limit because flight tests showed that a more powerful movement was needed to counteract an impending stall.

Because of that, it could have pushed the nose down a lot more than the FAA thought possible. "The FAA believed the airplane was designed to the 0.6 limit, and that's what the foreign regulatory authorities thought, too," an unnamed engineer told the Seattle Times. "It makes a difference in your assessment of the hazard involved."

Compounding the problem, Boeing reportedly failed to account for the fact that the system could reset itself after pilots intervened. That means that it could continuously push the nose down, causing a catastrophic loss in attitude. Finally, Boeing and the FAA allowed the system to be activated by a single AOA sensor, rather than two of them, because failure of the system was designated "hazardous" rather than "catastrophic."

The FAA believed the airplane was designed to the 0.6 limit, and that's what the foreign regulatory authorities thought, too. It makes a difference in your assessment of the hazard involved.

The problems were apparently compounded by FAA rules allowing manufacturers to essentially self-certify aircraft. Boeing reportedly tried to speed up the process in order to catch to rival Airbus' A320neo, and pushed the FAA to give it more responsibility. "There wasn't a complete and proper review of the documents," a former Boeing engineer said. "[The] review was rushed to reach certain certification dates."

Boeing sold the 737 Max to airlines in part by promising that pilots of older 737s wouldn't need extensive retraining. The new aircraft, however, has larger, more fuel-efficient engines that are mounted higher and farther forward. Boeing created the MCAS system to electronically correct for the altered aerodynamics and make the planes fly more like the earlier models.

According to the black box data from the Lion Air flight, however, the system may have worked against the crew. After MCAS originally pushed the jet's nose down, apparently due to a faulty AOA sensor, the pilots tried to regain control by hitting an override switch and pulling back on the controls. However, the system constantly fought back, and with the high 2.5 degree MCAS limit, could have pushed the nose all the way down after just two activation cycles. The aircraft eventually plunged into the sea at over 500 MPH.

Prior to the second crash, Reuters reported that the Lion Air 737 Max planes lacked a safety feature that might have helped the pilots understand what was happening. Jets used by Southwest Airlines and other carriers had an "AOA DISAGREE" alert that can flag a faulty AOA sensor by comparing it to a second one. However, that backup system was reportedly optional and missing on both the Air Ethiopia and Lion Air jets.

Boeing didn't respond to the Seattle Times report due to the ongoing investigation, other than saying that "there are some significant mischaracterizations." Boeing has promised a software update, but the FAA has now grounded the entire 737 Max fleet -- well after other nations had already done so. In the meantime, however, both the regulator and Boeing are facing heavy scrutiny over the 737 Max certification process.