March 12, 2010 at 9:00 AM ET
We may never know why runaway Toyotas suddenly seem to be everywhere. The scariest possibility, however, is that faulty computers are driving some victims to their deaths with frightening randomness. Suspicions that an elusive software glitch in computer-controlled throttles is to blame, combined with powerful images and harrowing tales, has tapped into our primal, science-fiction fueled fear of killer computers.
Whatever the ultimate cause of Toyota's troubles, the possibility of a "ghost in the machine" has consumers wondering about the wisdom of trusting their lives to computers -- machines they know are apt to hiccup and fail. Old-fashioned mechanical linkage between gas pedal and throttle somehow seems safer than the new "drive-by-wire" technology, and this new understanding of just how much of a car's activity is computer-controlled begs the question of whether we've been too fast to trade mechanical for digital.
Or perhaps the Toyota incidents are a signal that we've passed some tipping point in the relationship of man to machine? Some experts are wondering if our cars have become so automated and easy to use that drivers are now too detached, unaware of the inherent risks in motoring down a highway at 70 or 80 mph and unprepared to regain control if something goes wrong.
Computers fail in unpredictable ways. What's worse, they seem to fix themselves unpredictably, too. Anyone who's experienced a surprise computer crash, followed by a reboot that seems to magically resolve the problem, understands this maddening element of 21st Century life. Perhaps an IT worker at your office will ask you to reproduce the problem -- but often you can't. So your helper shrugs and smiles and slinks away, and you go back to your tasks, left to wonder when the ghost in your machine may reappear.
It's one thing to lose a document to such a ghost, but quite another to risk your life with one.
Toyota steadfastly maintains it has no ghosts. Still, millions of Americans are now aware of so-called "drive-by-wire" technology that until now they'd been blissfully ignorant of. And they are becoming aware that more by-wire technologies -- brake-by-wire, turn-by-wire, etc. -- will soon put only zeros and ones between them and a potentially deadly accident.
"We are talking about this all the time now," said Jake Fisher, senior automotive engineer for Consumer Reports. "There is a lot of feeling that having no mechanical linkage sets up a situation where the electronics could go haywire and you couldn't control the car."
While that may be true, it's a little late for the debate. The first drive-by-wire car was introduced back in 1988, and Toyota began converting all its models to electronic throttles in 2002. The vast majority of new cars sold in the U.S. today uses drive-by-wire. And when new federal regulations requiring a safety tool called electronic stability control kick in during 2012, all cars will employ it.
Computers as scapegoat?
Bill Visnick, senior editor at Edmunds.com, thinks that computers are right now being used as a scapegoat in the Toyota incidents.
"For people looking for an explanation, it seems like a handy one," Visnick said. "You know, 'Those darn things! Computers control everything nowadays.' People complain that technology has taken over our lives. Well, I'm not ready to go there just yet."
He thinks electronic throttles -- which perform without incident millions of times each day -- will ultimately be exonerated by investigators, but public concerns will force the auto industry to take a new look at its digital conversions.
"This will only increase the discussion about what's an appropriate level of electronic control for devices we use in our cars that are tied to our safety," he said.
Industrial design guru Donald Norman, a professor at Northwestern University, a former Apple Inc. designer and author of "Design of Future Things," is more skeptical of the throttles and the expanded role of electronics in cars.
"Every company has software problems," said Norman.
The number of possible interactions is huge in a car with dozens of computers on board, so it's impossible for Toyota to be sure its cars are 100 percent clean of software bugs, he said.
"No professional software person ever says that. They say there are 'no known bugs' in the software," said Norman.
Furthermore, because unintended acceleration incidents are rare, finding any potential bugs is even harder. "But just because it can't be reproduced in a lab doesn't make it any less serious," he said.
Safer in the past?
Concerns about random computer errors are justified, Fisher said, but it's important to know that mechanical linkages also fail at random intervals.
"A cable could get kinked, the springs could get stuck, the springs could break. A stuck-open throttle could happen with a mechanical failure, and did happen," he said. Meanwhile, he noted, airplane passengers trust their lives to fly-by-wire technology every day, since commercial airliners have long since traded mechanical for digital controls.
That may be, but the idea that a crazed computer could one day send you hurtling madly down a highway at breakneck speed is enough to give one pause about new technologies. Still, the conversion to digital will be hard to stop, or even slow. Already, designers are well on their way to creating computer-controlled automobiles that will literally drive themselves around town.
But even if electronics aren't ultimately shown to have been to blame for Toyota's surprise acceleration problem, Norman said, the publicity has brought to light a serious problem with today's heavily-digital cars: We're only half-way to our destination.
"There's nothing wrong with automation," he said. "Many automated features are very safe; you never have to think about them, like fuel injection. … The problem with automation is when it's really half-automation."
For example, he said, new features in some luxury cars offer help with staying in lane, with avoiding collisions and with maintaining a constant speed. But none of them is fool-proof, and some might be actually make driving more dangerous by lulling drivers into a false sense of security.
"The automation that's a problem is automation that's not quite there yet, that works fine until it doesn't work,” he said. “....These tools are not really good enough to fully protect you, but they kind of work so you start relying on them, but then they fail and you are dead."
The false sense of security is easily observed during bad weather, each time a four-wheel-drive SUV careens past you down a wet or frozen road at reckless speed. Even though 4WD offers little help with stopping, many drivers seem to feel invincible when driving in storms.
"You see them driving without snow tires, they don't have a sense of the road surface, and when it comes time to stop, they are the first ones to spin off the road," Fisher said.
This is a slight variation of what is sometimes called the Peltzman Effect. In the 1970s, economist Sam Peltzman claimed that car safety devices could be counterproductive because they actually encouraged reckless driving. While some of his claims have been discredited, it's hard to argue that today's drivers aren't more detached than ever from the physical act of driving. That, in turn, can contribute to unsafe behaviors. Some cars make it possible to drive 90 mph while feeling as comfortable as sitting in a living room chair.
Ease of operation=hard to control
This detachment may be playing a role in the Toyota unintended acceleration tragedies, Fisher said. For example, he said, drivers who pilot manual transmission cars are intimately aware of how to disengage their transmissions from the car's drive train by shifting into neutral, something they do dozens of times each day. But many automatic transmission drivers have never once put their car's gear box into the neutral position and have trouble performing that task in life-threatening crises.
Newer luxury cars have even more automation and ease-of-use features. The car most associated with the acceleration problem, the Lexus ES350, is particularly automated, Fisher said. It boasts push-button starting and a neutral position that's out of the driver's normal operation range.
"It's a very isolating vehicle, he said. "That makes it incredibly easy to operate, but some things, like putting the car in neutral, are not obvious."
Norman disagrees with the detachment premise, and instead blames a lack of standardization in the new feature implementation.
"It's really a design issue," he said. "Every automobile has different ways of handling these things. ... We've all experienced a situation where you are in a new car and you want to blow the horn but you can't find it. It's the same with the on-off switch."
Drivers who are in mortal danger cannot be expected to find and work unfamiliar controls, he said. Industrial designers have the bad habit of building interfaces for ideal conditions, and creating designs that create unnecessary struggle in stressful situations.
"When danger happens, you can't think creatively," he said.
That's especially true if you have been conditioned to think less and less about driving, Visnick said. Clearly, automakers are moving toward a world where cars speed up and slow down on their own, maintaining safe distances by communicating with each other. The fact that so many drivers talk, or even text, while driving shows that many consumers would be happy to surrender control to their cars.
"They are telling you they would prefer to be doing something else," he said.
Visnick thinks the current wave of runaway car stories will ultimately be a blip on the march toward fully automated driving machines. He expects steer-by-wire to appear next (some high-end cars already have a form of electronic-steering assistance) and brake-by-wire soon after.
"I don't think anybody is going to generate evidence that the electronic throttle really is the culprit for unintended acceleration," he said.
Norman, on the other hand, expects things will get worse as we move toward completely automated cars. Highways jammed with speed-controlled vehicles will handle traffic more efficiently -- moving cars along in synch only a few feet apart – and that will cut down on the volume of accidents, he said. But when accidents occur, they'll be much more serious, involving hundreds of cars. He compares the situation to the interconnected power grid, which is generally more reliable, but fails spectacularly when it fails because of the domino effect.
"The number of deaths per year will diminish, but when there is a crash hundreds of people will die," he predicted.
In the meantime, automakers need to do a better job of standardizing their designs when new electronic features are implemented, he said. Designers should do a better job of taking into account what drivers might do under intense stress, and be slow to change current standard layouts for essential items like gear boxes. And they should design in safety features, such as "brake overrides," which instruct the car to let "let the brake win" if a driver – or a ghost -- pushes both the brake and the accelerator at the same time.
And how can Toyota restore consumers' faith in their cars, and in digitized automobiles in general?
"The best way to make people feel better is honesty," Norman said. "When the trouble happens you admit it, make assurances that the problems are rare and that the world's best people are attacking it. The airline industry does this. The (National Transportation Safety Board) does thorough investigations and makes recommendations, and that reassures people. … The auto industry has to learn to do that as well."