[sokoloff]

> If MCAS incorrectly asseses a nose down is required and the pilot follows their 737 training they are having their last day. That plane is going down.

Boeing’s argument is that an MCAS trim runaway is able to be addressed by the (memory item) Trim Runaway checklist and the crew of ET302 correctly used the STAB TRIM CUTOUT on that checklist during their attempt to save the flight. They then undid that action, in order to manually command nose-up trim (also reasonable under the circumstances, though contrary to the checklist), then stopped commanding nose-up trim while leaving the trim runaway checklist item reverted, allowing MCAS to continue the trim runaway that they’d previously correctly stopped by following basic 737 training. Then the flight was lost.

Boeing did wrong here, but their argument was that if a 737 pilot correctly executed the emergency checklist that is drilled into them during initial type training and in recurrent training, they’d be able to overcome that emergency. That falls into at least the probably technically correct category to me.

(The yoke displacement method to disconnect the autopilot was not part of the emergency checklist for stab trim runaway.)

[pas]

Arguably the problem is that Boeing absolutely and utterly failed to do what they set out to do. After all, if the MCAS failures would present like the usual 737 runaway stabilizer, then the certified pilots would have been able to handle it as such. Since the "runaway MCAS" was a completely new phenomenon (one factor being the absolutely idiotic "on for a few seconds and then off for some" cycle).

And as we know the FAA also was clueless, as they approved Boeing's "safety analysis".

>>> Extensive interviews with people involved with the program, and a review of proprietary documents, show how Boeing originally designed MCAS as a simple solution with a narrow scope, then altered it late in the plane’s development to expand its power and purpose. Still, a safety-analysis led by Boeing concluded there would be little risk in the event of an MCAS failure — in part because of an FAA-approved assumption that pilots would respond to an unexpected activation in a mere three seconds.

And, just to drive whatever point home, on top of all this the FAA completely dropped the ball, because it did not notice that they allowed Boeing to break their own base conditions which in effect invalidated the safety analysis.

>>> As Boeing and the FAA advanced the 737 MAX toward production, they limited the scrutiny and testing of the MCAS design. Then they agreed not to inform pilots about MCAS in manuals, even though Boeing’s safety analysis expected pilots to be the primary backstop in the event the system went haywire.

It's understandable that Boeing wanted to avoid simulator training, but apparently this regulatory discontinuity (ie. either same or different, no in-between, as far as I understand) forced them to concentrate so much on avoiding the need for new type certification that they ended up completely believing their own crazy tale about the two models' sameness, which led to hiding information from pilots.

https://www.seattletimes.com/seattle-news/times-watchdog/the...

[sokoloff]

I think it may have been a contractual term where Boeing could avoid a $1M reduction in purchase price per aircraft (times 280 aircraft) if simulator training could be avoided for the launch customer, Southwest Airlines.

https://www.sciencedirect.com/science/article/abs/pii/S10575...