[aftbit]

> The accident airplane was required to be equipped with a CVR that retained, at minimum, the last 2 hours of audio information, including flight crew communications and other sounds inside the cockpit.

>The CVR was downloaded successfully; however, it was determined that the audio from the accident flight had been overwritten. The CVR circuit breaker had not been manually deactivated after the airplane landed following the accident in time to preserve the accident flight recording.

Classic. If they use CD quality audio at 1411kbps, they can store 2 hours of audio in about 1.2 GB. Given how cheap flash is these days, why not 20x that so that we don't have to rely on people pulling circuit breakers after accidents? If there's some concern about robustness and recertification, why not require all aircraft to carry two CVRs, one of the old "robust" style for kinetic accidents, and one that's less robust but has 20x the capacity, so we can record a full day after less violent accidents?

[cjbprime]

The largest US pilots union opposes it on pilot privacy grounds. (To be clear, I think having an expectation of vocal privacy while you are in charge of an airliner is absurd.)

[imoverclocked]

Well, there is the theory and then there is the reality.

Theory: having less privacy makes things easier for accident investigators, post-mortem.

Reality: In this case, the pilots did their job and got the plane down safely despite rapid depressurization and literally having their headsets sucked off of their heads. It is extremely unlikely to be pilot-error that a door-plug ripped off the airframe at 16,000' or that investigators would learn anything significant from the process in the flight-deck before or after the incident. At least nothing that would root-cause this incident.

[crznp]

That is a non-sequitur. Investigators should have access to accident data regardless of whether the pilots did their job.

Root cause analysis isn't the only reason: it would be good for pilots to have this case study, as well as analysis on how systems responded to the abrupt change.

Having this data is strictly better than not having it.

[flutas]

> Root cause analysis isn't the only reason: it would be good for pilots to have this case study, as well as analysis on how systems responded to the abrupt change.

Yep, could be used as a "this is exactly what you do in this scenario" example for future pilots, or a "what did they do wrong" type real-world exercise for pilots to review (with no blame given to the OG pilots in this scenario for example).

[toomuchtodo]

Middle ground would be to have full media access for investigators, but a union rep managing a review and redaction process to have anything immaterial to the investigation redacted. This preserves both valuable data and privacy. Checks and balances.

[p_l]

I'd also propose that someone on the board has to be criminally responsible in case of any abuse. With asset forfeiture on the books.

[adamsb6]

That the plane landed safely is not an indication that every part of the post-incident process went well.

There could be steps that weren't followed, there could have been training gaps. There could have been secondary impacts of sudden depressurization that could have spiraled out of control, but the pilots thought on their feet to save the plane. We'd want to know exactly what they did so we could add it to the recovery process.

[lotsofpulp]

Your comment would only make sense if your example of reality showed the theory was flawed. However, your example of reality is unrelated to the theory, so not sure what your point is.

[zardo]

Privacy from an NTSB accident investigation is absurd. Privacy from your boss snooping you is reasonable.

[hencq]

I think there's some validity to the privacy concerns, but it seems those could be addressed with proper access controls and rules. The recordings should only really be listened to in the aftermath of an accident, in which case, as you say, the expectation of privacy should (in my opinion) take a backseat.

[zer00eyz]

On one hand I agree with you.

On the other hand, if someone recored my whole work day every day I would not be happy. I don't think you would stay at your job of that was a condition of it.

There has to be a better solution to this issue.. extended recordings in an emergency, triggers based on conditions, private keys for pilots... IDFK, cause I try not to get involved in engineering that might KILL someone.

[bigiain]

> if someone recored my whole work day every day I would not be happy

I'd be perfectly fine with not voice recording people who's daily work may or may not impact the global delivery of cat pictures.

I think if you choose a job where there are several hundred people's lives on the line relying on you doing your job professionally and correctly, the expectation of privacy argument is somewhat less convincing.

> I don't think you would stay at your job of that was a condition of it.

Some people literally have no choice. Do you think _any_ Amazon delivery driver is "happy" with their on-job surveillance? Do you think _any_ call centre worker is "happy" with "calls are recorded for quality and training purposes"?

[fipar]

I don’t disagree with you but we can’t ignore the fact that it’s much easier to find delivery drivers and call center workers than airline pilots.

As everything, it’s all about the leverage each side has.

[pests]

> if someone recored my whole work day every day I would not be happy

Many people live with this reality every day already. Remote workers with screen sharing software, certs installed so companies can spy on everything you do, retail workers under cameras all day.

[p_l]

Those people usually can take breaks away from the recorder.

[cjbprime]

I don't understand. Are you implying that recording a pilot's voice for more than two hours could kill someone? Or just that aviation is stressful and high stakes?

(I agree that it's stressful and high stakes, which is why we record it.)

[krisoft]

> I don't think you would stay at your job of that was a condition of it.

I don't think I would care. Especially if it is only read out very infrequently (when we have an accident.)

[DiggyJohnson]

Why not? Do you think other engineers are better suited for such work?

I’m just curious, because I personally work on things that could kill people directly or indirectly.

[zer00eyz]

LOL:

I like the fact that I can say "People may have acted like someone was going to die, but my code never killed any one"... its a preference, I want to know I can have a bad day, fuck up, and not have to carry the weight for my whole life.

[DiggyJohnson]

I was just asking.

> its a preference

Thanks.

[rantingdemon]

Indeed. Pretty much all your communication is recorded at any company you work for anyway.

[DiggyJohnson]

My work does not have a recording of most of my verbal communication in office, and it’s a very secure site and project.

[p_l]

Make it so they don't have reasonable suspicion CVR data won't be abused by the company, and you might get somewhere. For example criminal consequences for misuse that hit C-level and possible leakers.

Sincerely, someone who had death threats partially thanks to manipulated audio record that was done in good faith during investigation, which was leaked and edited later by third party who gained access to it 5 years later.

[SilasX]

Reminds me of an exchange from Stranger Things (S4E3):

School counselor: Max, I'm… I'm sorry, I… I really can't discuss this. You wouldn't want me talking to any other students about you, right?

Max: If I were dead and it would help catch the killer, then yeah, I most definitely would.

https://subslikescript.com/series/Stranger_Things-4574334/se...

[salad-tycoon]

My wife ridicules me because when we went out to eat, before a multitude of children , I would often say “nobody ever tipped me as a meat clerk when I was working in 45 degrees elbows deep throwing away and scraping rotting meat from the shelves and gutters and then serving ‘fresh shrimp ‘ and organic grass fed filet mignon” when I felt expected to tip 20% for an already over priced meal.

As my first boss, meat clerk young lady, told me “shit rolls down hill.” More powerful people tend to get shitted on less. It was a motivation to move up.

But I still think it’s shitting on people to expect or accept constant recording of everything mundane thing while awaiting the exceptional [screw up]. Pilots are more powerful than Amazon warehouse workers but recording every breath, every whisper, ever fart is undoubtedly shit in a warehouse or a cockpit or an operating room.

Then again, the only way I could accept it is if everyone is recorded all the time and it was all public or at least FOIA able for many people. Especially the government and universities and Wall Street other wise it’s just a way to control and hang things over peoples heads.

As to the tipping grumpiness I grew up partly in the 3rd world where tipping 50 cents was a great tip and I’m cheap and didn’t/don’t make tech bro money. I found the ultimate solution was to just not eat out so much except for truly special occasions. I’m sure there’s a lesson in there too somewhere.

[p_l]

Unfortunately people will take recordings out of context, edit them, use unrelated pieces for other means (maybe the pilots shit-talked CEO who started pushing employees into contracting?) etc.

[agos]

are you now aware that the server's means of sustenance comes out of those tips?

[samstave]

Define. What EXACTLY does a pilot need privacy for?

[CPLX]

Do you have a voice recording of you doing your entire job, every day of your life?

[sterlind]

No, but I'm also not driving hundreds of souls around near mach 1 strapped to 100k gallons of jet fuel. And when I've worked in government environments I had escorts watching my screen like a hawk the entire time.

Not to mention the tapes are only pulled if there's an incident. You could even have a little tamper seal on it to show if it's been downloaded. This is absurd.

[RankingMember]

See also: police bodycams

If you have the capacity to end peoples' lives with an arm spasm I think your privacy should rightfully take a backseat.

[wkipling]

Absolutely not. Body cams mute the first part of the audio for this exact reason. Privacy is important.

[ceejayoz]

The issue with police body cam audio is that they are regularly recording non-police who do have a right to privacy. That's not an issue for pilot cockpit recordings. (If it is, you've got an incident that should be recorded.)

The muting you observe of police footage isn't of the first part of the audio, it's the prior 30 seconds from before the record button is pressed. They have a constant buffer going, as things can happen... unexpectedly.

This caught a cop in Baltimore; he wasn't aware of or had forgotten the feature. The 30 second buffer caught him planting drugs, then faking the finding. https://www.npr.org/sections/thetwo-way/2017/07/20/538279258...

Side note: It took years to charge him (https://www.baltimoresun.com/2020/03/09/caught-fabricating-e...) and he served no jail time for trying to send an innocent person to jail (https://www.wbaltv.com/article/officer-testifies-in-own-defe...).

[breadwinner]

If my job involved taking the lives of hundreds of humans in my hands, then I would expect that, at least during the hours in which said lives are my responsibility.

[jiggawatts]

IMHO surgical theatres should have permanent multi-perspective cameras recording everything for the same reason.

[hn8305823]

Only if the patient consents (or their family if they are unable to give legal consent), otherwise no for patient privacy.

[jiggawatts]

Patients are typically covered with a cloth, head do toe.

[doikor]

There you also have patient privacy to take into account.

[kesslern]

This is the reality for a large number of truck drivers who bear a significantly lower responsibility.

[csdreamer7]

There are software engineer jobs where you need to keep your camera on during work hours to show you are in your seat.

[zorpner]

These jobs do not attract the best software engineers.

[lotsofpulp]

They could with sufficient pay.

[sokoloff]

The intersection between employers who demand to film you being in a chair and employers who shower their employees with substantial lucre is the null set.

[Hamuko]

I doubt the jobs where you don't enjoy any level of trust are the ones where you get paid well or get any kind of dignified treatment.

I recently saw a job ad for a JavaScript specialist where the position entailed having screenshots and keyboard + mouse tracking to monitor your working hours. It was a freelancer position, so the hire would handle taxes and health insurance, no equipment would be provided and working hours would start at 08:00 German time sharp for at least nine hours or until you "finish the daily tasks". Pay would however be for 189 hours per month, no compensation for sick leave/holidays/vacation, and you'd be paid via upwork.com (with you paying Upwork's fees) in US dollars.

[irrational]

I'm pretty sure any place doing that is not going to offer sufficient pay.

[csdreamer7]

What is your point? We were discussing when pilots should be expected to be recorded in the cockpit for privacy vs safety. I mentioned there are software engineer jobs where you have to keep the camera on all day.

There are jobs where you are expected to keep the camera and there are programmers who accept those work terms.

[andy81]

Yeah, but nobody applies for those.

[csdreamer7]

The people posting on Reddit would disprove your point. Likely because they do not tell you about that upfront and say it is a small thing.

[RandomBK]

My job does not involve direct responsibility for the immediate life-or-death of hundreds of lives.

[pants2]

Well, I do have a Git repo that tracks every meaningful change and action that I've done at my job since inception.

[ryanmcbride]

I did when I worked retail, and while I worked food service.

[bagels]

Hundreds of people don't die when I screw up.

[WheatMillington]

No but I also don't have the lives of 300 people in my hands.

[Hamuko]

Pilots can have the lives of quite a lot more than that on their hands since an airplane makes for a great kinetic weapon. The pilots of KLM Flight 4805 took the lives of almost 600 people.

[UberFly]

Many people do. Depends on the job.

[sigwinch28]

The rule (edit: in Europe) is now 25 hours for aircraft over a certain weight, though it is not (currently) retroactively applied to existing equipment.

https://www.federalregister.gov/documents/2023/12/04/2023-26...

[cjbprime]

That document is an in-progress proposal to amend a rule, no? I think there was strong opposition to this rule before this accident flight, and the blowback from the missing data here might be strong enough to be able to get it passed anyway.

[imoverclocked]

> the blowback from the missing data here might be strong enough to be able to get it passed anyway

Nice pun.

What do you think would have been gained from the CVR data in this case? Do you think pilot error had anything to do with the door-plug failure? Do you think the CVR was left running on purpose/accident?

If I were one of those pilots, the first words out of my mouth probably would have been, "what the $&#*?!" followed by whatever procedure had been drilled into me for rapid-depressurization. Given the scenario, I wouldn't lose any sleep over forgetting to shutoff the CVR in the mess of getting everyone to safety.

[cjbprime]

I'm not an accident investigator and don't know what exactly would turn out to be useful, but I think changing your intuition for why we study the CVR away from "because there might have been a large pilot error" to "so that we can learn more about how pilots react to emergencies with a goal of seeing if we can come up with process improvements" may help. If there was some aspect of the response that was not perfect, we could develop training on it for other pilots, right?

[imoverclocked]

That's not what is at stake here though. CVRs are not intended for improving process like a call-center recorded line. "Both recorders are installed to help reconstruct the events leading to an aircraft accident." [ntsb.gov]

This creep of intended-use is exactly why many people oppose surveillance in the first place.

[cjbprime]

I don't understand. You're saying that the purpose of cockpit voice recorders is not to improve aviation safety via allowing a thorough investigation of accidents? If there is any other purpose, I don't know what it would be.

[zerocrates]

You don't need to necessarily be looking for pilot error to want the recording. Maybe it picked up the sound of the plug separating and that could be useful. Maybe it records an alarm, a call from the cabin, whatever. Maybe the way they work the checklist for decompression reveals some problem that should lead to a change in the checklist. Maybe it corroborates or disagrees with the FDR.

Of course I think it's most likely that it wouldn't be that relevant in this particular case.

[sigwinch28]

It is the rule in Europe, which is mentioned in (II)(C) in the link. I failed to link it properly.

[gruez]

>ACTION:

>Notice of proposed rulemaking (NPRM).

>[...]

>DATES:

>Send comments on or before February 2, 2024.

Seems like it's a proposal, and not actually enacted yet?

[the_mitsuhiko]

It was enacted in 2021 for some aircrafts. Not sure what the change of that proposal is, might expand it to more.

[dmitrygr]

  > Given how cheap flash is these days

How cheap is flash that will survive a sudden stop from 400mph to 0 mph in no seconds flat, will survive a post-crash fire, and/or submersion for years in salt water?

Flash data retention at high temps is TERRIBLE (and gets worse for MLC/TLC/etc), see any flash datasheet. It is NOT nearly as simple a problem as you might think.

Yes, it is a solvable problem, but please do not dismiss it so outright as "trivial"

[ammar2]

This isn't a technical limitation though, the European standard for airplanes newer than 2021 is in fact 25 hours [1].

[1] https://mentourpilot.com/who-doesnt-want-25-hour-cockpit-voi...

[margalabargala]

I don't think the problem you're describing is actually a problem.

Exposure to super-high temps occurs in a small set of circumstances, all of which overlap with the destruction of the recording device and the cessation of incoming data. So we only need the same 1.2GB (or whatever) of high-temperature-tolerant storage.

The 25 hour storage can be on normal flash, as if we're more than 2 hours past the incident and data is continuing to come in, then the incident of interest did not destroy the airplane, and the flash will have remained within its normal operating parameters.

[dmitrygr]

Multiple investigations in the past have recovered data from FDR and/or CVR after an extensive high-temperature fire. I do not think that FAA will give that requirement up.

[margalabargala]

Yes. As I said. The existing system can remain in place, with all of its existing high-temperature-tolerant components.

In addition to not giving up that requirement, we could also add a longer, not-heat-tolerant storage. If it gets destroyed in a fire, see the above paragraph. If there is an incident where the data is of interest and the aircraft is not destroyed in a fire, then this will maintain the data long after the above system has deleted it.

No one has advocated giving up the high temperate storage.

[antisthenes]

What you described is not a data retention problem at all.

It's a material science problem, and other forms of media are affected by high temperatures and physical deformation just as much as flash if not more.

[randerson]

I often wonder why we still rely so heavily on local storage when in-flight Internet exists. Flight data could be streamed in real time to the cloud for redundancy.

[lucianbr]

https://www.youtube.com/watch?v=qMWZCuTQpds

[N19PEDL2]

Read it more carefully.

[hinkley]

The piece of hardware that was chosen for the avionics-adjacent software I was working on was chosen before any software was written, which was 3 years before the plane was 'supposed' to fly, and 5 years before anyone sane expected it to be in service.

Irritatingly, they didn't even pick the top-of-the-line machine from the vendor at that time. They picked a middling one. And then put an LTS OS version on it that didn't fully support the motherboard chipset. I spent way, way too much time an energy trying to get the software to run on the sort of timescales necessary. It took me months to get anyone to let me talk to the vendor in order to sort out the fact that the storage was being run in legacy PATA mode, reducing our IO throughput by an order of magnitude and the application throughput by about a third.

Ten minutes on the phone and I got them to agree to give us a patch that aliased the chipset to one it was backward compatible with, that was actually supported by the OS. But they really wanted us to take the never version of the OS that didn't have this problem.

That's not even the most hard-ware crippled I'd ever been, but it was top three.

[bronco21016]

What’s missing from this accident investigation without the recording?

[blantonl]

ability to somehow claim pilot error. That's what.

[WalterBright]

They should also have a video recorder on a 2 hour loop. Many difficult investigations would have been easy if the investigators could see what the instruments were showing and what the crew was doing. And even, who exactly was in the pilot's seat!